diff options
| author | Pauli <pauli@openssl.org> | 2021-06-18 09:46:40 +0200 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-06-19 07:54:06 +0200 |
| commit | a0430488c12036f88d52c96ca941199571304786 (patch) | |
| tree | 85ff3a0dceea08e6b139245ba3a937b816b52639 | |
| parent | ssl: replace tabs with spaces (diff) | |
| download | openssl-a0430488c12036f88d52c96ca941199571304786.tar.xz openssl-a0430488c12036f88d52c96ca941199571304786.zip | |
test: replace tabs with spaces in test recipes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15824)
| -rw-r--r-- | test/recipes/15-test_rsa.t | 10 | ||||
| -rw-r--r-- | test/recipes/20-test_enc.t | 34 | ||||
| -rw-r--r-- | test/recipes/25-test_req.t | 2 | ||||
| -rw-r--r-- | test/recipes/25-test_verify.t | 2 | ||||
| -rw-r--r-- | test/recipes/25-test_verify_store.t | 2 | ||||
| -rw-r--r-- | test/recipes/60-test_x509_check_cert_pkey.t | 4 | ||||
| -rw-r--r-- | test/recipes/70-test_sslsessiontick.t | 60 | ||||
| -rw-r--r-- | test/recipes/80-test_ca.t | 14 | ||||
| -rw-r--r-- | test/recipes/80-test_ocsp.t | 110 | ||||
| -rw-r--r-- | test/recipes/80-test_ssl_old.t | 320 |
10 files changed, 279 insertions, 279 deletions
diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t index abcdb0490c..089986f0d8 100644 --- a/test/recipes/15-test_rsa.t +++ b/test/recipes/15-test_rsa.t @@ -34,14 +34,14 @@ sub run_rsa_tests { SKIP: { skip "Skipping $cmd conversion test", 3 - if disabled("rsa"); + if disabled("rsa"); subtest "$cmd conversions -- private key" => sub { - tconversion( -type => $cmd, -prefix => "$cmd-priv", + tconversion( -type => $cmd, -prefix => "$cmd-priv", -in => srctop_file("test", "testrsa.pem") ); }; subtest "$cmd conversions -- private key PKCS#8" => sub { - tconversion( -type => $cmd, -prefix => "$cmd-pkcs8", + tconversion( -type => $cmd, -prefix => "$cmd-pkcs8", -in => srctop_file("test", "testrsa.pem"), -args => ["pkey"] ); }; @@ -49,10 +49,10 @@ sub run_rsa_tests { SKIP: { skip "Skipping msblob conversion test", 1 - if disabled($cmd) || $cmd eq 'pkey'; + if disabled($cmd) || $cmd eq 'pkey'; subtest "$cmd conversions -- public key" => sub { - tconversion( -type => 'msb', -prefix => "$cmd-msb-pub", + tconversion( -type => 'msb', -prefix => "$cmd-msb-pub", -in => srctop_file("test", "testrsapub.pem"), -args => ["rsa", "-pubin", "-pubout"] ); }; diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t index 32a62ef2fd..9a38aed4d0 100644 --- a/test/recipes/20-test_enc.t +++ b/test/recipes/20-test_enc.t @@ -52,24 +52,24 @@ plan tests => 2 + (scalar @ciphers)*2; } foreach my $c (@ciphers) { - my %variant = ("$c" => [], - "$c base64" => [ "-a" ]); + my %variant = ("$c" => [], + "$c base64" => [ "-a" ]); - foreach my $t (sort keys %variant) { - my $cipherfile = "$test.$c.cipher"; - my $clearfile = "$test.$c.clear"; - my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" ); - my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" ); - if ($c eq "cat") { - $cipherfile = "$test.cipher"; - $clearfile = "$test.clear"; - @e = ( "enc", @{$variant{$t}}, "-e" ); - @d = ( "enc", @{$variant{$t}}, "-d" ); - } + foreach my $t (sort keys %variant) { + my $cipherfile = "$test.$c.cipher"; + my $clearfile = "$test.$c.clear"; + my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" ); + my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" ); + if ($c eq "cat") { + $cipherfile = "$test.cipher"; + $clearfile = "$test.clear"; + @e = ( "enc", @{$variant{$t}}, "-e" ); + @d = ( "enc", @{$variant{$t}}, "-d" ); + } - ok(run(app([$cmd, @e, @prov, "-in", $test, "-out", $cipherfile])) - && run(app([$cmd, @d, @prov, "-in", $cipherfile, "-out", $clearfile])) - && compare_text($test,$clearfile) == 0, $t); - } + ok(run(app([$cmd, @e, @prov, "-in", $test, "-out", $cipherfile])) + && run(app([$cmd, @d, @prov, "-in", $cipherfile, "-out", $clearfile])) + && compare_text($test,$clearfile) == 0, $t); + } } } diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 9783fe3960..5781f26a9a 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -114,7 +114,7 @@ subtest "generating certificate requests with RSA" => sub { "-config", srctop_file("test", "test.cnf"), "-new", "-out", "testreq_withattrs_der.pem", "-utf8", "-key", srctop_file("test", "testrsa_withattrs.der"), - "-keyform", "DER"])), + "-keyform", "DER"])), "Generating request from a key with extra attributes - PEM"); ok(run(app(["openssl", "req", diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 269b2ba4aa..15d051c6ba 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -417,7 +417,7 @@ ok(verify("ee-ss-with-keyCertSign", "", ["ee-ss-with-keyCertSign"], []), SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 