appstest.sh revision 1.20
1#!/bin/sh 2# 3# $OpenBSD: appstest.sh,v 1.20 2019/06/23 05:05:07 inoguchi Exp $ 4# 5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> 6# 7# Permission to use, copy, modify, and distribute this software for any 8# purpose with or without fee is hereby granted, provided that the above 9# copyright notice and this permission notice appear in all copies. 10# 11# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19# 20# appstest.sh - test script for openssl command according to man OPENSSL(1) 21# 22# input : none 23# output : all files generated by this script go under $ssldir 24# 25 26function section_message { 27 echo "" 28 echo "#---------#---------#---------#---------#---------#---------#---------#--------" 29 echo "===" 30 echo "=== (Section) $1 `date +'%Y/%m/%d %H:%M:%S'`" 31 echo "===" 32} 33 34function start_message { 35 echo "" 36 echo "[TEST] $1" 37} 38 39function stop_s_server { 40 if [ ! -z "$s_server_pid" ] ; then 41 echo ":-| stop s_server [ $s_server_pid ]" 42 sleep 1 43 kill -TERM $s_server_pid 44 wait $s_server_pid 45 s_server_pid= 46 fi 47} 48 49function check_exit_status { 50 status=$1 51 if [ $status -ne 0 ] ; then 52 stop_s_server 53 echo ":-< error occurs, exit status = [ $status ]" 54 exit $status 55 else 56 echo ":-) success. " 57 fi 58} 59 60function usage { 61 echo "usage: appstest.sh [-iq]" 62} 63 64function test_usage_lists_others { 65 # === COMMAND USAGE === 66 section_message "COMMAND USAGE" 67 68 start_message "output usages of all commands." 69 70 cmds=`$openssl_bin list-standard-commands` 71 $openssl_bin -help 2>> $user1_dir/usages.out 72 for c in $cmds ; do 73 $openssl_bin $c -help 2>> $user1_dir/usages.out 74 done 75 76 start_message "check all list-* commands." 77 78 lists="" 79 lists="$lists list-standard-commands" 80 lists="$lists list-message-digest-commands list-message-digest-algorithms" 81 lists="$lists list-cipher-commands list-cipher-algorithms" 82 lists="$lists list-public-key-algorithms" 83 84 listsfile=$user1_dir/lists.out 85 86 for l in $lists ; do 87 echo "" >> $listsfile 88 echo "$l" >> $listsfile 89 $openssl_bin $l >> $listsfile 90 done 91 92 start_message "check interactive mode" 93 $openssl_bin <<__EOF__ 94help 95quit 96__EOF__ 97 check_exit_status $? 98 99 #---------#---------#---------#---------#---------#---------#--------- 100 101 # --- listing operations --- 102 section_message "listing operations" 103 104 start_message "ciphers" 105 $openssl_bin ciphers -V 106 check_exit_status $? 107 108 start_message "errstr" 109 $openssl_bin errstr 2606A074 110 check_exit_status $? 111 $openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out 112 check_exit_status $? 113 114 #---------#---------#---------#---------#---------#---------#--------- 115 116 # --- random number etc. operations --- 117 section_message "random number etc. operations" 118 119 start_message "passwd" 120 121 pass="test-pass-1234" 122 123 echo $pass | $openssl_bin passwd -stdin -1 124 check_exit_status $? 125 126 echo $pass | $openssl_bin passwd -stdin -apr1 127 check_exit_status $? 128 129 echo $pass | $openssl_bin passwd -stdin -crypt 130 check_exit_status $? 131 132 start_message "prime" 133 134 $openssl_bin prime 1 135 check_exit_status $? 136 137 $openssl_bin prime 2 138 check_exit_status $? 139 140 $openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5 141 check_exit_status $? 142 143 start_message "rand" 144 145 $openssl_bin rand -base64 100 146 check_exit_status $? 147 148 $openssl_bin rand -hex 100 149 check_exit_status $? 150} 151 152function test_md { 153 # === MESSAGE DIGEST COMMANDS === 154 section_message "MESSAGE DIGEST COMMANDS" 155 156 start_message "dgst - See [MESSAGE DIGEST COMMANDS] section." 157 158 text="1234567890abcdefghijklmnopqrstuvwxyz" 159 dgstdat=$user1_dir/dgst.dat 160 echo $text > $dgstdat 161 hmac_key="test-hmac-key" 162 cmac_key="1234567890abcde1234567890abcde12" 163 dgstkey=$user1_dir/dgstkey.pem 164 dgstpass=test-dgst-pass 165 dgstpub=$user1_dir/dgstpub.pem 166 dgstsig=$user1_dir/dgst.sig 167 168 $openssl_bin genrsa -aes256 -passout pass:$dgstpass -out $dgstkey 169 check_exit_status $? 170 171 $openssl_bin pkey -in $dgstkey -passin pass:$dgstpass -pubout \ 172 -out $dgstpub 173 check_exit_status $? 174 175 digests=`$openssl_bin list-message-digest-commands` 176 177 for d in $digests ; do 178 179 echo -n "$d ... " 180 $openssl_bin dgst -$d -hex -out $dgstdat.$d $dgstdat 181 check_exit_status $? 182 183 echo -n "$d HMAC ... " 184 $openssl_bin dgst -$d -c -hmac $hmac_key -out $dgstdat.$d.hmac \ 185 $dgstdat 186 check_exit_status $? 187 188 echo -n "$d CMAC ... " 189 $openssl_bin dgst -$d -r -mac cmac -macopt cipher:aes-128-cbc \ 190 -macopt hexkey:$cmac_key -out $dgstdat.$d.cmac $dgstdat 191 check_exit_status $? 192 193 echo -n "$d sign ... " 194 $openssl_bin dgst -sign $dgstkey -keyform pem \ 195 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \ 196 -passin pass:$dgstpass -binary -out $dgstsig.