summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorinoguchi <>2018-09-08 11:12:27 +0000
committerinoguchi <>2018-09-08 11:12:27 +0000
commit8785859e82ea35a0338905caea0c13cb8e12a80b (patch)
treef5bea0c60be61b8cde50eebf5ae1af95201b6e81 /src
parent4626a52e8483d08f0f98c86dc00279a73388e537 (diff)
downloadopenbsd-8785859e82ea35a0338905caea0c13cb8e12a80b.tar.gz
openbsd-8785859e82ea35a0338905caea0c13cb8e12a80b.tar.bz2
openbsd-8785859e82ea35a0338905caea0c13cb8e12a80b.zip
Fix indent and adjust line fit to 80 columns.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/regress/usr.bin/openssl/appstest.sh1891
1 files changed, 961 insertions, 930 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index f2666011c3..3d54da9509 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $OpenBSD: appstest.sh,v 1.12 2018/09/08 09:34:12 inoguchi Exp $ 3# $OpenBSD: appstest.sh,v 1.13 2018/09/08 11:12:27 inoguchi Exp $
4# 4#
5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> 5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6# 6#
@@ -24,380 +24,390 @@
24# 24#
25 25
26function section_message { 26function section_message {
27 echo "" 27 echo ""
28 echo "#---------#---------#---------#---------#---------#---------#---------#--------" 28 echo "#---------#---------#---------#---------#---------#---------#---------#--------"
29 echo "===" 29 echo "==="
30 echo "=== (Section) $1 `date +'%Y/%m/%d %H:%M:%S'`" 30 echo "=== (Section) $1 `date +'%Y/%m/%d %H:%M:%S'`"
31 echo "===" 31 echo "==="
32} 32}
33 33
34function start_message { 34function start_message {
35 echo "" 35 echo ""
36 echo "[TEST] $1" 36 echo "[TEST] $1"
37} 37}
38 38
39function stop_s_server { 39function stop_s_server {
40 if [ ! -z "$s_server_pid" ] ; then 40 if [ ! -z "$s_server_pid" ] ; then
41 echo ":-| stop s_server [ $s_server_pid ]" 41 echo ":-| stop s_server [ $s_server_pid ]"
42 sleep 1 42 sleep 1
43 kill -TERM $s_server_pid 43 kill -TERM $s_server_pid
44 wait $s_server_pid 44 wait $s_server_pid
45 s_server_pid= 45 s_server_pid=
46 fi 46 fi
47} 47}
48 48
49function check_exit_status { 49function check_exit_status {
50 status=$1 50 status=$1
51 if [ $status -ne 0 ] ; then 51 if [ $status -ne 0 ] ; then
52 stop_s_server 52 stop_s_server
53 echo ":-< error occurs, exit status = [ $status ]" 53 echo ":-< error occurs, exit status = [ $status ]"
54 exit $status 54 exit $status
55 else 55 else
56 echo ":-) success. " 56 echo ":-) success. "
57 fi 57 fi
58} 58}
59 59
60function usage { 60function usage {
61 echo "usage: appstest.sh [-q]" 61 echo "usage: appstest.sh [-q]"
62} 62}
63 63
64#---------#---------#---------#---------#---------#---------#---------#---------
65function test_usage_lists_others { 64function test_usage_lists_others {
66# === COMMAND USAGE === 65 # === COMMAND USAGE ===
67section_message "COMMAND USAGE" 66 section_message "COMMAND USAGE"
68 67
69start_message "output usages of all commands." 68 start_message "output usages of all commands."
70 69
71cmds=`$openssl_bin list-standard-commands` 70 cmds=`$openssl_bin list-standard-commands`
72$openssl_bin -help 2>> $user1_dir/usages.out 71 $openssl_bin -help 2>> $user1_dir/usages.out
73for c in $cmds ; do 72 for c in $cmds ; do
74 $openssl_bin $c -help 2>> $user1_dir/usages.out 73 $openssl_bin $c -help 2>> $user1_dir/usages.out
75done 74 done
76 75
77start_message "check all list-* commands." 76 start_message "check all list-* commands."
