[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Wed Apr 26 15:37:56 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 56e5d5498d557fe1ab0a360ddcda2931d976ec62 (commit)
via e23a4e98a90c448a196aede3edeb7802ed0da121 (commit)
via 3626ed03a6d13fa757d3327db2d5523072063132 (commit)
from 6fc37bee4a5f81d8f00e6ad45865b6b697163f06 (commit)
- Log -----------------------------------------------------------------
commit 56e5d5498d557fe1ab0a360ddcda2931d976ec62
Author: Rob Percival <robpercival at google.com>
Date: Tue Apr 4 23:24:28 2017 +0100
CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)
commit e23a4e98a90c448a196aede3edeb7802ed0da121
Author: Rob Percival <robpercival at google.com>
Date: Thu Apr 6 13:21:27 2017 +0100
Add SSL tests for certificates with embedded SCTs
The only SSL tests prior to this tested using certificates with no
embedded Signed Certificate Timestamps (SCTs), which meant they couldn't
confirm whether Certificate Transparency checks in "strict" mode were
working.
These tests reveal a bug in the validation of SCT timestamps, which is
fixed by the next commit.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)
commit 3626ed03a6d13fa757d3327db2d5523072063132
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Feb 16 15:27:49 2017 +0000
Add and use function test_pem to work out test filenames.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_lib.c | 3 +-
test/certs/embeddedSCTs1-key.pem | 15 +++
test/ssl-tests/04-client_auth.conf.in | 14 +--
test/ssl-tests/12-ct.conf | 176 +++++++++++++++++++----------
test/ssl-tests/12-ct.conf.in | 149 +++++++++++++++---------
test/ssl-tests/17-renegotiate.conf.in | 14 +--
test/ssl-tests/18-dtls-renegotiate.conf.in | 14 +--
test/ssl-tests/ssltests_base.pm | 13 ++-
8 files changed, 254 insertions(+), 144 deletions(-)
create mode 100644 test/certs/embeddedSCTs1-key.pem
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9cfebea..fc651bb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4183,7 +4183,8 @@ int ssl_validate_ct(SSL *s)
CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
- CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));
+ CT_POLICY_EVAL_CTX_set_time(
+ ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
scts = SSL_get0_peer_scts(s);
diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem
new file mode 100644
index 0000000..e3e66d5
--- /dev/null
+++ b/test/certs/embeddedSCTs1-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
+WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
+EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
+AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
+PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
+flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
+X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
+pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
+b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
+9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
+83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
+n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
+1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
+-----END RSA PRIVATE KEY-----
diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in
index cd3d42f..8738aaa 100644
--- a/test/ssl-tests/04-client_auth.conf.in
+++ b/test/ssl-tests/04-client_auth.conf.in
@@ -19,8 +19,6 @@ push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
our @tests = ();
-my $dir_sep = $^O ne "VMS" ? "/" : "";
-
sub generate_tests() {
foreach (0..$#protocols) {
@@ -68,7 +66,7 @@ sub generate_tests() {
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require",
},
client => {
@@ -87,14 +85,14 @@ sub generate_tests() {
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Request",
},
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
},
test => { "ExpectedResult" => "Success" },
};
@@ -110,8 +108,8 @@ sub generate_tests() {
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
},
test => {
"ExpectedResult" => "ServerFail",
diff --git a/test/ssl-tests/12-ct.conf b/test/ssl-tests/12-ct.conf
index 22fa18d..2e6e9de 100644
--- a/test/ssl-tests/12-ct.conf
+++ b/test/ssl-tests/12-ct.conf
