9 cert=../apps/server.pem
13 ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
15 if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
21 if [ "$3" = "" ]; then
27 if [ "$4" = "" ]; then
33 #############################################################################
36 $ssltest -ssl2 $extra || exit 1
38 echo test sslv2 with server authentication
39 $ssltest -ssl2 -server_auth $CA $extra || exit 1
41 if [ $dsa_cert = NO ]; then
42 echo test sslv2 with client authentication
43 $ssltest -ssl2 -client_auth $CA $extra || exit 1
45 echo test sslv2 with both client and server authentication
46 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
50 $ssltest -ssl3 $extra || exit 1
52 echo test sslv3 with server authentication
53 $ssltest -ssl3 -server_auth $CA $extra || exit 1
55 echo test sslv3 with client authentication
56 $ssltest -ssl3 -client_auth $CA $extra || exit 1
58 echo test sslv3 with both client and server authentication
59 $ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
62 $ssltest $extra || exit 1
64 echo test sslv2/sslv3 with server authentication
65 $ssltest -server_auth $CA $extra || exit 1
67 echo test sslv2/sslv3 with client authentication
68 $ssltest -client_auth $CA $extra || exit 1
70 echo test sslv2/sslv3 with both client and server authentication
71 $ssltest -server_auth -client_auth $CA $extra || exit 1
73 echo test sslv2 via BIO pair
74 $ssltest -bio_pair -ssl2 $extra || exit 1
76 echo test sslv2 with server authentication via BIO pair
77 $ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
79 if [ $dsa_cert = NO ]; then
80 echo test sslv2 with client authentication via BIO pair
81 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
83 echo test sslv2 with both client and server authentication via BIO pair
84 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
87 echo test sslv3 via BIO pair
88 $ssltest -bio_pair -ssl3 $extra || exit 1
90 echo test sslv3 with server authentication via BIO pair
91 $ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
93 echo test sslv3 with client authentication via BIO pair
94 $ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
96 echo test sslv3 with both client and server authentication via BIO pair
97 $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
99 echo test sslv2/sslv3 via BIO pair
100 $ssltest $extra || exit 1
102 if [ $dsa_cert = NO ]; then
103 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
104 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
107 echo test sslv2/sslv3 with 1024bit DHE via BIO pair
108 $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
110 echo test sslv2/sslv3 with server authentication
111 $ssltest -bio_pair -server_auth $CA $extra || exit 1
113 echo test sslv2/sslv3 with client authentication via BIO pair
114 $ssltest -bio_pair -client_auth $CA $extra || exit 1
116 echo test sslv2/sslv3 with both client and server authentication via BIO pair
117 $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
119 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
125 echo "Testing $cipher"
127 if [ $protocol = "SSLv3" ] ; then
130 $ssltest -cipher $cipher $prot
131 if [ $? -ne 0 ] ; then
132 echo "Failed $cipher"
137 echo "Testing ciphersuites"
138 for protocol in TLSv1.2 SSLv3; do
139 echo "Testing ciphersuites for $protocol"
140 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
141 test_cipher $cipher $protocol
143 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
144 echo "skipping RSA+DHE tests"
146 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
147 test_cipher $cipher $protocol
149 echo "testing connection with weak DH, expecting failure"
150 if [ $protocol = "SSLv3" ] ; then
151 $ssltest -cipher EDH -dhe512 -ssl3
153 $ssltest -cipher EDH -dhe512
155 if [ $? -eq 0 ]; then
156 echo "FAIL: connection with weak DH succeeded"
160 if ../util/shlib_wrap.sh ../apps/openssl no-ec; then
161 echo "skipping RSA+ECDHE tests"
163 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
164 test_cipher $cipher $protocol
169 #############################################################################
171 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
172 echo skipping anonymous DH tests
174 echo test tls1 with 1024bit anonymous DH, multiple handshakes
175 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
178 if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
179 echo skipping RSA tests
181 echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
182 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
184 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
185 echo skipping RSA+DHE tests
187 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
188 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
192 echo test tls1 with PSK
193 $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
195 echo test tls1 with PSK via BIO pair
196 $ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
198 if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
199 echo skipping SRP tests
201 echo test tls1 with SRP
202 $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
204 echo test tls1 with SRP via BIO pair
205 $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
207 echo test tls1 with SRP auth
208 $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123
210 echo test tls1 with SRP auth via BIO pair
211 $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123