78 77
79lists="" 78 lists=""
80lists="$lists list-standard-commands" 79 lists="$lists list-standard-commands"
81lists="$lists list-message-digest-commands list-message-digest-algorithms" 80 lists="$lists list-message-digest-commands list-message-digest-algorithms"
82lists="$lists list-cipher-commands list-cipher-algorithms" 81 lists="$lists list-cipher-commands list-cipher-algorithms"
83lists="$lists list-public-key-algorithms" 82 lists="$lists list-public-key-algorithms"
84 83
85listsfile=$user1_dir/lists.out 84 listsfile=$user1_dir/lists.out
86 85
87for l in $lists ; do 86 for l in $lists ; do
88 echo "" >> $listsfile 87 echo "" >> $listsfile
89 echo "$l" >> $listsfile 88 echo "$l" >> $listsfile
90 $openssl_bin $l >> $listsfile 89 $openssl_bin $l >> $listsfile
91done 90 done
92 91
93start_message "check interactive mode" 92 start_message "check interactive mode"
94$openssl_bin <<__EOF__ 93 $openssl_bin <<__EOF__
95help 94help
96quit 95quit
97__EOF__ 96__EOF__
98check_exit_status $? 97 check_exit_status $?
99 98
100#---------#---------#---------#---------#---------#---------#---------#--------- 99 #---------#---------#---------#---------#---------#---------#---------
101 100
102# --- listing operations --- 101 # --- listing operations ---
103section_message "listing operations" 102 section_message "listing operations"
104 103
105start_message "ciphers" 104 start_message "ciphers"
106$openssl_bin ciphers -V 105 $openssl_bin ciphers -V
107check_exit_status $? 106 check_exit_status $?
108 107
109start_message "errstr" 108 start_message "errstr"
110$openssl_bin errstr 2606A074 109 $openssl_bin errstr 2606A074
111check_exit_status $? 110 check_exit_status $?
112$openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out 111 $openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out
113check_exit_status $? 112 check_exit_status $?
114 113
115#---------#---------#---------#---------#---------#---------#---------#--------- 114 #---------#---------#---------#---------#---------#---------#---------
116 115
117# --- random number etc. operations --- 116 # --- random number etc. operations ---
118section_message "random number etc. operations" 117 section_message "random number etc. operations"
119 118
120start_message "passwd" 119 start_message "passwd"
121 120
122pass="test-pass-1234" 121 pass="test-pass-1234"
123 122
124echo $pass | $openssl_bin passwd -stdin -1 123 echo $pass | $openssl_bin passwd -stdin -1
125check_exit_status $? 124 check_exit_status $?
126 125
127echo $pass | $openssl_bin passwd -stdin -apr1 126 echo $pass | $openssl_bin passwd -stdin -apr1
128check_exit_status $? 127 check_exit_status $?
129 128
130echo $pass | $openssl_bin passwd -stdin -crypt 129 echo $pass | $openssl_bin passwd -stdin -crypt
131check_exit_status $? 130 check_exit_status $?
132 131
133start_message "prime" 132 start_message "prime"
134 133
135$openssl_bin prime 1 134 $openssl_bin prime 1
136check_exit_status $? 135 check_exit_status $?
137 136
138$openssl_bin prime 2 137 $openssl_bin prime 2
139check_exit_status $? 138 check_exit_status $?
140 139
141$openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5 140 $openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5
142check_exit_status $? 141 check_exit_status $?
143 142
144start_message "rand" 143 start_message "rand"
145 144
146$openssl_bin rand -base64 100 145 $openssl_bin rand -base64 100
147check_exit_status $? 146 check_exit_status $?
148 147
149$openssl_bin rand -hex 100 148 $openssl_bin rand -hex 100
150check_exit_status $? 149 check_exit_status $?
151} 150}
152 151
153#---------#---------#---------#---------#---------#---------#---------#---------
154function test_md { 152function test_md {
155# === MESSAGE DIGEST COMMANDS === 153 # === MESSAGE DIGEST COMMANDS ===
156section_message "MESSAGE DIGEST COMMANDS" 154 section_message "MESSAGE DIGEST COMMANDS"
157 155
158start_message "dgst - See [MESSAGE DIGEST COMMANDS] section." 156 start_message "dgst - See [MESSAGE DIGEST COMMANDS] section."
