xref: /openbsd-src/lib/libssl/test/testssl (revision 97222edd40cad3a6e51530425068b83c51d308b1) 
15b37fcf3Sryker#!/bin/sh
25b37fcf3Sryker
3da347917Sbeckif [ "$1" = "" ]; then
4da347917Sbeck  key=../apps/server.pem
5da347917Sbeckelse
6da347917Sbeck  key="$1"
7da347917Sbeckfi
8da347917Sbeckif [ "$2" = "" ]; then
9da347917Sbeck  cert=../apps/server.pem
10da347917Sbeckelse
11da347917Sbeck  cert="$2"
12da347917Sbeckfi
1340d8aef3Sdjmssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14da347917Sbeck
1540d8aef3Sdjmif ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16da347917Sbeck  dsa_cert=YES
17da347917Sbeckelse
18da347917Sbeck  dsa_cert=NO
19da347917Sbeckfi
20da347917Sbeck
21da347917Sbeckif [ "$3" = "" ]; then
22da347917Sbeck  CA="-CApath ../certs"
23da347917Sbeckelse
24da347917Sbeck  CA="-CAfile $3"
25da347917Sbeckfi
26da347917Sbeck
27da347917Sbeckif [ "$4" = "" ]; then
28da347917Sbeck  extra=""
29da347917Sbeckelse
30da347917Sbeck  extra="$4"
31da347917Sbeckfi
32da347917Sbeck
33da347917Sbeck#############################################################################
34da347917Sbeck
355b37fcf3Srykerecho test sslv2
36da347917Sbeck$ssltest -ssl2 $extra || exit 1
375b37fcf3Sryker
385b37fcf3Srykerecho test sslv2 with server authentication
39da347917Sbeck$ssltest -ssl2 -server_auth $CA $extra || exit 1
405b37fcf3Sryker
41da347917Sbeckif [ $dsa_cert = NO ]; then
425b37fcf3Sryker  echo test sslv2 with client authentication
43da347917Sbeck  $ssltest -ssl2 -client_auth $CA $extra || exit 1
445b37fcf3Sryker
455b37fcf3Sryker  echo test sslv2 with both client and server authentication
46da347917Sbeck  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47da347917Sbeckfi
485b37fcf3Sryker
495b37fcf3Srykerecho test sslv3
50da347917Sbeck$ssltest -ssl3 $extra || exit 1
515b37fcf3Sryker
525b37fcf3Srykerecho test sslv3 with server authentication
53da347917Sbeck$ssltest -ssl3 -server_auth $CA $extra || exit 1
545b37fcf3Sryker
555b37fcf3Srykerecho test sslv3 with client authentication
56da347917Sbeck$ssltest -ssl3 -client_auth $CA $extra || exit 1
575b37fcf3Sryker
585b37fcf3Srykerecho test sslv3 with both client and server authentication
59da347917Sbeck$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
605b37fcf3Sryker
615b37fcf3Srykerecho test sslv2/sslv3
62da347917Sbeck$ssltest $extra || exit 1
635b37fcf3Sryker
645b37fcf3Srykerecho test sslv2/sslv3 with server authentication
65da347917Sbeck$ssltest -server_auth $CA $extra || exit 1
665b37fcf3Sryker
675b37fcf3Srykerecho test sslv2/sslv3 with client authentication
68da347917Sbeck$ssltest -client_auth $CA $extra || exit 1
695b37fcf3Sryker
705b37fcf3Srykerecho test sslv2/sslv3 with both client and server authentication
71da347917Sbeck$ssltest -server_auth -client_auth $CA $extra || exit 1
725b37fcf3Sryker
73913ec974Sbeckecho test sslv2 via BIO pair
74da347917Sbeck$ssltest -bio_pair -ssl2 $extra || exit 1
755b37fcf3Sryker
76913ec974Sbeckecho test sslv2 with server authentication via BIO pair
77da347917Sbeck$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78913ec974Sbeck
79da347917Sbeckif [ $dsa_cert = NO ]; then
80913ec974Sbeck  echo test sslv2 with client authentication via BIO pair
81da347917Sbeck  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82913ec974Sbeck
83913ec974Sbeck  echo test sslv2 with both client and server authentication via BIO pair
84da347917Sbeck  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85da347917Sbeckfi
86913ec974Sbeck
87913ec974Sbeckecho test sslv3 via BIO pair
88da347917Sbeck$ssltest -bio_pair -ssl3 $extra || exit 1
89913ec974Sbeck
90913ec974Sbeckecho test sslv3 with server authentication via BIO pair
91da347917Sbeck$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92913ec974Sbeck
93913ec974Sbeckecho test sslv3 with client authentication via BIO pair
