Update test suite so that 'make test' succeeds in 'no-rsa' configuration.

diff --git a/CHANGES b/CHANGES
index ae01a2c90f4dd9fd2afeec1539d63bea4c374a6c..c87a7d437cfca714467d8853e5b5f14939924d8f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.5 and 0.9.5a  [XX XXX 2000]
 
 
  Changes between 0.9.5 and 0.9.5a  [XX XXX 2000]
 

+  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+     [Bodo Moeller]
+

   *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
      is set; it will be thrown away anyway because each handshake creates
      its own key.
   *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
      is set; it will be thrown away anyway because each handshake creates
      its own key.

diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index 81dd6355a887368e496fb4b4b2a2e562dcebe801..ea1af092db3fb09c44c44bf6d4e7f54de0a3aa92 100644 (file)
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -119,7 +119,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 
        pkey=X509_REQ_get_pubkey(x);
 #ifndef NO_RSA
 
        pkey=X509_REQ_get_pubkey(x);
 #ifndef NO_RSA

-       if (pkey->type == EVP_PKEY_RSA)
+       if (pkey != NULL && pkey->type == EVP_PKEY_RSA)

                {
                BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
                        BN_num_bits(pkey->pkey.rsa->n));
                {
                BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
                        BN_num_bits(pkey->pkey.rsa->n));


@@ -128,7 +128,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
        else 
 #endif
 #ifndef NO_DSA
        else 
 #endif
 #ifndef NO_DSA

-               if (pkey->type == EVP_PKEY_DSA)
+               if (pkey != NULL && pkey->type == EVP_PKEY_DSA)

                {
                BIO_printf(bp,"%12sDSA Public Key:\n","");
                DSA_print(bp,pkey->pkey.dsa,16);
                {
                BIO_printf(bp,"%12sDSA Public Key:\n","");
                DSA_print(bp,pkey->pkey.dsa,16);


@@ -137,7 +137,8 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
 #endif
                BIO_printf(bp,"%12sUnknown Public Key:\n","");
 
 #endif
                BIO_printf(bp,"%12sUnknown Public Key:\n","");
 

-       EVP_PKEY_free(pkey);
+       if (pkey != NULL)
+           EVP_PKEY_free(pkey);

 
        /* may not be */
        sprintf(str,"%8sAttributes:\n","");
 
        /* may not be */
        sprintf(str,"%8sAttributes:\n","");

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 76d1521399fb69204402b37690fa458ab50fcea6..2548c8abc5b1a19e070674d280ab9f891ccaadce 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -140,6 +140,7 @@ static void sv_usage(void)
        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
        fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
        fprintf(stderr," -cert arg     - Certificate file\n");
        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
        fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
        fprintf(stderr," -cert arg     - Certificate file\n");

+       fprintf(stderr," -key arg      - Key file\n");

        fprintf(stderr," -s_cert arg   - Just the server certificate file\n");
        fprintf(stderr," -c_cert arg   - Just the client certificate file\n");
        fprintf(stderr," -cipher arg   - The cipher list\n");
        fprintf(stderr," -s_cert arg   - Just the server certificate file\n");
        fprintf(stderr," -c_cert arg   - Just the client certificate file\n");
        fprintf(stderr," -cipher arg   - The cipher list\n");


@@ -202,7 +203,9 @@ int main(int argc, char *argv[])
        int client_auth=0;
        int server_auth=0,i;
        char *server_cert=TEST_SERVER_CERT;
        int client_auth=0;
        int server_auth=0,i;
        char *server_cert=TEST_SERVER_CERT;

+       char *server_key=NULL;

        char *client_cert=TEST_CLIENT_CERT;
        char *client_cert=TEST_CLIENT_CERT;

+       char *client_key=NULL;

        SSL_CTX *s_ctx=NULL;
        SSL_CTX *c_ctx=NULL;
        SSL_METHOD *meth=NULL;
        SSL_CTX *s_ctx=NULL;
        SSL_CTX *c_ctx=NULL;
        SSL_METHOD *meth=NULL;


@@ -282,11 +285,26 @@ int main(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        server_cert= *(++argv);
                        }
                        if (--argc < 1) goto bad;
                        server_cert= *(++argv);
                        }