159 157
160text="1234567890abcdefghijklmnopqrstuvwxyz" 158 text="1234567890abcdefghijklmnopqrstuvwxyz"
161dgstdat=$user1_dir/dgst.dat 159 dgstdat=$user1_dir/dgst.dat
162echo $text > $dgstdat 160 echo $text > $dgstdat
163hmac_key="test-hmac-key" 161 hmac_key="test-hmac-key"
164cmac_key="1234567890abcde1234567890abcde12" 162 cmac_key="1234567890abcde1234567890abcde12"
165 163
166digests=`$openssl_bin list-message-digest-commands` 164 digests=`$openssl_bin list-message-digest-commands`
167 165
168for d in $digests ; do 166 for d in $digests ; do
169 167
170 echo -n "$d ... " 168 echo -n "$d ... "
171 $openssl_bin dgst -$d -out $dgstdat.$d $dgstdat 169 $openssl_bin dgst -$d -out $dgstdat.$d $dgstdat
172 check_exit_status $? 170 check_exit_status $?
173 171
174 echo -n "$d HMAC ... " 172 echo -n "$d HMAC ... "
175 $openssl_bin dgst -$d -hmac $hmac_key -out $dgstdat.$d.hmac $dgstdat 173 $openssl_bin dgst -$d -hmac $hmac_key -out $dgstdat.$d.hmac \
176 check_exit_status $? 174 $dgstdat
177 175 check_exit_status $?
178 echo -n "$d CMAC ... " 176
179 $openssl_bin dgst -$d -mac cmac -macopt cipher:aes-128-cbc -macopt hexkey:$cmac_key \ 177 echo -n "$d CMAC ... "
180 -out $dgstdat.$d.cmac $dgstdat 178 $openssl_bin dgst -$d -mac cmac -macopt cipher:aes-128-cbc \
181 check_exit_status $? 179 -macopt hexkey:$cmac_key -out $dgstdat.$d.cmac $dgstdat
182done 180 check_exit_status $?
181 done
183} 182}
184 183
185#---------#---------#---------#---------#---------#---------#---------#---------
186function test_encoding_cipher { 184function test_encoding_cipher {
187# === ENCODING AND CIPHER COMMANDS === 185 # === ENCODING AND CIPHER COMMANDS ===
188section_message "ENCODING AND CIPHER COMMANDS" 186 section_message "ENCODING AND CIPHER COMMANDS"
189 187
190start_message "enc - See [ENCODING AND CIPHER COMMANDS] section." 188 start_message "enc - See [ENCODING AND CIPHER COMMANDS] section."
191 189
192text="1234567890abcdefghijklmnopqrstuvwxyz" 190 text="1234567890abcdefghijklmnopqrstuvwxyz"
193encfile=$user1_dir/encfile.dat 191 encfile=$user1_dir/encfile.dat
194echo $text > $encfile 192 echo $text > $encfile
195pass="test-pass-1234" 193 pass="test-pass-1234"
196 194
197ciphers=`$openssl_bin list-cipher-commands` 195 ciphers=`$openssl_bin list-cipher-commands`
198 196
199for c in $ciphers ; do 197 for c in $ciphers ; do
200 echo -n "$c ... encoding ... " 198 echo -n "$c ... encoding ... "
201 $openssl_bin enc -$c -e -base64 -pass pass:$pass -in $encfile -out $encfile-$c.enc 199 $openssl_bin enc -$c -e -base64 -pass pass:$pass \
202 check_exit_status $? 200 -in $encfile -out $encfile-$c.enc
203 201 check_exit_status $?
204 echo -n "decoding ... " 202
205 $openssl_bin enc -$c -d -base64 -pass pass:$pass -in $encfile-$c.enc -out $encfile-$c.dec 203 echo -n "decoding ... "
206 check_exit_status $? 204 $openssl_bin enc -$c -d -base64 -pass pass:$pass \
207 205 -in $encfile-$c.enc -out $encfile-$c.dec
208 echo -n "cmp ... " 206 check_exit_status $?
209 cmp $encfile $encfile-$c.dec 207
210 check_exit_status $? 208 echo -n "cmp ... "
211done 209 cmp $encfile $encfile-$c.dec
210 check_exit_status $?