6 - if disabled("ec"); + if disabled("ec"); # ED25519 certificate from draft-ietf-curdle-pkix-04 ok(verify("ee-ed25519", "", ["root-ed25519"], []), diff --git a/test/recipes/25-test_verify_store.t b/test/recipes/25-test_verify_store.t index d66dd9d48d..346396a628 100644 --- a/test/recipes/25-test_verify_store.t +++ b/test/recipes/25-test_verify_store.t @@ -25,7 +25,7 @@ my $CAkey = "keyCA.ss"; my $CAcert="certCA.ss"; my $CAserial="certCA.srl"; my $CAreq="reqCA.ss"; -my $CAreq2="req2CA.ss"; # temp +my $CAreq2="req2CA.ss"; # temp my $Ukey="keyU.ss"; my $Ureq="reqU.ss"; my $Ucert="certU.ss"; diff --git a/test/recipes/60-test_x509_check_cert_pkey.t b/test/recipes/60-test_x509_check_cert_pkey.t index 0c8a567fe5..6e7112b4cf 100644 --- a/test/recipes/60-test_x509_check_cert_pkey.t +++ b/test/recipes/60-test_x509_check_cert_pkey.t @@ -37,8 +37,8 @@ SKIP: { skip "DSA disabled", 1, if disabled("dsa"); # dsa ok(run(test(["x509_check_cert_pkey_test", - src_file("server-dsa-cert.pem"), - src_file("server-dsa-key.pem"), "cert", "ok"]))); + src_file("server-dsa-cert.pem"), + src_file("server-dsa-key.pem"), "cert", "ok"]))); } # ecc SKIP: { diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t index 648cb7590c..ce112fd51f 100644 --- a/test/recipes/70-test_sslsessiontick.t +++ b/test/recipes/70-test_sslsessiontick.t @@ -221,38 +221,38 @@ sub checkmessages($$$$$$) subtest $testname => sub { - foreach my $message (@{$proxy->message_list}) { - if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO || $message->mt == TLSProxy::Message::MT_SERVER_HELLO) { - #Get the extensions data - my %extensions = %{$message->extension_data}; - if (defined + #Get the extensions data + my %extensions = %{$message->extension_data}; + if (defined $extensions{TLSProxy::Message::EXT_SESSION_TICKET}) { - if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { - $chellotickext = 1; - } else { - $shellotickext = 1; - } - } - } elsif ($message->mt == TLSProxy::Message::MT_CERTIFICATE) { - #Must be doing a full handshake - $fullhand = 1; - } elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { - $ticketseen = 1; - } - } - - plan tests => 5; - - ok(TLSProxy::Message->success, "Handshake"); - ok(($testch && $chellotickext) || (!$testch && !$chellotickext), - "ClientHello extension Session Ticket check"); - ok(($testsh && $shellotickext) || (!$testsh && !$shellotickext), - "ServerHello extension Session Ticket check"); - ok(($testtickseen && $ticketseen) || (!$testtickseen && !$ticketseen), - "Session Ticket message presence check"); - ok(($testhand && $fullhand) || (!$testhand && !$fullhand), - "Session Ticket full handshake check"); + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + $chellotickext = 1; + } else { + $shellotickext = 1; + } + } + } elsif ($message->mt == TLSProxy::Message::MT_CERTIFICATE) { + #Must be doing a full handshake + $fullhand = 1; + } elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { + $ticketseen = 1; + } + } + + plan tests => 5; + + ok(TLSProxy::Message->success, "Handshake"); + ok(($testch && $chellotickext) || (!$testch && !$chellotickext), + "ClientHello extension Session Ticket check"); + ok(($testsh && $shellotickext) || (!$testsh && !$shellotickext), + "ServerHello extension Session Ticket check"); + ok(($testtickseen && $ticketseen) || (!$testtickseen && !$ticketseen), + "Session Ticket message presence check"); + ok(($testhand && $fullhand) || (!$testhand && !$fullhand), + "Session Ticket full handshake check"); } } diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t index dce9c64120..785870b3ce 100644 --- a/test/recipes/80-test_ca.t +++ b/test/recipes/80-test_ca.t @@ -32,20 +32,20 @@ plan tests => 15; my $cakey = srctop_file("test", "certs", "ca-key.pem"); $ENV{OPENSSL_CONFIG} = '-config ' . $cnf; skip "failed creating CA structure", 4 - if !ok(run(perlapp(["CA.pl","-newca", + if !ok(run(perlapp(["CA.pl","-newca", "-extra-req", "-key $cakey"], stdin => undef)), - 'creating CA structure'); + 'creating CA structure'); my $eekey = srctop_file("test", "certs", "ee-key.pem"); $ENV{OPENSSL_CONFIG} = '-config ' . $cnf; skip "failed creating new certificate request", 3 - if !ok(run(perlapp(["CA.pl","-newreq", + if !ok(run(perlapp(["CA.pl","-newreq", '-extra-req', "-outform DER -section userreq -key $eekey"])), - 'creating certificate request'); + 'creating certificate request'); $ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config '.