[openssl-commits] [openssl] master update
Emilia Kasper
emilia at openssl.org
Mon Jun 13 14:13:24 UTC 2016
The branch master has been updated
via 74726750ef041ba5fdf0516cbd060a202f7092c1 (commit)
from 81fc33c951b645f31727dc811e02200bde4a0982 (commit)
- Log -----------------------------------------------------------------
commit 74726750ef041ba5fdf0516cbd060a202f7092c1
Author: Emilia Kasper <emilia at openssl.org>
Date: Fri Jun 3 17:49:04 2016 +0200
Port DTLS version negotiation tests
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/README.ssltest.md | 2 +
test/recipes/80-test_ssl_new.t | 34 +-
test/recipes/80-test_ssl_old.t | 51 +-
test/ssl-tests/02-protocol-version.conf.in | 113 +-
test/ssl-tests/07-dtls-protocol-version.conf | 2476 ++++++++++++++++++++
...ni.conf.in => 07-dtls-protocol-version.conf.in} | 16 +-
...rotocol-version.conf.in => protocol_version.pm} | 94 +-
test/ssl_test.c | 23 +-
test/ssl_test_ctx.c | 28 +
test/ssl_test_ctx.h | 8 +
test/ssl_test_ctx_test.c | 2 +
test/ssl_test_ctx_test.conf | 5 +
12 files changed, 2645 insertions(+), 207 deletions(-)
create mode 100644 test/ssl-tests/07-dtls-protocol-version.conf
copy test/ssl-tests/{05-sni.conf.in => 07-dtls-protocol-version.conf.in} (63%)
copy test/ssl-tests/{02-protocol-version.conf.in => protocol_version.pm} (56%)
diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 03b9f93..5797cf6 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -64,6 +64,8 @@ The test section supports the following options:
- AcceptAll - accepts all certificates.
- RejectAll - rejects all certificates.
+* Method - the method to test. One of DTLS or TLS.
+
* ServerName - the server the client should attempt to connect to. One of
- None - do not use SNI (default)
- server1 - the initial context
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index b7ab408..a024753 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -26,28 +26,43 @@ map { s/;.*// } @conf_srcs if $^O eq "VMS";
my @conf_files = map { basename($_) } @conf_srcs;
map { s/\.in// } @conf_files;
-# 02-protocol-version.conf test results depend on the configuration of enabled
-# protocols. We only verify generated sources in the default configuration.
-my $is_default = (disabled("ssl3") && !disabled("tls1") &&
- !disabled("tls1_1") && !disabled("tls1_2"));
+# 02-protocol-version.conf test and 05-dtls-protocol-version.conf results
+# depend on the configuration of enabled protocols. We only verify generated
+# sources in the default configuration.
+my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
+ !disabled("tls1_1") && !disabled("tls1_2"));
-my %conf_dependent_tests = ("02-protocol-version.conf" => 1);
+my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
+
+my $no_tls = alldisabled(available_protocols("tls"));
+my $no_dtls = alldisabled(available_protocols("dtls"));
+
+my %conf_dependent_tests = (
+ "02-protocol-version.conf" => !$is_default_tls,
+ "05-dtls-protocol-version.conf" => !$is_default_dtls,
+);
+
+# Default is $no_tls but some tests have different skip conditions.
+my %skip = (
+ "05-dtls-protocol-version.conf" => $no_dtls,
+);
foreach my $conf (@conf_files) {
subtest "Test configuration $conf" => sub {
test_conf($conf,
- $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1);
+ $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1,
+ $skip{$conf} || $no_tls);
}
}
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 6; # = scalar @conf_srcs
+plan tests => 7; # = scalar @conf_srcs
sub test_conf {
plan tests => 3;
- my ($conf, $check_source) = @_;
+ my ($conf, $check_source, $skip) = @_;
my $conf_file = srctop_file("test", "ssl-tests", $conf);
my $tmp_file = "${conf}.$$.tmp";
