xref: /minix3/crypto/external/bsd/openssl/dist/test/testssl (revision 0a6a1f1d05b60e214de2f05a7310ddd1f0e590e7) 
1ebfedea0SLionel Sambuc#!/bin/sh
2ebfedea0SLionel Sambuc
3ebfedea0SLionel Sambucif [ "$1" = "" ]; then
4ebfedea0SLionel Sambuc  key=../apps/server.pem
5ebfedea0SLionel Sambucelse
6ebfedea0SLionel Sambuc  key="$1"
7ebfedea0SLionel Sambucfi
8ebfedea0SLionel Sambucif [ "$2" = "" ]; then
9ebfedea0SLionel Sambuc  cert=../apps/server.pem
10ebfedea0SLionel Sambucelse
11ebfedea0SLionel Sambuc  cert="$2"
12ebfedea0SLionel Sambucfi
13ebfedea0SLionel Sambucssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14ebfedea0SLionel Sambuc
15ebfedea0SLionel Sambucif ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16ebfedea0SLionel Sambuc  dsa_cert=YES
17ebfedea0SLionel Sambucelse
18ebfedea0SLionel Sambuc  dsa_cert=NO
19ebfedea0SLionel Sambucfi
20ebfedea0SLionel Sambuc
21ebfedea0SLionel Sambucif [ "$3" = "" ]; then
22ebfedea0SLionel Sambuc  CA="-CApath ../certs"
23ebfedea0SLionel Sambucelse
24ebfedea0SLionel Sambuc  CA="-CAfile $3"
25ebfedea0SLionel Sambucfi
26ebfedea0SLionel Sambuc
27ebfedea0SLionel Sambucif [ "$4" = "" ]; then
28ebfedea0SLionel Sambuc  extra=""
29ebfedea0SLionel Sambucelse
30ebfedea0SLionel Sambuc  extra="$4"
31ebfedea0SLionel Sambucfi
32ebfedea0SLionel Sambuc
33ebfedea0SLionel Sambuc#############################################################################
34ebfedea0SLionel Sambuc
35ebfedea0SLionel Sambucecho test sslv2
36ebfedea0SLionel Sambuc$ssltest -ssl2 $extra || exit 1
37ebfedea0SLionel Sambuc
38ebfedea0SLionel Sambucecho test sslv2 with server authentication
39ebfedea0SLionel Sambuc$ssltest -ssl2 -server_auth $CA $extra || exit 1
40ebfedea0SLionel Sambuc
41ebfedea0SLionel Sambucif [ $dsa_cert = NO ]; then
42ebfedea0SLionel Sambuc  echo test sslv2 with client authentication
43ebfedea0SLionel Sambuc  $ssltest -ssl2 -client_auth $CA $extra || exit 1
44ebfedea0SLionel Sambuc
45ebfedea0SLionel Sambuc  echo test sslv2 with both client and server authentication
46ebfedea0SLionel Sambuc  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47ebfedea0SLionel Sambucfi
48ebfedea0SLionel Sambuc
49ebfedea0SLionel Sambucecho test sslv3
50ebfedea0SLionel Sambuc$ssltest -ssl3 $extra || exit 1
51ebfedea0SLionel Sambuc
52ebfedea0SLionel Sambucecho test sslv3 with server authentication
53ebfedea0SLionel Sambuc$ssltest -ssl3 -server_auth $CA $extra || exit 1
54ebfedea0SLionel Sambuc
55ebfedea0SLionel Sambucecho test sslv3 with client authentication
56ebfedea0SLionel Sambuc$ssltest -ssl3 -client_auth $CA $extra || exit 1
57ebfedea0SLionel Sambuc
58ebfedea0SLionel Sambucecho test sslv3 with both client and server authentication
59ebfedea0SLionel Sambuc$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60ebfedea0SLionel Sambuc
61ebfedea0SLionel Sambucecho test sslv2/sslv3
62ebfedea0SLionel Sambuc$ssltest $extra || exit 1
63ebfedea0SLionel Sambuc
64ebfedea0SLionel Sambucecho test sslv2/sslv3 with server authentication
65ebfedea0SLionel Sambuc$ssltest -server_auth $CA $extra || exit 1
66ebfedea0SLionel Sambuc
67ebfedea0SLionel Sambucecho test sslv2/sslv3 with client authentication
68ebfedea0SLionel Sambuc$ssltest -client_auth $CA $extra || exit 1
69ebfedea0SLionel Sambuc
70ebfedea0SLionel Sambucecho test sslv2/sslv3 with both client and server authentication
71ebfedea0SLionel Sambuc$ssltest -server_auth -client_auth $CA $extra || exit 1
72ebfedea0SLionel Sambuc
73ebfedea0SLionel Sambucecho test sslv2 via BIO pair
74ebfedea0SLionel Sambuc$ssltest -bio_pair -ssl2 $extra || exit 1
75ebfedea0SLionel Sambuc
76ebfedea0SLionel Sambucecho test sslv2 with server authentication via BIO pair
77ebfedea0SLionel Sambuc$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78ebfedea0SLionel Sambuc
