xref: /minix3/crypto/external/bsd/openssl/dist/test/testssl (revision 0a6a1f1d05b60e214de2f05a7310ddd1f0e590e7) 
1#!/bin/sh
2
3if [ "$1" = "" ]; then
4  key=../apps/server.pem
5else
6  key="$1"
7fi
8if [ "$2" = "" ]; then
9  cert=../apps/server.pem
10else
11  cert="$2"
12fi
13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16  dsa_cert=YES
17else
18  dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22  CA="-CApath ../certs"
23else
24  CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28  extra=""
29else
30  extra="$4"
31fi
32
33#############################################################################
34
35echo test sslv2
36$ssltest -ssl2 $extra || exit 1
37
38echo test sslv2 with server authentication
39$ssltest -ssl2 -server_auth $CA $extra || exit 1
40
41if [ $dsa_cert = NO ]; then
42  echo test sslv2 with client authentication
43  $ssltest -ssl2 -client_auth $CA $extra || exit 1
44
45  echo test sslv2 with both client and server authentication
46  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47fi
48
49echo test sslv3
50$ssltest -ssl3 $extra || exit 1
51
52echo test sslv3 with server authentication
53$ssltest -ssl3 -server_auth $CA $extra || exit 1
54
55echo test sslv3 with client authentication
56$ssltest -ssl3 -client_auth $CA $extra || exit 1
57
58echo test sslv3 with both client and server authentication
59$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60
61echo test sslv2/sslv3
62$ssltest $extra || exit 1
63
64echo test sslv2/sslv3 with server authentication
65$ssltest -server_auth $CA $extra || exit 1
66
67echo test sslv2/sslv3 with client authentication
68$ssltest -client_auth $CA $extra || exit 1
69
70echo test sslv2/sslv3 with both client and server authentication
71$ssltest -server_auth -client_auth $CA $extra || exit 1
72
73echo test sslv2 via BIO pair
74$ssltest -bio_pair -ssl2 $extra || exit 1
75
76echo test sslv2 with server authentication via BIO pair
77$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78
79if [ $dsa_cert = NO ]; then
80  echo test sslv2 with client authentication via BIO pair
81  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82
83  echo test sslv2 with both client and server authentication via BIO pair
84  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85fi
86
87echo test sslv3 via BIO pair
88$ssltest -bio_pair -ssl3 $extra || exit 1
89
90echo test sslv3 with server authentication via BIO pair
91$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92
93echo test sslv3 with client authentication via BIO pair
94$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95
96echo test sslv3 with both client and server authentication via BIO pair
97$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98
99echo test sslv2/sslv3 via BIO pair
100$ssltest $extra || exit 1
101
102if [ $dsa_cert = NO ]; then
103  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
104  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
105fi
106
107echo test sslv2/sslv3 with 1024bit DHE via BIO pair
108$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109
110echo test sslv2/sslv3 with server authentication
111$ssltest -bio_pair -server_auth $CA $extra || exit 1
112
113echo test sslv2/sslv3 with client authentication via BIO pair
114$ssltest -bio_pair -client_auth $CA $extra || exit 1
115
116echo test sslv2/sslv3 with both client and server authentication via BIO pair
117$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118
119echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121
122test_cipher() {
123    _cipher=$1
124    echo "Testing $_cipher"
125    prot=""
126    if [ $2 = "SSLv3" ] ; then
127      prot="-ssl3"
128    fi
129    $ssltest -cipher $_cipher $prot
130    if [ $? -ne 0 ] ; then
131	  echo "Failed $_cipher"
132	  exit 1
133    fi
134}
135
136echo "Testing ciphersuites"
137for protocol in TLSv1.2 SSLv3; do
138  echo "Testing ciphersuites for $protocol"
139  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
140    test_cipher $cipher $protocol
141  done
142  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
143    echo "skipping RSA+DHE tests"
144  else
145    for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
146      test_cipher $cipher $protocol
147    done
148    echo "testing connection with weak DH, expecting failure"
149    if [ $protocol = "SSLv3" ] ; then
150      $ssltest -cipher EDH -dhe512 -ssl3
151    else
152      $ssltest -cipher EDH -dhe512
153    fi
154    if [ $? -eq 0 ]; then
155      echo "FAIL: connection with weak DH succeeded"
156      exit 1
157    fi
158  fi
159  if ../util/shlib_wrap.sh ../apps/openssl no-ec; then
160    echo "skipping RSA+ECDHE tests"
161  else
162    for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
163      test_cipher $cipher $protocol
164    done
165  fi
166done
167
168#############################################################################
169
170if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
171  echo skipping anonymous DH tests
172else
173  echo test tls1 with 1024bit anonymous DH, multiple handshakes
174  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
175fi
176
177if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
178  echo skipping RSA tests
179else
180  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
181  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
182
183  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
184    echo skipping RSA+DHE tests
185  else
186    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
187    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
188  fi
189fi
190
191echo test tls1 with PSK
192$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
193
194echo test tls1 with PSK via BIO pair
195$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
196
197if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
198  echo skipping SRP tests
199else
200  echo test tls1 with SRP
201  $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
202
203  echo test tls1 with SRP via BIO pair
204  $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
205
206  echo test tls1 with SRP auth
207  $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
208
209  echo test tls1 with SRP auth via BIO pair
210  $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
211fi
212
213exit 0
214