+               else if (strcmp(*argv,"-key") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       server_key= *(++argv);
+                       }
+               else if (strcmp(*argv,"-s_key") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       server_key= *(++argv);
+                       }

                else if (strcmp(*argv,"-c_cert") == 0)
                        {
                        if (--argc < 1) goto bad;
                        client_cert= *(++argv);
                        }
                else if (strcmp(*argv,"-c_cert") == 0)
                        {
                        if (--argc < 1) goto bad;
                        client_cert= *(++argv);
                        }

+               else if (strcmp(*argv,"-c_key") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       client_key= *(++argv);
+                       }

                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;


@@ -416,8 +434,8 @@ bad:
                {
                ERR_print_errors(bio_err);
                }
                {
                ERR_print_errors(bio_err);
                }

-       else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert,
-               SSL_FILETYPE_PEM))
+       else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
+               (server_key?server_key:server_cert), SSL_FILETYPE_PEM))

                {
                ERR_print_errors(bio_err);
                goto end;
                {
                ERR_print_errors(bio_err);
                goto end;


@@ -427,7 +445,8 @@ bad:
                {
                SSL_CTX_use_certificate_file(c_ctx,client_cert,
                        SSL_FILETYPE_PEM);
                {
                SSL_CTX_use_certificate_file(c_ctx,client_cert,
                        SSL_FILETYPE_PEM);

-               SSL_CTX_use_PrivateKey_file(c_ctx,client_cert,
+               SSL_CTX_use_PrivateKey_file(c_ctx,
+                       (client_key?client_key:client_cert),

                        SSL_FILETYPE_PEM);
                }
 
                        SSL_FILETYPE_PEM);
                }
 

diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index a3386d9a7e14373f45efae8197d3a1f4af4b8e57..02945de5f9697b51c31889d31bed81a5bccd4f02 100644 (file)
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -206,17 +206,21 @@ test_gen:
        @echo "Generate and verify a certificate request"
        @sh ./testgen
 
        @echo "Generate and verify a certificate request"
        @sh ./testgen
 

-test_ss:
+test_ss keyU.ss certU.ss certCA.ss:

        @echo "Generate and certify a test certificate"
        @sh ./testss
 
        @echo "Generate and certify a test certificate"
        @sh ./testss
 

-test_ssl:
+test_ssl: keyU.ss certU.ss certCA.ss

        @echo "test SSL protocol"
        @echo "test SSL protocol"

-       @sh ./testssl
+       @sh ./testssl keyU.ss certU.ss certCA.ss

 
 test_ca:
 
 test_ca:

-       @echo "Generate and certify a test certificate via the 'ca' program"
-       @sh ./testca
+       @if ../apps/openssl list-standard-commands | grep '^rsa$$' >/dev/null; then \
+         echo "Generate and certify a test certificate via the 'ca' program"; \
+         sh ./testca; \
+       else \
+         echo "skipping CA.sh test -- requires RSA"; \
+       fi

 
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff

diff --git a/test/testgen b/test/testgen
index c5f61b582beb40db13235449cf126518e0c2cabb..f2db42cb247c84f89aee7c4503ea610e5920644b 100644 (file)
--- a/test/testgen
+++ b/test/testgen
@@ -11,13 +11,19 @@ export PATH
 
 echo "generating certificate request"
 
 
 echo "generating certificate request"
 

-echo "There should be a 2 sequences of .'s and some +'s."
-echo "There should not be more that at most 80 per line"
-echo "This could take some time."
-

 echo "string to make the random number generator think it has entropy" >> ./.rnd
 
 echo "string to make the random number generator think it has entropy" >> ./.rnd
 

-../apps/openssl req -config test.cnf -new -out testreq.pem
+if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
+  req_new='-new'
+  echo "There should be a 2 sequences of .'s and some +'s."
+  echo "There should not be more that at most 80 per line"
+else
+  req_new='-newkey dsa:../apps/dsa512.pem'
+fi
+
+echo "This could take some time."
+
+../apps/openssl req -config test.cnf $req_new -out testreq.pem

 if [ $? != 0 ]; then
 echo problems creating request
 exit 1
 if [ $? != 0 ]; then
 echo problems creating request
 exit 1

diff --git a/test/testss b/test/testss
index da62997a5ffaddad07b5a6828a4600332c7153c6..fc27c83fa762db069ef9448cba066234cb8443e3 100644 (file)
--- a/test/testss
+++ b/test/testss
@@ -19,7 +19,14 @@ Ucert="certU.ss"
 
 echo
 echo "make a certificate request using 'req'"
 
 echo
 echo "make a certificate request using 'req'"