$d $dgstdat 197 check_exit_status $? 198 199 echo -n "$d verify ... " 200 $openssl_bin dgst -verify $dgstpub \ 201 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \ 202 -signature $dgstsig.$d $dgstdat 203 check_exit_status $? 204 205 echo -n "$d prverify ... " 206 $openssl_bin dgst -prverify $dgstkey -passin pass:$dgstpass \ 207 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \ 208 -signature $dgstsig.$d $dgstdat 209 check_exit_status $? 210 done 211} 212 213function test_encoding_cipher { 214 # === ENCODING AND CIPHER COMMANDS === 215 section_message "ENCODING AND CIPHER COMMANDS" 216 217 start_message "enc - See [ENCODING AND CIPHER COMMANDS] section." 218 219 text="1234567890abcdefghijklmnopqrstuvwxyz" 220 encfile=$user1_dir/encfile.dat 221 echo $text > $encfile 222 pass="test-pass-1234" 223 224 ciphers=`$openssl_bin list-cipher-commands` 225 226 for c in $ciphers ; do 227 echo -n "$c ... encoding ... " 228 $openssl_bin enc -$c -e -base64 -pass pass:$pass \ 229 -in $encfile -out $encfile-$c.enc 230 check_exit_status $? 231 232 echo -n "decoding ... " 233 $openssl_bin enc -$c -d -base64 -pass pass:$pass \ 234 -in $encfile-$c.enc -out $encfile-$c.dec 235 check_exit_status $? 236 237 echo -n "cmp ... " 238 cmp $encfile $encfile-$c.dec 239 check_exit_status $? 240 done 241} 242 243function test_key { 244 # === various KEY operations === 245 section_message "various KEY operations" 246 247 key_pass=test-key-pass 248 249 # DH 250 251 start_message "gendh - Obsoleted by dhparam." 252 gendh2=$key_dir/gendh2.pem 253 $openssl_bin gendh -2 -out $gendh2 254 check_exit_status $? 255 256 start_message "dh - Obsoleted by dhparam." 257 $openssl_bin dh -in $gendh2 -check -text -out $gendh2.out 258 check_exit_status $? 259 260 if [ $no_long_tests = 0 ] ; then 261 start_message "dhparam - Superseded by genpkey and pkeyparam." 262 dhparam2=$key_dir/dhparam2.pem 263 $openssl_bin dhparam -2 -out $dhparam2 264 check_exit_status $? 265 $openssl_bin dhparam -in $dhparam2 -check -text \ 266 -out $dhparam2.out 267 check_exit_status $? 268 else 269 start_message "SKIPPING dhparam - Superseded by genpkey and pkeyparam. (quick mode)" 270 fi 271 272 # DSA 273 274 start_message "dsaparam - Superseded by genpkey and pkeyparam." 275 dsaparam512=$key_dir/dsaparam512.pem 276 $openssl_bin dsaparam -genkey -out $dsaparam512 512 277 check_exit_status $? 278 279 start_message "dsa" 280 $openssl_bin dsa -in $dsaparam512 -text -out $dsaparam512.out 281 check_exit_status $? 282 283 start_message "gendsa - Superseded by genpkey and pkey." 284 gendsa_des3=$key_dir/gendsa_des3.pem 285 $openssl_bin gendsa -des3 -out $gendsa_des3 \ 286 -passout pass:$key_pass $dsaparam512 287 check_exit_status $? 288 289 # RSA 290 291 start_message "genrsa - Superseded by genpkey." 292 genrsa_aes256=$key_dir/genrsa_aes256.pem 293 $openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 \ 294 -passout pass:$key_pass 2048 295 check_exit_status $? 296 297 start_message "rsa" 298 $openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass \ 299 -check -text -out $genrsa_aes256.out 300 check_exit_status $? 301 302 start_message "rsautl - Superseded by pkeyutl." 303 rsautldat=$key_dir/rsautl.dat 304 rsautlsig=$key_dir/rsautl.sig 305 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat 306 307 $openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 \ 308 -passin pass:$key_pass -out $rsautlsig 309 check_exit_status $? 310 311 $openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 \ 312 -passin pass:$key_pass 313 check_exit_status $? 314 315 # EC 316 317 start_message "ecparam -list-curves" 318 $openssl_bin ecparam -list_curves 319 check_exit_status $? 320 321 # get all EC curves 322 ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1` 323 324 start_message "ecparam and ec" 325 326 for curve in $ec_curves ; 327 do 328 ecparam=$key_dir/ecparam_$curve.pem 329 330 echo -n "ec - $curve ... ecparam ... " 331 $openssl_bin ecparam -out $ecparam -name $curve -genkey \ 332 -param_enc explicit -conv_form compressed -C 333 check_exit_status $? 334 335 echo -n "ec ... " 336 $openssl_bin ec -in $ecparam -text \ 337 -out $ecparam.out 2> /dev/null 338 check_exit_status $? 339 done 340 341 # PKEY 342 343 start_message "genpkey" 344 345 # DH by GENPKEY 346 347 genpkey_dh_param=$key_dir/genpkey_dh_param.pem 348 $openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \ 349 -pkeyopt dh_paramgen_prime_len:1024 350 check_exit_status $? 351 352 genpkey_dh=$key_dir/genpkey_dh.pem 353 $openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh 354 check_exit_status $? 355 356 # DSA by GENPKEY 357 358 genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem 359 $openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \ 360 -pkeyopt dsa_paramgen_bits:1024 361 check_exit_status $? 