211 done
212} 212}
213 213
214#---------#---------#---------#---------#---------#---------#---------#---------
215function test_key { 214function test_key {
216# === various KEY operations === 215 # === various KEY operations ===
217section_message "various KEY operations" 216 section_message "various KEY operations"
218 217
219key_pass=test-key-pass 218 key_pass=test-key-pass
220 219
221# DH 220 # DH
222 221
223start_message "gendh - Obsoleted by dhparam." 222 start_message "gendh - Obsoleted by dhparam."
224gendh2=$key_dir/gendh2.pem 223 gendh2=$key_dir/gendh2.pem
225$openssl_bin gendh -2 -out $gendh2 224 $openssl_bin gendh -2 -out $gendh2
226check_exit_status $? 225 check_exit_status $?
227 226
228start_message "dh - Obsoleted by dhparam." 227 start_message "dh - Obsoleted by dhparam."
229$openssl_bin dh -in $gendh2 -check -text -out $gendh2.out 228 $openssl_bin dh -in $gendh2 -check -text -out $gendh2.out
230check_exit_status $? 229 check_exit_status $?
231 230
232if [ $no_long_tests = 0 ] ; then 231 if [ $no_long_tests = 0 ] ; then
233 start_message "dhparam - Superseded by genpkey and pkeyparam." 232 start_message "dhparam - Superseded by genpkey and pkeyparam."
234 dhparam2=$key_dir/dhparam2.pem 233 dhparam2=$key_dir/dhparam2.pem
235 $openssl_bin dhparam -2 -out $dhparam2 234 $openssl_bin dhparam -2 -out $dhparam2
236 check_exit_status $? 235 check_exit_status $?
237 $openssl_bin dhparam -in $dhparam2 -check -text -out $dhparam2.out 236 $openssl_bin dhparam -in $dhparam2 -check -text \
238 check_exit_status $? 237 -out $dhparam2.out
239else 238 check_exit_status $?
240 start_message "SKIPPNG dhparam - Superseded by genpkey and pkeyparam. (quick mode)" 239 else
241fi 240 start_message "SKIPPNG dhparam - Superseded by genpkey and pkeyparam. (quick mode)"
242 241 fi
243# DSA 242
244 243 # DSA
245start_message "dsaparam - Superseded by genpkey and pkeyparam." 244
246dsaparam512=$key_dir/dsaparam512.pem 245 start_message "dsaparam - Superseded by genpkey and pkeyparam."
247$openssl_bin dsaparam -genkey -out $dsaparam512 512 246 dsaparam512=$key_dir/dsaparam512.pem
248check_exit_status $? 247 $openssl_bin dsaparam -genkey -out $dsaparam512 512
249 248 check_exit_status $?
250start_message "dsa" 249
251$openssl_bin dsa -in $dsaparam512 -text -out $dsaparam512.out 250 start_message "dsa"
252check_exit_status $? 251 $openssl_bin dsa -in $dsaparam512 -text -out $dsaparam512.out
253 252 check_exit_status $?
254start_message "gendsa - Superseded by genpkey and pkey." 253
255gendsa_des3=$key_dir/gendsa_des3.pem 254 start_message "gendsa - Superseded by genpkey and pkey."
256$openssl_bin gendsa -des3 -out $gendsa_des3 -passout pass:$key_pass $dsaparam512 255 gendsa_des3=$key_dir/gendsa_des3.pem
257check_exit_status $? 256 $openssl_bin gendsa -des3 -out $gendsa_des3 \
258 257 -passout pass:$key_pass $dsaparam512
259# RSA 258 check_exit_status $?
260 259
261start_message "genrsa - Superseded by genpkey." 260 # RSA
262genrsa_aes256=$key_dir/genrsa_aes256.pem 261
263$openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 -passout pass:$key_pass 2048 262 start_message "genrsa - Superseded by genpkey."
264check_exit_status $? 263 genrsa_aes256=$key_dir/genrsa_aes256.pem
265 264 $openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 \
266start_message "rsa" 265 -passout pass:$key_pass 2048
267$openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass -check -text -out $genrsa_aes256.out 266 check_exit_status $?