-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss
+
+if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
+  req_new='-new'
+else
+  req_new='-newkey dsa:../apps/dsa512.pem'
+fi
+
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss

 if [ $? != 0 ]; then
        echo "error using 'req' to generate a certificate request"
        exit 1
 if [ $? != 0 ]; then
        echo "error using 'req' to generate a certificate request"
        exit 1


@@ -60,7 +67,7 @@ fi
 
 echo
 echo "make another certificate request using 'req'"
 
 echo
 echo "make another certificate request using 'req'"

-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss

 if [ $? != 0 ]; then
        echo "error using 'req' to generate a certificate request"
        exit 1
 if [ $? != 0 ]; then
        echo "error using 'req' to generate a certificate request"
        exit 1

diff --git a/test/testssl b/test/testssl
index e256e38b41f01ffac200fe21c6f692fd6e6f7172..413a14e4cb0e26269029409b11f135b398901046 100644 (file)
--- a/test/testssl
+++ b/test/testssl
@@ -1,86 +1,123 @@
 #!/bin/sh
 
 #!/bin/sh
 

+if [ "$1" = "" ]; then
+  key=../apps/server.pem
+else
+  key="$1"
+fi
+if [ "$2" = "" ]; then
+  cert=../apps/server.pem
+else
+  cert="$2"
+fi
+ssltest="./ssltest -key $1 -cert $2 -c_key $1 -c_cert $2"
+
+if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key'; then
+  dsa_cert=YES
+else
+  dsa_cert=NO
+fi
+
+if [ "$3" = "" ]; then
+  CA="-CApath ../certs"
+else
+  CA="-CAfile $3"
+fi
+
+#############################################################################
+

 echo test sslv2
 echo test sslv2

-./ssltest -ssl2 || exit 1
+$ssltest -ssl2 || exit 1

 
 echo test sslv2 with server authentication
 
 echo test sslv2 with server authentication

-./ssltest -ssl2 -server_auth -CApath ../certs || exit 1
+$ssltest -ssl2 -server_auth $CA || exit 1

 
 

-echo test sslv2 with client authentication
-./ssltest -ssl2 -client_auth -CApath ../certs || exit 1
+if [ $dsa_cert = NO ]; then
+  echo test sslv2 with client authentication
+  $ssltest -ssl2 -client_auth $CA || exit 1

 
 

-echo test sslv2 with both client and server authentication
-./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+  echo test sslv2 with both client and server authentication
+  $ssltest -ssl2 -server_auth -client_auth $CA || exit 1
+fi

 
 echo test sslv3
 
 echo test sslv3

-./ssltest -ssl3 || exit 1
+$ssltest -ssl3 || exit 1

 
 echo test sslv3 with server authentication
 
 echo test sslv3 with server authentication

-./ssltest -ssl3 -server_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -server_auth $CA || exit 1

 
 echo test sslv3 with client authentication
 
 echo test sslv3 with client authentication

-./ssltest -ssl3 -client_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -client_auth $CA || exit 1

 
 echo test sslv3 with both client and server authentication
 
 echo test sslv3 with both client and server authentication

-./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -server_auth -client_auth $CA || exit 1

 
 echo test sslv2/sslv3
 
 echo test sslv2/sslv3

-./ssltest || exit 1
+$ssltest || exit 1

 
 echo test sslv2/sslv3 with server authentication
 
 echo test sslv2/sslv3 with server authentication

-./ssltest -server_auth -CApath ../certs || exit 1
+$ssltest -server_auth $CA || exit 1

 
 echo test sslv2/sslv3 with client authentication
 
 echo test sslv2/sslv3 with client authentication

-./ssltest -client_auth -CApath ../certs || exit 1
+$ssltest -client_auth $CA || exit 1

