1#!/bin/sh
2
3if [ "$1" = "" ]; then
4  key=../apps/server.pem
5else
6  key="$1"
7fi
8if [ "$2" = "" ]; then
9  cert=../apps/server.pem
10else
11  cert="$2"
12fi
13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16  dsa_cert=YES
17else
18  dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22  CA="-CApath ../certs"
23else
24  CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28  extra=""
29else
30  extra="$4"
31fi
32
33serverinfo="./serverinfo.pem"
34
35#############################################################################
36
37echo test sslv2
38$ssltest -ssl2 $extra || exit 1
39
40echo test sslv2 with server authentication
41$ssltest -ssl2 -server_auth $CA $extra || exit 1
42
43if [ $dsa_cert = NO ]; then
44  echo test sslv2 with client authentication
45  $ssltest -ssl2 -client_auth $CA $extra || exit 1
46
47  echo test sslv2 with both client and server authentication
48  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
49fi
50
51echo test sslv3
52$ssltest -ssl3 $extra || exit 1
53
54echo test sslv3 with server authentication
55$ssltest -ssl3 -server_auth $CA $extra || exit 1
56
57echo test sslv3 with client authentication
58$ssltest -ssl3 -client_auth $CA $extra || exit 1
59
60echo test sslv3 with both client and server authentication
61$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
62
63echo test sslv2/sslv3
64$ssltest $extra || exit 1
65
66echo test sslv2/sslv3 with server authentication
67$ssltest -server_auth $CA $extra || exit 1
68
69echo test sslv2/sslv3 with client authentication
70$ssltest -client_auth $CA $extra || exit 1
71
72echo test sslv2/sslv3 with both client and server authentication
73$ssltest -server_auth -client_auth $CA $extra || exit 1
74
75echo test sslv2 via BIO pair
76$ssltest -bio_pair -ssl2 $extra || exit 1
77
78echo test sslv2 with server authentication via BIO pair
79$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
80
81if [ $dsa_cert = NO ]; then
82  echo test sslv2 with client authentication via BIO pair
83  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
84
85  echo test sslv2 with both client and server authentication via BIO pair
86  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
87fi
88
89echo test sslv3 via BIO pair
90$ssltest -bio_pair -ssl3 $extra || exit 1
91
92echo test sslv3 with server authentication via BIO pair
93$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
94
95echo test sslv3 with client authentication via BIO pair
96$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
97
98echo test sslv3 with both client and server authentication via BIO pair
99$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
100
101echo test sslv2/sslv3 via BIO pair
102$ssltest $extra || exit 1
103
104echo test dtlsv1
105$ssltest -dtls1 $extra || exit 1
106
107echo test dtlsv1 with server authentication
108$ssltest -dtls1 -server_auth $CA $extra || exit 1
109
110echo test dtlsv1 with client authentication
111$ssltest -dtls1 -client_auth $CA $extra || exit 1
112
113echo test dtlsv1 with both client and server authentication
114$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
115
116echo test dtlsv1.2
117$ssltest -dtls12 $extra || exit 1
118
119echo test dtlsv1.2 with server authentication
120$ssltest -dtls12 -server_auth $CA $extra || exit 1
121
122echo test dtlsv1.2 with client authentication
123$ssltest -dtls12 -client_auth $CA $extra || exit 1
124
125echo test dtlsv1.2 with both client and server authentication
126$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
127
128if [ $dsa_cert = NO ]; then
129  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
130  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
131fi
132
133echo test sslv2/sslv3 with 1024bit DHE via BIO pair
134$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
135
136echo test sslv2/sslv3 with server authentication
137$ssltest -bio_pair -server_auth $CA $extra || exit 1
138
139echo test sslv2/sslv3 with client authentication via BIO pair
140$ssltest -bio_pair -client_auth $CA $extra || exit 1
141
142echo test sslv2/sslv3 with both client and server authentication via BIO pair
143$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
144
145echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
146$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
147
148test_cipher() {
149    _cipher=$1
150    echo "Testing $_cipher"
151    prot=""
152    if [ $2 = "SSLv3" ] ; then
153      prot="-ssl3"
154    fi
155    $ssltest -cipher $_cipher $prot
156    if [ $? -ne 0 ] ; then
157	  echo "Failed $_cipher"
158	  exit 1
159    fi
160}
161
162echo "Testing ciphersuites"
163for protocol in TLSv1.2 SSLv3; do
164  echo "Testing ciphersuites for $protocol"
165  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
166    test_cipher $cipher $protocol
167  done
168  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
169    echo "skipping RSA+DHE tests"
170  else
171    for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
172      test_cipher $cipher $protocol
173    done
174    echo "testing connection with weak DH, expecting failure"
175    if [ $protocol = "SSLv3" ] ; then
176      $ssltest -cipher EDH -dhe512 -ssl3
177    else
178      $ssltest -cipher EDH -dhe512
179    fi
180    if [ $? -eq 0 ]; then
181      echo "FAIL: connection with weak DH succeeded"
182      exit 1
183    fi
184  fi
185  if ../util/shlib_wrap.sh ../apps/openssl no-ec; then
186    echo "skipping RSA+ECDHE tests"
187  else
188    for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
189      test_cipher $cipher $protocol
190    done
191  fi
192done
193
194#############################################################################
195
196if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
197  echo skipping anonymous DH tests
198else
199  echo test tls1 with 1024bit anonymous DH, multiple handshakes
200  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
201fi
202
203if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
204  echo skipping RSA tests
205else
206  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
207  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
208
209  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
210    echo skipping RSA+DHE tests
211  else
212    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
213    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
214  fi
215fi
216
217echo test tls1 with PSK
218$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
219
220echo test tls1 with PSK via BIO pair
221$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
222
223#############################################################################
224# Custom Extension tests
225
226echo test tls1 with custom extensions
227$ssltest -bio_pair -tls1 -custom_ext || exit 1
228
229#############################################################################
230# Serverinfo tests
231
232echo test tls1 with serverinfo
233$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo || exit 1
234$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct || exit 1
235$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1
236$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
237$ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
238
239
240#############################################################################
241# ALPN tests
242
243$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
244$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo -alpn_expected foo || exit 1
245$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo -alpn_expected foo || exit 1
246$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo -alpn_expected foo || exit 1
247$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar -alpn_expected foo || exit 1
248$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expected bar || exit 1
249$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1
250$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
251
252if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
253  echo skipping SRP tests
254else
255  echo test tls1 with SRP
256  $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
257
258  echo test tls1 with SRP via BIO pair
259  $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
260
261  echo test tls1 with SRP auth
262  $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
263
264  echo test tls1 with SRP auth via BIO pair
265  $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
266fi
267
268#############################################################################
269# Multi-buffer tests
270
271if [ -z "$extra" -a `uname -m` = "x86_64" ]; then
272  $ssltest -cipher AES128-SHA    -bytes 8m	|| exit 1
273  $ssltest -cipher AES128-SHA256 -bytes 8m	|| exit 1
274fi
275
276exit 0
277