362 363 genpkey_dsa=$key_dir/genpkey_dsa.pem 364 $openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa 365 check_exit_status $? 366 367 # RSA by GENPKEY 368 369 genpkey_rsa=$key_dir/genpkey_rsa.pem 370 $openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \ 371 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 372 check_exit_status $? 373 374 # EC by GENPKEY 375 376 genpkey_ec_param=$key_dir/genpkey_ec_param.pem 377 $openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \ 378 -pkeyopt ec_paramgen_curve:secp384r1 379 check_exit_status $? 380 381 genpkey_ec=$key_dir/genpkey_ec.pem 382 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec 383 check_exit_status $? 384 385 genpkey_ec_2=$key_dir/genpkey_ec_2.pem 386 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec_2 387 check_exit_status $? 388 389 start_message "pkeyparam" 390 391 $openssl_bin pkeyparam -in $genpkey_dh_param -text \ 392 -out $genpkey_dh_param.out 393 check_exit_status $? 394 395 $openssl_bin pkeyparam -in $genpkey_dsa_param -text \ 396 -out $genpkey_dsa_param.out 397 check_exit_status $? 398 399 $openssl_bin pkeyparam -in $genpkey_ec_param -text \ 400 -out $genpkey_ec_param.out 401 check_exit_status $? 402 403 start_message "pkey" 404 405 $openssl_bin pkey -in $genpkey_dh -pubout -out $genpkey_dh.pub \ 406 -text_pub 407 check_exit_status $? 408 409 $openssl_bin pkey -in $genpkey_dsa -pubout -out $genpkey_dsa.pub \ 410 -text_pub 411 check_exit_status $? 412 413 $openssl_bin pkey -in $genpkey_rsa -pubout -out $genpkey_rsa.pub \ 414 -text_pub 415 check_exit_status $? 416 417 $openssl_bin pkey -in $genpkey_ec -pubout -out $genpkey_ec.pub \ 418 -text_pub 419 check_exit_status $? 420 421 $openssl_bin pkey -in $genpkey_ec_2 -pubout -out $genpkey_ec_2.pub \ 422 -text_pub 423 check_exit_status $? 424 425 start_message "pkeyutl" 426 427 pkeyutldat=$key_dir/pkeyutl.dat 428 pkeyutlsig=$key_dir/pkeyutl.sig 429 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat 430 431 $openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa \ 432 -out $pkeyutlsig 433 check_exit_status $? 434 435 $openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig \ 436 -inkey $genpkey_rsa 437 check_exit_status $? 438 439 $openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa 440 check_exit_status $? 441 442 pkeyutlenc=$key_dir/pkeyutl.enc 443 pkeyutldec=$key_dir/pkeyutl.dec 444 445 $openssl_bin pkeyutl -encrypt -in $pkeyutldat \ 446 -pubin -inkey $genpkey_rsa.pub -out $pkeyutlenc 447 check_exit_status $? 448 449 $openssl_bin pkeyutl -decrypt -in $pkeyutlenc \ 450 -inkey $genpkey_rsa -out $pkeyutldec 451 check_exit_status $? 452 453 diff $pkeyutldat $pkeyutldec 454 check_exit_status $? 455 456 pkeyutlsc1=$key_dir/pkeyutl.sc1 457 pkeyutlsc2=$key_dir/pkeyutl.sc2 458 459 $openssl_bin pkeyutl -derive -inkey $genpkey_ec \ 460 -peerkey $genpkey_ec_2.pub -out $pkeyutlsc1 -hexdump 461 check_exit_status $? 462 463 $openssl_bin pkeyutl -derive -inkey $genpkey_ec_2 \ 464 -peerkey $genpkey_ec.pub -out $pkeyutlsc2 -hexdump 465 check_exit_status $? 466 467 diff $pkeyutlsc1 $pkeyutlsc2 468 check_exit_status $? 469} 470 471function test_pki { 472 section_message "setup local CA" 473 474 # 475 # prepare test openssl.cnf 476 # 477 478 cat << __EOF__ > $ssldir/openssl.cnf 479oid_section = new_oids 480[ new_oids ] 481tsa_policy1 = 1.2.3.4.1 482tsa_policy2 = 1.2.3.4.5.6 483tsa_policy3 = 1.2.3.4.5.7 484[ ca ] 485default_ca = CA_default 486[ CA_default ] 487dir = ./$ca_dir 488crl_dir = \$dir/crl 489database = \$dir/index.txt 490new_certs_dir = \$dir/newcerts 491serial = \$dir/serial 492crlnumber = \$dir/crlnumber 493default_days = 1 494default_md = default 495policy = policy_match 496[ policy_match ] 497countryName = match 498stateOrProvinceName = match 499organizationName = match 500organizationalUnitName = optional 501commonName = supplied 502emailAddress = optional 503[ req ] 504distinguished_name = req_distinguished_name 505[ req_distinguished_name ] 506countryName = Country Name 507countryName_default = JP 508countryName_min = 2 509countryName_max = 2 510stateOrProvinceName = State or Province Name 511stateOrProvinceName_default = Tokyo 512organizationName = Organization Name 513organizationName_default = TEST_DUMMY_COMPANY 514commonName = Common Name 515[ tsa ] 516default_tsa = tsa_config1 517[ tsa_config1 ] 518dir = ./$tsa_dir 519serial = \$dir/serial 520crypto_device = builtin 521digests = sha1, sha256, sha384, sha512 522default_policy = tsa_policy1 523other_policies = tsa_policy2, tsa_policy3 524[ tsa_ext ] 525keyUsage = critical,nonRepudiation 526extendedKeyUsage = critical,timeStamping 527[ ocsp_ext ] 528basicConstraints = CA:FALSE 529keyUsage = nonRepudiation,digitalSignature,keyEncipherment 530extendedKeyUsage = OCSPSigning 531__EOF__ 532 533 #---------#---------#---------#---------#---------#---------#--------- 534 535 # 536 # setup test CA 537 # 538 539 mkdir -p $ca_dir 540 mkdir -p $tsa_dir 541 mkdir -p $ocsp_dir 542 