@@ -73,8 +88,7 @@ sub test_conf {
}
# Test 3. Run the test.
- my $no_tls = alldisabled(available_protocols("tls"));
- skip "No TLS tests available; skipping tests", 1 if $no_tls;
+ skip "No tests available; skipping tests", 1 if $skip;
skip "Stale sources; skipping tests", 1 if !$run_test;
ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf");
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 4b932fd..716f23b 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -79,7 +79,7 @@ my $client_sess="client.ss";
# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
plan tests =>
1 # For testss
- + 14 # For the first testssl
+ + 13 # For the first testssl
;
subtest 'test_ss' => sub {
@@ -331,7 +331,7 @@ sub testssl {
subtest 'standard SSL tests' => sub {
######################################################################
- plan tests => 21;
+ plan tests => 21;
SKIP: {
skip "SSLv3 is not supported by this OpenSSL build", 4
@@ -683,53 +683,6 @@ sub testssl {
}
};
- subtest 'DTLS Version min/max tests' => sub {
- my @protos;
- push(@protos, "dtls1") unless ($no_dtls1 || $no_dtls);
- push(@protos, "dtls1.2") unless ($no_dtls1_2 || $no_dtls);
- my @minprotos = (undef, @protos);
- my @maxprotos = (@protos, undef);
- my @shdprotos = (@protos, $protos[$#protos]);
- my $n = ((@protos+2) * (@protos+3))/2 - 2;
- my $ntests = $n * $n;
- plan tests => $ntests;
- SKIP: {
- skip "DTLS disabled", 1 if $ntests == 1;
-
- my $should;
- for (my $smin = 0; $smin < @minprotos; ++$smin) {
- for (my $smax = $smin ? $smin - 1 : 0; $smax < @maxprotos; ++$smax) {
- for (my $cmin = 0; $cmin < @minprotos; ++$cmin) {
- for (my $cmax = $cmin ? $cmin - 1 : 0; $cmax < @maxprotos; ++$cmax) {
- if ($cmax < $smin-1) {
- $should = "fail-server";
- } elsif ($smax < $cmin-1) {
- $should = "fail-client";
- } elsif ($cmax > $smax) {
- $should = $shdprotos[$smax];
- } else {
- $should = $shdprotos[$cmax];
- }
-
- my @args = (@ssltest, "-dtls");
- push(@args, "-should_negotiate", $should);
- push(@args, "-server_min_proto", $minprotos[$smin])
- if (defined($minprotos[$smin]));
- push(@args, "-server_max_proto", $maxprotos[$smax])
- if (defined($maxprotos[$smax]));
- push(@args, "-client_min_proto", $minprotos[$cmin])
- if (defined($minprotos[$cmin]));
- push(@args, "-client_max_proto", $maxprotos[$cmax])
- if (defined($maxprotos[$cmax]));
- my $ok = run(test[@args]);
- if (! $ok) {
- print STDERR "\nsmin=$smin, smax=$smax, cmin=$cmin, cmax=$cmax\n";
- print STDERR "\nFailed: @args\n";
- }
- ok($ok);
- }}}}}
- };
-
subtest 'TLS session reuse' => sub {
plan tests => 12;
diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in
index 22e1f36..46851c9 100644
--- a/test/ssl-tests/02-protocol-version.conf.in
+++ b/test/ssl-tests/02-protocol-version.conf.in
@@ -7,116 +7,13 @@
# https://www.openssl.org/source/license.html
-## Test version negotiation
+## Test TLS version negotiation
package ssltests;
-use List::Util qw/max min/;
+use strict;
+use warnings;
-use OpenSSL::Test;
-use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
-setup("no_test_here");
+use protocol_version;
-my @protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-# undef stands for "no limit".
-my @min_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-my @max_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
-
-my @is_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-
-my $min_enabled; my $max_enabled;
-
-# Protocol configuration works in cascades, i.e.,
-# $no_tls1_1 disables TLSv1.1 and below.
-#
-# $min_enabled and $max_enabled will be correct if there is at least one
-# protocol enabled.
-foreach my $i (0..$#protocols) {
- if (!$is_disabled[$i]) {
- $min_enabled = $i;
- last;
- }
-}
-
-foreach my $i (0..$#protocols) {
- if (!$is_disabled[$i]) {
- $max_enabled = $i;
- }
-}
-
-our @tests = ();
-
-sub generate_tests() {
- foreach my $c_min (0..$#min_protocols) {
- my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
- foreach my $c_max ($c_max_min..$#max_protocols) {
- foreach my $s_min (0..$#min_protocols) {
- my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
- foreach my $s_max ($s_max_min..$#max_protocols) {
- my ($result, $protocol) =
- expected_result($c_min, $c_max, $s_min, $s_max);
- push @tests, {
- "name" => "version-negotiation",
- "client" => {
- "MinProtocol" => $min_protocols[$c_min],
- "MaxProtocol" => $max_protocols[$c_max],
- },
- "server" => {
- "MinProtocol" => $min_protocols[$s_min],
- "MaxProtocol" => $max_protocols[$s_max],
- },
- "test" => {
- "ExpectedResult" => $result,
- "Protocol" => $protocol
- }
- };
- }
- }
- }
- }
-}
-
-sub expected_result {
- my $no_tls = alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
- if ($no_tls) {
- return ("InternalError", undef);
- }
-
- my ($c_min, $c_max, $s_min, $s_max) = @_;
-
- # Adjust for "undef" (no limit).
- $c_min = $c_min == 0 ? 0 : $c_min - 1;
- $c_max = $c_max == scalar(@max_protocols) - 1 ? $c_max - 1 : $c_max;
- $s_min = $s_min == 0 ? 0 : $s_min - 1;
- $s_max = $s_max == scalar(@max_protocols) - 1 ? $s_max - 1 : $s_max;
-
- # We now have at least one protocol enabled, so $min_enabled and
- # $max_enabled are well-defined.
- $c_min = max $c_min, $min_enabled;
- $s_min = max $s_min, $min_enabled;
- $c_max = min $c_max, $max_enabled;
- $s_max = min $s_max, $max_enabled;
-
- if ($c_min > $c_max) {
- # Client should fail to even send a hello.
- # This results in an internal error since the server will be
- # waiting for input that never arrives.
- return ("InternalError", undef);
- } elsif ($s_min > $s_max) {
- # Server has no protocols, should always fail.
- return ("ServerFail", undef);
- } elsif ($s_min > $c_max) {
- # Server doesn't support the client range.
- return ("ServerFail", undef);
- } elsif ($c_min > $s_max) {
- # Server will try with a version that is lower than the lowest
- # supported client version.
- return ("ClientFail", undef);
- } else {
- # Server and client ranges overlap.