268check_exit_status $? 267
269 268 start_message "rsa"
270start_message "rsautl - Superseded by pkeyutl." 269 $openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass \
271rsautldat=$key_dir/rsautl.dat 270 -check -text -out $genrsa_aes256.out
272rsautlsig=$key_dir/rsautl.sig 271 check_exit_status $?
273echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat 272
274 273 start_message "rsautl - Superseded by pkeyutl."
275$openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 -passin pass:$key_pass -out $rsautlsig 274 rsautldat=$key_dir/rsautl.dat
276check_exit_status $? 275 rsautlsig=$key_dir/rsautl.sig
277 276 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat
278$openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 -passin pass:$key_pass 277
279check_exit_status $? 278 $openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 \
280 279 -passin pass:$key_pass -out $rsautlsig
281# EC 280 check_exit_status $?
282 281
283start_message "ecparam -list-curves" 282 $openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 \
284$openssl_bin ecparam -list_curves 283 -passin pass:$key_pass
285check_exit_status $? 284 check_exit_status $?
286 285
287# get all EC curves 286 # EC
288ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1` 287
289 288 start_message "ecparam -list-curves"
290start_message "ecparam and ec" 289 $openssl_bin ecparam -list_curves
291 290 check_exit_status $?
292for curve in $ec_curves ; 291
293do 292 # get all EC curves
294 ecparam=$key_dir/ecparam_$curve.pem 293 ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1`
295 294
296 echo -n "ec - $curve ... ecparam ... " 295 start_message "ecparam and ec"
297 $openssl_bin ecparam -out $ecparam -name $curve -genkey -param_enc explicit \ 296
298 -conv_form compressed -C 297 for curve in $ec_curves ;
299 check_exit_status $? 298 do
300 299 ecparam=$key_dir/ecparam_$curve.pem
301 echo -n "ec ... " 300
302 $openssl_bin ec -in $ecparam -text -out $ecparam.out 2> /dev/null 301 echo -n "ec - $curve ... ecparam ... "
303 check_exit_status $? 302 $openssl_bin ecparam -out $ecparam -name $curve -genkey \
304done 303 -param_enc explicit -conv_form compressed -C
305 304 check_exit_status $?
306# PKEY 305
307 306 echo -n "ec ... "
308start_message "genpkey" 307 $openssl_bin ec -in $ecparam -text \
309 308 -out $ecparam.out 2> /dev/null
310# DH by GENPKEY 309 check_exit_status $?
311 310 done
312genpkey_dh_param=$key_dir/genpkey_dh_param.pem 311
313$openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \ 312 # PKEY
314 -pkeyopt dh_paramgen_prime_len:1024 313
315check_exit_status $? 314 start_message "genpkey"
316 315
317genpkey_dh=$key_dir/genpkey_dh.pem 316 # DH by GENPKEY
318$openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh 317
319check_exit_status $? 318 genpkey_dh_param=$key_dir/genpkey_dh_param.pem
320 319 $openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \
321# DSA by GENPKEY 320 -pkeyopt dh_paramgen_prime_len:1024
322 321 check_exit_status $?
323genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem 322
324$openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \ 323 genpkey_dh=$key_dir/genpkey_dh.pem
325 -pkeyopt dsa_paramgen_bits:1024 324 $openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh
326check_exit_status $? 325 check_exit_status $?
327 326
328genpkey_dsa=$key_dir/genpkey_dsa.pem 327 # DSA by GENPKEY
329$openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa 328
330check_exit_status $? 329 genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem
331 330 $openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \
332# RSA by GENPKEY 331 -pkeyopt dsa_paramgen_bits:1024
333 332 check_exit_status $?
334genpkey_rsa=$key_dir/genpkey_rsa.pem 333
335$openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \ 334 genpkey_dsa=$key_dir/genpkey_dsa.pem
336 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 335 $openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa
337check_exit_status $? 336 check_exit_status $?
338 337
339# EC by GENPKEY 338 # RSA by GENPKEY
340 339
341genpkey_ec_param=$key_dir/genpkey_ec_param.pem 340 genpkey_rsa=$key_dir/genpkey_rsa.pem
342$openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \ 341 $openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \
343 -pkeyopt ec_paramgen_curve:secp384r1 342 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
344check_exit_status $? 343 check_exit_status $?
