2
0

testssl 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162
  1. #!/bin/sh
  2. if [ "$1" = "" ]; then
  3. key=../apps/server.pem
  4. else
  5. key="$1"
  6. fi
  7. if [ "$2" = "" ]; then
  8. cert=../apps/server.pem
  9. else
  10. cert="$2"
  11. fi
  12. ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
  13. if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
  14. dsa_cert=YES
  15. else
  16. dsa_cert=NO
  17. fi
  18. if [ "$3" = "" ]; then
  19. CA="-CApath ../certs"
  20. else
  21. CA="-CAfile $3"
  22. fi
  23. if [ "$4" = "" ]; then
  24. extra=""
  25. else
  26. extra="$4"
  27. fi
  28. #############################################################################
  29. echo test sslv2
  30. $ssltest -ssl2 $extra || exit 1
  31. echo test sslv2 with server authentication
  32. $ssltest -ssl2 -server_auth $CA $extra || exit 1
  33. if [ $dsa_cert = NO ]; then
  34. echo test sslv2 with client authentication
  35. $ssltest -ssl2 -client_auth $CA $extra || exit 1
  36. echo test sslv2 with both client and server authentication
  37. $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
  38. fi
  39. echo test sslv3
  40. $ssltest -ssl3 $extra || exit 1
  41. echo test sslv3 with server authentication
  42. $ssltest -ssl3 -server_auth $CA $extra || exit 1
  43. echo test sslv3 with client authentication
  44. $ssltest -ssl3 -client_auth $CA $extra || exit 1
  45. echo test sslv3 with both client and server authentication
  46. $ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
  47. echo test sslv2/sslv3
  48. $ssltest $extra || exit 1
  49. echo test sslv2/sslv3 with server authentication
  50. $ssltest -server_auth $CA $extra || exit 1
  51. echo test sslv2/sslv3 with client authentication
  52. $ssltest -client_auth $CA $extra || exit 1
  53. echo test sslv2/sslv3 with both client and server authentication
  54. $ssltest -server_auth -client_auth $CA $extra || exit 1
  55. echo test sslv2 via BIO pair
  56. $ssltest -bio_pair -ssl2 $extra || exit 1
  57. echo test sslv2 with server authentication via BIO pair
  58. $ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
  59. if [ $dsa_cert = NO ]; then
  60. echo test sslv2 with client authentication via BIO pair
  61. $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
  62. echo test sslv2 with both client and server authentication via BIO pair
  63. $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
  64. fi
  65. echo test sslv3 via BIO pair
  66. $ssltest -bio_pair -ssl3 $extra || exit 1
  67. echo test sslv3 with server authentication via BIO pair
  68. $ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
  69. echo test sslv3 with client authentication via BIO pair
  70. $ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
  71. echo test sslv3 with both client and server authentication via BIO pair
  72. $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
  73. echo test sslv2/sslv3 via BIO pair
  74. $ssltest $extra || exit 1
  75. if [ $dsa_cert = NO ]; then
  76. echo test sslv2/sslv3 w/o DHE via BIO pair
  77. $ssltest -bio_pair -no_dhe $extra || exit 1
  78. fi
  79. echo test sslv2/sslv3 with 1024bit DHE via BIO pair
  80. $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
  81. echo test sslv2/sslv3 with server authentication
  82. $ssltest -bio_pair -server_auth $CA $extra || exit 1
  83. echo test sslv2/sslv3 with client authentication via BIO pair
  84. $ssltest -bio_pair -client_auth $CA $extra || exit 1
  85. echo test sslv2/sslv3 with both client and server authentication via BIO pair
  86. $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
  87. echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
  88. $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
  89. echo "Testing ciphersuites"
  90. for protocol in SSLv3; do
  91. echo "Testing ciphersuites for $protocol"
  92. for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
  93. echo "Testing $cipher"
  94. prot=""
  95. if [ $protocol = "SSLv3" ] ; then
  96. prot="-ssl3"
  97. fi
  98. $ssltest -cipher $cipher $prot
  99. if [ $? -ne 0 ] ; then
  100. echo "Failed $cipher"
  101. exit 1
  102. fi
  103. done
  104. done
  105. #############################################################################
  106. if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
  107. echo skipping anonymous DH tests
  108. else
  109. echo test tls1 with 1024bit anonymous DH, multiple handshakes
  110. $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
  111. fi
  112. if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
  113. echo skipping RSA tests
  114. else
  115. echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
  116. ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
  117. if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
  118. echo skipping RSA+DHE tests
  119. else
  120. echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
  121. ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
  122. fi
  123. fi
  124. exit 0