xref: /openbsd/regress/lib/libssl/ssl/testssl (revision d89ec533) 
1#!/bin/sh
2
3key="$1"
4cert="$2"
5CA="-CAfile $3"
6ssltest="${4-./ssltest} -key $key -cert $cert -c_key $key -c_cert $cert"
7openssl=${5-openssl}
8extra="$6"
9
10$openssl version || exit 1
11
12if $openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
13  dsa_cert=YES
14else
15  dsa_cert=NO
16fi
17
18#############################################################################
19
20echo test sslv2/sslv3
21$ssltest $extra || exit 1
22
23echo test sslv2/sslv3 with server authentication
24$ssltest -server_auth $CA $extra || exit 1
25
26echo test sslv2/sslv3 with client authentication
27$ssltest -client_auth $CA $extra || exit 1
28
29echo test sslv2/sslv3 with both client and server authentication
30$ssltest -server_auth -client_auth $CA $extra || exit 1
31
32echo test sslv2/sslv3 via BIO pair
33$ssltest $extra || exit 1
34
35if [ $dsa_cert = NO ]; then
36  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
37  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
38fi
39
40echo test sslv2/sslv3 with 1024bit DHE via BIO pair
41$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
42
43echo test sslv2/sslv3 with server authentication
44$ssltest -bio_pair -server_auth $CA $extra || exit 1
45
46echo test sslv2/sslv3 with client authentication via BIO pair
47$ssltest -bio_pair -client_auth $CA $extra || exit 1
48
49echo test sslv2/sslv3 with both client and server authentication via BIO pair
50$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
51
52echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
53$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
54
55echo "Testing ciphersuites"
56for protocol in SSLv3 TLSv1.2; do
57  echo "Testing ciphersuites for $protocol"
58  for cipher in `$openssl ciphers -v "$protocol+aRSA" |
59    awk "/ $protocol / { print \\$1 }"`; do
60    echo "Testing $cipher"
61    $ssltest -cipher $cipher -tls1_2
62    if [ $? -ne 0 ] ; then
63      echo "Failed $cipher"
64      exit 1
65    fi
66  done
67done
68for protocol in TLSv1.3; do
69  echo "Testing ciphersuites for $protocol"
70  for cipher in `$openssl ciphers -v "$protocol" |
71    awk "/ $protocol / { print \\$1 }"`; do
72    echo "Testing $cipher"
73    $ssltest -cipher $cipher
74    if [ $? -ne 0 ] ; then
75      echo "Failed $cipher"
76      exit 1
77    fi
78  done
79done
80
81#############################################################################
82
83if $openssl no-dh; then
84  echo skipping anonymous DH tests
85else
86  echo test tls1 with 1024bit anonymous DH, multiple handshakes
87  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
88fi
89
90#if $openssl no-rsa; then
91#  echo skipping RSA tests
92#else
93#  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
94#  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
95#
96#  if $openssl no-dh; then
97#    echo skipping RSA+DHE tests
98#  else
99#    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
100#    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
101#  fi
102#fi
103
104#
105# DTLS tests
106#
107
108echo test dtlsv1
109$ssltest -dtls1 $extra || exit 1
110
111echo test dtlsv1 with server authentication
112$ssltest -dtls1 -server_auth $CA $extra || exit 1
113
114echo test dtlsv1 with client authentication
115$ssltest -dtls1 -client_auth $CA $extra || exit 1
116
117echo test dtlsv1 with both client and server authentication
118$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
119
120echo "Testing DTLS ciphersuites"
121for protocol in SSLv3; do
122  echo "Testing ciphersuites for $protocol"
123  for cipher in `$openssl ciphers -v "RSA+$protocol" |
124    awk "/ $protocol / { print \\$1 }" |
125    grep -v RC4`; do
126    echo "Testing $cipher"
127    $ssltest -cipher $cipher -dtls1
128    if [ $? -ne 0 ] ; then
129      echo "Failed $cipher"
130      exit 1
131    fi
132  done
133done
134
135#
136# ALPN tests
137#
138echo "Testing ALPN..."
139$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
140$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo \
141  -alpn_expected foo || exit 1
142$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo \
143  -alpn_expected foo || exit 1
144$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo \
145  -alpn_expected foo || exit 1
146$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar \
147  -alpn_expected foo || exit 1
148$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo \
149  -alpn_expected bar || exit 1
150$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo \
151  -alpn_expected bar || exit 1
152$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
153