xref: /openbsd-src/regress/lib/libssl/ssl/testssl (revision 99fd087599a8791921855f21bd7e36130f39aadc) 
1#!/bin/sh
2
3key="$1"
4cert="$2"
5CA="-CAfile $3"
6ssltest="${4-./ssltest} -key $key -cert $cert -c_key $key -c_cert $cert"
7openssl=${5-openssl}
8extra="$6"
9
10$openssl version || exit 1
11
12if $openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
13  dsa_cert=YES
14else
15  dsa_cert=NO
16fi
17
18#############################################################################
19
20echo test sslv2/sslv3
21$ssltest $extra || exit 1
22
23echo test sslv2/sslv3 with server authentication
24$ssltest -server_auth $CA $extra || exit 1
25
26echo test sslv2/sslv3 with client authentication
27$ssltest -client_auth $CA $extra || exit 1
28
29echo test sslv2/sslv3 with both client and server authentication
30$ssltest -server_auth -client_auth $CA $extra || exit 1
31
32echo test sslv2/sslv3 via BIO pair
33$ssltest $extra || exit 1
34
35if [ $dsa_cert = NO ]; then
36  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
37  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
38fi
39
40echo test sslv2/sslv3 with 1024bit DHE via BIO pair
41$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
42
43echo test sslv2/sslv3 with server authentication
44$ssltest -bio_pair -server_auth $CA $extra || exit 1
45
46echo test sslv2/sslv3 with client authentication via BIO pair
47$ssltest -bio_pair -client_auth $CA $extra || exit 1
48
49echo test sslv2/sslv3 with both client and server authentication via BIO pair
50$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
51
52echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
53$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
54
55echo "Testing ciphersuites"
56for protocol in TLSv1.2; do
57  echo "Testing ciphersuites for $protocol"
58  for cipher in `$openssl ciphers "$protocol+aRSA" | tr ':' ' '`; do
59    echo "Testing $cipher"
60    $ssltest -cipher $cipher
61    if [ $? -ne 0 ] ; then
62      echo "Failed $cipher"
63      exit 1
64    fi
65  done
66done
67
68#############################################################################
69
70if $openssl no-dh; then
71  echo skipping anonymous DH tests
72else
73  echo test tls1 with 1024bit anonymous DH, multiple handshakes
74  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
75fi
76
77#if $openssl no-rsa; then
78#  echo skipping RSA tests
79#else
80#  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
81#  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
82#
83#  if $openssl no-dh; then
84#    echo skipping RSA+DHE tests
85#  else
86#    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
87#    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
88#  fi
89#fi
90
91#
92# DTLS tests
93#
94
95echo test dtlsv1
96$ssltest -dtls1 $extra || exit 1
97
98echo test dtlsv1 with server authentication
99$ssltest -dtls1 -server_auth $CA $extra || exit 1
100
101echo test dtlsv1 with client authentication
102$ssltest -dtls1 -client_auth $CA $extra || exit 1
103
104echo test dtlsv1 with both client and server authentication
105$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
106
107echo "Testing DTLS ciphersuites"
108for protocol in SSLv3; do
109  echo "Testing ciphersuites for $protocol"
110  for cipher in `$openssl ciphers "RSA+$protocol" | tr ':' '\n' |
111    grep -v RC4`; do
112    echo "Testing $cipher"
113    $ssltest -cipher $cipher -dtls1
114    if [ $? -ne 0 ] ; then
115      echo "Failed $cipher"
116      exit 1
117    fi
118  done
119done
120
121#
122# ALPN tests
123#
124echo "Testing ALPN..."
125$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
126$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo \
127  -alpn_expected foo || exit 1
128$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo \
129  -alpn_expected foo || exit 1
130$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo \
131  -alpn_expected foo || exit 1
132$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar \
133  -alpn_expected foo || exit 1
134$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo \
135  -alpn_expected bar || exit 1
136$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo \
137  -alpn_expected bar || exit 1
138$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
139