$std_openssl_cnf; skip "failed to sign certificate request", 2 - if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0, - 'signing certificate request'); + if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0, + 'signing certificate request'); ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])), 'verifying new certificate'); @@ -61,7 +61,7 @@ plan tests => 15; SKIP: { skip "SM2 is not supported by this OpenSSL build", 1 - if disabled("sm2"); + if disabled("sm2"); is(yes(cmdstr(app(["openssl", "ca", "-config", $cnf, diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t index 3727c360ba..bf00386a0f 100644 --- a/test/recipes/80-test_ocsp.t +++ b/test/recipes/80-test_ocsp.t @@ -55,143 +55,143 @@ subtest "=== VALID OCSP RESPONSES ===" => sub { plan tests => 7; test_ocsp("NON-DELEGATED; Intermediate CA -> EE", - "ND1.ors", "ND1_Issuer_ICA.pem", "", 0); + "ND1.ors", "ND1_Issuer_ICA.pem", "", 0); test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", - "ND2.ors", "ND2_Issuer_Root.pem", "", 0); + "ND2.ors", "ND2_Issuer_Root.pem", "", 0); test_ocsp("NON-DELEGATED; Root CA -> EE", - "ND3.ors", "ND3_Issuer_Root.pem", "", 0); + "ND3.ors", "ND3_Issuer_Root.pem", "", 0); test_ocsp("NON-DELEGATED; 3-level CA hierarchy", - "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0); + "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0); test_ocsp("DELEGATED; Intermediate CA -> EE", - "D1.ors", "D1_Issuer_ICA.pem", "", 0); + "D1.ors", "D1_Issuer_ICA.pem", "", 0); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "D2.ors", "D2_Issuer_Root.pem", "", 0); + "D2.ors", "D2_Issuer_Root.pem", "", 0); test_ocsp("DELEGATED; Root CA -> EE", - "D3.ors", "D3_Issuer_Root.pem", "", 0); + "D3.ors", "D3_Issuer_Root.pem", "", 0); }; subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub { plan tests => 6; test_ocsp("NON-DELEGATED; Intermediate CA -> EE", - "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); + "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", - "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1); + "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> EE", - "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1); + "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Intermediate CA -> EE", - "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1); + "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1); + "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Root CA -> EE", - "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1); + "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1); }; subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub { plan tests => 6; test_ocsp("NON-DELEGATED; Intermediate CA -> EE", - "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); + "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", - "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1); + "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> EE", - "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1); + "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Intermediate CA -> EE", - "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1); + "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1); + "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Root CA -> EE", - "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1); + "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1); }; subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub { plan tests => 6; test_ocsp("NON-DELEGATED; Intermediate CA -> EE", - "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); + "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", - "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); + "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> EE", - "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); + "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Intermediate CA -> EE", - "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1); + "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1); + "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Root CA -> EE", - "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1); + "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1); }; subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub { plan tests => 6; test_ocsp("NON-DELEGATED; Intermediate CA -> EE", - "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); + "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", - "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); + "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> EE", - "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); + "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Intermediate CA -> EE", - "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1); + "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1); + "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Root