94da347917Sbeck$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95913ec974Sbeck
96913ec974Sbeckecho test sslv3 with both client and server authentication via BIO pair
97da347917Sbeck$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98913ec974Sbeck
99913ec974Sbeckecho test sslv2/sslv3 via BIO pair
100da347917Sbeck$ssltest $extra || exit 1
101913ec974Sbeck
102da347917Sbeckif [ $dsa_cert = NO ]; then
10317150393Sdjm  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
10417150393Sdjm  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
105da347917Sbeckfi
106ba5406e9Sbeck
107da347917Sbeckecho test sslv2/sslv3 with 1024bit DHE via BIO pair
108da347917Sbeck$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109ba5406e9Sbeck
110913ec974Sbeckecho test sslv2/sslv3 with server authentication
111da347917Sbeck$ssltest -bio_pair -server_auth $CA $extra || exit 1
112913ec974Sbeck
113913ec974Sbeckecho test sslv2/sslv3 with client authentication via BIO pair
114da347917Sbeck$ssltest -bio_pair -client_auth $CA $extra || exit 1
115913ec974Sbeck
116913ec974Sbeckecho test sslv2/sslv3 with both client and server authentication via BIO pair
117da347917Sbeck$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118da347917Sbeck
119da347917Sbeckecho test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120da347917Sbeck$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121da347917Sbeck
122*97222eddSmiodecho "Testing ciphersuites"
123*97222eddSmiodfor protocol in TLSv1.2 SSLv3; do
124*97222eddSmiod  echo "Testing ciphersuites for $protocol"
125*97222eddSmiod  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
126*97222eddSmiod    echo "Testing $cipher"
127*97222eddSmiod    prot=""
128*97222eddSmiod    if [ $protocol = "SSLv3" ] ; then
129*97222eddSmiod      prot="-ssl3"
130*97222eddSmiod    fi
131*97222eddSmiod    $ssltest -cipher $cipher $prot
132*97222eddSmiod    if [ $? -ne 0 ] ; then
133*97222eddSmiod	  echo "Failed $cipher"
134*97222eddSmiod	  exit 1
135*97222eddSmiod    fi
136*97222eddSmiod  done
137*97222eddSmioddone
138*97222eddSmiod
139da347917Sbeck#############################################################################
140da347917Sbeck
14140d8aef3Sdjmif ../util/shlib_wrap.sh ../apps/openssl no-dh; then
142767fe2ffSmarkus  echo skipping anonymous DH tests
143767fe2ffSmarkuselse
144da347917Sbeck  echo test tls1 with 1024bit anonymous DH, multiple handshakes
145da347917Sbeck  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
146767fe2ffSmarkusfi
147da347917Sbeck
14840d8aef3Sdjmif ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
149da347917Sbeck  echo skipping RSA tests
150da347917Sbeckelse
15117150393Sdjm  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
15217150393Sdjm  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
153da347917Sbeck
15440d8aef3Sdjm  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
155767fe2ffSmarkus    echo skipping RSA+DHE tests
156767fe2ffSmarkus  else
157da347917Sbeck    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
15840d8aef3Sdjm    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
159da347917Sbeck  fi
160767fe2ffSmarkusfi
161913ec974Sbeck
1620a5d6edeSdjmecho test tls1 with PSK
1630a5d6edeSdjm$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
1640a5d6edeSdjm
1650a5d6edeSdjmecho test tls1 with PSK via BIO pair
1660a5d6edeSdjm$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
1670a5d6edeSdjm
1685cdd308eSdjmif ../util/shlib_wrap.sh ../apps/openssl no-srp; then
1695cdd308eSdjm  echo skipping SRP tests
1705cdd308eSdjmelse
1715cdd308eSdjm  echo test tls1 with SRP
1725cdd308eSdjm  $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
1735cdd308eSdjm
1745cdd308eSdjm  echo test tls1 with SRP via BIO pair
1755cdd308eSdjm  $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
1765cdd308eSdjmfi
1775cdd308eSdjm
178913ec974Sbeckexit 0
179