@@ -1,135 +1,191 @@
# Generated with generate_ssl_tests.pl
-num_tests = 4
-
-test-0 = 0-ct-permissive
-test-1 = 1-ct-strict
-test-2 = 2-ct-permissive-resumption
-test-3 = 3-ct-strict-resumption
+num_tests = 6
+
+test-0 = 0-ct-permissive-without-scts
+test-1 = 1-ct-permissive-with-scts
+test-2 = 2-ct-strict-without-scts
+test-3 = 3-ct-strict-with-scts
+test-4 = 4-ct-permissive-resumption
+test-5 = 5-ct-strict-resumption
# ===========================================================
-[0-ct-permissive]
-ssl_conf = 0-ct-permissive-ssl
+[0-ct-permissive-without-scts]
+ssl_conf = 0-ct-permissive-without-scts-ssl
-[0-ct-permissive-ssl]
-server = 0-ct-permissive-server
-client = 0-ct-permissive-client
+[0-ct-permissive-without-scts-ssl]
+server = 0-ct-permissive-without-scts-server
+client = 0-ct-permissive-without-scts-client
-[0-ct-permissive-server]
+[0-ct-permissive-without-scts-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[0-ct-permissive-client]
+[0-ct-permissive-without-scts-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-0]
ExpectedResult = Success
-client = 0-ct-permissive-client-extra
+client = 0-ct-permissive-without-scts-client-extra
+
+[0-ct-permissive-without-scts-client-extra]
+CTValidation = Permissive
+
+
+# ===========================================================
+
+[1-ct-permissive-with-scts]
+ssl_conf = 1-ct-permissive-with-scts-ssl
+
+[1-ct-permissive-with-scts-ssl]
+server = 1-ct-permissive-with-scts-server
+client = 1-ct-permissive-with-scts-client
+
+[1-ct-permissive-with-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[1-ct-permissive-with-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+client = 1-ct-permissive-with-scts-client-extra
-[0-ct-permissive-client-extra]
+[1-ct-permissive-with-scts-client-extra]
CTValidation = Permissive
# ===========================================================
-[1-ct-strict]
-ssl_conf = 1-ct-strict-ssl
+[2-ct-strict-without-scts]
+ssl_conf = 2-ct-strict-without-scts-ssl
-[1-ct-strict-ssl]
-server = 1-ct-strict-server
-client = 1-ct-strict-client
+[2-ct-strict-without-scts-ssl]
+server = 2-ct-strict-without-scts-server
+client = 2-ct-strict-without-scts-client
-[1-ct-strict-server]
+[2-ct-strict-without-scts-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[1-ct-strict-client]
+[2-ct-strict-without-scts-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-1]
+[test-2]
ExpectedClientAlert = HandshakeFailure
ExpectedResult = ClientFail
-client = 1-ct-strict-client-extra
+client = 2-ct-strict-without-scts-client-extra
-[1-ct-strict-client-extra]
+[2-ct-strict-without-scts-client-extra]
CTValidation = Strict
# ===========================================================
-[2-ct-permissive-resumption]
-ssl_conf = 2-ct-permissive-resumption-ssl
+[3-ct-strict-with-scts]
+ssl_conf = 3-ct-strict-with-scts-ssl
-[2-ct-permissive-resumption-ssl]
-server = 2-ct-permissive-resumption-server
-client = 2-ct-permissive-resumption-client
-resume-server = 2-ct-permissive-resumption-server
-resume-client = 2-ct-permissive-resumption-client
+[3-ct-strict-with-scts-ssl]
+server = 3-ct-strict-with-scts-server
+client = 3-ct-strict-with-scts-client
-[2-ct-permissive-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+[3-ct-strict-with-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
-[2-ct-permissive-resumption-client]
+[3-ct-strict-with-scts-client]
CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
VerifyMode = Peer
-[test-2]
+[test-3]
+ExpectedResult = Success
+client = 3-ct-strict-with-scts-client-extra
+
+[3-ct-strict-with-scts-client-extra]
+CTValidation = Strict
+
+
+# ===========================================================
+
+[4-ct-permissive-resumption]
+ssl_conf = 4-ct-permissive-resumption-ssl
+
+[4-ct-permissive-resumption-ssl]
+server = 4-ct-permissive-resumption-server
+client = 4-ct-permissive-resumption-client
+resume-server = 4-ct-permissive-resumption-server
+resume-client = 4-ct-permissive-resumption-client
+
+[4-ct-permissive-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[4-ct-permissive-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-4]
ExpectedResult = Success
HandshakeMode = Resume