CA -> EE", - "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1); + "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1); }; subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { plan tests => 3; test_ocsp("DELEGATED; Intermediate CA -> EE", - "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); + "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); + "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Root CA -> EE", - "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); + "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); }; subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { plan tests => 3; test_ocsp("DELEGATED; Intermediate CA -> EE", - "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); + "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); + "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Root CA -> EE", - "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); + "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); }; subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub { plan tests => 6; test_ocsp("NON-DELEGATED; Intermediate CA -> EE", - "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1); + "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", - "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1); + "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> EE", - "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1); + "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Intermediate CA -> EE", - "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1); + "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1); + "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Root CA -> EE", - "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1); + "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1); }; subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub { plan tests => 6; test_ocsp("NON-DELEGATED; Intermediate CA -> EE", - "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1); + "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", - "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1); + "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1); test_ocsp("NON-DELEGATED; Root CA -> EE", - "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1); + "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Intermediate CA -> EE", - "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1); + "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1); + "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1); test_ocsp("DELEGATED; Root CA -> EE", - "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1); + "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1); }; subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { @@ -199,17 +199,17 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { # Expect success, because we're explicitly trusting the issuer certificate. test_ocsp("NON-DELEGATED; Intermediate CA -> EE", - "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0); + "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0); test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", - "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0); + "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0); test_ocsp("NON-DELEGATED; Root CA -> EE", - "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0); + "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0); test_ocsp("DELEGATED; Intermediate CA -> EE", - "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0); + "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0); test_ocsp("DELEGATED; Root CA -> Intermediate CA", - "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0); + "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0); test_ocsp("DELEGATED; Root CA -> EE", - "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0); + "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0); }; subtest "=== OCSP API TESTS===" => sub { diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index b71bc01655..4b889f8750 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -50,7 +50,7 @@ my $CAkey = srctop_file("test", "certs", "ca-key.pem"); # "keyCA.ss" my $CAcert="certCA.ss"; my $CAserial="certCA.srl"; my $CAreq="reqCA.ss"; -my $CAreq2="req2CA.ss"; # temp +my $CAreq2="req2CA.ss"; # temp my $Ukey = srctop_file("test", "certs", "ee-key.pem"); # "keyU.ss"; my $Ureq="reqU.ss"; my $Ucert="certU.ss"; @@ -85,13 +85,13 @@ plan tests => subtest 'test_ss' => sub { if (testss()) { - open OUT, ">", "intP1.ss"; - copy($CAcert, \*OUT); copy($Ucert, \*OUT); - close