Replace cipherlist test

[openssl.git] / test / ssltest_old.c

diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 0dae90fb20013067c1cc0bb2b616d70cdba82ef4..c7f3e1872d2dfa4cfbaede8614c3dab003b25e99 100644 (file)
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -799,7 +799,6 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
                  clock_t *c_time);
 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
                  clock_t *c_time);
 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);

-static int do_test_cipherlist(void);

 
 static void sv_usage(void)
 {
 
 static void sv_usage(void)
 {


@@ -870,10 +869,6 @@ static void sv_usage(void)
     fprintf(stderr,
             " -time         - measure processor time used by client and server\n");
     fprintf(stderr, " -zlib         - use zlib compression\n");
     fprintf(stderr,
             " -time         - measure processor time used by client and server\n");
     fprintf(stderr, " -zlib         - use zlib compression\n");

-    fprintf(stderr,
-            " -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
-            "                    When this option is requested, the cipherlist\n"
-            "                    tests are run instead of handshake tests.\n");

 #ifndef OPENSSL_NO_NEXTPROTONEG
     fprintf(stderr, " -npn_client - have client side offer NPN\n");
     fprintf(stderr, " -npn_server - have server side offer NPN\n");
 #ifndef OPENSSL_NO_NEXTPROTONEG
     fprintf(stderr, " -npn_client - have client side offer NPN\n");
     fprintf(stderr, " -npn_server - have server side offer NPN\n");


@@ -1102,7 +1097,6 @@ int main(int argc, char *argv[])
     COMP_METHOD *cm = NULL;
     STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 #endif
     COMP_METHOD *cm = NULL;
     STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 #endif

-    int test_cipherlist = 0;

 #ifdef OPENSSL_FIPS
     int fips_mode = 0;
 #endif
 #ifdef OPENSSL_FIPS
     int fips_mode = 0;
 #endif


@@ -1315,11 +1309,9 @@ int main(int argc, char *argv[])
             app_verify_arg.app_verify = 1;
         } else if (strcmp(*argv, "-proxy") == 0) {
             app_verify_arg.allow_proxy_certs = 1;
             app_verify_arg.app_verify = 1;
         } else if (strcmp(*argv, "-proxy") == 0) {
             app_verify_arg.allow_proxy_certs = 1;

-        } else if (strcmp(*argv, "-test_cipherlist") == 0) {
-            test_cipherlist = 1;

         }
 #ifndef OPENSSL_NO_NEXTPROTONEG
         }
 #ifndef OPENSSL_NO_NEXTPROTONEG

-        else if (strcmp(*argv, "-npn_client") == 0) {
+          else if (strcmp(*argv, "-npn_client") == 0) {

             npn_client = 1;
         } else if (strcmp(*argv, "-npn_server") == 0) {
             npn_server = 1;
             npn_client = 1;
         } else if (strcmp(*argv, "-npn_server") == 0) {
             npn_server = 1;


@@ -1454,22 +1446,6 @@ int main(int argc, char *argv[])
         goto end;
     }
 
         goto end;
     }
 

-    /*
-     * test_cipherlist prevails over protocol switch: we test the cipherlist
-     * for all enabled protocols.
-     */
-    if (test_cipherlist == 1) {
-        /*
-         * ensure that the cipher list are correctly sorted and exit
-         */
-        fprintf(stdout, "Testing cipherlist order only. Ignoring all "
-                "other options.\n");
-        if (do_test_cipherlist() == 0)
-            EXIT(1);
-        ret = 0;
-        goto end;
-    }
-

     if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
         fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
                 "be requested.\n");
     if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
         fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
                 "be requested.\n");


@@ -3072,32 +3048,36 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx)
 {
     char *s, buf[256];
 
 {
     char *s, buf[256];
 

-    s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
-                          sizeof buf);
+    s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
+                          buf, sizeof buf);

     if (s != NULL) {
         if (ok)
     if (s != NULL) {
         if (ok)

-            printf("depth=%d %s\n", ctx->error_depth, buf);
+            printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);

         else {
             fprintf(stderr, "depth=%d error=%d %s\n",
         else {
             fprintf(stderr, "depth=%d error=%d %s\n",

-                    ctx->error_depth, ctx->error, buf);
+                    X509_STORE_CTX_get_error_depth(ctx),
+                    X509_STORE_CTX_get_error(ctx), buf);

         }
     }
 
     if (ok == 0) {
         }
     }
 
     if (ok == 0) {

-        switch (ctx->error) {
+        int i = X509_STORE_CTX_get_error(ctx);
+
+        switch (i) {

         default:
             fprintf(stderr, "Error string: %s\n",
         default:
             fprintf(stderr, "Error string: %s\n",

-                    X509_verify_cert_error_string(ctx->error));
+                    X509_verify_cert_error_string(i));

             break;
         case X509_V_ERR_CERT_NOT_YET_VALID:
         case X509_V_ERR_CERT_HAS_EXPIRED:
         case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
             ok = 1;
             break;
         case X509_V_ERR_CERT_NOT_YET_VALID:
         case X509_V_ERR_CERT_HAS_EXPIRED:
         case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
             ok = 1;

+            break;

         }
     }
 
     if (ok == 1) {
         }
     }
 
     if (ok == 1) {

-        X509 *xs = ctx->current_cert;
+        X509 *xs = X509_STORE_CTX_get_current_cert(ctx);

         if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
             unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
                                                                get_proxy_auth_ex_data_idx
         if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
             unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
                                                                get_proxy_auth_ex_data_idx


@@ -3434,15 +3414,17 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
 
     if (cb_arg->app_verify) {
         char *s = NULL, buf[256];
 
     if (cb_arg->app_verify) {
         char *s = NULL, buf[256];

+        X509 *c = X509_STORE_CTX_get0_cert(ctx);

 
         printf("In app_verify_callback, allowing cert. ");
         printf("Arg is: %s\n", cb_arg->string);
         printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
 
         printf("In app_verify_callback, allowing cert. ");
         printf("Arg is: %s\n", cb_arg->string);
         printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",

-                (void *)ctx, (void *)ctx->cert);
-        if (ctx->cert)
-            s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
+                (void *)ctx, (void *)c);
+        if (c)
+            s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);

         if (s != NULL) {
         if (s != NULL) {

-            printf("cert depth=%d %s\n", ctx->error_depth, buf);
+            printf("cert depth=%d %s\n",
+                    X509_STORE_CTX_get_error_depth(ctx), buf);

         }
         return (1);
     }
         }
         return (1);
     }


@@ -3720,33 +3702,3 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
     return psk_len;
 }
 #endif
     return psk_len;
 }
 #endif

-
-static int do_test_cipherlist(void)
-{
-#ifndef OPENSSL_NO_TLS
-    int i = 0;
-    const SSL_METHOD *meth;
-    const SSL_CIPHER *ci, *tci = NULL;
-
-    /*
-     * This is required because ssltest "cheats" and uses internal headers to
-     * call functions, thus avoiding auto-init
-     */
-    OPENSSL_init_crypto(0, NULL);
-    OPENSSL_init_ssl(0, NULL);
-
-    meth = TLS_method();
-    tci = NULL;
-    while ((ci = meth->get_cipher(i++)) != NULL) {
-        if (tci != NULL)
-            if (ci->id >= tci->id) {
-                fprintf(stderr, "testing SSLv3 cipher list order: ");
-                fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
-                return 0;
-            }
-        tci = ci;
-    }
-#endif
-
-    return 1;
-}