aboutsummaryrefslogtreecommitdiffstats
path: root/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in
diff options
context:
space:
mode:
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in')
-rw-r--r--roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in145
1 files changed, 145 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in
new file mode 100644
index 000000000..287ca9bc8
--- /dev/null
+++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/03-custom_verify.conf.in
@@ -0,0 +1,145 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+our @tests = (
+
+ # Sanity-check that verification indeed succeeds without the
+ # restrictive callback.
+ {
+ name => "verify-success",
+ server => { },
+ client => { },
+ test => { "ExpectedResult" => "Success" },
+ },
+
+ # Same test as above but with a custom callback that always fails.
+ {
+ name => "verify-custom-reject",
+ server => { },
+ client => {
+ extra => {
+ "VerifyCallback" => "RejectAll",
+ },
+ },
+ test => {
+ "ExpectedResult" => "ClientFail",
+ "ExpectedClientAlert" => "HandshakeFailure",
+ },
+ },
+
+ # Same test as above but with a custom callback that always succeeds.
+ {
+ name => "verify-custom-allow",
+ server => { },
+ client => {
+ extra => {
+ "VerifyCallback" => "AcceptAll",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+
+ # Sanity-check that verification indeed succeeds if peer verification
+ # is not requested.
+ {
+ name => "noverify-success",
+ server => { },
+ client => {
+ "VerifyMode" => undef,
+ "VerifyCAFile" => undef,
+ },
+ test => { "ExpectedResult" => "Success" },
+ },
+
+ # Same test as above but with a custom callback that always fails.
+ # The callback return has no impact on handshake success in this mode.
+ {
+ name => "noverify-ignore-custom-reject",
+ server => { },
+ client => {
+ "VerifyMode" => undef,
+ "VerifyCAFile" => undef,
+ extra => {
+ "VerifyCallback" => "RejectAll",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+
+ # Same test as above but with a custom callback that always succeeds.
+ # The callback return has no impact on handshake success in this mode.
+ {
+ name => "noverify-accept-custom-allow",
+ server => { },
+ client => {
+ "VerifyMode" => undef,
+ "VerifyCAFile" => undef,
+ extra => {
+ "VerifyCallback" => "AcceptAll",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+
+ # Sanity-check that verification indeed fails without the
+ # permissive callback.
+ {
+ name => "verify-fail-no-root",
+ server => { },
+ client => {
+ # Don't set up the client root file.
+ "VerifyCAFile" => undef,
+ },
+ test => {
+ "ExpectedResult" => "ClientFail",
+ "ExpectedClientAlert" => "UnknownCA",
+ },
+ },
+
+ # Same test as above but with a custom callback that always succeeds.
+ {
+ name => "verify-custom-success-no-root",
+ server => { },
+ client => {
+ "VerifyCAFile" => undef,
+ extra => {
+ "VerifyCallback" => "AcceptAll",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success"
+ },
+ },
+
+ # Same test as above but with a custom callback that always fails.
+ {
+ name => "verify-custom-fail-no-root",
+ server => { },
+ client => {
+ "VerifyCAFile" => undef,
+ extra => {
+ "VerifyCallback" => "RejectAll",
+ },
+ },
+ test => {
+ "ExpectedResult" => "ClientFail",
+ "ExpectedClientAlert" => "HandshakeFailure",
+ },
+ },
+);