1#!/bin/sh 2 3if [ "$1" = "" ]; then 4 key=../apps/server.pem 5else 6 key="$1" 7fi 8if [ "$2" = "" ]; then 9 cert=../apps/server.pem 10else 11 cert="$2" 12fi 13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" 14 15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then 16 dsa_cert=YES 17else 18 dsa_cert=NO 19fi 20 21if [ "$3" = "" ]; then 22 CA="-CApath ../certs" 23else 24 CA="-CAfile $3" 25fi 26 27if [ "$4" = "" ]; then 28 extra="" 29else 30 extra="$4" 31fi 32 33serverinfo="./serverinfo.pem" 34 35############################################################################# 36 37echo test sslv2 38$ssltest -ssl2 $extra || exit 1 39 40echo test sslv2 with server authentication 41$ssltest -ssl2 -server_auth $CA $extra || exit 1 42 43if [ $dsa_cert = NO ]; then 44 echo test sslv2 with client authentication 45 $ssltest -ssl2 -client_auth $CA $extra || exit 1 46 47 echo test sslv2 with both client and server authentication 48 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 49fi 50 51echo test sslv3 52$ssltest -ssl3 $extra || exit 1 53 54echo test sslv3 with server authentication 55$ssltest -ssl3 -server_auth $CA $extra || exit 1 56 57echo test sslv3 with client authentication 58$ssltest -ssl3 -client_auth $CA $extra || exit 1 59 60echo test sslv3 with both client and server authentication 61$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 62 63echo test sslv2/sslv3 64$ssltest $extra || exit 1 65 66echo test sslv2/sslv3 with server authentication 67$ssltest -server_auth $CA $extra || exit 1 68 69echo test sslv2/sslv3 with client authentication 70$ssltest -client_auth $CA $extra || exit 1 71 72echo test sslv2/sslv3 with both client and server authentication 73$ssltest -server_auth -client_auth $CA $extra || exit 1 74 75echo test sslv2 via BIO pair 76$ssltest -bio_pair -ssl2 $extra || exit 1 77 78echo test sslv2 with server authentication via BIO pair 79$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 80 81if [ $dsa_cert = NO ]; then 82 echo test sslv2 with client authentication via BIO pair 83 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 84 85 echo test sslv2 with both client and server authentication via BIO pair 86 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 87fi 88 89echo test sslv3 via BIO pair 90$ssltest -bio_pair -ssl3 $extra || exit 1 91 92echo test sslv3 with server authentication via BIO pair 93$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 94 95echo test sslv3 with client authentication via BIO pair 96$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 97 98echo test sslv3 with both client and server authentication via BIO pair 99$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 100 101echo test sslv2/sslv3 via BIO pair 102$ssltest $extra || exit 1 103 104echo test dtlsv1 105$ssltest -dtls1 $extra || exit 1 106 107echo test dtlsv1 with server authentication 108$ssltest -dtls1 -server_auth $CA $extra || exit 1 109 110echo test dtlsv1 with client authentication 111$ssltest -dtls1 -client_auth $CA $extra || exit 1 112 113echo test dtlsv1 with both client and server authentication 114$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 115 116echo test dtlsv1.2 117$ssltest -dtls12 $extra || exit 1 118 119echo test dtlsv1.2 with server authentication 120$ssltest -dtls12 -server_auth $CA $extra || exit 1 121 122echo test dtlsv1.2 with client authentication 123$ssltest -dtls12 -client_auth $CA $extra || exit 1 124 125echo test dtlsv1.2 with both client and server authentication 126$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1 127 128if [ $dsa_cert = NO ]; then 129 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' 130 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 131fi 132 133echo test sslv2/sslv3 with 1024bit DHE via BIO pair 134$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 135 136echo test sslv2/sslv3 with server authentication 137$ssltest -bio_pair -server_auth $CA $extra || exit 1 138 139echo test sslv2/sslv3 with client authentication via BIO pair 140$ssltest -bio_pair -client_auth $CA $extra || exit 1 141 142echo test sslv2/sslv3 with both client and server authentication via BIO pair 143$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 144 145echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify 146$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 147 148test_cipher() { 149 _cipher=$1 150 echo "Testing $_cipher" 151 prot="" 152 if [ $2 = "SSLv3" ] ; then 153 prot="-ssl3" 154 fi 155 $ssltest -cipher $_cipher $prot 156 if [ $? -ne 0 ] ; then 157 echo "Failed $_cipher" 158 exit 1 159 fi 160} 161 162echo "Testing ciphersuites" 163for protocol in TLSv1.2 SSLv3; do 164 echo "Testing ciphersuites for $protocol" 165 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do 166 test_cipher $cipher $protocol 167 done 168 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then 169 echo "skipping RSA+DHE tests" 170 else 171 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do 172 test_cipher $cipher $protocol 173 done 174 echo "testing connection with weak DH, expecting failure" 175 if [ $protocol = "SSLv3" ] ; then 176 $ssltest -cipher EDH -dhe512 -ssl3 177 else 178 $ssltest -cipher EDH -dhe512 179 fi 180 if [ $? -eq 0 ]; then 181 echo "FAIL: connection with weak DH succeeded" 182 exit 1 183 fi 184 fi 185 if ../util/shlib_wrap.sh ../apps/openssl no-ec; then 186 echo "skipping RSA+ECDHE tests" 187 else 188 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do 189 test_cipher $cipher $protocol 190 done 191 fi 192done 193 194############################################################################# 195 196if ../util/shlib_wrap.sh ../apps/openssl no-dh; then 197 echo skipping anonymous DH tests 198else 199 echo test tls1 with 1024bit anonymous DH, multiple handshakes 200 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 201fi 202 203if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then 204 echo skipping RSA tests 205else 206 echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' 207 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 208 209 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then 210 echo skipping RSA+DHE tests 211 else 212 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes 213 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 214 fi 215fi 216 217echo test tls1 with PSK 218$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 219 220echo test tls1 with PSK via BIO pair 221$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 222 223############################################################################# 224# Custom Extension tests 225 226echo test tls1 with custom extensions 227$ssltest -bio_pair -tls1 -custom_ext || exit 1 228 229############################################################################# 230# Serverinfo tests 231 232echo test tls1 with serverinfo 233$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo || exit 1 234$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct || exit 1 235$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1 236$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1 237$ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1 238 239 240############################################################################# 241# ALPN tests 242 243$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1 244$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo -alpn_expected foo || exit 1 245$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo -alpn_expected foo || exit 1 246$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo -alpn_expected foo || exit 1 247$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar -alpn_expected foo || exit 1 248$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expected bar || exit 1 249$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1 250$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1 251 252if ../util/shlib_wrap.sh ../apps/openssl no-srp; then 253 echo skipping SRP tests 254else 255 echo test tls1 with SRP 256 $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1 257 258 echo test tls1 with SRP via BIO pair 259 $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1 260 261 echo test tls1 with SRP auth 262 $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1 263 264 echo test tls1 with SRP auth via BIO pair 265 $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1 266fi 267 268############################################################################# 269# Multi-buffer tests 270 271if [ -z "$extra" -a `uname -m` = "x86_64" ]; then 272 $ssltest -cipher AES128-SHA -bytes 8m || exit 1 273 $ssltest -cipher AES128-SHA256 -bytes 8m || exit 1 274fi 275 276exit 0 277