testssl 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
  1. #!/bin/sh
  2. if [ "$1" = "" ]; then
  3. key=../apps/server.pem
  4. else
  5. key="$1"
  6. fi
  7. if [ "$2" = "" ]; then
  8. cert=../apps/server.pem
  9. else
  10. cert="$2"
  11. fi
  12. ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
  13. if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
  14. dsa_cert=YES
  15. else
  16. dsa_cert=NO
  17. fi
  18. if [ "$3" = "" ]; then
  19. CA="-CApath ../certs"
  20. else
  21. CA="-CAfile $3"
  22. fi
  23. if [ "$4" = "" ]; then
  24. extra=""
  25. else
  26. extra="$4"
  27. fi
  28. #############################################################################
  29. echo test sslv2
  30. $ssltest -ssl2 $extra || exit 1
  31. echo test sslv2 with server authentication
  32. $ssltest -ssl2 -server_auth $CA $extra || exit 1
  33. if [ $dsa_cert = NO ]; then
  34. echo test sslv2 with client authentication
  35. $ssltest -ssl2 -client_auth $CA $extra || exit 1
  36. echo test sslv2 with both client and server authentication
  37. $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
  38. fi
  39. echo test sslv3
  40. $ssltest -ssl3 $extra || exit 1
  41. echo test sslv3 with server authentication
  42. $ssltest -ssl3 -server_auth $CA $extra || exit 1
  43. echo test sslv3 with client authentication
  44. $ssltest -ssl3 -client_auth $CA $extra || exit 1
  45. echo test sslv3 with both client and server authentication
  46. $ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
  47. echo test sslv2/sslv3
  48. $ssltest $extra || exit 1
  49. echo test sslv2/sslv3 with server authentication
  50. $ssltest -server_auth $CA $extra || exit 1
  51. echo test sslv2/sslv3 with client authentication
  52. $ssltest -client_auth $CA $extra || exit 1
  53. echo test sslv2/sslv3 with both client and server authentication
  54. $ssltest -server_auth -client_auth $CA $extra || exit 1
  55. echo test sslv2 via BIO pair
  56. $ssltest -bio_pair -ssl2 $extra || exit 1
  57. echo test sslv2 with server authentication via BIO pair
  58. $ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
  59. if [ $dsa_cert = NO ]; then
  60. echo test sslv2 with client authentication via BIO pair
  61. $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
  62. echo test sslv2 with both client and server authentication via BIO pair
  63. $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
  64. fi
  65. echo test sslv3 via BIO pair
  66. $ssltest -bio_pair -ssl3 $extra || exit 1
  67. echo test sslv3 with server authentication via BIO pair
  68. $ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
  69. echo test sslv3 with client authentication via BIO pair
  70. $ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
  71. echo test sslv3 with both client and server authentication via BIO pair
  72. $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
  73. echo test sslv2/sslv3 via BIO pair
  74. $ssltest $extra || exit 1
  75. if [ $dsa_cert = NO ]; then
  76. echo test sslv2/sslv3 w/o DHE via BIO pair
  77. $ssltest -bio_pair -no_dhe $extra || exit 1
  78. fi
  79. echo test sslv2/sslv3 with 1024bit DHE via BIO pair
  80. $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
  81. echo test sslv2/sslv3 with server authentication
  82. $ssltest -bio_pair -server_auth $CA $extra || exit 1
  83. echo test sslv2/sslv3 with client authentication via BIO pair
  84. $ssltest -bio_pair -client_auth $CA $extra || exit 1
  85. echo test sslv2/sslv3 with both client and server authentication via BIO pair
  86. $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
  87. echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
  88. $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
  89. #############################################################################
  90. if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
  91. echo skipping anonymous DH tests
  92. else
  93. echo test tls1 with 1024bit anonymous DH, multiple handshakes
  94. $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
  95. fi
  96. if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
  97. echo skipping RSA tests
  98. else
  99. echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
  100. ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
  101. if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
  102. echo skipping RSA+DHE tests
  103. else
  104. echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
  105. ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
  106. fi
  107. fi
  108. echo test tls1 with PSK
  109. $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
  110. echo test tls1 with PSK via BIO pair
  111. $ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
  112. exit 0