79ebfedea0SLionel Sambucif [ $dsa_cert = NO ]; then
80ebfedea0SLionel Sambuc  echo test sslv2 with client authentication via BIO pair
81ebfedea0SLionel Sambuc  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82ebfedea0SLionel Sambuc
83ebfedea0SLionel Sambuc  echo test sslv2 with both client and server authentication via BIO pair
84ebfedea0SLionel Sambuc  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85ebfedea0SLionel Sambucfi
86ebfedea0SLionel Sambuc
87ebfedea0SLionel Sambucecho test sslv3 via BIO pair
88ebfedea0SLionel Sambuc$ssltest -bio_pair -ssl3 $extra || exit 1
89ebfedea0SLionel Sambuc
90ebfedea0SLionel Sambucecho test sslv3 with server authentication via BIO pair
91ebfedea0SLionel Sambuc$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92ebfedea0SLionel Sambuc
93ebfedea0SLionel Sambucecho test sslv3 with client authentication via BIO pair
94ebfedea0SLionel Sambuc$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95ebfedea0SLionel Sambuc
96ebfedea0SLionel Sambucecho test sslv3 with both client and server authentication via BIO pair
97ebfedea0SLionel Sambuc$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98ebfedea0SLionel Sambuc
99ebfedea0SLionel Sambucecho test sslv2/sslv3 via BIO pair
100ebfedea0SLionel Sambuc$ssltest $extra || exit 1
101ebfedea0SLionel Sambuc
102ebfedea0SLionel Sambucif [ $dsa_cert = NO ]; then
103ebfedea0SLionel Sambuc  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
104ebfedea0SLionel Sambuc  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
105ebfedea0SLionel Sambucfi
106ebfedea0SLionel Sambuc
107ebfedea0SLionel Sambucecho test sslv2/sslv3 with 1024bit DHE via BIO pair
108ebfedea0SLionel Sambuc$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109ebfedea0SLionel Sambuc
110ebfedea0SLionel Sambucecho test sslv2/sslv3 with server authentication
111ebfedea0SLionel Sambuc$ssltest -bio_pair -server_auth $CA $extra || exit 1
112ebfedea0SLionel Sambuc
113ebfedea0SLionel Sambucecho test sslv2/sslv3 with client authentication via BIO pair
114ebfedea0SLionel Sambuc$ssltest -bio_pair -client_auth $CA $extra || exit 1
115ebfedea0SLionel Sambuc
116ebfedea0SLionel Sambucecho test sslv2/sslv3 with both client and server authentication via BIO pair
117ebfedea0SLionel Sambuc$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118ebfedea0SLionel Sambuc
119ebfedea0SLionel Sambucecho test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120ebfedea0SLionel Sambuc$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121ebfedea0SLionel Sambuc
122*0a6a1f1dSLionel Sambuctest_cipher() {
123*0a6a1f1dSLionel Sambuc    _cipher=$1
124*0a6a1f1dSLionel Sambuc    echo "Testing $_cipher"
125*0a6a1f1dSLionel Sambuc    prot=""
126*0a6a1f1dSLionel Sambuc    if [ $2 = "SSLv3" ] ; then
127*0a6a1f1dSLionel Sambuc      prot="-ssl3"
128*0a6a1f1dSLionel Sambuc    fi
129*0a6a1f1dSLionel Sambuc    $ssltest -cipher $_cipher $prot
130*0a6a1f1dSLionel Sambuc    if [ $? -ne 0 ] ; then
131*0a6a1f1dSLionel Sambuc	  echo "Failed $_cipher"
132*0a6a1f1dSLionel Sambuc	  exit 1
133*0a6a1f1dSLionel Sambuc    fi
134*0a6a1f1dSLionel Sambuc}
135*0a6a1f1dSLionel Sambuc
136ebfedea0SLionel Sambucecho "Testing ciphersuites"
137ebfedea0SLionel Sambucfor protocol in TLSv1.2 SSLv3; do
138ebfedea0SLionel Sambuc  echo "Testing ciphersuites for $protocol"
139ebfedea0SLionel Sambuc  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
140*0a6a1f1dSLionel Sambuc    test_cipher $cipher $protocol
141*0a6a1f1dSLionel Sambuc  done
142*0a6a1f1dSLionel Sambuc  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
143*0a6a1f1dSLionel Sambuc    echo "skipping RSA+DHE tests"
144*0a6a1f1dSLionel Sambuc  else
