xref: /openbsd/regress/lib/libssl/ssl/testssl (revision a6445c1d) 
1#!/bin/sh
2
3key="$1"
4cert="$2"
5CA="-CAfile $3"
6extra="$4"
7
8ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
9
10if openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
11  dsa_cert=YES
12else
13  dsa_cert=NO
14fi
15
16#############################################################################
17
18echo test sslv2
19$ssltest -ssl2 $extra || exit 1
20
21echo test sslv2 with server authentication
22$ssltest -ssl2 -server_auth $CA $extra || exit 1
23
24if [ $dsa_cert = NO ]; then
25  echo test sslv2 with client authentication
26  $ssltest -ssl2 -client_auth $CA $extra || exit 1
27
28  echo test sslv2 with both client and server authentication
29  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
30fi
31
32echo test sslv3
33$ssltest -ssl3 $extra || exit 1
34
35echo test sslv3 with server authentication
36$ssltest -ssl3 -server_auth $CA $extra || exit 1
37
38echo test sslv3 with client authentication
39$ssltest -ssl3 -client_auth $CA $extra || exit 1
40
41echo test sslv3 with both client and server authentication
42$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
43
44echo test sslv2/sslv3
45$ssltest $extra || exit 1
46
47echo test sslv2/sslv3 with server authentication
48$ssltest -server_auth $CA $extra || exit 1
49
50echo test sslv2/sslv3 with client authentication
51$ssltest -client_auth $CA $extra || exit 1
52
53echo test sslv2/sslv3 with both client and server authentication
54$ssltest -server_auth -client_auth $CA $extra || exit 1
55
56echo test sslv2 via BIO pair
57$ssltest -bio_pair -ssl2 $extra || exit 1
58
59echo test sslv2 with server authentication via BIO pair
60$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
61
62if [ $dsa_cert = NO ]; then
63  echo test sslv2 with client authentication via BIO pair
64  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
65
66  echo test sslv2 with both client and server authentication via BIO pair
67  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
68fi
69
70echo test sslv3 via BIO pair
71$ssltest -bio_pair -ssl3 $extra || exit 1
72
73echo test sslv3 with server authentication via BIO pair
74$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
75
76echo test sslv3 with client authentication via BIO pair
77$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
78
79echo test sslv3 with both client and server authentication via BIO pair
80$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
81
82echo test sslv2/sslv3 via BIO pair
83$ssltest $extra || exit 1
84
85if [ $dsa_cert = NO ]; then
86  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
87  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
88fi
89
90echo test sslv2/sslv3 with 1024bit DHE via BIO pair
91$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
92
93echo test sslv2/sslv3 with server authentication
94$ssltest -bio_pair -server_auth $CA $extra || exit 1
95
96echo test sslv2/sslv3 with client authentication via BIO pair
97$ssltest -bio_pair -client_auth $CA $extra || exit 1
98
99echo test sslv2/sslv3 with both client and server authentication via BIO pair
100$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
101
102echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
103$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
104
105echo "Testing ciphersuites"
106for protocol in TLSv1.2 SSLv3; do
107  echo "Testing ciphersuites for $protocol"
108  for cipher in `openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
109    echo "Testing $cipher"
110    prot=""
111    if [ $protocol = "SSLv3" ] ; then
112      prot="-ssl3"
113    fi
114    $ssltest -cipher $cipher $prot
115    if [ $? -ne 0 ] ; then
116	  echo "Failed $cipher"
117	  exit 1
118    fi
119  done
120done
121
122#############################################################################
123
124if openssl no-dh; then
125  echo skipping anonymous DH tests
126else
127  echo test tls1 with 1024bit anonymous DH, multiple handshakes
128  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
129fi
130
131#if openssl no-rsa; then
132#  echo skipping RSA tests
133#else
134#  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
135#  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
136#
137#  if openssl no-dh; then
138#    echo skipping RSA+DHE tests
139#  else
140#    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
141#    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
142#  fi
143#fi
144
145#
146# DTLS tests
147#
148
149echo test dtlsv1
150$ssltest -dtls1 $extra || exit 1
151
152echo test dtlsv1 with server authentication
153$ssltest -dtls1 -server_auth $CA $extra || exit 1
154
155echo test dtlsv1 with client authentication
156$ssltest -dtls1 -client_auth $CA $extra || exit 1
157
158echo test dtlsv1 with both client and server authentication
159$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
160
161echo "Testing DTLS ciphersuites"
162for protocol in SSLv3; do
163  echo "Testing ciphersuites for $protocol"
164  for cipher in `openssl ciphers "RSA+$protocol" | tr ':' '\n' |
165    grep -v RC4`; do
166    echo "Testing $cipher"
167    $ssltest -cipher $cipher -dtls1
168    if [ $? -ne 0 ] ; then
169	  echo "Failed $cipher"
170	  exit 1
171    fi
172  done
173done
174
175#
176# Next Protocol Negotiation tests
177#
178echo "Testing NPN..."
179$ssltest -bio_pair -tls1 -npn_client || exit 1
180$ssltest -bio_pair -tls1 -npn_server || exit 1
181$ssltest -bio_pair -tls1 -npn_server_reject || exit 1
182$ssltest -bio_pair -tls1 -npn_client -npn_server_reject || exit 1
183$ssltest -bio_pair -tls1 -npn_client -npn_server || exit 1
184$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 || exit 1
185$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse || exit 1
186