else
cert="$2"
fi
-OPENSSL_CONF=/dev/null ; export OPENSSL_CONF
-ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
+ssltest="../util/shlib_wrap.sh ./ssltest -s_key $key -s_cert $cert -c_key $key -c_cert $cert"
if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
dsa_cert=YES
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
test_cipher() {
- local cipher=$1
- local protocol=$2
- echo "Testing $cipher"
+ _cipher=$1
+ echo "Testing $_cipher"
prot=""
- if [ $protocol = "SSLv3" ] ; then
+ if [ $2 = "SSLv3" ] ; then
prot="-ssl3"
fi
- $ssltest -cipher $cipher $prot
+ _exarg=$3
+ $ssltest $_exarg -cipher $_cipher $prot
if [ $? -ne 0 ] ; then
- echo "Failed $cipher"
+ echo "Failed $_cipher"
exit 1
fi
}
echo "Testing ciphersuites"
+exkeys=""
+ciphers="-EXP:-PSK:-SRP:-kDH:-kECDHe"
+if ../util/shlib_wrap.sh ../apps/openssl no-dhparam >/dev/null; then
+ echo "skipping DHE tests"
+ ciphers="$ciphers:-kDHE"
+fi
+if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
+ echo "skipping DSA tests"
+ ciphers="$ciphers:-aDSA"
+else
+ exkeys="$exkeys -s_cert certD.ss -s_key keyD.ss"
+fi
+
+if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then
+ echo "skipping EC tests"
+ ciphers="$ciphers:!aECDSA:!kECDH"
+else
+ exkeys="$exkeys -s_cert certE.ss -s_key keyE.ss"
+fi
+
for protocol in TLSv1.2 SSLv3; do
echo "Testing ciphersuites for $protocol"
- for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
- test_cipher $cipher $protocol
+ for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "$protocol:$ciphers" | tr ':' ' '`; do
+ test_cipher $cipher $protocol "$exkeys"
done
- if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
- echo "skipping RSA+DHE tests"
- else
- for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
- test_cipher $cipher $protocol
- done
echo "testing connection with weak DH, expecting failure"
if [ $protocol = "SSLv3" ] ; then
- $ssltest -cipher EDH -dhe512 -ssl3
+ $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3
else
- $ssltest -cipher EDH -dhe512
+ $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512
fi
if [ $? -eq 0 ]; then
echo "FAIL: connection with weak DH succeeded"
exit 1
fi
- fi
- if ../util/shlib_wrap.sh ../apps/openssl no-ec; then
- echo "skipping RSA+ECDHE tests"
- else
- for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
- test_cipher $cipher $protocol
- done
- fi
done
#############################################################################
-if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping anonymous DH tests
else
echo test tls1 with 1024bit anonymous DH, multiple handshakes
echo skipping RSA tests
else
echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
- ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
+ ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
- if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+ if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping RSA+DHE tests
else
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
- ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+ ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
fi
fi
echo skipping SRP tests
else
echo test tls1 with SRP
- $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
+ $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP via BIO pair
- $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
+ $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP auth
- $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123
+ $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP auth via BIO pair
- $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123
+ $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
fi
#############################################################################