OUT; + open OUT, ">", "intP1.ss"; + copy($CAcert, \*OUT); copy($Ucert, \*OUT); + close OUT; - open OUT, ">", "intP2.ss"; - copy($CAcert, \*OUT); copy($Ucert, \*OUT); copy($P1cert, \*OUT); - close OUT; + open OUT, ">", "intP2.ss"; + copy($CAcert, \*OUT); copy($Ucert, \*OUT); copy($P1cert, \*OUT); + close OUT; } }; @@ -115,68 +115,68 @@ sub testss { my $dsaparams = data_file("dsa2048.pem"); my @req_new; if ($no_rsa) { - @req_new = @req_dsa; + @req_new = @req_dsa; } else { - @req_new = ("-new"); + @req_new = ("-new"); } plan tests => 17; SKIP: { skip 'failure', 16 unless - ok(run(app([@reqcmd, "-config", $cnf, - "-out", $CAreq, "-key", $CAkey, - @req_new])), - 'make cert request'); + ok(run(app([@reqcmd, "-config", $cnf, + "-out", $CAreq, "-key", $CAkey, + @req_new])), + 'make cert request'); skip 'failure', 15 unless - ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30", - "-req", "-out", $CAcert, "-signkey", $CAkey, - "-extfile", $cnf, "-extensions", "v3_ca"], - stdout => "err.ss")), - 'convert request into self-signed cert'); + ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30", + "-req", "-out", $CAcert, "-signkey", $CAkey, + "-extfile", $cnf, "-extensions", "v3_ca"], + stdout => "err.ss")), + 'convert request into self-signed cert'); skip 'failure', 14 unless - ok(run(app([@x509cmd, "-in", $CAcert, - "-x509toreq", "-signkey", $CAkey, "-out", $CAreq2], - stdout => "err.ss")), - 'convert cert into a cert request'); + ok(run(app([@x509cmd, "-in", $CAcert, + "-x509toreq", "-signkey", $CAkey, "-out", $CAreq2], + stdout => "err.ss")), + 'convert cert into a cert request'); skip 'failure', 13 unless - ok(run(app([@reqcmd, "-config", $dummycnf, - "-verify", "-in", $CAreq, "-noout"])), - 'verify request 1'); + ok(run(app([@reqcmd, "-config", $dummycnf, + "-verify", "-in", $CAreq, "-noout"])), + 'verify request 1'); skip 'failure', 12 unless - ok(run(app([@reqcmd, "-config", $dummycnf, - "-verify", "-in", $CAreq2, "-noout"])), - 'verify request 2'); + ok(run(app([@reqcmd, "-config", $dummycnf, + "-verify", "-in", $CAreq2, "-noout"])), + 'verify request 2'); skip 'failure', 11 unless - ok(run(app([@verifycmd, "-CAfile", $CAcert, $CAcert])), - 'verify signature'); + ok(run(app([@verifycmd, "-CAfile", $CAcert, $CAcert])), + 'verify signature'); skip 'failure', 10 unless - ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq", - "-out", $Ureq, "-key", $Ukey, @req_new], - stdout => "err.ss")), - 'make a user cert request'); + ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq", + "-out", $Ureq, "-key", $Ukey, @req_new], + stdout => "err.ss")), + 'make a user cert request'); skip 'failure', 9 unless - ok(run(app([@x509cmd, "-CAcreateserial", "-in", $Ureq, "-days", "30", - "-req", "-out", $Ucert, - "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial, - "-extfile", $cnf, "-extensions", "v3_ee"], - stdout => "err.ss")) - && run(app([@verifycmd, "-CAfile", $CAcert, $Ucert])), - 'sign user cert request'); + ok(run(app([@x509cmd, "-CAcreateserial", "-in", $Ureq, "-days", "30", + "-req", "-out", $Ucert, + "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial, + "-extfile", $cnf, "-extensions", "v3_ee"], + stdout => "err.ss")) + && run(app([@verifycmd, "-CAfile", $CAcert, $Ucert])), + 'sign user cert request'); skip 'failure', 8 unless - ok(run(app([@x509cmd, - "-subject", "-issuer", "-startdate", "-enddate", - "-noout", "-in", $Ucert])), - 'Certificate details'); + ok(run(app([@x509cmd, + "-subject", "-issuer", "-startdate", "-enddate", + "-noout", "-in", $Ucert])), + 'Certificate details'); skip 'failure', 7 unless subtest 'DSA certificate creation' => sub { @@ -270,54 +270,54 @@ sub testss { }; skip 'failure', 5 unless - ok(run(app([@reqcmd, "-config", $proxycnf, - "-out", $P1req, "-key", $P1key, @req_new], - stdout => "err.ss")), - 'make a proxy cert request'); + ok(run(app([@reqcmd, "-config", $proxycnf, + "-out", $P1req, "-key", $P1key, @req_new], + stdout => "err.ss")), + 'make a proxy cert request'); skip 'failure', 4 unless - ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P1req, "-days", "30", - "-req", "-out", $P1cert, - "-CA", $Ucert, "-CAkey", $Ukey, - "-extfile", $proxycnf, "-extensions", "proxy"], - stdout => "err.ss")), - 'sign proxy with user cert'); + ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P1req, "-days", "30", + "-req", "-out", $P1cert, + "-CA", $Ucert, "-CAkey", $Ukey, + "-extfile", $proxycnf, "-extensions", "proxy"], + stdout => "err.ss")), + 'sign proxy with user cert'); copy($Ucert, $P1intermediate); run(app([@verifycmd, "-CAfile", $CAcert, - "-untrusted", $P1intermediate, $P1cert])); + "-untrusted", $P1intermediate, $P1cert])); ok(run(app([@x509cmd, - "-subject", "-issuer", "-startdate", "-enddate", - "-noout", "-in", $P1cert])), - 