345 344
346genpkey_ec=$key_dir/genpkey_ec.pem 345 # EC by GENPKEY
347$openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec 346
348check_exit_status $? 347 genpkey_ec_param=$key_dir/genpkey_ec_param.pem
349 348 $openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \
350start_message "pkeyparam" 349 -pkeyopt ec_paramgen_curve:secp384r1
351 350 check_exit_status $?
352$openssl_bin pkeyparam -in $genpkey_dh_param -text -out $genpkey_dh_param.out 351
353check_exit_status $? 352 genpkey_ec=$key_dir/genpkey_ec.pem
354 353 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec
355$openssl_bin pkeyparam -in $genpkey_dsa_param -text -out $genpkey_dsa_param.out 354 check_exit_status $?
356check_exit_status $? 355
357 356 start_message "pkeyparam"
358$openssl_bin pkeyparam -in $genpkey_ec_param -text -out $genpkey_ec_param.out 357
359check_exit_status $? 358 $openssl_bin pkeyparam -in $genpkey_dh_param -text \
360 359 -out $genpkey_dh_param.out
361start_message "pkey" 360 check_exit_status $?
362 361
363$openssl_bin pkey -in $genpkey_dh -text -out $genpkey_dh.out 362 $openssl_bin pkeyparam -in $genpkey_dsa_param -text \
364check_exit_status $? 363 -out $genpkey_dsa_param.out
365 364 check_exit_status $?
366$openssl_bin pkey -in $genpkey_dsa -text -out $genpkey_dsa.out 365
367check_exit_status $? 366 $openssl_bin pkeyparam -in $genpkey_ec_param -text \
368 367 -out $genpkey_ec_param.out
369$openssl_bin pkey -in $genpkey_rsa -text -out $genpkey_rsa.out 368 check_exit_status $?
370check_exit_status $? 369
371 370 start_message "pkey"
372$openssl_bin pkey -in $genpkey_ec -text -out $genpkey_ec.out 371
373check_exit_status $? 372 $openssl_bin pkey -in $genpkey_dh -text -out $genpkey_dh.out
374 373 check_exit_status $?
375start_message "pkeyutl" 374
376 375 $openssl_bin pkey -in $genpkey_dsa -text -out $genpkey_dsa.out
377pkeyutldat=$key_dir/pkeyutl.dat 376 check_exit_status $?
378pkeyutlsig=$key_dir/pkeyutl.sig 377
379echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat 378 $openssl_bin pkey -in $genpkey_rsa -text -out $genpkey_rsa.out
380 379 check_exit_status $?
381$openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa -out $pkeyutlsig 380
382check_exit_status $? 381 $openssl_bin pkey -in $genpkey_ec -text -out $genpkey_ec.out
383 382 check_exit_status $?
384$openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig -inkey $genpkey_rsa 383
385check_exit_status $? 384 start_message "pkeyutl"
386 385
387$openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa 386 pkeyutldat=$key_dir/pkeyutl.dat
388check_exit_status $? 387 pkeyutlsig=$key_dir/pkeyutl.sig
388 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat
389
390 $openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa \
391 -out $pkeyutlsig
392 check_exit_status $?
393
394 $openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig \
395 -inkey $genpkey_rsa
396 check_exit_status $?
397
398 $openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa
399 check_exit_status $?
