mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
This commit is contained in:
parent
bc23b70e47
commit
65b002f399
3
CHANGES
3
CHANGES
@ -4,6 +4,9 @@
|
||||
|
||||
Changes between 0.9.5 and 0.9.5a [XX XXX 2000]
|
||||
|
||||
*) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
|
||||
is set; it will be thrown away anyway because each handshake creates
|
||||
its own key.
|
||||
|
@ -119,7 +119,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
|
||||
|
||||
pkey=X509_REQ_get_pubkey(x);
|
||||
#ifndef NO_RSA
|
||||
if (pkey->type == EVP_PKEY_RSA)
|
||||
if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
|
||||
{
|
||||
BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
|
||||
BN_num_bits(pkey->pkey.rsa->n));
|
||||
@ -128,7 +128,7 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
|
||||
else
|
||||
#endif
|
||||
#ifndef NO_DSA
|
||||
if (pkey->type == EVP_PKEY_DSA)
|
||||
if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
|
||||
{
|
||||
BIO_printf(bp,"%12sDSA Public Key:\n","");
|
||||
DSA_print(bp,pkey->pkey.dsa,16);
|
||||
@ -137,7 +137,8 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
|
||||
#endif
|
||||
BIO_printf(bp,"%12sUnknown Public Key:\n","");
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
if (pkey != NULL)
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
/* may not be */
|
||||
sprintf(str,"%8sAttributes:\n","");
|
||||
|
@ -140,6 +140,7 @@ static void sv_usage(void)
|
||||
fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
|
||||
fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
|
||||
fprintf(stderr," -cert arg - Certificate file\n");
|
||||
fprintf(stderr," -key arg - Key file\n");
|
||||
fprintf(stderr," -s_cert arg - Just the server certificate file\n");
|
||||
fprintf(stderr," -c_cert arg - Just the client certificate file\n");
|
||||
fprintf(stderr," -cipher arg - The cipher list\n");
|
||||
@ -202,7 +203,9 @@ int main(int argc, char *argv[])
|
||||
int client_auth=0;
|
||||
int server_auth=0,i;
|
||||
char *server_cert=TEST_SERVER_CERT;
|
||||
char *server_key=NULL;
|
||||
char *client_cert=TEST_CLIENT_CERT;
|
||||
char *client_key=NULL;
|
||||
SSL_CTX *s_ctx=NULL;
|
||||
SSL_CTX *c_ctx=NULL;
|
||||
SSL_METHOD *meth=NULL;
|
||||
@ -282,11 +285,26 @@ int main(int argc, char *argv[])
|
||||
if (--argc < 1) goto bad;
|
||||
server_cert= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-key") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
server_key= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-s_key") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
server_key= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-c_cert") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
client_cert= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-c_key") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
client_key= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-cipher") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
@ -416,8 +434,8 @@ bad:
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert,
|
||||
SSL_FILETYPE_PEM))
|
||||
else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
|
||||
(server_key?server_key:server_cert), SSL_FILETYPE_PEM))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
@ -427,7 +445,8 @@ bad:
|
||||
{
|
||||
SSL_CTX_use_certificate_file(c_ctx,client_cert,
|
||||
SSL_FILETYPE_PEM);
|
||||
SSL_CTX_use_PrivateKey_file(c_ctx,client_cert,
|
||||
SSL_CTX_use_PrivateKey_file(c_ctx,
|
||||
(client_key?client_key:client_cert),
|
||||
SSL_FILETYPE_PEM);
|
||||
}
|
||||
|
||||
|
@ -206,17 +206,21 @@ test_gen:
|
||||
@echo "Generate and verify a certificate request"
|
||||
@sh ./testgen
|
||||
|
||||
test_ss:
|
||||
test_ss keyU.ss certU.ss certCA.ss:
|
||||
@echo "Generate and certify a test certificate"
|
||||
@sh ./testss
|
||||
|
||||
test_ssl:
|
||||
test_ssl: keyU.ss certU.ss certCA.ss
|
||||
@echo "test SSL protocol"
|
||||
@sh ./testssl
|
||||
@sh ./testssl keyU.ss certU.ss certCA.ss
|
||||
|
||||
test_ca:
|
||||
@echo "Generate and certify a test certificate via the 'ca' program"
|
||||
@sh ./testca
|
||||
@if ../apps/openssl list-standard-commands | grep '^rsa$$' >/dev/null; then \
|
||||
echo "Generate and certify a test certificate via the 'ca' program"; \
|
||||
sh ./testca; \
|
||||
else \
|
||||
echo "skipping CA.sh test -- requires RSA"; \
|
||||
fi
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
16
test/testgen
16
test/testgen
@ -11,13 +11,19 @@ export PATH
|
||||
|
||||
echo "generating certificate request"
|
||||
|
||||
echo "There should be a 2 sequences of .'s and some +'s."
