-#! /usr/bin/perl
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
use strict;
use warnings;
my @reqcmd = ("openssl", "req");
my @x509cmd = ("openssl", "x509", $digest);
my @verifycmd = ("openssl", "verify");
+my @gendsacmd = ("openssl", "gendsa");
my $dummycnf = srctop_file("apps", "openssl.cnf");
my $CAkey = "keyCA.ss";
# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
plan tests =>
1 # For testss
- + 1 # For ssltest_old -test_cipherlist
+ 14 # For the first testssl
- + 16 # For the first testsslproxy
- + 16 # For the second testsslproxy
;
subtest 'test_ss' => sub {
}
};
-my $check = ok(run(test(["ssltest_old","-test_cipherlist"])), "running ssltest_old");
-
- SKIP: {
- skip "ssltest_old ended with error, skipping the rest", 3
- if !$check;
-
- note('test_ssl -- key U');
- testssl("keyU.ss", $Ucert, $CAcert);
-
- note('test_ssl -- key P1');
- testsslproxy("keyP1.ss", "certP1.ss", "intP1.ss", "AB");
-
- note('test_ssl -- key P2');
- testsslproxy("keyP2.ss", "certP2.ss", "intP2.ss", "BC");
- }
+note('test_ssl -- key U');
+testssl("keyU.ss", $Ucert, $CAcert);
# -----------
# subtest functions
my @req_dsa = ("-newkey",
"dsa:".srctop_file("apps", "dsa1024.pem"));
+ my $dsaparams = srctop_file("apps", "dsa1024.pem");
my @req_new;
if ($no_rsa) {
@req_new = @req_dsa;
plan skip_all => "skipping DSA certificate creation"
if $no_dsa;
- plan tests => 4;
+ plan tests => 5;
SKIP: {
$ENV{CN2} = "DSA Certificate";
+ skip 'failure', 4 unless
+ ok(run(app([@gendsacmd, "-out", $Dkey,
+ $dsaparams],
+ stdout => "err.ss")),
+ "make a DSA key");
skip 'failure', 3 unless
- ok(run(app([@reqcmd, "-config", $Uconf,
- "-out", $Dreq, "-keyout", $Dkey,
- @req_dsa],
+ ok(run(app([@reqcmd, "-new", "-config", $Uconf,
+ "-out", $Dreq, "-key", $Dkey],
stdout => "err.ss")),
"make a DSA user cert request");
skip 'failure', 2 unless
plan tests => 12;
SKIP: {
- skip "TLS disabled", 12 if $no_anytls;
+ skip "TLS1.1 or TLS1.2 disabled", 12 if $no_tls1_1 || $no_tls1_2;
ok(run(test([@ssltest, "-server_sess_out", $server_sess, "-client_sess_out", $client_sess])));
ok(run(test([@ssltest, "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "1", "-should_negotiate", "tls1.2"])));
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-server_sess_in", $server_sess, "-client_sess_in", $client_sess, "-should_reuse", "0", "-should_negotiate", "tls1.1"])));
}
};
}
-
-sub testsslproxy {
- my $key = shift || srctop_file("apps","server.pem");
- my $cert = shift || srctop_file("apps","server.pem");
- my $CAtmp = shift;
- my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
- my @extra = @_;
-
- my @ssltest = ("ssltest_old",
- "-s_key", $key, "-s_cert", $cert,
- "-c_key", $key, "-c_cert", $cert);
-
- # plan tests => 16;
-
- note('Testing a lot of proxy conditions.');
-
- # We happen to know that certP1.ss has policy letters "AB" and
- # certP2.ss has policy letters "BC". However, because certP2.ss
- # has certP1.ss as issuer, when it's used, both their policy
- # letters get combined into just "B".
- # The policy letter(s) then get filtered with the given auth letter
- # in the table below, and the result gets tested with the given
- # condition. For details, read ssltest_old.c
- #
- # certfilename => [ [ auth, cond, expected result ] ... ]
- my %expected = ( "certP1.ss" => [ [ [ 'A', 'A' ], 1 ],
- [ [ 'A', 'B' ], 0 ],
- [ [ 'A', 'C' ], 0 ],
- [ [ 'A', 'A|B&!C' ], 1 ],
- [ [ 'B', 'A' ], 0 ],
- [ [ 'B', 'B' ], 1 ],
- [ [ 'B', 'C' ], 0 ],
- [ [ 'B', 'A|B&!C' ], 1 ],
- [ [ 'C', 'A' ], 0 ],
- [ [ 'C', 'B' ], 0 ],
- [ [ 'C', 'C' ], 0 ],
- [ [ 'C', 'A|B&!C' ], 0 ],
- [ [ 'BC', 'A' ], 0 ],
- [ [ 'BC', 'B' ], 1 ],
- [ [ 'BC', 'C' ], 0 ],
- [ [ 'BC', 'A|B&!C' ], 1 ] ],
- "certP2.ss" => [ [ [ 'A', 'A' ], 0 ],
- [ [ 'A', 'B' ], 0 ],
- [ [ 'A', 'C' ], 0 ],
- [ [ 'A', 'A|B&!C' ], 0 ],
- [ [ 'B', 'A' ], 0 ],
- [ [ 'B', 'B' ], 1 ],
- [ [ 'B', 'C' ], 0 ],
- [ [ 'B', 'A|B&!C' ], 1 ],
- [ [ 'C', 'A' ], 0 ],
- [ [ 'C', 'B' ], 0 ],
- [ [ 'C', 'C' ], 0 ],
- [ [ 'C', 'A|B&!C' ], 0 ],
- [ [ 'BC', 'A' ], 0 ],
- [ [ 'BC', 'B' ], 1 ],
- [ [ 'BC', 'C' ], 0 ],
- [ [ 'BC', 'A|B&!C' ], 1 ] ] );
-
- SKIP: {
- skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", scalar(@{$expected{$cert}})
- if $no_anytls;
-
- foreach (@{$expected{$cert}}) {
- my $auth = $_->[0]->[0];
- my $cond = $_->[0]->[1];
- my $res = $_->[1];
- is(run(test([@ssltest, "-server_auth", @CA,
- "-proxy", "-proxy_auth", $auth,
- "-proxy_cond", $cond])), $res,
- "test tlsv1, server auth, proxy auth $auth and cond $cond (expect "
- .($res ? "success" : "failure").")");
- }
- }
-}