'Certificate details'); + "-subject", "-issuer", "-startdate", "-enddate", + "-noout", "-in", $P1cert])), + 'Certificate details'); skip 'failure', 2 unless - ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req", - "-out", $P2req, "-key", $P2key, - @req_new], - stdout => "err.ss")), - 'make another proxy cert request'); + ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req", + "-out", $P2req, "-key", $P2key, + @req_new], + stdout => "err.ss")), + 'make another proxy cert request'); skip 'failure', 1 unless - ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P2req, "-days", "30", - "-req", "-out", $P2cert, - "-CA", $P1cert, "-CAkey", $P1key, - "-extfile", $proxycnf, "-extensions", "proxy_2"], - stdout => "err.ss")), - 'sign second proxy cert request with the first proxy cert'); + ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P2req, "-days", "30", + "-req", "-out", $P2cert, + "-CA", $P1cert, "-CAkey", $P1key, + "-extfile", $proxycnf, "-extensions", "proxy_2"], + stdout => "err.ss")), + 'sign second proxy cert request with the first proxy cert'); open OUT, ">", $P2intermediate; copy($Ucert, \*OUT); copy($P1cert, \*OUT); close OUT; run(app([@verifycmd, "-CAfile", $CAcert, - "-untrusted", $P2intermediate, $P2cert])); + "-untrusted", $P2intermediate, $P2cert])); ok(run(app([@x509cmd, - "-subject", "-issuer", "-startdate", "-enddate", - "-noout", "-in", $P2cert])), - 'Certificate details'); + "-subject", "-issuer", "-startdate", "-enddate", + "-noout", "-in", $P2cert])), + 'Certificate details'); } } @@ -341,69 +341,69 @@ sub testssl { my $dsa_cert = 0; if (grep /DSA Public Key/, run(app(["openssl", "x509", "-in", $cert, - "-text", "-noout"]), capture => 1)) { - $dsa_cert = 1; + "-text", "-noout"]), capture => 1)) { + $dsa_cert = 1; } # plan tests => 11; subtest 'standard SSL tests' => sub { - ###################################################################### + ###################################################################### plan tests => 13; SKIP: { - skip "SSLv3 is not supported by this OpenSSL build", 4 - if disabled("ssl3"); - - skip "SSLv3 is not supported by the FIPS provider", 4 - if $provider eq "fips"; - - ok(run(test([@ssltest, "-bio_pair", "-ssl3"])), - 'test sslv3 via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])), - 'test sslv3 with server authentication via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])), - 'test sslv3 with client authentication via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])), - 'test sslv3 with both server and client authentication via BIO pair'); - } + skip "SSLv3 is not supported by this OpenSSL build", 4 + if disabled("ssl3"); + + skip "SSLv3 is not supported by the FIPS provider", 4 + if $provider eq "fips"; + + ok(run(test([@ssltest, "-bio_pair", "-ssl3"])), + 'test sslv3 via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])), + 'test sslv3 with server authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])), + 'test sslv3 with client authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])), + 'test sslv3 with both server and client authentication via BIO pair'); + } SKIP: { - skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1 - if $no_anytls; + skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1 + if $no_anytls; - ok(run(test([@ssltest, "-bio_pair"])), - 'test sslv2/sslv3 via BIO pair'); - } + ok(run(test([@ssltest, "-bio_pair"])), + 'test sslv2/sslv3 via BIO pair'); + } SKIP: { - skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8 - if $no_anytls; + skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8 + if $no_anytls; - SKIP: { - skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert; + SKIP: { + skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert; - ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])), - 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'); - } + ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])), + 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'); + } - SKIP: { - skip "skipping dhe1024dsa test", 1 + SKIP: { + skip "skipping dhe1024dsa test", 1 if ($no_dh); ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])), 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); } - ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), - 'test sslv2/sslv3 with server authentication'); - ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), - 'test sslv2/sslv3 with client authentication via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])), - 'test sslv2/sslv3 with both client and server