389} 400}
390 401
391#---------#---------#---------#---------#---------#---------#---------#---------
392function test_pki { 402function test_pki {
393section_message "setup local CA" 403 section_message "setup local CA"
394 404
395# 405 #
396# prepare test openssl.cnf 406 # prepare test openssl.cnf
397# 407 #
398 408
399cat << __EOF__ > $ssldir/openssl.cnf 409 cat << __EOF__ > $ssldir/openssl.cnf
400oid_section = new_oids 410oid_section = new_oids
401[ new_oids ] 411[ new_oids ]
402tsa_policy1 = 1.2.3.4.1 412tsa_policy1 = 1.2.3.4.1
403tsa_policy2 = 1.2.3.4.5.6 413tsa_policy2 = 1.2.3.4.5.6
@@ -451,622 +461,643 @@ keyUsage = nonRepudiation,digitalSignature,keyEncipherment
451extendedKeyUsage = OCSPSigning 461extendedKeyUsage = OCSPSigning
452__EOF__ 462__EOF__
453 463
454#---------#---------#---------#---------#---------#---------#---------#--------- 464 #---------#---------#---------#---------#---------#---------#---------
455 465
456# 466 #
457# setup test CA 467 # setup test CA
458# 468 #
459 469
460mkdir -p $ca_dir 470 mkdir -p $ca_dir
461mkdir -p $tsa_dir 471 mkdir -p $tsa_dir
462mkdir -p $ocsp_dir 472 mkdir -p $ocsp_dir
463mkdir -p $server_dir 473 mkdir -p $server_dir
464 474
465mkdir -p $ca_dir/certs 475 mkdir -p $ca_dir/certs
466mkdir -p $ca_dir/private 476 mkdir -p $ca_dir/private
467mkdir -p $ca_dir/crl 477 mkdir -p $ca_dir/crl
468mkdir -p $ca_dir/newcerts 478 mkdir -p $ca_dir/newcerts
469chmod 700 $ca_dir/private 479 chmod 700 $ca_dir/private
470echo "01" > $ca_dir/serial 480 echo "01" > $ca_dir/serial
471touch $ca_dir/index.txt 481 touch $ca_dir/index.txt
472touch $ca_dir/crlnumber 482 touch $ca_dir/crlnumber
473echo "01" > $ca_dir/crlnumber 483 echo "01" > $ca_dir/crlnumber
474 484
475# 485 #
476# setup test TSA 486 # setup test TSA
477# 487 #
478mkdir -p $tsa_dir/private 488 mkdir -p $tsa_dir/private
479chmod 700 $tsa_dir/private 489 chmod 700 $tsa_dir/private
480echo "01" > $tsa_dir/serial 490 echo "01" > $tsa_dir/serial
481touch $tsa_dir/index.txt 491 touch $tsa_dir/index.txt
482 492
483# 493 #
484# setup test OCSP 494 # setup test OCSP
485# 495 #
486mkdir -p $ocsp_dir/private 496 mkdir -p $ocsp_dir/private
487chmod 700 $ocsp_dir/private 497 chmod 700 $ocsp_dir/private
488 498
489#---------#---------#---------#---------#---------#---------#---------#--------- 499 #---------#---------#---------#---------#---------#---------#---------
490 500
491# --- CA initiate (generate CA key and cert) --- 501 # --- CA initiate (generate CA key and cert) ---
492 502
493start_message "req ... generate CA key and self signed cert" 503 start_message "req ... generate CA key and self signed cert"
494 504
495ca_cert=$ca_dir/ca_cert.pem 505 ca_cert=$ca_dir/ca_cert.pem
496ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass 506 ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass
497 507
498if [ $mingw = 0 ] ; then 508 if [ $mingw = 0 ] ; then
499 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test_dummy.com/' 509 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test_dummy.com/'
500else 510 else
501 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\' 511 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
502fi 512 fi
503 513
504$openssl_bin req -new -x509 -newkey rsa:2048 -out $ca_cert -keyout $ca_key \ 514 $openssl_bin req -new -x509 -newkey rsa:2048 -out $ca_cert \
505 -days 1 -passout pass:$ca_pass -batch -subj $subj 515 -keyout $ca_key -days 1 -passout pass:$ca_pass -batch \
506check_exit_status $? 516 -subj $subj
507 517 check_exit_status $?