ResumptionExpected = Yes
-client = 2-ct-permissive-resumption-client-extra
-resume-client = 2-ct-permissive-resumption-client-extra
+client = 4-ct-permissive-resumption-client-extra
+resume-client = 4-ct-permissive-resumption-client-extra
-[2-ct-permissive-resumption-client-extra]
+[4-ct-permissive-resumption-client-extra]
CTValidation = Permissive
# ===========================================================
-[3-ct-strict-resumption]
-ssl_conf = 3-ct-strict-resumption-ssl
+[5-ct-strict-resumption]
+ssl_conf = 5-ct-strict-resumption-ssl
-[3-ct-strict-resumption-ssl]
-server = 3-ct-strict-resumption-server
-client = 3-ct-strict-resumption-client
-resume-server = 3-ct-strict-resumption-server
-resume-client = 3-ct-strict-resumption-resume-client
+[5-ct-strict-resumption-ssl]
+server = 5-ct-strict-resumption-server
+client = 5-ct-strict-resumption-client
+resume-server = 5-ct-strict-resumption-server
+resume-client = 5-ct-strict-resumption-resume-client
-[3-ct-strict-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+[5-ct-strict-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
-[3-ct-strict-resumption-client]
+[5-ct-strict-resumption-client]
CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
VerifyMode = Peer
-[3-ct-strict-resumption-resume-client]
+[5-ct-strict-resumption-resume-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-3]
+[test-5]
ExpectedResult = Success
HandshakeMode = Resume
ResumptionExpected = Yes
-client = 3-ct-strict-resumption-client-extra
-resume-client = 3-ct-strict-resumption-resume-client-extra
+client = 5-ct-strict-resumption-client-extra
+resume-client = 5-ct-strict-resumption-resume-client-extra
-[3-ct-strict-resumption-client-extra]
-CTValidation = Permissive
+[5-ct-strict-resumption-client-extra]
+CTValidation = Strict
-[3-ct-strict-resumption-resume-client-extra]
+[5-ct-strict-resumption-resume-client-extra]
CTValidation = Strict
diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.conf.in
index 9964d01..7c03049 100644
--- a/test/ssl-tests/12-ct.conf.in
+++ b/test/ssl-tests/12-ct.conf.in
@@ -16,65 +16,104 @@ package ssltests;
our @tests = (
- # Currently only have tests for certs without SCTs.
{
- name => "ct-permissive",
- server => { },
- client => {
- extra => {
- "CTValidation" => "Permissive",
- },
- },
- test => {
- "ExpectedResult" => "Success",
- },
- },
+ name => "ct-permissive-without-scts",
+ server => { },
+ client => {
+ extra => {
+ "CTValidation" => "Permissive",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "ct-permissive-with-scts",
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
+ client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+ extra => {
+ "CTValidation" => "Permissive",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
{
- name => "ct-strict",
- server => { },
- client => {
- extra => {
- "CTValidation" => "Strict",
- },
- },
- test => {
- "ExpectedResult" => "ClientFail",
- "ExpectedClientAlert" => "HandshakeFailure",
- },
+ name => "ct-strict-without-scts",
+ server => { },
+ client => {
+ extra => {
+ "CTValidation" => "Strict",
+ },
+ },
+ test => {
+ "ExpectedResult" => "ClientFail",
+ "ExpectedClientAlert" => "HandshakeFailure",
+ },
},
{
- name => "ct-permissive-resumption",
- server => { },
- client => {
- extra => {
- "CTValidation" => "Permissive",
- },
- },
- test => {
- "HandshakeMode" => "Resume",
- "ResumptionExpected" => "Yes",
- "ExpectedResult" => "Success",
- },
- },
+ name => "ct-strict-with-scts",
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
+ client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+ extra => {
+ "CTValidation" => "Strict",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "ct-permissive-resumption",
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
+ client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+ extra => {
+ "CTValidation" => "Permissive",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedResult" => "Success",
+ },
+ },
{
- name => "ct-strict-resumption",
- server => { },
- client => {
- extra => {
- "CTValidation" => "Permissive",
- },
- },
- # SCTs are not present during resumption, so the resumption
- # should succeed.
