1# -*- mode: perl; -*-
2# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## Test version negotiation
11
12use strict;
13use warnings;
14
15package ssltests;
16
17
18our @tests = (
19    {
20        name => "ct-permissive-without-scts",
21        server => {
22        },
23        client => {
24            extra => {
25                "CTValidation" => "Permissive",
26            },
27        },
28        test => {
29            "ExpectedResult" => "Success",
30        },
31    },
32    {
33        name => "ct-permissive-with-scts",
34        server => {
35            "Certificate" => test_pem("embeddedSCTs1.pem"),
36            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
37        },
38        client => {
39            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
40            extra => {
41                "CTValidation" => "Permissive",
42            },
43        },
44        test => {
45            "ExpectedResult" => "Success",
46        },
47    },
48    {
49        name => "ct-strict-without-scts",
50        server => {
51        },
52        client => {
53            extra => {
54                "CTValidation" => "Strict",
55            },
56        },
57        test => {
58            "ExpectedResult" => "ClientFail",
59            "ExpectedClientAlert" => "HandshakeFailure",
60        },
61    },
62    {
63        name => "ct-strict-with-scts",
64        server => {
65            "Certificate" => test_pem("embeddedSCTs1.pem"),
66            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
67        },
68        client => {
69            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
70            extra => {
71                "CTValidation" => "Strict",
72            },
73        },
74        test => {
75            "ExpectedResult" => "Success",
76        },
77    },
78    {
79        name => "ct-permissive-resumption",
80        server => {
81            "Certificate" => test_pem("embeddedSCTs1.pem"),
82            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
83        },
84        client => {
85            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
86            extra => {
87                "CTValidation" => "Permissive",
88            },
89        },
90        test => {
91            "HandshakeMode" => "Resume",
92            "ResumptionExpected" => "Yes",
93            "ExpectedResult" => "Success",
94        },
95    },
96    {
97        name => "ct-strict-resumption",
98        server => {
99            "Certificate" => test_pem("embeddedSCTs1.pem"),
100            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
101        },
102        client => {
103            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
104            extra => {
105                "CTValidation" => "Strict",
106            },
107        },
108        # SCTs are not present during resumption, so the resumption
109        # should succeed.
110        resume_client => {
111            extra => {
112                "CTValidation" => "Strict",
113            },
114        },
115        test => {
116            "HandshakeMode" => "Resume",
117            "ResumptionExpected" => "Yes",
118            "ExpectedResult" => "Success",
119        },
120    },
121);
122