Port client auth tests to the new framework, add coverage. The old tests
were only testing success, and only for some protocol versions; the new
tests add all protocol versions and various failure modes.
Reviewed-by: NRich Salz <rsalz@openssl.org>

If using the msys console then msys attempts to "fix" command line
arguments to convert them from Unix style to Windows style. One of the
things it does is to look for arguments seperated by colons. This it
assumes is a list of file paths, so it replaces the colon with a semi-colon.
This was causing one of our tests to fail when calling the "req" command
line app. We were attempting to create a new DSA key and passing the
argument "dsa:../apps/dsa1024.pem". This is exactly what we intended but
Msys mangles it to "dsa;../apps/dsa1024.pem" and the command fails.
There doesn't seem to be a way to suppress Msys name mangling. Fortunately
we can work around this issue by generating the DSA key in a separate step
by calling "gendsa".

RT#4255
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The old proxy tests test the implementation of an application proxy
policy callback defined in the test itself, which is not particularly
useful.

It is, however, useful to test cert verify overrides in
general. Therefore, replace these tests with tests for cert verify
callback behaviour.

Also glob the ssl test inputs on the .in files to catch missing
generated files.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The old cipherlist test in ssltest.c only tests the internal order of
the cipher table, which is pretty useless.

Replace this test with a test that catches inadvertent changes to the
default cipherlist.

Fix run_tests.pl to correctly filter tests that have "list" in their name.

(Also includes a small drive-by fix in .gitignore.)
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

The above config options were failing in test_ssl_old.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The no-tls option was failing in the tests. This fixes it.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Misc fixes to get no-nextprotoneg config option working again.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates.  Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records.  Also skip SCT processing
when the chain is fails verification.

Move and consolidate CT callbacks from libcrypto to libssl.  We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.

Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information.  When printing SCTs, print the
validation status if set and not valid.
Signed-off-by: NRob Percival <robpercival@google.com>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

ssltest_old.c is deprecated. New tests should use ssl_test.c, and the
recipes in 80-test_ssl_new.t
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Currently, SSL tests are configured via command-line switches to
ssltest.c. This results in a lot of duplication between ssltest.c and
apps, and a complex setup. ssltest.c is also simply old and needs
maintenance.

Instead, we already have a way to configure SSL servers and clients, so
we leverage that. SSL tests can now be configured from a configuration
file. Test servers and clients are configured using the standard
ssl_conf module. Additional test settings are configured via a test
configuration.

Moreover, since the CONF language involves unnecessary boilerplate, the
test conf itself is generated from a shorter Perl syntax.

The generated testcase files are checked in to the repo to make
it easier to verify that the intended test cases are in fact run; and to
simplify debugging failures.

To demonstrate the approach, min/max protocol tests are converted to the
new format. This change also fixes MinProtocol and MaxProtocol
handling. It was previously requested that an SSL_CTX have both the
server and client flags set for these commands; this clearly can never work.

Guide to this PR:
 - test/ssl_test.c - test framework
 - test/ssl_test_ctx.* - test configuration structure
 - test/handshake_helper.* - new SSL test handshaking code
 - test/ssl-tests/ - test configurations
 - test/generate_ssl_tests.pl - script for generating CONF-style test
   configurations from perl inputs
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

MR: #2452

Misc fixes for no-sock
Reviewed-by: NRichard Levitte <levitte@openssl.org>

* Clear proposed, along with selected, before looking at ClientHello
* Add test case for above
* Clear NPN seen after selecting ALPN on server
* Minor documentation updates
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Running test_ssl with HARNESS_VERBOSE results in lots of spurious warnings
about an inability to load the CT config file. This fixes it.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NBen Laurie <ben@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

1) Simplify code with better PACKET methods.

2) Make broken SNI parsing explicit. SNI was intended to be extensible
to new name types but RFC 4366 defined the syntax inextensibly, and
OpenSSL has never parsed SNI in a way that would allow adding a new name
type. RFC 6066 fixed the definition but due to broken implementations
being widespread, it appears impossible to ever extend SNI.

3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
extensions correctly upon resumption. Annotate for further clean-up.

4) Send an alert on ALPN protocol mismatch.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

To be able to run tests when we've built in a directory other than
the source tree, the testing framework needs a few adjustments.

test/testlib/OpenSSL/Test.pm needs to know where it can find
shlib_wrap.sh, and a number of other tests need to be told a different
place to find engines than what they may be able to figure out on
their own.  Relying to $TOP is not enough, $SRCTOP and $BLDTOP can be
used as an alternative.

As part of this change, top_file and top_dir are removed and
srctop_file, bldtop_file, srctop_dir and bldtop_dir take their place.
Reviewed-by: NBen Laurie <ben@openssl.org>

This uilds on the same way of checking for availability as we do in
TLSProxy.  We use all IP factories we know of, starting with those who
know both IPv6 and IPv4 and ending with the one that only knows IPv4
and cache their possible success as foundation for checking the
available of each IP domain.

80-test_ssl.t has bigger chances of working on platforms that do not
run both IP domains.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This adds a couple of simple tests to see that SSL traffic using the
reimplemented BIO_s_accept() and BIO_s_connect() works as expected,
both on IPv4 and on IPv6.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

It seems that Test::More doesn't like 0 tests, a line like this raises
an error and stops the recipe entirely:

    plan tests => 0;

So we need to check for 0 tests beforehand and skip the subtest
explicitely in that case.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Missing SKIP: block in SSL unit tests for DTLS and TLS version tests.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just
TLS 1.2.  In the future they might want to disable TLS 1.2 and
enable just TLS 1.3, ...

This commit makes it possible to disable any or all of the TLS or
DTLS protocols.  It also considerably simplifies the SSL/TLS tests,
by auto-generating the min/max version tests based on the set of
supported protocols (425 explicitly written out tests got replaced
by two loops that generate all 425 tests if all protocols are
enabled, fewer otherwise).
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

(part by Alessandro Ghedini)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

The testsslproxy tests turned out to be useless as they were.  They
were really just for show and the results were ignore.  Now they are
changed into a more veerifiable test
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

It became tedious as well as error prone to have all recipes use
Test::More as well as OpenSSL::Test.  The easier way is to make
OpenSSL::Test an extension of Test::More, thereby having all version
checks as well as future checks firmly there.  Additionally, that
allows us to extend existing Test::More functions if the need would
arise.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This covers the certificate authority commands, the cms and smime
commands, OCSP, SSL and TSA.
Reviewed-by: NRich Salz <rsalz@openssl.org>