# include OPENSSL_UNISTD
#endif
-#ifdef OPENSSL_SYS_VMS
-# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
-# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
-#elif defined(OPENSSL_SYS_WINCE)
-# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
-# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
-#elif defined(OPENSSL_SYS_NETWARE)
-# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
-# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
-#else
-# define TEST_SERVER_CERT "../apps/server.pem"
-# define TEST_CLIENT_CERT "../apps/client.pem"
-#endif
-
/*
* There is really no standard for this, so let's assign something
* only for this test
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
{ APP_CALLBACK_STRING, 0, 0, NULL, NULL };
- char *server_cert = TEST_SERVER_CERT;
- char *server_key = NULL;
- char *client_cert = TEST_CLIENT_CERT;
- char *client_key = NULL;
#ifndef OPENSSL_NO_EC
char *named_curve = NULL;
#endif
}
SSL_CONF_CTX_set_flags(s_cctx,
- SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER);
+ SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
+ SSL_CONF_FLAG_CERTIFICATE |
+ SSL_CONF_FLAG_REQUIRE_PRIVATE);
if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
ERR_print_errors(bio_err);
goto end;
}
SSL_CONF_CTX_set_flags(c_cctx,
- SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT);
+ SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
+ SSL_CONF_FLAG_CERTIFICATE |
+ SSL_CONF_FLAG_REQUIRE_PRIVATE);
if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
ERR_print_errors(bio_err);
goto end;
bytes *= 1024L;
if (argv[0][i - 1] == 'm')
bytes *= 1024L * 1024L;
- } else if (strcmp(*argv, "-cert") == 0) {
- if (--argc < 1)
- goto bad;
- server_cert = *(++argv);
- } else if (strcmp(*argv, "-s_cert") == 0) {
- if (--argc < 1)
- goto bad;
- server_cert = *(++argv);
- } else if (strcmp(*argv, "-key") == 0) {
- if (--argc < 1)
- goto bad;
- server_key = *(++argv);
- } else if (strcmp(*argv, "-s_key") == 0) {
- if (--argc < 1)
- goto bad;
- server_key = *(++argv);
- } else if (strcmp(*argv, "-c_cert") == 0) {
- if (--argc < 1)
- goto bad;
- client_cert = *(++argv);
- } else if (strcmp(*argv, "-c_key") == 0) {
- if (--argc < 1)
- goto bad;
- client_key = *(++argv);
} else if (strcmp(*argv, "-cipher") == 0) {
if (--argc < 1)
goto bad;
SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
#endif
- if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
- ERR_print_errors(bio_err);
- } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
- (server_key ? server_key :
- server_cert),
- SSL_FILETYPE_PEM)) {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (client_auth) {
- if (!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM)
- || !SSL_CTX_use_PrivateKey_file(c_ctx,
- (client_key ? client_key : client_cert),
- SSL_FILETYPE_PEM)) {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
else
cert="$2"
fi
-ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
+ssltest="../util/shlib_wrap.sh ./ssltest -s_key $key -s_cert $cert -c_key $key -c_cert $cert"
if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
dsa_cert=YES
echo skipping RSA tests
else
echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
- ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
+ ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping RSA+DHE tests
else
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
- ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+ ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
fi
fi
projects / openssl.git / commitdiff