mkdir -p $server_dir 543 544 mkdir -p $ca_dir/certs 545 mkdir -p $ca_dir/private 546 mkdir -p $ca_dir/crl 547 mkdir -p $ca_dir/newcerts 548 chmod 700 $ca_dir/private 549 echo "01" > $ca_dir/serial 550 touch $ca_dir/index.txt 551 touch $ca_dir/crlnumber 552 echo "01" > $ca_dir/crlnumber 553 554 # 555 # setup test TSA 556 # 557 mkdir -p $tsa_dir/private 558 chmod 700 $tsa_dir/private 559 echo "01" > $tsa_dir/serial 560 touch $tsa_dir/index.txt 561 562 # 563 # setup test OCSP 564 # 565 mkdir -p $ocsp_dir/private 566 chmod 700 $ocsp_dir/private 567 568 #---------#---------#---------#---------#---------#---------#--------- 569 570 # --- CA initiate (generate CA key and cert) --- 571 572 start_message "req ... generate CA key and self signed cert" 573 574 ca_cert=$ca_dir/ca_cert.pem 575 ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass 576 577 if [ $mingw = 0 ] ; then 578 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test_dummy.com/' 579 else 580 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testCA.test_dummy.com\' 581 fi 582 583 $openssl_bin req -new -x509 -newkey rsa:2048 -out $ca_cert \ 584 -keyout $ca_key -days 1 -passout pass:$ca_pass -batch \ 585 -subj $subj 586 check_exit_status $? 587 588 #---------#---------#---------#---------#---------#---------#--------- 589 590 # --- TSA initiate (generate TSA key and cert) --- 591 592 start_message "req ... generate TSA key and cert" 593 594 # generate CSR for TSA 595 596 tsa_csr=$tsa_dir/tsa_csr.pem 597 tsa_key=$tsa_dir/private/tsa_key.pem 598 tsa_pass=test-tsa-pass 599 600 if [ $mingw = 0 ] ; then 601 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test_dummy.com/' 602 else 603 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\' 604 fi 605 606 $openssl_bin req -new -keyout $tsa_key -out $tsa_csr \ 607 -passout pass:$tsa_pass -subj $subj 608 check_exit_status $? 609 610 start_message "ca ... sign by CA with TSA extensions" 611 612 tsa_cert=$tsa_dir/tsa_cert.pem 613 614 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \ 615 -key $ca_pass -config $ssldir/openssl.cnf -create_serial \ 616 -policy policy_match -days 1 -md sha256 -extensions tsa_ext \ 617 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ 618 -multivalue-rdn -preserveDN -noemailDN \ 619 -in $tsa_csr -outdir $tsa_dir -out $tsa_cert -verbose -notext 620 check_exit_status $? 621 622 #---------#---------#---------#---------#---------#---------#--------- 623 624 # --- OCSP initiate (generate OCSP key and cert) --- 625 626 start_message "req ... generate OCSP key and cert" 627 628 # generate CSR for OCSP 629 630 ocsp_csr=$ocsp_dir/ocsp_csr.pem 631 ocsp_key=$ocsp_dir/private/ocsp_key.pem 632 633 if [ $mingw = 0 ] ; then 634 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test_dummy.com/' 635 else 636 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test_dummy.com\' 637 fi 638 639 $openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr \ 640 -subj $subj 641 check_exit_status $? 642 643 start_message "ca ... sign by CA with OCSP extensions" 644 645 ocsp_cert=$ocsp_dir/ocsp_cert.pem 646 647 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \ 648 -key $ca_pass -out $ocsp_cert -extensions ocsp_ext \ 649 -startdate `date -u '+%y%m%d%H%M%SZ'` -enddate 491223235959Z \ 650 -subj $subj -infiles $ocsp_csr 651 check_exit_status $? 652 653 #---------#---------#---------#---------#---------#---------#--------- 654 655 # --- server-admin operations (generate server key and csr) --- 656 section_message "server-admin operations (generate server key and csr)" 657 658 start_message "req ... generate server csr#1" 659 660 server_key=$server_dir/server_key.pem 661 server_csr=$server_dir/server_csr.pem 662 server_pass=test-server-pass 663 664 if [ $mingw = 0 ] ; then 665 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/' 666 else 667 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test_dummy.com\' 668 fi 669 670 $openssl_bin req -new -keyout $server_key -out $server_csr \ 671 -passout pass:$server_pass -subj $subj 672 check_exit_status $? 673 674 start_message "req ... generate server csr#2 (interactive mode)" 675 676 revoke_key=$server_dir/revoke_key.pem 677 revoke_csr=$server_dir/revoke_csr.pem 678 revoke_pass=test-revoke-pass 679 680 $openssl_bin req -new -keyout $revoke_key -out $revoke_csr \ 681 -passout pass:$revoke_pass <<__EOF__ 682JP 683Tokyo 684TEST_DUMMY_COMPANY 685revoke.test_dummy.com 686__EOF__ 687 check_exit_status $? 688 689 #---------#---------#---------#---------#---------#---------#--------- 690 691 # --- CA operations (issue cert for server) --- 692 section_message "CA operations (issue cert for server)" 693 694 start_message "ca ... issue cert for server csr#1" 695 696 server_cert=$server_dir/server_cert.pem 697 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 698 -in $server_csr -out $server_cert 699 check_exit_status $? 