RT3907: avoid "local" in testssl script

[openssl.git] / test / testssl

diff --git a/test/testssl b/test/testssl
index 71b4d2a271367262da3ca2f408ca5f310791083e..cb8e56a3b132da12584d8568a8f93de4dbca10ad 100644 (file)
--- a/test/testssl
+++ b/test/testssl
@@ -117,13 +117,11 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 
 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 

-echo "Testing ciphersuites"
-for protocol in TLSv1.2 SSLv3; do
-  echo "Testing ciphersuites for $protocol"
-  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+test_cipher() {
+    _cipher=$1

     echo "Testing $cipher"
     prot=""
     echo "Testing $cipher"
     prot=""

-    if [ $protocol = "SSLv3" ] ; then
+    if [ $2 = "SSLv3" ] ; then

       prot="-ssl3"
     fi
     $ssltest -cipher $cipher $prot
       prot="-ssl3"
     fi
     $ssltest -cipher $cipher $prot


@@ -131,12 +129,43 @@ for protocol in TLSv1.2 SSLv3; do
          echo "Failed $cipher"
          exit 1
     fi
          echo "Failed $cipher"
          exit 1
     fi

+}
+
+echo "Testing ciphersuites"
+for protocol in TLSv1.2 SSLv3; do
+  echo "Testing ciphersuites for $protocol"
+  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+    test_cipher $cipher $protocol

   done
   done

+  if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
+    echo "skipping RSA+DHE tests"
+  else
+    for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
+      test_cipher $cipher $protocol
+    done
+    echo "testing connection with weak DH, expecting failure"
+    if [ $protocol = "SSLv3" ] ; then
+      $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3
+    else
+      $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512
+    fi
+    if [ $? -eq 0 ]; then
+      echo "FAIL: connection with weak DH succeeded"
+      exit 1
+    fi
+  fi
+  if ../util/shlib_wrap.sh ../apps/openssl no-ec; then
+    echo "skipping RSA+ECDHE tests"
+  else
+    for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
+      test_cipher $cipher $protocol
+    done
+  fi

 done
 
 #############################################################################
 
 done
 
 #############################################################################
 

-if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then

   echo skipping anonymous DH tests
 else
   echo test tls1 with 1024bit anonymous DH, multiple handshakes
   echo skipping anonymous DH tests
 else
   echo test tls1 with 1024bit anonymous DH, multiple handshakes


@@ -149,7 +178,7 @@ else
   echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
   ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
 
   echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
   ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
 

-  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+  if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then

     echo skipping RSA+DHE tests
   else
     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
     echo skipping RSA+DHE tests
   else
     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes