Add an initial regress test that covers the server-side of libssl, by

providing SSL_accept() with fixed ClientHello messages.
author: jsing <> 2017-03-05 14:15:53 +0000
committer: jsing <> 2017-03-05 14:15:53 +0000
commit: 09f0e9b21348ea5dac5102d84e10045c88358c5c (patch)
tree: 09ad9846a6a740b2c17ff4aa111fbd364bc1ebbf
parent: f577988189e230bde2109492b5e88f68be9e70aa (diff)
download: openbsd-09f0e9b21348ea5dac5102d84e10045c88358c5c.tar.gz
openbsd-09f0e9b21348ea5dac5102d84e10045c88358c5c.tar.bz2
openbsd-09f0e9b21348ea5dac5102d84e10045c88358c5c.zip
3 files changed, 220 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile
index 85e50ecb04..d6ee2f160a 100644
--- a/src/regress/lib/libssl/Makefile
+++ b/src/regress/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.24 2016/11/04 19:45:12 jsing Exp $
+#       $OpenBSD: Makefile,v 1.25 2017/03/05 14:15:53 jsing Exp $
 SUBDIR= \
        asn1 \
@@ -6,6 +6,7 @@ SUBDIR= \
        ciphers \
        client \
        pqueue \
+        server \
        ssl \
        unit
diff --git a/src/regress/lib/libssl/server/Makefile b/src/regress/lib/libssl/server/Makefile
new file mode 100644
index 0000000000..705190d076
--- /dev/null
+++ b/src/regress/lib/libssl/server/Makefile
@@ -0,0 +1,18 @@
+#       $OpenBSD: Makefile,v 1.1 2017/03/05 14:15:53 jsing Exp $
+PROG=   servertest
+LDADD=  -lssl -lcrypto
+DPADD=  ${LIBSSL} ${LIBCRYPTO}
+WARNINGS=       Yes
+CFLAGS+=        -DLIBRESSL_INTERNAL -Werror
+REGRESS_TARGETS= \
+        regress-servertest
+regress-servertest: ${PROG}
+        ./servertest \
+            ${.CURDIR}/../../libssl/certs/server.pem \
+            ${.CURDIR}/../../libssl/certs/server.pem \
+            ${.CURDIR}/../../libssl/certs/ca.pem
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/server/servertest.c b/src/regress/lib/libssl/server/servertest.c
new file mode 100644
index 0000000000..32578599e5
--- /dev/null
+++ b/src/regress/lib/libssl/server/servertest.c
@@ -0,0 +1,200 @@
+/* $OpenBSD: servertest.c,v 1.1 2017/03/05 14:15:53 jsing Exp $ */
+/*
+ * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/dtls1.h>
+#include <openssl/ssl3.h>
+#include <err.h>
+#include <stdio.h>
+#include <string.h>
+char *server_ca_file;
+char *server_cert_file;
+char *server_key_file;
+static unsigned char sslv2_client_hello_tls10[] = {
+        0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
+        0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
+        0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
+        0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
+        0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
+        0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
+        0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
+        0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
+        0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
+        0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
+        0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
+        0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
+        0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
+        0xc8, 0x73, 0xad, 0x9c,
+};
+static unsigned char sslv2_client_hello_tls12[] = {
+        0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
+        0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
+        0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
+        0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
+        0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
+        0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
+        0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
+        0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
+        0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
+        0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
+        0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
+        0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
+        0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
+        0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
+        0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
+        0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
+        0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
+        0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
+        0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
+        0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
+        0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
+        0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
+        0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
+        0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
+        0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
+        0x4e, 0x7d, 0x9d, 0x9c, 0x52,
+};
+struct server_hello_test {
+        const unsigned char *desc;
+        unsigned char *client_hello;
+        const size_t client_hello_len;
+        const SSL_METHOD *(*ssl_method)(void);
+        const long ssl_options;
+};
+static struct server_hello_test server_hello_tests[] = {
+        {
+                .desc = "TLSv1.0 in SSLv2 record",
+                .client_hello = sslv2_client_hello_tls10,
+                .client_hello_len = sizeof(sslv2_client_hello_tls10),
+                .ssl_method = TLS_server_method,
+                .ssl_options = 0,
+        },
+        {
+                .desc = "TLSv1.2 in SSLv2 record",
+                .client_hello = sslv2_client_hello_tls12,
+                .client_hello_len = sizeof(sslv2_client_hello_tls12),
+                .ssl_method = TLS_server_method,
+                .ssl_options = 0,
+        },
+};
+#define N_SERVER_HELLO_TESTS \
+    (sizeof(server_hello_tests) / sizeof(*server_hello_tests))
+static int
+server_hello_test(int testno, struct server_hello_test *sht)
+{
+        BIO *rbio = NULL, *wbio = NULL;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        int ret = 1;
+        fprintf(stderr, "Test %i - %s\n", testno, sht->desc);
+        if ((rbio = BIO_new_mem_buf(sht->client_hello,
+            sht->client_hello_len)) == NULL) {
+                fprintf(stderr, "Failed to setup rbio\n");
+                goto failure;
+        }
+        if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
+                fprintf(stderr, "Failed to setup wbio\n");
+                goto failure;
+        }
+        if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
+                fprintf(stderr, "SSL_CTX_new() returned NULL\n");
+                goto failure;
+        }
+        if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
+            SSL_FILETYPE_PEM) != 1) {
+                fprintf(stderr, "Failed to load server certificate");
+                goto failure;
+        }
+        if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
+            SSL_FILETYPE_PEM) != 1) {
+                fprintf(stderr, "Failed to load server private key");
+                goto failure;
+        }
+        SSL_CTX_set_dh_auto(ssl_ctx, 1);
+        SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
+        SSL_CTX_set_options(ssl_ctx, sht->ssl_options);
+        if ((ssl = SSL_new(ssl_ctx)) == NULL) {
+                fprintf(stderr, "SSL_new() returned NULL\n");
+                goto failure;
+        }
+        rbio->references = 2;
+        wbio->references = 2;
+        SSL_set_bio(ssl, rbio, wbio);
+        
+        if (SSL_accept(ssl) != 0) {
+                fprintf(stderr, "SSL_accept() returned non-zero\n");
+                ERR_print_errors_fp(stderr);
+                goto failure;
+        }
+        ret = 0;
+ failure:
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        rbio->references = 1;
+        wbio->references = 1;
+        BIO_free(rbio);
+        BIO_free(wbio);
+        return (ret);
+}
+int
+main(int argc, char **argv)
+{
+        int failed = 0;
+        size_t i;
+        if (argc != 4) {
+                fprintf(stderr, "usage: %s keyfile certfile cafile\n",
+                    argv[0]);
+                exit(1);
+        }
+        server_key_file = argv[1];
+        server_cert_file = argv[2];
+        server_ca_file = argv[3];
+        SSL_library_init();
+        SSL_load_error_strings();
+        for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
+                failed |= server_hello_test(i, &server_hello_tests[i]);
+        return (failed);
+}
author	jsing <>	2017-03-05 14:15:53 +0000
committer	jsing <>	2017-03-05 14:15:53 +0000
commit	09f0e9b21348ea5dac5102d84e10045c88358c5c (patch)
tree	09ad9846a6a740b2c17ff4aa111fbd364bc1ebbf
parent	f577988189e230bde2109492b5e88f68be9e70aa (diff)
download	openbsd-09f0e9b21348ea5dac5102d84e10045c88358c5c.tar.gz openbsd-09f0e9b21348ea5dac5102d84e10045c88358c5c.tar.bz2 openbsd-09f0e9b21348ea5dac5102d84e10045c88358c5c.zip

diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile index 85e50ecb04..d6ee2f160a 100644 --- a/src/regress/lib/libssl/Makefile +++ b/src/regress/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.24 2016/11/04 19:45:12 jsing Exp $	1	# $OpenBSD: Makefile,v 1.25 2017/03/05 14:15:53 jsing Exp $
2		2
3	SUBDIR= \	3	SUBDIR= \
4	asn1 \	4	asn1 \
@@ -6,6 +6,7 @@ SUBDIR= \
6	ciphers \	6	ciphers \
7	client \	7	client \
8	pqueue \	8	pqueue \
		9	server \
9	ssl \	10	ssl \
10	unit	11	unit
11		12


diff --git a/src/regress/lib/libssl/server/Makefile b/src/regress/lib/libssl/server/Makefile new file mode 100644 index 0000000000..705190d076 --- /dev/null +++ b/src/regress/lib/libssl/server/Makefile
@@ -0,0 +1,18 @@
		1	# $OpenBSD: Makefile,v 1.1 2017/03/05 14:15:53 jsing Exp $
		2
		3	PROG= servertest
		4	LDADD= -lssl -lcrypto
		5	DPADD= ${LIBSSL} ${LIBCRYPTO}
		6	WARNINGS= Yes
		7	CFLAGS+= -DLIBRESSL_INTERNAL -Werror
		8
		9	REGRESS_TARGETS= \
		10	regress-servertest
		11
		12	regress-servertest: ${PROG}
		13	./servertest \
		14	${.CURDIR}/../../libssl/certs/server.pem \
		15	${.CURDIR}/../../libssl/certs/server.pem \
		16	${.CURDIR}/../../libssl/certs/ca.pem
		17
		18	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libssl/server/servertest.c b/src/regress/lib/libssl/server/servertest.c new file mode 100644 index 0000000000..32578599e5 --- /dev/null +++ b/src/regress/lib/libssl/server/servertest.c
@@ -0,0 +1,200 @@
		1	/* $OpenBSD: servertest.c,v 1.1 2017/03/05 14:15:53 jsing Exp $ */
		2	/*
		3	* Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include <openssl/ssl.h>
		19
		20	#include <openssl/err.h>
		21	#include <openssl/dtls1.h>
		22	#include <openssl/ssl3.h>
		23
		24	#include <err.h>
		25	#include <stdio.h>
		26	#include <string.h>
		27
		28	char *server_ca_file;
		29	char *server_cert_file;
		30	char *server_key_file;
		31
		32	static unsigned char sslv2_client_hello_tls10[] = {
		33	0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
		34	0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
		35	0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
		36	0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
		37	0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
		38	0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
		39	0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
		40	0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
		41	0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
		42	0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
		43	0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
		44	0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
		45	0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
		46	0xc8, 0x73, 0xad, 0x9c,
		47	};
		48
		49	static unsigned char sslv2_client_hello_tls12[] = {
		50	0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
		51	0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
		52	0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
		53	0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
		54	0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
		55	0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
		56	0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
		57	0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
		58	0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
		59	0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
		60	0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
		61	0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
		62	0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
		63	0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
		64	0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
		65	0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
		66	0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
		67	0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
		68	0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
		69	0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
		70	0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
		71	0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
		72	0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
		73	0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
		74	0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
		75	0x4e, 0x7d, 0x9d, 0x9c, 0x52,
		76	};
		77
		78	struct server_hello_test {
		79	const unsigned char *desc;
		80	unsigned char *client_hello;
		81	const size_t client_hello_len;
		82	const SSL_METHOD (ssl_method)(void);
		83	const long ssl_options;
		84	};
		85
		86	static struct server_hello_test server_hello_tests[] = {
		87	{
		88	.desc = "TLSv1.0 in SSLv2 record",
		89	.client_hello = sslv2_client_hello_tls10,
		90	.client_hello_len = sizeof(sslv2_client_hello_tls10),
		91	.ssl_method = TLS_server_method,
		92	.ssl_options = 0,
		93	},
		94	{
		95	.desc = "TLSv1.2 in SSLv2 record",
		96	.client_hello = sslv2_client_hello_tls12,
		97	.client_hello_len = sizeof(sslv2_client_hello_tls12),
		98	.ssl_method = TLS_server_method,
		99	.ssl_options = 0,
		100	},
		101	};
		102
		103	#define N_SERVER_HELLO_TESTS \
		104	(sizeof(server_hello_tests) / sizeof(*server_hello_tests))
		105
		106	static int
		107	server_hello_test(int testno, struct server_hello_test *sht)
		108	{
		109	BIO rbio = NULL, wbio = NULL;
		110	SSL_CTX *ssl_ctx = NULL;
		111	SSL *ssl = NULL;
		112	int ret = 1;
		113
		114	fprintf(stderr, "Test %i - %s\n", testno, sht->desc);
		115
		116	if ((rbio = BIO_new_mem_buf(sht->client_hello,
		117	sht->client_hello_len)) == NULL) {
		118	fprintf(stderr, "Failed to setup rbio\n");
		119	goto failure;
		120	}
		121	if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
		122	fprintf(stderr, "Failed to setup wbio\n");
		123	goto failure;
		124	}
		125
		126	if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
		127	fprintf(stderr, "SSL_CTX_new() returned NULL\n");
		128	goto failure;
		129	}
		130
		131	if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
		132	SSL_FILETYPE_PEM) != 1) {
		133	fprintf(stderr, "Failed to load server certificate");
		134	goto failure;
		135	}
		136	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
		137	SSL_FILETYPE_PEM) != 1) {
		138	fprintf(stderr, "Failed to load server private key");
		139	goto failure;
		140	}
		141
		142	SSL_CTX_set_dh_auto(ssl_ctx, 1);
		143	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
		144	SSL_CTX_set_options(ssl_ctx, sht->ssl_options);
		145
		146	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
		147	fprintf(stderr, "SSL_new() returned NULL\n");
		148	goto failure;
		149	}
		150
		151	rbio->references = 2;
		152	wbio->references = 2;
		153
		154	SSL_set_bio(ssl, rbio, wbio);
		155
		156	if (SSL_accept(ssl) != 0) {
		157	fprintf(stderr, "SSL_accept() returned non-zero\n");
		158	ERR_print_errors_fp(stderr);
		159	goto failure;
		160	}
		161
		162	ret = 0;
		163
		164	failure:
		165	SSL_CTX_free(ssl_ctx);
		166	SSL_free(ssl);
		167
		168	rbio->references = 1;
		169	wbio->references = 1;
		170
		171	BIO_free(rbio);
		172	BIO_free(wbio);
		173
		174	return (ret);
		175	}
		176
		177	int
		178	main(int argc, char **argv)
		179	{
		180	int failed = 0;
		181	size_t i;
		182
		183	if (argc != 4) {
		184	fprintf(stderr, "usage: %s keyfile certfile cafile\n",
		185	argv[0]);
		186	exit(1);
		187	}
		188
		189	server_key_file = argv[1];
		190	server_cert_file = argv[2];
		191	server_ca_file = argv[3];
		192
		193	SSL_library_init();
		194	SSL_load_error_strings();
		195
		196	for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
		197	failed \|= server_hello_test(i, &server_hello_tests[i]);
		198
		199	return (failed);
		200	}