- my $max_common = $s_max < $c_max ? $s_max : $c_max;
- return ("Success", $protocols[$max_common]);
- }
-}
-
-generate_tests();
+our @tests = generate_tests("TLS");
diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.conf
new file mode 100644
index 0000000..0cb183a
--- /dev/null
+++ b/test/ssl-tests/07-dtls-protocol-version.conf
@@ -0,0 +1,2476 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 64
+
+test-0 = 0-version-negotiation
+test-1 = 1-version-negotiation
+test-2 = 2-version-negotiation
+test-3 = 3-version-negotiation
+test-4 = 4-version-negotiation
+test-5 = 5-version-negotiation
+test-6 = 6-version-negotiation
+test-7 = 7-version-negotiation
+test-8 = 8-version-negotiation
+test-9 = 9-version-negotiation
+test-10 = 10-version-negotiation
+test-11 = 11-version-negotiation
+test-12 = 12-version-negotiation
+test-13 = 13-version-negotiation
+test-14 = 14-version-negotiation
+test-15 = 15-version-negotiation
+test-16 = 16-version-negotiation
+test-17 = 17-version-negotiation
+test-18 = 18-version-negotiation
+test-19 = 19-version-negotiation
+test-20 = 20-version-negotiation
+test-21 = 21-version-negotiation
+test-22 = 22-version-negotiation
+test-23 = 23-version-negotiation
+test-24 = 24-version-negotiation
+test-25 = 25-version-negotiation
+test-26 = 26-version-negotiation
+test-27 = 27-version-negotiation
+test-28 = 28-version-negotiation
+test-29 = 29-version-negotiation
+test-30 = 30-version-negotiation
+test-31 = 31-version-negotiation
+test-32 = 32-version-negotiation
+test-33 = 33-version-negotiation
+test-34 = 34-version-negotiation
+test-35 = 35-version-negotiation
+test-36 = 36-version-negotiation
+test-37 = 37-version-negotiation
+test-38 = 38-version-negotiation
+test-39 = 39-version-negotiation
+test-40 = 40-version-negotiation
+test-41 = 41-version-negotiation
+test-42 = 42-version-negotiation
+test-43 = 43-version-negotiation
+test-44 = 44-version-negotiation
+test-45 = 45-version-negotiation
+test-46 = 46-version-negotiation
+test-47 = 47-version-negotiation
+test-48 = 48-version-negotiation
+test-49 = 49-version-negotiation
+test-50 = 50-version-negotiation
+test-51 = 51-version-negotiation
+test-52 = 52-version-negotiation
+test-53 = 53-version-negotiation
+test-54 = 54-version-negotiation
+test-55 = 55-version-negotiation
+test-56 = 56-version-negotiation
+test-57 = 57-version-negotiation
+test-58 = 58-version-negotiation
+test-59 = 59-version-negotiation
+test-60 = 60-version-negotiation
+test-61 = 61-version-negotiation
+test-62 = 62-version-negotiation
+test-63 = 63-version-negotiation
+# ===========================================================
+
+[0-version-negotiation]
+ssl_conf = 0-version-negotiation-ssl
+
+[0-version-negotiation-ssl]
+server = 0-version-negotiation-server
+server2 = 0-version-negotiation-server2
+client = 0-version-negotiation-client
+
+[0-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[0-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[0-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-0]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[1-version-negotiation]
+ssl_conf = 1-version-negotiation-ssl
+
+[1-version-negotiation-ssl]
+server = 1-version-negotiation-server
+server2 = 1-version-negotiation-server2
+client = 1-version-negotiation-client
+
+[1-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[1-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[1-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-1]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[2-version-negotiation]
+ssl_conf = 2-version-negotiation-ssl
+
+[2-version-negotiation-ssl]
+server = 2-version-negotiation-server
+server2 = 2-version-negotiation-server2
+client = 2-version-negotiation-client
+
+[2-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[2-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[2-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-2]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[3-version-negotiation]
+ssl_conf = 3-version-negotiation-ssl
+
+[3-version-negotiation-ssl]
+server = 3-version-negotiation-server
+server2 = 3-version-negotiation-server2
+client = 3-version-negotiation-client
+
+[3-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[3-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[3-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-3]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[4-version-negotiation]
+ssl_conf = 4-version-negotiation-ssl
+
+[4-version-negotiation-ssl]
+server = 4-version-negotiation-server
+server2 = 4-version-negotiation-server2
+client = 4-version-negotiation-client
+
+[4-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[4-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[4-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-4]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[5-version-negotiation]
+ssl_conf = 5-version-negotiation-ssl
+
+[5-version-negotiation-ssl]
+server = 5-version-negotiation-server
+server2 = 5-version-negotiation-server2
+client = 5-version-negotiation-client
+
+[5-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[5-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[5-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-5]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[6-version-negotiation]
+ssl_conf = 6-version-negotiation-ssl
+
+[6-version-negotiation-ssl]
+server = 6-version-negotiation-server
+server2 = 6-version-negotiation-server2
+client = 6-version-negotiation-client
+
+[6-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[6-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[6-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-6]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[7-version-negotiation]
+ssl_conf = 7-version-negotiation-ssl
+
+[7-version-negotiation-ssl]
+server = 7-version-negotiation-server
+server2 = 7-version-negotiation-server2
+client = 7-version-negotiation-client
+
+[7-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[7-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[7-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-7]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[8-version-negotiation]
+ssl_conf = 8-version-negotiation-ssl
+
+[8-version-negotiation-ssl]
+server = 8-version-negotiation-server
+server2 = 8-version-negotiation-server2
+client = 8-version-negotiation-client
+
+[8-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[8-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[8-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-8]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[9-version-negotiation]
+ssl_conf = 9-version-negotiation-ssl
+
+[9-version-negotiation-ssl]
+server = 9-version-negotiation-server
+server2 = 9-version-negotiation-server2
+client = 9-version-negotiation-client
+
+[9-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[9-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[9-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-9]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[10-version-negotiation]
+ssl_conf = 10-version-negotiation-ssl
+
+[10-version-negotiation-ssl]
+server = 10-version-negotiation-server
+server2 = 10-version-negotiation-server2
+client = 10-version-negotiation-client
+
+[10-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[10-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[10-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-10]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[11-version-negotiation]
+ssl_conf = 11-version-negotiation-ssl
+
+[11-version-negotiation-ssl]
+server = 11-version-negotiation-server
+server2 = 11-version-negotiation-server2
+client = 11-version-negotiation-client
+
+[11-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[11-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[11-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-11]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[12-version-negotiation]
+ssl_conf = 12-version-negotiation-ssl
+
+[12-version-negotiation-ssl]
+server = 12-version-negotiation-server
+server2 = 12-version-negotiation-server2