700 701 start_message "x509 ... issue cert for server csr#2" 702 703 revoke_cert=$server_dir/revoke_cert.pem 704 $openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAkey $ca_key \ 705 -passin pass:$ca_pass -CAcreateserial -out $revoke_cert 706 check_exit_status $? 707 708 #---------#---------#---------#---------#---------#---------#--------- 709 710 # --- CA operations (revoke cert and generate crl) --- 711 section_message "CA operations (revoke cert and generate crl)" 712 713 start_message "ca ... revoke server cert#2" 714 crl_file=$ca_dir/crl.pem 715 $openssl_bin ca -gencrl -out $crl_file -revoke $revoke_cert \ 716 -config $ssldir/openssl.cnf -name CA_default \ 717 -crldays 30 -crlhours 12 -crlsec 30 -updatedb \ 718 -crl_reason unspecified -crl_hold 1.2.840.10040.2.2 \ 719 -crl_compromise `date -u '+%Y%m%d%H%M%SZ'` \ 720 -crl_CA_compromise `date -u '+%Y%m%d%H%M%SZ'` \ 721 -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert 722 check_exit_status $? 723 724 start_message "ca ... show certificate status by serial number" 725 $openssl_bin ca -config $ssldir/openssl.cnf -status 1 726 727 start_message "crl ... CA generates CRL" 728 $openssl_bin crl -in $crl_file -fingerprint 729 check_exit_status $? 730 731 crl_p7=$ca_dir/crl.p7 732 start_message "crl2pkcs7 ... convert CRL to pkcs7" 733 $openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7 734 check_exit_status $? 735 736 #---------#---------#---------#---------#---------#---------#--------- 737 738 # --- server-admin operations (check csr, verify cert, certhash) --- 739 section_message "server-admin operations (check csr, verify cert, certhash)" 740 741 start_message "asn1parse ... parse server csr#1" 742 $openssl_bin asn1parse -in $server_csr -i -dlimit 100 -length 1000 \ 743 -strparse 01 > $server_csr.asn1parse.out 744 check_exit_status $? 745 746 start_message "verify ... server cert#1" 747 $openssl_bin verify -verbose -CAfile $ca_cert $server_cert 748 check_exit_status $? 749 750 start_message "x509 ... get detail info about server cert#1" 751 $openssl_bin x509 -in $server_cert -text -C -dates -startdate -enddate \ 752 -fingerprint -issuer -issuer_hash -issuer_hash_old \ 753 -subject -subject_hash -subject_hash_old -ocsp_uri \ 754 -ocspid -modulus -pubkey -serial -email > $server_cert.x509.out 755 check_exit_status $? 756 757 if [ $mingw = 0 ] ; then 758 start_message "certhash" 759 $openssl_bin certhash -v $server_dir 760 check_exit_status $? 761 fi 762 763 # self signed 764 start_message "x509 ... generate self signed server cert" 765 server_self_cert=$server_dir/server_self_cert.pem 766 $openssl_bin x509 -in $server_cert -signkey $server_key \ 767 -passin pass:$server_pass -out $server_self_cert 768 check_exit_status $? 769 770 #---------#---------#---------#---------#---------#---------#--------- 771 772 # --- Netscape SPKAC operations --- 773 section_message "Netscape SPKAC operations" 774 775 # server-admin generates SPKAC 776 777 start_message "spkac" 778 spkacfile=$server_dir/spkac.file 779 780 $openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile 781 check_exit_status $? 782 783 $openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out 784 check_exit_status $? 785 786 spkacreq=$server_dir/spkac.req 787 cat << __EOF__ > $spkacreq 788countryName = JP 789stateOrProvinceName = Tokyo 790organizationName = TEST_DUMMY_COMPANY 791commonName = spkac.test_dummy.com 792__EOF__ 793 cat $spkacfile >> $spkacreq 794 795 # CA signs SPKAC 796 start_message "ca ... CA signs SPKAC csr" 797 spkaccert=$server_dir/spkac.cert 798 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 799 -spkac $spkacreq -out $spkaccert 800 check_exit_status $? 801 802 start_message "x509 ... convert DER format SPKAC cert to PEM" 803 spkacpem=$server_dir/spkac.pem 804 $openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM 805 check_exit_status $? 806 807 # server-admin cert verify 808 809 start_message "nseq" 810 $openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq 811 check_exit_status $? 812 813 #---------#---------#---------#---------#---------#---------#--------- 814 815 # --- user1 operations (generate user1 key and csr) --- 816 section_message "user1 operations (generate user1 key and csr)" 817 818 # trust 819 start_message "x509 ... trust testCA cert" 820 user1_trust=$user1_dir/user1_trust_ca.pem 821 $openssl_bin x509 -in $ca_cert -addtrust clientAuth \ 822 -setalias "trusted testCA" -purpose -out $user1_trust 823 check_exit_status $? 824 825 start_message "req ... generate private key and csr for user1" 826 827 user1_key=$user1_dir/user1_key.pem 828 user1_csr=$user1_dir/user1_csr.pem 829 user1_pass=test-user1-pass 830 831 if [ $mingw = 0 ] ; then 832 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/' 833 else 834 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\' 835 fi 836 837 $openssl_bin req -new -keyout $user1_key -out $user1_csr \ 838 -passout pass:$user1_pass -subj $subj 839 check_exit_status $? 