- resume_client => {
- extra => {
- "CTValidation" => "Strict",
- },
- },
- test => {
- "HandshakeMode" => "Resume",
- "ResumptionExpected" => "Yes",
- "ExpectedResult" => "Success",
- },
+ name => "ct-strict-resumption",
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
+ client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+ extra => {
+ "CTValidation" => "Strict",
+ },
+ },
+ # SCTs are not present during resumption, so the resumption
+ # should succeed.
+ resume_client => {
+ extra => {
+ "CTValidation" => "Strict",
+ },
+ },
+ test => {
+ "HandshakeMode" => "Resume",
+ "ResumptionExpected" => "Yes",
+ "ExpectedResult" => "Success",
+ },
},
);
diff --git a/test/ssl-tests/17-renegotiate.conf.in b/test/ssl-tests/17-renegotiate.conf.in
index c919a16..d0a4074 100644
--- a/test/ssl-tests/17-renegotiate.conf.in
+++ b/test/ssl-tests/17-renegotiate.conf.in
@@ -15,8 +15,6 @@ use warnings;
package ssltests;
use OpenSSL::Test::Utils;
-my $dir_sep = $^O ne "VMS" ? "/" : "";
-
our @tests = (
{
name => "renegotiate-client-no-resume",
@@ -71,12 +69,12 @@ our @tests = (
server => {
"Options" => "NoResumptionOnRenegotiation",
"MaxProtocol" => "TLSv1.2",
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require",
},
client => {
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
},
test => {
"Method" => "TLS",
@@ -90,12 +88,12 @@ our @tests = (
server => {
"Options" => "NoResumptionOnRenegotiation",
"MaxProtocol" => "TLSv1.2",
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Once",
},
client => {
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
},
test => {
"Method" => "TLS",
diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in
index f32ab37..7a65a85 100644
--- a/test/ssl-tests/18-dtls-renegotiate.conf.in
+++ b/test/ssl-tests/18-dtls-renegotiate.conf.in
@@ -15,8 +15,6 @@ use warnings;
package ssltests;
use OpenSSL::Test::Utils;
-my $dir_sep = $^O ne "VMS" ? "/" : "";
-
our @tests = (
{
name => "renegotiate-client-no-resume",
@@ -65,12 +63,12 @@ our @tests = (
{
name => "renegotiate-client-auth-require",
server => {
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require",
},
client => {
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
},
test => {
"Method" => "DTLS",
@@ -82,12 +80,12 @@ our @tests = (
{
name => "renegotiate-client-auth-once",
server => {
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Once",
},
client => {
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
},
test => {
"Method" => "DTLS",
diff --git a/test/ssl-tests/ssltests_base.pm b/test/ssl-tests/ssltests_base.pm
index 303224a..dc81642 100644
--- a/test/ssl-tests/ssltests_base.pm
+++ b/test/ssl-tests/ssltests_base.pm
@@ -10,16 +10,21 @@
package ssltests;
-my $dir_sep = $^O ne "VMS" ? "/" : "";
+sub test_pem
+{
+ my ($file) = @_;
+ my $dir_sep = $^O ne "VMS" ? "/" : "";
+ return "\${ENV::TEST_CERTS_DIR}" . $dir_sep . $file,
+}
our %base_server = (
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}servercert.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}serverkey.pem",
+ "Certificate" => test_pem("servercert.pem"),
+ "PrivateKey" => test_pem("serverkey.pem"),
"CipherString" => "DEFAULT",
);
our %base_client = (
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}rootcert.pem",
+ "VerifyCAFile" => test_pem("rootcert.pem"),
"VerifyMode" => "Peer",
"CipherString" => "DEFAULT",
);
More information about the openssl-commits
mailing list