+client = 12-version-negotiation-client
+
+[12-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[12-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[12-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-12]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[13-version-negotiation]
+ssl_conf = 13-version-negotiation-ssl
+
+[13-version-negotiation-ssl]
+server = 13-version-negotiation-server
+server2 = 13-version-negotiation-server2
+client = 13-version-negotiation-client
+
+[13-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[13-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[13-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-13]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[14-version-negotiation]
+ssl_conf = 14-version-negotiation-ssl
+
+[14-version-negotiation-ssl]
+server = 14-version-negotiation-server
+server2 = 14-version-negotiation-server2
+client = 14-version-negotiation-client
+
+[14-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[14-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[14-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-14]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[15-version-negotiation]
+ssl_conf = 15-version-negotiation-ssl
+
+[15-version-negotiation-ssl]
+server = 15-version-negotiation-server
+server2 = 15-version-negotiation-server2
+client = 15-version-negotiation-client
+
+[15-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[15-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[15-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-15]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[16-version-negotiation]
+ssl_conf = 16-version-negotiation-ssl
+
+[16-version-negotiation-ssl]
+server = 16-version-negotiation-server
+server2 = 16-version-negotiation-server2
+client = 16-version-negotiation-client
+
+[16-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[16-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[16-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-16]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[17-version-negotiation]
+ssl_conf = 17-version-negotiation-ssl
+
+[17-version-negotiation-ssl]
+server = 17-version-negotiation-server
+server2 = 17-version-negotiation-server2
+client = 17-version-negotiation-client
+
+[17-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[17-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[17-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-17]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[18-version-negotiation]
+ssl_conf = 18-version-negotiation-ssl
+
+[18-version-negotiation-ssl]
+server = 18-version-negotiation-server
+server2 = 18-version-negotiation-server2
+client = 18-version-negotiation-client
+
+[18-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[18-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[18-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-18]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[19-version-negotiation]
+ssl_conf = 19-version-negotiation-ssl
+
+[19-version-negotiation-ssl]
+server = 19-version-negotiation-server
+server2 = 19-version-negotiation-server2
+client = 19-version-negotiation-client
+
+[19-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[19-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[19-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-19]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[20-version-negotiation]
+ssl_conf = 20-version-negotiation-ssl
+
+[20-version-negotiation-ssl]
+server = 20-version-negotiation-server
+server2 = 20-version-negotiation-server2
+client = 20-version-negotiation-client
+
+[20-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[20-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[20-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-20]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[21-version-negotiation]
+ssl_conf = 21-version-negotiation-ssl
+
+[21-version-negotiation-ssl]
+server = 21-version-negotiation-server
+server2 = 21-version-negotiation-server2
+client = 21-version-negotiation-client
+
+[21-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[21-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[21-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-21]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[22-version-negotiation]
+ssl_conf = 22-version-negotiation-ssl
+
+[22-version-negotiation-ssl]
+server = 22-version-negotiation-server
+server2 = 22-version-negotiation-server2
+client = 22-version-negotiation-client
+
+[22-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[22-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[22-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-22]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[23-version-negotiation]
+ssl_conf = 23-version-negotiation-ssl
+
+[23-version-negotiation-ssl]
+server = 23-version-negotiation-server
+server2 = 23-version-negotiation-server2
+client = 23-version-negotiation-client
+
+[23-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[23-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[23-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-23]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[24-version-negotiation]
+ssl_conf = 24-version-negotiation-ssl
+
+[24-version-negotiation-ssl]
+server = 24-version-negotiation-server
+server2 = 24-version-negotiation-server2
+client = 24-version-negotiation-client
+
+[24-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[24-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[24-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-24]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[25-version-negotiation]
+ssl_conf = 25-version-negotiation-ssl
+
+[25-version-negotiation-ssl]
+server = 25-version-negotiation-server
+server2 = 25-version-negotiation-server2
+client = 25-version-negotiation-client
+
+[25-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[25-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[25-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-25]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[26-version-negotiation]
+ssl_conf = 26-version-negotiation-ssl
+
+[26-version-negotiation-ssl]
+server = 26-version-negotiation-server
+server2 = 26-version-negotiation-server2
+client = 26-version-negotiation-client
+
+[26-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[26-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[26-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-26]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[27-version-negotiation]
+ssl_conf = 27-version-negotiation-ssl
+
+[27-version-negotiation-ssl]
+server = 27-version-negotiation-server
+server2 = 27-version-negotiation-server2
+client = 27-version-negotiation-client
+
+[27-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[27-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[27-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-27]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[28-version-negotiation]
+ssl_conf = 28-version-negotiation-ssl
+
+[28-version-negotiation-ssl]
+server = 28-version-negotiation-server
+server2 = 28-version-negotiation-server2
+client = 28-version-negotiation-client
+
+[28-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[28-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[28-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-28]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[29-version-negotiation]
+ssl_conf = 29-version-negotiation-ssl
+
+[29-version-negotiation-ssl]
+server = 29-version-negotiation-server
+server2 = 29-version-negotiation-server2
+client = 29-version-negotiation-client
+
+[29-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[29-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[29-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-29]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[30-version-negotiation]
+ssl_conf = 30-version-negotiation-ssl
+
+[30-version-negotiation-ssl]
+server = 30-version-negotiation-server
+server2 = 30-version-negotiation-server2
+client = 30-version-negotiation-client
+