840 841 #---------#---------#---------#---------#---------#---------#--------- 842 843 # --- CA operations (issue cert for user1) --- 844 section_message "CA operations (issue cert for user1)" 845 846 start_message "ca ... issue cert for user1" 847 848 user1_cert=$user1_dir/user1_cert.pem 849 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 850 -in $user1_csr -out $user1_cert 851 check_exit_status $? 852} 853 854function test_tsa { 855 # --- TSA operations --- 856 section_message "TSA operations" 857 858 tsa_dat=$user1_dir/tsa.dat 859 cat << __EOF__ > $tsa_dat 860Hello Bob, 861Sincerely yours 862Alice 863__EOF__ 864 865 # Query 866 start_message "ts ... create time stamp request" 867 868 tsa_tsq=$user1_dir/tsa.tsq 869 870 $openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq 871 check_exit_status $? 872 873 start_message "ts ... print time stamp request" 874 875 $openssl_bin ts -query -in $tsa_tsq -text 876 check_exit_status $? 877 878 # Reply 879 start_message "ts ... create time stamp response for a request" 880 881 tsa_tsr=$user1_dir/tsa.tsr 882 883 $openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key \ 884 -passin pass:$tsa_pass -signer $tsa_cert -chain $ca_cert \ 885 -out $tsa_tsr 886 check_exit_status $? 887 888 # Verify 889 start_message "ts ... verify time stamp response" 890 891 $openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr \ 892 -CAfile $ca_cert -untrusted $tsa_cert 893 check_exit_status $? 894} 895 896function test_smime { 897 # --- S/MIME operations --- 898 section_message "S/MIME operations" 899 900 smime_txt=$user1_dir/smime.txt 901 smime_enc=$user1_dir/smime.enc 902 smime_sig=$user1_dir/smime.sig 903 smime_p7o=$user1_dir/smime.p7o 904 smime_sgr=$user1_dir/smime.sgr 905 smime_ver=$user1_dir/smime.ver 906 smime_dec=$user1_dir/smime.dec 907 908 cat << __EOF__ > $smime_txt 909Hello Bob, 910Sincerely yours 911Alice 912__EOF__ 913 914 # encrypt 915 start_message "smime ... encrypt message" 916 917 $openssl_bin smime -encrypt -aes256 -binary -in $smime_txt \ 918 -out $smime_enc $server_cert 919 check_exit_status $? 920 921 # sign 922 start_message "smime ... sign to message" 923 924 $openssl_bin smime -sign -in $smime_enc -text -inform smime \ 925 -out $smime_sig -outform smime \ 926 -signer $user1_cert -inkey $user1_key -keyform pem \ 927 -passin pass:$user1_pass -md sha256 \ 928 -from user1@test_dummy.com -to server@test_dummy.com \ 929 -subject "test openssl smime" 930 check_exit_status $? 931 932 # pk7out 933 start_message "smime ... pk7out from message" 934 935 $openssl_bin smime -pk7out -in $smime_sig -out $smime_p7o 936 check_exit_status $? 937 938 # verify 939 start_message "smime ... verify message" 940 941 $openssl_bin smime -verify -in $smime_sig \ 942 -CAfile $ca_cert -certfile $user1_cert -nointern \ 943 -check_ss_sig -issuer_checks -policy_check -x509_strict \ 944 -signer $smime_sgr -text -out $smime_ver 945 check_exit_status $? 946 947 # decrypt 948 start_message "smime ... decrypt message" 949 950 $openssl_bin smime -decrypt -in $smime_ver -out $smime_dec \ 951 -recip $server_cert -inkey $server_key -passin pass:$server_pass 952 check_exit_status $? 953 954 diff $smime_dec $smime_txt 955 check_exit_status $? 956} 957 958function test_ocsp { 959 # --- OCSP operations --- 960 section_message "OCSP operations" 961 962 # request 963 start_message "ocsp ... create OCSP request" 964 965 ocsp_req=$user1_dir/ocsp_req.der 966 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ 967 -cert $revoke_cert -CAfile $ca_cert -reqout $ocsp_req 968 check_exit_status $? 969 970 # response 971 start_message "ocsp ... create OCPS response for a request" 972 973 ocsp_res=$user1_dir/ocsp_res.der 974 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ 975 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ 976 -reqin $ocsp_req -respout $ocsp_res -text > $ocsp_res.out 2>&1 977 check_exit_status $? 978 979 # ocsp server 980 start_message "ocsp ... start OCSP server in background" 981 982 ocsp_port=8888 983 984 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ 985 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ 986 -port '*:'$ocsp_port -nrequest 1 & 987 check_exit_status $? 988 ocsp_svr_pid=$! 989 echo "ocsp server pid = [ $ocsp_svr_pid ]" 990 sleep 1 991 992 # send query to ocsp server 993 start_message "ocsp ... send OCSP request to server" 994 995 ocsp_qry=$user1_dir/ocsp_qry.der 996 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ 997 -cert $revoke_cert -CAfile $ca_cert \ 998 -url http://localhost:$ocsp_port -resp_text \ 999 -respout $ocsp_qry > $ocsp_qry.out 2>&1 1000 check_exit_status $? 1001} 1002 1003function test_pkcs { 1004 # --- PKCS operations --- 1005 section_message "PKCS operations" 1006 1007 pkcs_pass=test-pkcs-pass 1008 1009 start_message "pkcs7 ... output certs in crl(pkcs7)" 1010 $openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out 1011 check_exit_status $? 