Revision 48e7b18efcd77890f36272b46a4603d15a1ac221 authored by Neil Horman on 26 July 2024, 15:01:05 UTC, committed by Neil Horman on 09 August 2024, 12:28:38 UTC
Keep us from spinning forever doing huge amounts of math in the fuzzer Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25013) (cherry picked from commit f0768376e1639d12a328745ef69c90d584138074)
1 parent 67c6330
03-custom_verify.cnf.in
# -*- mode: perl; -*-
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
## SSL test configurations
package ssltests;
our @tests = (
# Sanity-check that verification indeed succeeds without the
# restrictive callback.
{
name => "verify-success",
server => { },
client => { },
test => { "ExpectedResult" => "Success" },
},
# Same test as above but with a custom callback that always fails.
{
name => "verify-custom-reject",
server => { },
client => {
extra => {
"VerifyCallback" => "RejectAll",
},
},
test => {
"ExpectedResult" => "ClientFail",
"ExpectedClientAlert" => "HandshakeFailure",
},
},
# Same test as above but with a custom callback that always succeeds.
{
name => "verify-custom-allow",
server => { },
client => {
extra => {
"VerifyCallback" => "AcceptAll",
},
},
test => {
"ExpectedResult" => "Success",
},
},
# Same test as above but with a custom callback that requests retry once.
{
name => "verify-custom-retry",
server => { },
client => {
extra => {
"VerifyCallback" => "RetryOnce",
},
},
test => {
"ExpectedResult" => "Success",
},
},
# Sanity-check that verification indeed succeeds if peer verification
# is not requested.
{
name => "noverify-success",
server => { },
client => {
"VerifyMode" => undef,
"VerifyCAFile" => undef,
},
test => { "ExpectedResult" => "Success" },
},
# Same test as above but with a custom callback that always fails.
# The callback return has no impact on handshake success in this mode.
{
name => "noverify-ignore-custom-reject",
server => { },
client => {
"VerifyMode" => undef,
"VerifyCAFile" => undef,
extra => {
"VerifyCallback" => "RejectAll",
},
},
test => {
"ExpectedResult" => "Success",
},
},
# Same test as above but with a custom callback that always succeeds.
# The callback return has no impact on handshake success in this mode.
{
name => "noverify-accept-custom-allow",
server => { },
client => {
"VerifyMode" => undef,
"VerifyCAFile" => undef,
extra => {
"VerifyCallback" => "AcceptAll",
},
},
test => {
"ExpectedResult" => "Success",
},
},
# Sanity-check that verification indeed fails without the
# permissive callback.
{
name => "verify-fail-no-root",
server => { },
client => {
# Don't set up the client root file.
"VerifyCAFile" => undef,
},
test => {
"ExpectedResult" => "ClientFail",
"ExpectedClientAlert" => "UnknownCA",
},
},
# Same test as above but with a custom callback that always succeeds.
{
name => "verify-custom-success-no-root",
server => { },
client => {
"VerifyCAFile" => undef,
extra => {
"VerifyCallback" => "AcceptAll",
},
},
test => {
"ExpectedResult" => "Success"
},
},
# Same test as above but with a custom callback that always fails.
{
name => "verify-custom-fail-no-root",
server => { },
client => {
"VerifyCAFile" => undef,
extra => {
"VerifyCallback" => "RejectAll",
},
},
test => {
"ExpectedResult" => "ClientFail",
"ExpectedClientAlert" => "HandshakeFailure",
},
},
);
Computing file changes ...