 
 echo test sslv2/sslv3 with both client and server authentication
 
 echo test sslv2/sslv3 with both client and server authentication

-./ssltest -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -server_auth -client_auth $CA || exit 1

 
 echo test sslv2 via BIO pair
 
 echo test sslv2 via BIO pair

-./ssltest -bio_pair -ssl2 || exit 1
+$ssltest -bio_pair -ssl2 || exit 1

 
 echo test sslv2 with server authentication via BIO pair
 
 echo test sslv2 with server authentication via BIO pair

-./ssltest -bio_pair -ssl2 -server_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -ssl2 -server_auth $CA || exit 1

 
 

-echo test sslv2 with client authentication via BIO pair
-./ssltest -bio_pair -ssl2 -client_auth -CApath ../certs || exit 1
+if [ $dsa_cert = NO ]; then
+  echo test sslv2 with client authentication via BIO pair
+  $ssltest -bio_pair -ssl2 -client_auth $CA || exit 1

 
 

-echo test sslv2 with both client and server authentication via BIO pair
-./ssltest -bio_pair -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+  echo test sslv2 with both client and server authentication via BIO pair
+  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA || exit 1
+fi

 
 echo test sslv3 via BIO pair
 
 echo test sslv3 via BIO pair

-./ssltest -bio_pair -ssl3 || exit 1
+$ssltest -bio_pair -ssl3 || exit 1

 
 echo test sslv3 with server authentication via BIO pair
 
 echo test sslv3 with server authentication via BIO pair

-./ssltest -bio_pair -ssl3 -server_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -ssl3 -server_auth $CA || exit 1

 
 echo test sslv3 with client authentication via BIO pair
 
 echo test sslv3 with client authentication via BIO pair

-./ssltest -bio_pair -ssl3 -client_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -ssl3 -client_auth $CA || exit 1

 
 echo test sslv3 with both client and server authentication via BIO pair
 
 echo test sslv3 with both client and server authentication via BIO pair

-./ssltest -bio_pair -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA || exit 1

 
 echo test sslv2/sslv3 via BIO pair
 
 echo test sslv2/sslv3 via BIO pair

-./ssltest || exit 1
+$ssltest || exit 1

 
 

-echo test sslv2/sslv3 w/o DHE via BIO pair
-./ssltest -bio_pair -no_dhe || exit 1
+if [ $dsa_cert = NO ]; then
+  echo test sslv2/sslv3 w/o DHE via BIO pair
+  $ssltest -bio_pair -no_dhe || exit 1
+fi

 
 echo test sslv2/sslv3 with 1024bit DHE via BIO pair
 
 echo test sslv2/sslv3 with 1024bit DHE via BIO pair

-./ssltest -bio_pair -dhe1024dsa -v || exit 1
+$ssltest -bio_pair -dhe1024dsa -v || exit 1

 
 echo test sslv2/sslv3 with server authentication
 
 echo test sslv2/sslv3 with server authentication

-./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -server_auth $CA || exit 1

 
 echo test sslv2/sslv3 with client authentication via BIO pair
 
 echo test sslv2/sslv3 with client authentication via BIO pair

-./ssltest -bio_pair -client_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -client_auth $CA || exit 1

 
 echo test sslv2/sslv3 with both client and server authentication via BIO pair
 
 echo test sslv2/sslv3 with both client and server authentication via BIO pair

-./ssltest -bio_pair -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -server_auth -client_auth $CA || exit 1
+
+#############################################################################
+
+if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
+  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1

 
 

-echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
-./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+fi

 
 

-echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1

 exit 0
 exit 0

diff --git a/test/treq b/test/treq
index 0464c9d902fb516bdfdeaae905f00f7e75ef7766..9f5eb7eea502d7e8df368e1ca7c50677a4c6fb1e 100644 (file)
--- a/test/treq
+++ b/test/treq
@@ -11,6 +11,11 @@ else
        t=testreq.pem
 fi
 
        t=testreq.pem
 fi
 

+if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then
+  echo "skipping req conversion test for $t"
+  exit 0
+fi
+

 echo testing req conversions
 cp $t fff.p
 
 echo testing req conversions
 cp $t fff.p