1012 1013 start_message "pkcs8 ... convert key to pkcs8" 1014 $openssl_bin pkcs8 -in $user1_key -topk8 -out $user1_key.p8 \ 1015 -passin pass:$user1_pass -passout pass:$user1_pass \ 1016 -v1 pbeWithSHA1AndDES-CBC -v2 des3 1017 check_exit_status $? 1018 1019 start_message "pkcs8 ... convert pkcs8 to key in DER format" 1020 $openssl_bin pkcs8 -in $user1_key.p8 -passin pass:$user1_pass \ 1021 -outform DER -out $user1_key.p8.der 1022 check_exit_status $? 1023 1024 start_message "pkcs12 ... create" 1025 $openssl_bin pkcs12 -export -in $server_cert -inkey $server_key \ 1026 -passin pass:$server_pass -certfile $ca_cert -CAfile $ca_cert \ 1027 -caname "caname_server_p12" \ 1028 -certpbe AES-256-CBC -keypbe AES-256-CBC -chain \ 1029 -name "name_server_p12" -des3 -maciter -macalg sha256 \ 1030 -CSP "csp_server_p12" -LMK -keyex \ 1031 -passout pass:$pkcs_pass -out $server_cert.p12 1032 check_exit_status $? 1033 1034 start_message "pkcs12 ... verify" 1035 $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info \ 1036 -noout 1037 check_exit_status $? 1038 1039 start_message "pkcs12 ... private key to PEM without encryption" 1040 $openssl_bin pkcs12 -in $server_cert.p12 -password pass:$pkcs_pass \ 1041 -nocerts -nomacver -nodes -out $server_cert.p12.pem 1042 check_exit_status $? 1043} 1044 1045function test_server_client { 1046 # --- client/server operations (TLS) --- 1047 section_message "client/server operations (TLS)" 1048 1049 s_id="$1" 1050 c_id="$2" 1051 sc="$1$2" 1052 1053 test_pause_sec=0.2 1054 1055 if [ $s_id = "0" ] ; then 1056 s_bin=$openssl_bin 1057 else 1058 s_bin=$other_openssl_bin 1059 fi 1060 1061 if [ $c_id = "0" ] ; then 1062 c_bin=$openssl_bin 1063 else 1064 c_bin=$other_openssl_bin 1065 fi 1066 1067 echo "s_server is [`$s_bin version`]" 1068 echo "s_client is [`$c_bin version`]" 1069 1070 host="localhost" 1071 port=4433 1072 sess_dat=$user1_dir/s_client_${sc}_sess.dat 1073 s_server_out=$server_dir/s_server_${sc}_tls.out 1074 1075 $s_bin version | grep 'OpenSSL 1.1.1' > /dev/null 1076 if [ $? -eq 0 ] ; then 1077 extra_opts="-4" 1078 else 1079 extra_opts="" 1080 fi 1081 1082 start_message "s_server ... start TLS/SSL test server" 1083 $s_bin s_server -accept $port -CAfile $ca_cert \ 1084 -cert $server_cert -key $server_key -pass pass:$server_pass \ 1085 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \ 1086 -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \ 1087 -cipher ALL $extra_opts \ 1088 -msg -tlsextdebug > $s_server_out 2>&1 & 1089 check_exit_status $? 1090 s_server_pid=$! 1091 echo "s_server pid = [ $s_server_pid ]" 1092 sleep 1 1093 1094 # protocol = TLSv1 1095 1096 s_client_out=$user1_dir/s_client_${sc}_tls_1_0.out 1097 1098 start_message "s_client ... connect to TLS/SSL test server by TLSv1" 1099 sleep $test_pause_sec 1100 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1101 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1102 check_exit_status $? 1103 1104 grep 'Protocol : TLSv1$' $s_client_out > /dev/null 1105 check_exit_status $? 1106 1107 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1108 check_exit_status $? 1109 1110 # protocol = TLSv1.1 1111 1112 s_client_out=$user1_dir/s_client_${sc}_tls_1_1.out 1113 1114 start_message "s_client ... connect to TLS/SSL test server by TLSv1.1" 1115 sleep $test_pause_sec 1116 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1117 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1118 check_exit_status $? 1119 1120 grep 'Protocol : TLSv1\.1$' $s_client_out > /dev/null 1121 check_exit_status $? 1122 1123 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1124 check_exit_status $? 1125 1126 # protocol = TLSv1.2 1127 1128 s_client_out=$user1_dir/s_client_${sc}_tls_1_2.out 1129 1130 start_message "s_client ... connect to TLS/SSL test server by TLSv1.2" 1131 sleep $test_pause_sec 1132 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1133 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1134 check_exit_status $? 1135 1136 grep 'Protocol : TLSv1\.2$' $s_client_out > /dev/null 1137 check_exit_status $? 1138 1139 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1140 check_exit_status $? 1141 1142 # all available ciphers with random order 1143 1144 s_ciph=$server_dir/s_ciph_${sc} 1145 if [ $s_id = "0" ] ; then 1146 $s_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $s_ciph 1147 else 1148 $s_bin ciphers -v | awk '{print $1}' > $s_ciph 1149 fi 1150 1151 c_ciph=$user1_dir/c_ciph_${sc} 1152 if [ $c_id = "0" ] ; then 1153 $c_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $c_ciph 1154 else 1155 $c_bin ciphers -v | awk '{print $1}' > $c_ciph 1156 fi 1157 1158 ciphers=$user1_dir/ciphers_${sc} 1159 grep -x -f $s_ciph $c_ciph | sort -R > $ciphers 1160 1161 cnum=0 1162 for c in `cat $ciphers` ; do 1163 cnum=`expr $cnum + 1` 1164 cnstr=`printf %03d $cnum` 1165 s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out 1166 1167 start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c" 1168 sleep $test_pause_sec 1169 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1170 -cipher $c \ 1171 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1172 check_exit_status $? 