|
||||
echo "There should not be more that at most 80 per line"
|
||||
echo "This could take some time."
|
||||
|
||||
echo "string to make the random number generator think it has entropy" >> ./.rnd
|
||||
|
||||
../apps/openssl req -config test.cnf -new -out testreq.pem
|
||||
if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
|
||||
req_new='-new'
|
||||
echo "There should be a 2 sequences of .'s and some +'s."
|
||||
echo "There should not be more that at most 80 per line"
|
||||
else
|
||||
req_new='-newkey dsa:../apps/dsa512.pem'
|
||||
fi
|
||||
|
||||
echo "This could take some time."
|
||||
|
||||
../apps/openssl req -config test.cnf $req_new -out testreq.pem
|
||||
if [ $? != 0 ]; then
|
||||
echo problems creating request
|
||||
exit 1
|
||||
|
11
test/testss
11
test/testss
@ -19,7 +19,14 @@ Ucert="certU.ss"
|
||||
|
||||
echo
|
||||
echo "make a certificate request using 'req'"
|
||||
$reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss
|
||||
|
||||
if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
|
||||
req_new='-new'
|
||||
else
|
||||
req_new='-newkey dsa:../apps/dsa512.pem'
|
||||
fi
|
||||
|
||||
$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
|
||||
if [ $? != 0 ]; then
|
||||
echo "error using 'req' to generate a certificate request"
|
||||
exit 1
|
||||
@ -60,7 +67,7 @@ fi
|
||||
|
||||
echo
|
||||
echo "make another certificate request using 'req'"
|
||||
$reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss
|
||||
$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
|
||||
if [ $? != 0 ]; then
|
||||
echo "error using 'req' to generate a certificate request"
|
||||
exit 1
|
||||
|
107
test/testssl
107
test/testssl
@ -1,86 +1,123 @@
|
||||
#!/bin/sh
|
||||
|
||||
if [ "$1" = "" ]; then
|
||||
key=../apps/server.pem
|
||||
else
|
||||
key="$1"
|
||||
fi
|
||||
if [ "$2" = "" ]; then
|
||||
cert=../apps/server.pem
|
||||
else
|
||||
cert="$2"
|
||||
fi
|
||||
ssltest="./ssltest -key $1 -cert $2 -c_key $1 -c_cert $2"
|
||||
|
||||
if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key'; then
|
||||
dsa_cert=YES
|
||||
else
|
||||
dsa_cert=NO
|
||||
fi
|
||||
|
||||
if [ "$3" = "" ]; then
|
||||
CA="-CApath ../certs"
|
||||
else
|
||||
CA="-CAfile $3"
|
||||
fi
|
||||
|
||||
#############################################################################
|
||||
|
||||
echo test sslv2
|
||||
./ssltest -ssl2 || exit 1
|
||||
$ssltest -ssl2 || exit 1
|
||||
|
||||
echo test sslv2 with server authentication
|
||||
./ssltest -ssl2 -server_auth -CApath ../certs || exit 1
|
||||
$ssltest -ssl2 -server_auth $CA || exit 1
|
||||
|
||||
echo test sslv2 with client authentication
|
||||
./ssltest -ssl2 -client_auth -CApath ../certs || exit 1
|
||||
if [ $dsa_cert = NO ]; then
|
||||
echo test sslv2 with client authentication
|
||||
$ssltest -ssl2 -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv2 with both client and server authentication
|
||||
./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
|
||||
echo test sslv2 with both client and server authentication
|
||||
$ssltest -ssl2 -server_auth -client_auth $CA || exit 1
|
||||
fi
|
||||
|
||||
echo test sslv3
|
||||
./ssltest -ssl3 || exit 1
|
||||
$ssltest -ssl3 || exit 1
|
||||
|
||||
echo test sslv3 with server authentication
|
||||
./ssltest -ssl3 -server_auth -CApath ../certs || exit 1
|
||||
$ssltest -ssl3 -server_auth $CA || exit 1
|
||||
|
||||
echo test sslv3 with client authentication
|
||||
./ssltest -ssl3 -client_auth -CApath ../certs || exit 1
|
||||
$ssltest -ssl3 -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv3 with both client and server authentication
|
||||
./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
|
||||
$ssltest -ssl3 -server_auth -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv2/sslv3
|
||||
./ssltest || exit 1
|
||||
$ssltest || exit 1
