X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fssltest_old.c;h=c7f3e1872d2dfa4cfbaede8614c3dab003b25e99;hp=e3f8d774cb9d60484a98c92883996bab111f4dbe;hb=5a22cf96a0a1c34968c0664f99b7ebb7ccf6ed75;hpb=43341433a88a6a2cd38c35359f48653e809b10cd diff --git a/test/ssltest_old.c b/test/ssltest_old.c index e3f8d774cb..c7f3e1872d 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -799,7 +799,6 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time); int doit(SSL *s_ssl, SSL *c_ssl, long bytes); -static int do_test_cipherlist(void); static void sv_usage(void) { @@ -870,10 +869,6 @@ static void sv_usage(void) fprintf(stderr, " -time - measure processor time used by client and server\n"); fprintf(stderr, " -zlib - use zlib compression\n"); - fprintf(stderr, - " -test_cipherlist - Verifies the order of the ssl cipher lists.\n" - " When this option is requested, the cipherlist\n" - " tests are run instead of handshake tests.\n"); #ifndef OPENSSL_NO_NEXTPROTONEG fprintf(stderr, " -npn_client - have client side offer NPN\n"); fprintf(stderr, " -npn_server - have server side offer NPN\n"); @@ -1102,7 +1097,6 @@ int main(int argc, char *argv[]) COMP_METHOD *cm = NULL; STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #endif - int test_cipherlist = 0; #ifdef OPENSSL_FIPS int fips_mode = 0; #endif @@ -1315,11 +1309,9 @@ int main(int argc, char *argv[]) app_verify_arg.app_verify = 1; } else if (strcmp(*argv, "-proxy") == 0) { app_verify_arg.allow_proxy_certs = 1; - } else if (strcmp(*argv, "-test_cipherlist") == 0) { - test_cipherlist = 1; } #ifndef OPENSSL_NO_NEXTPROTONEG - else if (strcmp(*argv, "-npn_client") == 0) { + else if (strcmp(*argv, "-npn_client") == 0) { npn_client = 1; } else if (strcmp(*argv, "-npn_server") == 0) { npn_server = 1; @@ -1454,22 +1446,6 @@ int main(int argc, char *argv[]) goto end; } - /* - * test_cipherlist prevails over protocol switch: we test the cipherlist - * for all enabled protocols. - */ - if (test_cipherlist == 1) { - /* - * ensure that the cipher list are correctly sorted and exit - */ - fprintf(stdout, "Testing cipherlist order only. Ignoring all " - "other options.\n"); - if (do_test_cipherlist() == 0) - EXIT(1); - ret = 0; - goto end; - } - if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) { fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); @@ -2348,7 +2324,9 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, goto err; } +# ifndef OPENSSL_NO_NEXTPROTONEG end: +# endif ret = 0; err: @@ -2729,7 +2707,9 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, goto err; } +#ifndef OPENSSL_NO_NEXTPROTONEG end: +#endif ret = 0; err: @@ -3068,32 +3048,36 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) { char *s, buf[256]; - s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, - sizeof buf); + s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), + buf, sizeof buf); if (s != NULL) { if (ok) - printf("depth=%d %s\n", ctx->error_depth, buf); + printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); else { fprintf(stderr, "depth=%d error=%d %s\n", - ctx->error_depth, ctx->error, buf); + X509_STORE_CTX_get_error_depth(ctx), + X509_STORE_CTX_get_error(ctx), buf); } } if (ok == 0) { - switch (ctx->error) { + int i = X509_STORE_CTX_get_error(ctx); + + switch (i) { default: fprintf(stderr, "Error string: %s\n", - X509_verify_cert_error_string(ctx->error)); + X509_verify_cert_error_string(i)); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: ok = 1; + break; } } if (ok == 1) { - X509 *xs = ctx->current_cert; + X509 *xs = X509_STORE_CTX_get_current_cert(ctx); if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx, get_proxy_auth_ex_data_idx @@ -3430,15 +3414,17 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) if (cb_arg->app_verify) { char *s = NULL, buf[256]; + X509 *c = X509_STORE_CTX_get0_cert(ctx); printf("In app_verify_callback, allowing cert. "); printf("Arg is: %s\n", cb_arg->string); printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n", - (void *)ctx, (void *)ctx->cert); - if (ctx->cert) - s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256); + (void *)ctx, (void *)c); + if (c) + s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256); if (s != NULL) { - printf("cert depth=%d %s\n", ctx->error_depth, buf); + printf("cert depth=%d %s\n", + X509_STORE_CTX_get_error_depth(ctx), buf); } return (1); } @@ -3527,13 +3513,16 @@ static DH *get_dh512() 0x02, }; DH *dh; + BIGNUM *p, *g; if ((dh = DH_new()) == NULL) return (NULL); - dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { + p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); + g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); + BN_free(p); + BN_free(g); return (NULL); } return (dh); @@ -3568,13 +3557,16 @@ static DH *get_dh1024() 0x02, }; DH *dh; + BIGNUM *p, *g; if ((dh = DH_new()) == NULL) return (NULL); - dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); - dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { + p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); + BN_free(p); + BN_free(g); return (NULL); } return (dh); @@ -3629,16 +3621,19 @@ static DH *get_dh1024dsa() 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, }; DH *dh; + BIGNUM *p, *g; if ((dh = DH_new()) == NULL) return (NULL); - dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); - dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { + p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); + BN_free(p); + BN_free(g); return (NULL); } - dh->length = 160; + DH_set_length(dh, 160); return (dh); } #endif @@ -3707,33 +3702,3 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, return psk_len; } #endif - -static int do_test_cipherlist(void) -{ -#ifndef OPENSSL_NO_TLS - int i = 0; - const SSL_METHOD *meth; - const SSL_CIPHER *ci, *tci = NULL; - - /* - * This is required because ssltest "cheats" and uses internal headers to - * call functions, thus avoiding auto-init - */ - OPENSSL_init_crypto(0, NULL); - OPENSSL_init_ssl(0, NULL); - - meth = TLS_method(); - tci = NULL; - while ((ci = meth->get_cipher(i++)) != NULL) { - if (tci != NULL) - if (ci->id >= tci->id) { - fprintf(stderr, "testing SSLv3 cipher list order: "); - fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id); - return 0; - } - tci = ci; - } -#endif - - return 1; -}