1#!perl -w 2# Before `make install' is performed this script should be runnable with 3# `make test'. After `make install' it should work as `perl t/dhe.t' 4 5# This tests the use of Diffie Hellman Key Exchange (DHE) 6# If you have only a 384bit RSA key you can not use RSA key exchange, 7# but DHE is usable. For an explanation see 8# http://groups.google.de/group/mailing.openssl.users/msg/d60330cfa7a6034b 9# So this test simple uses a 384bit RSA key to make sure that DHE is used. 10 11use Net::SSLeay; 12use Socket; 13use IO::Socket::SSL; 14use strict; 15 16 17if ( grep { $^O =~m{$_} } qw( MacOS VOS vmesa riscos amigaos ) ) { 18 print "1..0 # Skipped: fork not implemented on this platform\n"; 19 exit 20} 21 22$|=1; 23print "1..3\n"; 24 25# first create simple ssl-server 26my $ID = 'server'; 27my $addr = '127.0.0.1'; 28my $server = IO::Socket::SSL->new( 29 LocalAddr => $addr, 30 Listen => 2, 31 ReuseAddr => 1, 32 SSL_cert_file => "certs/server-rsa384-dh.pem", 33 SSL_key_file => "certs/server-rsa384-dh.pem", 34 SSL_dh_file => "certs/server-rsa384-dh.pem", 35 # at least 0.9.8[ab] have problems if we don't explicitly disable 36 # RSA or EXPORT56, and 1.0.1 complains if we have RSA authentication 37 # enabled 38 SSL_cipher_list => 'ALL:RSA:!aRSA', 39) || do { 40 notok($!); 41 exit 42}; 43ok("Server Initialization"); 44 45# add server port to addr 46$addr.= ':'.(sockaddr_in( getsockname( $server )))[0]; 47 48my $pid = fork(); 49if ( !defined $pid ) { 50 die $!; # fork failed 51 52} elsif ( !$pid ) { ###### Client 53 54 $ID = 'client'; 55 close($server); 56 my $to_server = IO::Socket::SSL->new( $addr ) || do { 57 notok( "connect failed: $SSL_ERROR" ); 58 exit 59 }; 60 ok( "client connected" ); 61 62} else { ###### Server 63 64 my $to_client = $server->accept || do { 65 notok( "accept failed: $SSL_ERROR" ); 66 kill(9,$pid); 67 exit; 68 }; 69 ok( "Server accepted" ); 70 wait; 71} 72 73sub ok { print "ok # [$ID] @_\n"; } 74sub notok { print "not ok # [$ID] @_\n"; } 75