1173 1174 grep "Cipher : $c" $s_client_out > /dev/null 1175 check_exit_status $? 1176 1177 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1178 check_exit_status $? 1179 done 1180 1181 # Get session ticket to reuse 1182 1183 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out 1184 1185 start_message "s_client ... connect to TLS/SSL test server to get session id" 1186 sleep $test_pause_sec 1187 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1188 -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \ 1189 -sess_out $sess_dat \ 1190 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1191 check_exit_status $? 1192 1193 grep '^New, TLS.*$' $s_client_out > /dev/null 1194 check_exit_status $? 1195 1196 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1197 check_exit_status $? 1198 1199 # Reuse session ticket 1200 1201 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out 1202 1203 start_message "s_client ... connect to TLS/SSL test server reusing session id" 1204 sleep $test_pause_sec 1205 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1206 -sess_in $sess_dat \ 1207 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1208 check_exit_status $? 1209 1210 grep '^Reused, TLS.*$' $s_client_out > /dev/null 1211 check_exit_status $? 1212 1213 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1214 check_exit_status $? 1215 1216 # invalid verification pattern 1217 1218 s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out 1219 1220 start_message "s_client ... connect to TLS/SSL test server but verify error" 1221 sleep $test_pause_sec 1222 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1223 -showcerts -crl_check -issuer_checks -policy_check \ 1224 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1225 check_exit_status $? 1226 1227 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1228 if [ $? -eq 0 ] ; then 1229 check_exit_status 1 1230 else 1231 check_exit_status 0 1232 fi 1233 1234 # s_time 1235 start_message "s_time ... connect to TLS/SSL test server" 1236 $c_bin s_time -connect $host:$port -CApath $ca_dir -time 2 1237 check_exit_status $? 1238 1239 # sess_id 1240 start_message "sess_id" 1241 $c_bin sess_id -in $sess_dat -text -out $sess_dat.out 1242 check_exit_status $? 1243 1244 stop_s_server 1245} 1246 1247function test_speed { 1248 # === PERFORMANCE === 1249 section_message "PERFORMANCE" 1250 1251 if [ $no_long_tests = 0 ] ; then 1252 start_message "speed" 1253 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed 1254 check_exit_status $? 1255 else 1256 start_message "SKIPPING speed (quick mode)" 1257 fi 1258} 1259 1260function test_version { 1261 # --- VERSION INFORMATION --- 1262 section_message "VERSION INFORMATION" 1263 1264 start_message "version" 1265 $openssl_bin version -a 1266 check_exit_status $? 1267} 1268 1269#---------#---------#---------#---------#---------#---------#---------#--------- 1270 1271openssl_bin=${OPENSSL:-/usr/bin/openssl} 1272other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl} 1273 1274interop_tests=0 1275no_long_tests=0 1276 1277while [ "$1" != "" ]; do 1278 case $1 in 1279 -i | --interop) shift 1280 interop_tests=1 1281 ;; 1282 -q | --quick ) shift 1283 no_long_tests=1 1284 ;; 1285 * ) usage 1286 exit 1 1287 esac 1288done 1289 1290if [ ! -x $openssl_bin ] ; then 1291 echo ":-< \$OPENSSL [$openssl_bin] is not executable." 1292 exit 1 1293fi 1294 1295if [ $interop_tests = 1 -a ! -x $other_openssl_bin ] ; then 1296 echo ":-< \$OTHER_OPENSSL [$other_openssl_bin] is not executable." 1297 exit 1 1298fi 1299 1300# 1301# create ssldir, and all files generated by this script goes under this dir. 1302# 1303ssldir="appstest_dir" 1304 1305if [ -d $ssldir ] ; then 1306 echo "directory [ $ssldir ] exists, this script deletes this directory ..." 1307 /bin/rm -rf $ssldir 1308fi 1309 1310mkdir -p $ssldir 1311 1312ca_dir=$ssldir/testCA 1313tsa_dir=$ssldir/testTSA 1314ocsp_dir=$ssldir/testOCSP 1315server_dir=$ssldir/server 1316user1_dir=$ssldir/user1 1317mkdir -p $user1_dir 1318key_dir=$ssldir/key 1319mkdir -p $key_dir 1320 1321export OPENSSL_CONF=$ssldir/openssl.cnf 1322touch $OPENSSL_CONF 1323 1324uname_s=`uname -s | grep 'MINGW'` 1325if [ "$uname_s" = "" ] ; then 1326 mingw=0 1327else 1328 mingw=1 1329fi 1330 1331# 1332# process tests 1333# 1334test_usage_lists_others 1335test_md 1336test_encoding_cipher 1337test_key 1338test_pki 1339test_tsa 1340test_smime 1341test_ocsp 1342test_pkcs 1343test_server_client 0 0 1344if [ $interop_tests = 1 ] ; then 1345 test_server_client 0 1 1346 test_server_client 1 0 1347fi 1348test_speed 1349test_version 1350 1351section_message "END" 1352 1353exit 0 1354 1355