authentication via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), - 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), + 'test sslv2/sslv3 with server authentication'); + ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), + 'test sslv2/sslv3 with client authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])), + 'test sslv2/sslv3 with both client and server authentication via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), + 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); SKIP: { skip "No IPv4 available on this machine", 1 @@ -518,45 +518,45 @@ sub testssl { }; subtest 'RSA/(EC)DHE/PSK tests' => sub { - ###################################################################### + ###################################################################### - plan tests => 6; + plan tests => 6; SKIP: { - skip "TLSv1.0 is not supported by this OpenSSL build", 6 - if $no_tls1 || $provider eq "fips"; + skip "TLSv1.0 is not supported by this OpenSSL build", 6 + if $no_tls1 || $provider eq "fips"; - SKIP: { - skip "skipping anonymous DH tests", 1 - if ($no_dh); + SKIP: { + skip "skipping anonymous DH tests", 1 + if ($no_dh); - ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])), - 'test tlsv1 with 1024bit anonymous DH, multiple handshakes'); - } + ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])), + 'test tlsv1 with 1024bit anonymous DH, multiple handshakes'); + } - SKIP: { - skip "skipping RSA tests", 2 - if $no_rsa; + SKIP: { + skip "skipping RSA tests", 2 + if $no_rsa; - ok(run(test(["ssl_old_test", "-provider", "default", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])), - 'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes'); + ok(run(test(["ssl_old_test", "-provider", "default", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])), + 'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes'); - skip "skipping RSA+DHE tests", 1 - if $no_dh; + skip "skipping RSA+DHE tests", 1 + if $no_dh; - ok(run(test(["ssl_old_test", "-provider", "default", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])), - 'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes'); - } + ok(run(test(["ssl_old_test", "-provider", "default", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])), + 'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes'); + } - SKIP: { - skip "skipping PSK tests", 3 - if ($no_psk); + SKIP: { + skip "skipping PSK tests", 3 + if ($no_psk); - ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])), - 'test tls1 with PSK'); + ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])), + 'test tls1 with PSK'); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])), - 'test tls1 with PSK via BIO pair'); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])), + 'test tls1 with PSK via BIO pair'); ok(run(test(['ssl_old_test', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])), 'test auto DH meets security strength'); @@ -566,34 +566,34 @@ sub testssl { }; subtest 'Custom Extension tests' => sub { - ###################################################################### + ###################################################################### - plan tests => 1; + plan tests => 1; SKIP: { - skip "TLSv1.0 is not supported by this OpenSSL build", 1 - if $no_tls1 || $provider eq "fips"; + skip "TLSv1.0 is not supported by this OpenSSL build", 1 + if $no_tls1 || $provider eq "fips"; - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])), - 'test tls1 with custom extensions'); - } + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])), + 'test tls1 with custom extensions'); + } }; subtest 'Serverinfo tests' => sub { - ###################################################################### + ###################################################################### - plan tests => 5; + plan tests => 5; SKIP: { - skip "TLSv1.0 is not supported by this OpenSSL build", 5 - if $no_tls1 || $provider eq "fips"; - - note('echo test tls1 with serverinfo'); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo]))); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct"]))); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_tack"]))); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); - } + skip "TLSv1.0 is not supported by this OpenSSL build", 5 + if $no_tls1 || $provider eq "fips"; + + note('echo test tls1 with serverinfo'); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo]))); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct"]))); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_tack"]))); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); + ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); + } }; } |