+[30-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[30-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[30-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-30]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[31-version-negotiation]
+ssl_conf = 31-version-negotiation-ssl
+
+[31-version-negotiation-ssl]
+server = 31-version-negotiation-server
+server2 = 31-version-negotiation-server2
+client = 31-version-negotiation-client
+
+[31-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[31-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[31-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-31]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[32-version-negotiation]
+ssl_conf = 32-version-negotiation-ssl
+
+[32-version-negotiation-ssl]
+server = 32-version-negotiation-server
+server2 = 32-version-negotiation-server2
+client = 32-version-negotiation-client
+
+[32-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[32-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[32-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-32]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[33-version-negotiation]
+ssl_conf = 33-version-negotiation-ssl
+
+[33-version-negotiation-ssl]
+server = 33-version-negotiation-server
+server2 = 33-version-negotiation-server2
+client = 33-version-negotiation-client
+
+[33-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[33-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[33-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-33]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[34-version-negotiation]
+ssl_conf = 34-version-negotiation-ssl
+
+[34-version-negotiation-ssl]
+server = 34-version-negotiation-server
+server2 = 34-version-negotiation-server2
+client = 34-version-negotiation-client
+
+[34-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[34-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[34-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-34]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[35-version-negotiation]
+ssl_conf = 35-version-negotiation-ssl
+
+[35-version-negotiation-ssl]
+server = 35-version-negotiation-server
+server2 = 35-version-negotiation-server2
+client = 35-version-negotiation-client
+
+[35-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[35-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[35-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-35]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[36-version-negotiation]
+ssl_conf = 36-version-negotiation-ssl
+
+[36-version-negotiation-ssl]
+server = 36-version-negotiation-server
+server2 = 36-version-negotiation-server2
+client = 36-version-negotiation-client
+
+[36-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[36-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[36-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-36]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[37-version-negotiation]
+ssl_conf = 37-version-negotiation-ssl
+
+[37-version-negotiation-ssl]
+server = 37-version-negotiation-server
+server2 = 37-version-negotiation-server2
+client = 37-version-negotiation-client
+
+[37-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[37-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[37-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-37]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[38-version-negotiation]
+ssl_conf = 38-version-negotiation-ssl
+
+[38-version-negotiation-ssl]
+server = 38-version-negotiation-server
+server2 = 38-version-negotiation-server2
+client = 38-version-negotiation-client
+
+[38-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[38-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[38-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-38]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[39-version-negotiation]
+ssl_conf = 39-version-negotiation-ssl
+
+[39-version-negotiation-ssl]
+server = 39-version-negotiation-server
+server2 = 39-version-negotiation-server2
+client = 39-version-negotiation-client
+
+[39-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[39-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[39-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-39]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[40-version-negotiation]
+ssl_conf = 40-version-negotiation-ssl
+
+[40-version-negotiation-ssl]
+server = 40-version-negotiation-server
+server2 = 40-version-negotiation-server2
+client = 40-version-negotiation-client
+
+[40-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[40-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[40-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-40]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[41-version-negotiation]
+ssl_conf = 41-version-negotiation-ssl
+
+[41-version-negotiation-ssl]
+server = 41-version-negotiation-server
+server2 = 41-version-negotiation-server2
+client = 41-version-negotiation-client
+
+[41-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[41-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[41-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-41]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[42-version-negotiation]
+ssl_conf = 42-version-negotiation-ssl
+
+[42-version-negotiation-ssl]
+server = 42-version-negotiation-server
+server2 = 42-version-negotiation-server2
+client = 42-version-negotiation-client
+
+[42-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[42-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[42-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-42]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[43-version-negotiation]
+ssl_conf = 43-version-negotiation-ssl
+
+[43-version-negotiation-ssl]
+server = 43-version-negotiation-server
+server2 = 43-version-negotiation-server2
+client = 43-version-negotiation-client
+
+[43-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[43-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[43-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-43]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[44-version-negotiation]
+ssl_conf = 44-version-negotiation-ssl
+
+[44-version-negotiation-ssl]
+server = 44-version-negotiation-server
+server2 = 44-version-negotiation-server2
+client = 44-version-negotiation-client
+
+[44-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[44-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[44-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-44]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[45-version-negotiation]
+ssl_conf = 45-version-negotiation-ssl
+
+[45-version-negotiation-ssl]
+server = 45-version-negotiation-server
+server2 = 45-version-negotiation-server2
+client = 45-version-negotiation-client
+
+[45-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[45-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[45-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-45]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[46-version-negotiation]
+ssl_conf = 46-version-negotiation-ssl
+
+[46-version-negotiation-ssl]
+server = 46-version-negotiation-server
+server2 = 46-version-negotiation-server2
+client = 46-version-negotiation-client
+
+[46-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[46-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[46-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-46]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[47-version-negotiation]
+ssl_conf = 47-version-negotiation-ssl
+
+[47-version-negotiation-ssl]
+server = 47-version-negotiation-server
+server2 = 47-version-negotiation-server2
+client = 47-version-negotiation-client
+
+[47-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[47-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[47-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-47]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[48-version-negotiation]
+ssl_conf = 48-version-negotiation-ssl
+
+[48-version-negotiation-ssl]
+server = 48-version-negotiation-server
+server2 = 48-version-negotiation-server2
+client = 48-version-negotiation-client
+
+[48-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[48-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[48-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-48]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[49-version-negotiation]
+ssl_conf = 49-version-negotiation-ssl
+
+[49-version-negotiation-ssl]
+server = 49-version-negotiation-server
+server2 = 49-version-negotiation-server2
+client = 49-version-negotiation-client
+
+[49-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[49-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[49-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-49]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[50-version-negotiation]
+ssl_conf = 50-version-negotiation-ssl
+
+[50-version-negotiation-ssl]
+server = 50-version-negotiation-server
+server2 = 50-version-negotiation-server2
+client = 50-version-negotiation-client
+
+[50-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[50-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[50-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-50]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[51-version-negotiation]
+ssl_conf = 51-version-negotiation-ssl
+
+[51-version-negotiation-ssl]
+server = 51-version-negotiation-server
+server2 = 51-version-negotiation-server2
+client = 51-version-negotiation-client
+
+[51-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[51-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[51-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-51]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[52-version-negotiation]
+ssl_conf = 52-version-negotiation-ssl
+
+[52-version-negotiation-ssl]
+server = 52-version-negotiation-server
+server2 = 52-version-negotiation-server2
+client = 52-version-negotiation-client
+
+[52-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[52-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[52-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-52]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[53-version-negotiation]
+ssl_conf = 53-version-negotiation-ssl
+
+[53-version-negotiation-ssl]
+server = 53-version-negotiation-server
+server2 = 53-version-negotiation-server2
+client = 53-version-negotiation-client
+
+[53-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[53-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[53-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-53]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[54-version-negotiation]
+ssl_conf = 54-version-negotiation-ssl
+
+[54-version-negotiation-ssl]
+server = 54-version-negotiation-server
+server2 = 54-version-negotiation-server2
+client = 54-version-negotiation-client
+
+[54-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[54-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[54-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-54]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[55-version-negotiation]
+ssl_conf = 55-version-negotiation-ssl
+
+[55-version-negotiation-ssl]
+server = 55-version-negotiation-server
+server2 = 55-version-negotiation-server2
+client = 55-version-negotiation-client
+
+[55-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[55-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[55-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-55]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[56-version-negotiation]
+ssl_conf = 56-version-negotiation-ssl
+
+[56-version-negotiation-ssl]
+server = 56-version-negotiation-server
+server2 = 56-version-negotiation-server2
+client = 56-version-negotiation-client
+
+[56-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[56-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[56-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-56]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[57-version-negotiation]
+ssl_conf = 57-version-negotiation-ssl
+
+[57-version-negotiation-ssl]
+server = 57-version-negotiation-server
+server2 = 57-version-negotiation-server2
+client = 57-version-negotiation-client
+
+[57-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[57-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[57-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-57]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[58-version-negotiation]
+ssl_conf = 58-version-negotiation-ssl
+
+[58-version-negotiation-ssl]
+server = 58-version-negotiation-server
+server2 = 58-version-negotiation-server2
+client = 58-version-negotiation-client
+
+[58-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[58-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[58-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-58]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[59-version-negotiation]
+ssl_conf = 59-version-negotiation-ssl
+
+[59-version-negotiation-ssl]
+server = 59-version-negotiation-server
+server2 = 59-version-negotiation-server2
+client = 59-version-negotiation-client
+
+[59-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[59-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[59-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-59]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[60-version-negotiation]
+ssl_conf = 60-version-negotiation-ssl
+
+[60-version-negotiation-ssl]
+server = 60-version-negotiation-server
+server2 = 60-version-negotiation-server2
+client = 60-version-negotiation-client
+
+[60-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[60-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[60-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-60]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[61-version-negotiation]
+ssl_conf = 61-version-negotiation-ssl
+
+[61-version-negotiation-ssl]
+server = 61-version-negotiation-server
+server2 = 61-version-negotiation-server2
+client = 61-version-negotiation-client
+
+[61-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[61-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[61-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-61]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[62-version-negotiation]
+ssl_conf = 62-version-negotiation-ssl
+
+[62-version-negotiation-ssl]
+server = 62-version-negotiation-server
+server2 = 62-version-negotiation-server2
+client = 62-version-negotiation-client
+
+[62-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[62-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[62-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-62]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[63-version-negotiation]
+ssl_conf = 63-version-negotiation-ssl
+
+[63-version-negotiation-ssl]
+server = 63-version-negotiation-server
+server2 = 63-version-negotiation-server2
+client = 63-version-negotiation-client
+
+[63-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[63-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[63-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-63]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/07-dtls-protocol-version.conf.in
similarity index 63%
copy from test/ssl-tests/05-sni.conf.in
copy to test/ssl-tests/07-dtls-protocol-version.conf.in
index db0250b..965ed3e 100644
--- a/test/ssl-tests/05-sni.conf.in
+++ b/test/ssl-tests/07-dtls-protocol-version.conf.in
@@ -7,19 +7,13 @@
# https://www.openssl.org/source/license.html
-## SSL test configurations
+## Test DTLS version negotiation
+
+package ssltests;
use strict;
use warnings;
-package ssltests;
+use protocol_version;
-our @tests = (
- {
- name => "SNI-default",
- server => { },
- client => { },
- test => { "ServerName" => "server2",
- "ExpectedResult" => "Success" },
- },
-);
+our @tests = generate_tests("DTLS");
diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/protocol_version.pm
similarity index 56%
copy from test/ssl-tests/02-protocol-version.conf.in
copy to test/ssl-tests/protocol_version.pm
index 22e1f36..cb99756 100644
--- a/test/ssl-tests/02-protocol-version.conf.in
+++ b/test/ssl-tests/protocol_version.pm
@@ -11,42 +11,87 @@
package ssltests;
+use strict;
+use warnings;
+
use List::Util qw/max min/;
use OpenSSL::Test;
use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
setup("no_test_here");
