1#!/bin/sh 2 3if [ "$1" = "" ]; then 4 key=../apps/server.pem 5else 6 key="$1" 7fi 8if [ "$2" = "" ]; then 9 cert=../apps/server.pem 10else 11 cert="$2" 12fi 13 14ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA" 15 16ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers" 17 18if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then 19 dsa_cert=YES 20else 21 dsa_cert=NO 22fi 23 24if [ "$3" = "" ]; then 25 CA="-CApath ../certs" 26else 27 CA="-CAfile $3" 28fi 29 30if [ "$4" = "" ]; then 31 extra="" 32else 33 extra="$4" 34fi 35 36############################################################################# 37 38echo test ssl3 is forbidden in FIPS mode 39$ssltest -ssl3 $extra && exit 1 40 41if ../util/shlib_wrap.sh ../apps/openssl ciphers SSLv2 >/dev/null 2>&1; then 42 echo test ssl2 is forbidden in FIPS mode 43 $ssltest -ssl2 $extra && exit 1 44else 45 echo ssl2 disabled: skipping test 46fi 47 48echo test tls1 49$ssltest -tls1 $extra || exit 1 50 51echo test tls1 with server authentication 52$ssltest -tls1 -server_auth $CA $extra || exit 1 53 54echo test tls1 with client authentication 55$ssltest -tls1 -client_auth $CA $extra || exit 1 56 57echo test tls1 with both client and server authentication 58$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1 59 60echo test tls1 via BIO pair 61$ssltest -bio_pair -tls1 $extra || exit 1 62 63echo test tls1 with server authentication via BIO pair 64$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1 65 66echo test tls1 with client authentication via BIO pair 67$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1 68 69echo test tls1 with both client and server authentication via BIO pair 70$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1 71 72# note that all the below actually choose TLS... 73 74if [ $dsa_cert = NO ]; then 75 echo test sslv2/sslv3 w/o DHE via BIO pair 76 $ssltest -bio_pair -no_dhe $extra || exit 1 77fi 78 79echo test sslv2/sslv3 with 1024bit DHE via BIO pair 80$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 81 82echo test sslv2/sslv3 with server authentication 83$ssltest -bio_pair -server_auth $CA $extra || exit 1 84 85echo test sslv2/sslv3 with client authentication via BIO pair 86$ssltest -bio_pair -client_auth $CA $extra || exit 1 87 88echo test sslv2/sslv3 with both client and server authentication via BIO pair 89$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 90 91echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify 92$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 93 94############################################################################# 95 96if ../util/shlib_wrap.sh ../apps/openssl no-dh; then 97 echo skipping anonymous DH tests 98else 99 echo test tls1 with 1024bit anonymous DH, multiple handshakes 100 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 101fi 102 103if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then 104 echo skipping RSA tests 105else 106 echo test tls1 with 1024bit RSA, no DHE, multiple handshakes 107 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 108 109 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then 110 echo skipping RSA+DHE tests 111 else 112 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes 113 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 114 fi 115fi 116 117exit 0 118