145*0a6a1f1dSLionel Sambuc    for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
146*0a6a1f1dSLionel Sambuc      test_cipher $cipher $protocol
147*0a6a1f1dSLionel Sambuc    done
148*0a6a1f1dSLionel Sambuc    echo "testing connection with weak DH, expecting failure"
149ebfedea0SLionel Sambuc    if [ $protocol = "SSLv3" ] ; then
150*0a6a1f1dSLionel Sambuc      $ssltest -cipher EDH -dhe512 -ssl3
151*0a6a1f1dSLionel Sambuc    else
152*0a6a1f1dSLionel Sambuc      $ssltest -cipher EDH -dhe512
153ebfedea0SLionel Sambuc    fi
154*0a6a1f1dSLionel Sambuc    if [ $? -eq 0 ]; then
155*0a6a1f1dSLionel Sambuc      echo "FAIL: connection with weak DH succeeded"
156ebfedea0SLionel Sambuc      exit 1
157ebfedea0SLionel Sambuc    fi
158*0a6a1f1dSLionel Sambuc  fi
159*0a6a1f1dSLionel Sambuc  if ../util/shlib_wrap.sh ../apps/openssl no-ec; then
160*0a6a1f1dSLionel Sambuc    echo "skipping RSA+ECDHE tests"
161*0a6a1f1dSLionel Sambuc  else
162*0a6a1f1dSLionel Sambuc    for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
163*0a6a1f1dSLionel Sambuc      test_cipher $cipher $protocol
164ebfedea0SLionel Sambuc    done
165*0a6a1f1dSLionel Sambuc  fi
166ebfedea0SLionel Sambucdone
167ebfedea0SLionel Sambuc
168ebfedea0SLionel Sambuc#############################################################################
169ebfedea0SLionel Sambuc
170ebfedea0SLionel Sambucif ../util/shlib_wrap.sh ../apps/openssl no-dh; then
171ebfedea0SLionel Sambuc  echo skipping anonymous DH tests
172ebfedea0SLionel Sambucelse
173ebfedea0SLionel Sambuc  echo test tls1 with 1024bit anonymous DH, multiple handshakes
174ebfedea0SLionel Sambuc  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
175ebfedea0SLionel Sambucfi
176ebfedea0SLionel Sambuc
177ebfedea0SLionel Sambucif ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
178ebfedea0SLionel Sambuc  echo skipping RSA tests
179ebfedea0SLionel Sambucelse
180ebfedea0SLionel Sambuc  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
181ebfedea0SLionel Sambuc  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
182ebfedea0SLionel Sambuc
183ebfedea0SLionel Sambuc  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
184ebfedea0SLionel Sambuc    echo skipping RSA+DHE tests
185ebfedea0SLionel Sambuc  else
186ebfedea0SLionel Sambuc    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
187ebfedea0SLionel Sambuc    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
188ebfedea0SLionel Sambuc  fi
189ebfedea0SLionel Sambucfi
190ebfedea0SLionel Sambuc
191ebfedea0SLionel Sambucecho test tls1 with PSK
192ebfedea0SLionel Sambuc$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
193ebfedea0SLionel Sambuc
194ebfedea0SLionel Sambucecho test tls1 with PSK via BIO pair
195ebfedea0SLionel Sambuc$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
196ebfedea0SLionel Sambuc
197ebfedea0SLionel Sambucif ../util/shlib_wrap.sh ../apps/openssl no-srp; then
198ebfedea0SLionel Sambuc  echo skipping SRP tests
199ebfedea0SLionel Sambucelse
200ebfedea0SLionel Sambuc  echo test tls1 with SRP
201*0a6a1f1dSLionel Sambuc  $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
202ebfedea0SLionel Sambuc
203ebfedea0SLionel Sambuc  echo test tls1 with SRP via BIO pair
204*0a6a1f1dSLionel Sambuc  $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
205*0a6a1f1dSLionel Sambuc
206*0a6a1f1dSLionel Sambuc  echo test tls1 with SRP auth
207*0a6a1f1dSLionel Sambuc  $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
208*0a6a1f1dSLionel Sambuc
209*0a6a1f1dSLionel Sambuc  echo test tls1 with SRP auth via BIO pair
210*0a6a1f1dSLionel Sambuc  $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
211ebfedea0SLionel Sambucfi
212ebfedea0SLionel Sambuc
213ebfedea0SLionel Sambucexit 0
214