-my @protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
# undef stands for "no limit".
-my @min_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-my @max_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
+my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
-my @is_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-my $min_enabled; my $max_enabled;
+my $min_tls_enabled; my $max_tls_enabled;
# Protocol configuration works in cascades, i.e.,
# $no_tls1_1 disables TLSv1.1 and below.
#
# $min_enabled and $max_enabled will be correct if there is at least one
# protocol enabled.
-foreach my $i (0..$#protocols) {
- if (!$is_disabled[$i]) {
- $min_enabled = $i;
+foreach my $i (0..$#tls_protocols) {
+ if (!$is_tls_disabled[$i]) {
+ $min_tls_enabled = $i;
+ last;
+ }
+}
+
+foreach my $i (0..$#tls_protocols) {
+ if (!$is_tls_disabled[$i]) {
+ $max_tls_enabled = $i;
+ }
+}
+
+my @dtls_protocols = ("DTLSv1", "DTLSv1.2");
+# undef stands for "no limit".
+my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2");
+my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef);
+
+my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2");
+
+my $min_dtls_enabled; my $max_dtls_enabled;
+
+# $min_enabled and $max_enabled will be correct if there is at least one
+# protocol enabled.
+foreach my $i (0..$#dtls_protocols) {
+ if (!$is_dtls_disabled[$i]) {
+ $min_dtls_enabled = $i;
last;
}
}
-foreach my $i (0..$#protocols) {
- if (!$is_disabled[$i]) {
- $max_enabled = $i;
+foreach my $i (0..$#dtls_protocols) {
+ if (!$is_dtls_disabled[$i]) {
+ $max_dtls_enabled = $i;
}
}
-our @tests = ();
+sub generate_tests {
+ my ($method) = @_;
+
+ my $dtls = $method eq "DTLS";
+ # Don't write the redundant "Method = TLS" into the configuration.
+ undef $method if !$dtls;
+
+ my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
+ my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols;
+ my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols;
+ my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
+ my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
+
+ my $no_tests = $dtls ? alldisabled("dtls1", "dtls1_2") :
+ alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+ if ($no_tests) {
+ return;
+ }
+
+ my @tests = ();
-sub generate_tests() {
foreach my $c_min (0..$#min_protocols) {
my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
foreach my $c_max ($c_max_min..$#max_protocols) {
@@ -54,7 +99,8 @@ sub generate_tests() {
my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
foreach my $s_max ($s_max_min..$#max_protocols) {
my ($result, $protocol) =
- expected_result($c_min, $c_max, $s_min, $s_max);
+ expected_result($c_min, $c_max, $s_min, $s_max,
+ $min_enabled, $max_enabled, \@protocols);
push @tests, {
"name" => "version-negotiation",
"client" => {
@@ -67,28 +113,26 @@ sub generate_tests() {
},
"test" => {
"ExpectedResult" => $result,
- "Protocol" => $protocol
+ "Protocol" => $protocol,
+ "Method" => $method,
}
};
}
}
}
}
+ return @tests;
}
sub expected_result {
- my $no_tls = alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
- if ($no_tls) {
- return ("InternalError", undef);
- }
-
- my ($c_min, $c_max, $s_min, $s_max) = @_;
+ my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
+ $protocols) = @_;
# Adjust for "undef" (no limit).
$c_min = $c_min == 0 ? 0 : $c_min - 1;
- $c_max = $c_max == scalar(@max_protocols) - 1 ? $c_max - 1 : $c_max;
+ $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max;
$s_min = $s_min == 0 ? 0 : $s_min - 1;
- $s_max = $s_max == scalar(@max_protocols) - 1 ? $s_max - 1 : $s_max;
+ $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max;