|
||||
|
||||
echo test sslv2/sslv3 with server authentication
|
||||
./ssltest -server_auth -CApath ../certs || exit 1
|
||||
$ssltest -server_auth $CA || exit 1
|
||||
|
||||
echo test sslv2/sslv3 with client authentication
|
||||
./ssltest -client_auth -CApath ../certs || exit 1
|
||||
$ssltest -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv2/sslv3 with both client and server authentication
|
||||
./ssltest -server_auth -client_auth -CApath ../certs || exit 1
|
||||
$ssltest -server_auth -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv2 via BIO pair
|
||||
./ssltest -bio_pair -ssl2 || exit 1
|
||||
$ssltest -bio_pair -ssl2 || exit 1
|
||||
|
||||
echo test sslv2 with server authentication via BIO pair
|
||||
./ssltest -bio_pair -ssl2 -server_auth -CApath ../certs || exit 1
|
||||
$ssltest -bio_pair -ssl2 -server_auth $CA || exit 1
|
||||
|
||||
echo test sslv2 with client authentication via BIO pair
|
||||
./ssltest -bio_pair -ssl2 -client_auth -CApath ../certs || exit 1
|
||||
if [ $dsa_cert = NO ]; then
|
||||
echo test sslv2 with client authentication via BIO pair
|
||||
$ssltest -bio_pair -ssl2 -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv2 with both client and server authentication via BIO pair
|
||||
./ssltest -bio_pair -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
|
||||
echo test sslv2 with both client and server authentication via BIO pair
|
||||
$ssltest -bio_pair -ssl2 -server_auth -client_auth $CA || exit 1
|
||||
fi
|
||||
|
||||
echo test sslv3 via BIO pair
|
||||
./ssltest -bio_pair -ssl3 || exit 1
|
||||
$ssltest -bio_pair -ssl3 || exit 1
|
||||
|
||||
echo test sslv3 with server authentication via BIO pair
|
||||
./ssltest -bio_pair -ssl3 -server_auth -CApath ../certs || exit 1
|
||||
$ssltest -bio_pair -ssl3 -server_auth $CA || exit 1
|
||||
|
||||
echo test sslv3 with client authentication via BIO pair
|
||||
./ssltest -bio_pair -ssl3 -client_auth -CApath ../certs || exit 1
|
||||
$ssltest -bio_pair -ssl3 -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv3 with both client and server authentication via BIO pair
|
||||
./ssltest -bio_pair -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
|
||||
$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv2/sslv3 via BIO pair
|
||||
./ssltest || exit 1
|
||||
$ssltest || exit 1
|
||||
|
||||
echo test sslv2/sslv3 w/o DHE via BIO pair
|
||||
./ssltest -bio_pair -no_dhe || exit 1
|
||||
if [ $dsa_cert = NO ]; then
|
||||
echo test sslv2/sslv3 w/o DHE via BIO pair
|
||||
$ssltest -bio_pair -no_dhe || exit 1
|
||||
fi
|
||||
|
||||
echo test sslv2/sslv3 with 1024bit DHE via BIO pair
|
||||
./ssltest -bio_pair -dhe1024dsa -v || exit 1
|
||||
$ssltest -bio_pair -dhe1024dsa -v || exit 1
|
||||
|
||||
echo test sslv2/sslv3 with server authentication
|
||||
./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
|
||||
$ssltest -bio_pair -server_auth $CA || exit 1
|
||||
|
||||
echo test sslv2/sslv3 with client authentication via BIO pair
|
||||
./ssltest -bio_pair -client_auth -CApath ../certs || exit 1
|
||||
$ssltest -bio_pair -client_auth $CA || exit 1
|
||||
|
||||
echo test sslv2/sslv3 with both client and server authentication via BIO pair
|
||||
./ssltest -bio_pair -server_auth -client_auth -CApath ../certs || exit 1
|
||||
$ssltest -bio_pair -server_auth -client_auth $CA || exit 1
|
||||
|
||||
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
|
||||
#############################################################################
|
||||
|
||||
if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
|
||||
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
|
||||
|
||||
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
|
||||
fi
|
||||
|
||||
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
|
||||
exit 0
|
||||
|
Loading…
Reference in New Issue
Block a user