# We now have at least one protocol enabled, so $min_enabled and
# $max_enabled are well-defined.
@@ -115,8 +159,8 @@ sub expected_result {
} else {
# Server and client ranges overlap.
my $max_common = $s_max < $c_max ? $s_max : $c_max;
- return ("Success", $protocols[$max_common]);
+ return ("Success", $protocols->[$max_common]);
}
}
-generate_tests();
+1;
diff --git a/test/ssl_test.c b/test/ssl_test.c
index 0062c51..176f6a1 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -177,10 +177,25 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
SSL_TEST_CTX *test_ctx = NULL;
HANDSHAKE_RESULT result;
- server_ctx = SSL_CTX_new(TLS_server_method());
- server2_ctx = SSL_CTX_new(TLS_server_method());
- client_ctx = SSL_CTX_new(TLS_client_method());
- OPENSSL_assert(server_ctx != NULL && server2_ctx != NULL && client_ctx != NULL);
+ test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
+ if (test_ctx == NULL)
+ goto err;
+
+#ifndef OPENSSL_NO_DTLS
+ if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
+ server_ctx = SSL_CTX_new(DTLS_server_method());
+ server2_ctx = SSL_CTX_new(DTLS_server_method());
+ client_ctx = SSL_CTX_new(DTLS_client_method());
+ }
+#endif
+ if (test_ctx->method == SSL_TEST_METHOD_TLS) {
+ server_ctx = SSL_CTX_new(TLS_server_method());
+ server2_ctx = SSL_CTX_new(TLS_server_method());
+ client_ctx = SSL_CTX_new(TLS_client_method());
+ }
+
+ OPENSSL_assert(server_ctx != NULL && server2_ctx != NULL &&
+ client_ctx != NULL);
OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 87060f3..d6e2843 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -113,6 +113,8 @@ static const test_enum ssl_protocols[] = {
{"TLSv1.1", TLS1_1_VERSION},
{"TLSv1", TLS1_VERSION},
{"SSLv3", SSL3_VERSION},
+ {"DTLSv1", DTLS1_VERSION},
+ {"DTLSv1.2", DTLS1_2_VERSION},
};
__owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
@@ -211,6 +213,31 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server)
server);
}
+/***********************/
+/* Method. */
+/***********************/
+
+static const test_enum ssl_test_methods[] = {
+ {"TLS", SSL_TEST_METHOD_TLS},
+ {"DTLS", SSL_TEST_METHOD_DTLS},
+};
+
+__owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
+{
+ int ret_value;
+ if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
+ &ret_value, value)) {
+ return 0;
+ }
+ test_ctx->method = ret_value;
+ return 1;
+}
+
+const char *ssl_test_method_name(ssl_test_method_t method)
+{
+ return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
+}
+
/*************************************************************/
/* Known test options and their corresponding parse methods. */
/*************************************************************/
@@ -228,6 +255,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
{ "ClientVerifyCallback", &parse_client_verify_callback },
{ "ServerName", &parse_servername },
{ "SessionTicketExpected", &parse_session_ticket },
+ { "Method", &parse_test_method },
};
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
index e1541c0..b75cf08 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -39,6 +39,11 @@ typedef enum {
SSL_TEST_SESSION_TICKET_BROKEN, /* Special test */
} ssl_session_ticket_t;
+typedef enum {
+ SSL_TEST_METHOD_TLS = 0, /* Default */
+ SSL_TEST_METHOD_DTLS,
+} ssl_test_method_t;
+
typedef struct ssl_test_ctx {
/* Test expectations. */
/* Defaults to SUCCESS. */
@@ -57,6 +62,8 @@ typedef struct ssl_test_ctx {
/* One of a number of predefined server names use by the client */
ssl_servername_t servername;
ssl_session_ticket_t session_ticket_expected;
+ /* Whether the server/client CTX should use DTLS or TLS. */
+ ssl_test_method_t method;
} SSL_TEST_CTX;
const char *ssl_test_result_name(ssl_test_result_t result);
@@ -65,6 +72,7 @@ const char *ssl_protocol_name(int protocol);
const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback);
const char *ssl_servername_name(ssl_servername_t server);
const char *ssl_session_ticket_name(ssl_session_ticket_t server);
+const char *ssl_test_method_name(ssl_test_method_t method);
/*
* Load the test case context from |conf|.
diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c
index 3f0101f..9824d66 100644
--- a/test/ssl_test_ctx_test.c
+++ b/test/ssl_test_ctx_test.c
@@ -156,6 +156,7 @@ static int test_good_configuration()
fixture.expected_ctx->client_verify_callback = SSL_TEST_VERIFY_REJECT_ALL;
fixture.expected_ctx->servername = SSL_TEST_SERVERNAME_SERVER2;
fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
+ fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
EXECUTE_SSL_TEST_CTX_TEST();
}
@@ -167,6 +168,7 @@ static const char *bad_configurations[] = {
"ssltest_unknown_verify_callback",
"ssltest_unknown_servername",
"ssltest_unknown_session_ticket_expected",
+ "ssltest_unknown_method",
};
static int test_bad_configuration(int idx)
diff --git a/test/ssl_test_ctx_test.conf b/test/ssl_test_ctx_test.conf
index 7a8ffc8..9c1057d 100644
--- a/test/ssl_test_ctx_test.conf
+++ b/test/ssl_test_ctx_test.conf
@@ -7,6 +7,7 @@ Protocol = TLSv1.1
ClientVerifyCallback = RejectAll
ServerName = server2
SessionTicketExpected = Yes
+Method = DTLS
[ssltest_unknown_option]
UnknownOption = Foo
@@ -28,3 +29,7 @@ ServerName = Foo
[ssltest_unknown_session_ticket_expected]
SessionTicketExpected = Foo
+
+[ssltest_unknown_method]
+Method = TLS2
+
More information about the openssl-commits
mailing list