508#---------#---------#---------#---------#---------#---------#---------#--------- 518
509 519 #---------#---------#---------#---------#---------#---------#---------
510# --- TSA initiate (generate TSA key and cert) --- 520
511 521 # --- TSA initiate (generate TSA key and cert) ---
512start_message "req ... generate TSA key and cert" 522
513 523 start_message "req ... generate TSA key and cert"
514# generate CSR for TSA 524
515 525 # generate CSR for TSA
516tsa_csr=$tsa_dir/tsa_csr.pem 526
517tsa_key=$tsa_dir/private/tsa_key.pem 527 tsa_csr=$tsa_dir/tsa_csr.pem
518tsa_pass=test-tsa-pass 528 tsa_key=$tsa_dir/private/tsa_key.pem
519 529 tsa_pass=test-tsa-pass
520if [ $mingw = 0 ] ; then 530
521 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test_dummy.com/' 531 if [ $mingw = 0 ] ; then
522else 532 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test_dummy.com/'
523 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\' 533 else
524fi 534 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
525 535 fi
526$openssl_bin req -new -keyout $tsa_key -out $tsa_csr -passout pass:$tsa_pass -subj $subj 536
527check_exit_status $? 537 $openssl_bin req -new -keyout $tsa_key -out $tsa_csr \
528 538 -passout pass:$tsa_pass -subj $subj
529start_message "ca ... sign by CA with TSA extensions" 539 check_exit_status $?
530 540
531tsa_cert=$tsa_dir/tsa_cert.pem 541 start_message "ca ... sign by CA with TSA extensions"
532 542
533$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 543 tsa_cert=$tsa_dir/tsa_cert.pem
534-in $tsa_csr -out $tsa_cert -extensions tsa_ext 544
535check_exit_status $? 545 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
536 546 -in $tsa_csr -out $tsa_cert -extensions tsa_ext
537#---------#---------#---------#---------#---------#---------#---------#--------- 547 check_exit_status $?
538 548
539# --- OCSP initiate (generate OCSP key and cert) --- 549 #---------#---------#---------#---------#---------#---------#---------
540 550
541start_message "req ... generate OCSP key and cert" 551 # --- OCSP initiate (generate OCSP key and cert) ---
542 552
543# generate CSR for OCSP 553 start_message "req ... generate OCSP key and cert"
544 554
545ocsp_csr=$ocsp_dir/ocsp_csr.pem 555 # generate CSR for OCSP
546ocsp_key=$ocsp_dir/private/ocsp_key.pem 556
547 557 ocsp_csr=$ocsp_dir/ocsp_csr.pem
548if [ $mingw = 0 ] ; then 558 ocsp_key=$ocsp_dir/private/ocsp_key.pem
549 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test_dummy.com/' 559
550else 560 if [ $mingw = 0 ] ; then
551 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test_dummy.com\' 561 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test_dummy.com/'
552fi 562 else
553 563 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test_dummy.com\'
554$openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr -subj $subj 564 fi
555check_exit_status $? 565
556 566 $openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr \
557start_message "ca ... sign by CA with OCSP extensions" 567 -subj $subj
558 568 check_exit_status $?
559ocsp_cert=$ocsp_dir/ocsp_cert.pem 569
560 570 start_message "ca ... sign by CA with OCSP extensions"
561$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 571
562-in $ocsp_csr -out $ocsp_cert -extensions ocsp_ext 572 ocsp_cert=$ocsp_dir/ocsp_cert.pem
563check_exit_status $? 573
564 574 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
565#---------#---------#---------#---------#---------#---------#---------#--------- 575 -in $ocsp_csr -out $ocsp_cert -extensions ocsp_ext
566 576 check_exit_status $?
567# --- server-admin operations (generate server key and csr) --- 577
568section_message "server-admin operations (generate server key and csr)" 578 #---------#---------#---------#---------#---------#---------#---------
569 579
570start_message "req ... generate server csr#1" 580 # --- server-admin operations (generate server key and csr) ---
571 581 section_message "server-admin operations (generate server key and csr)"
572server_key=$server_dir/server_key.pem 582
573server_csr=$server_dir/server_csr.pem 583 start_message "req ... generate server csr#1"
574server_pass=test-server-pass 584
575 585 server_key=$server_dir/server_key.pem
576if [ $mingw = 0 ] ; then 586 server_csr=$server_dir/server_csr.pem
577 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/' 587 server_pass=test-server-pass
578else 588
579 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test_dummy.com\' 589 if [ $mingw = 0 ] ; then
580fi 590 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/'
581 591 else
582$openssl_bin req -new -keyout $server_key -out $server_csr -passout pass:$server_pass -subj $subj 592 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test_dummy.com\'
583check_exit_status $? 593 fi
584 594
585start_message "req ... generate server csr#2 (interactive mode)" 595 $openssl_bin req -new -keyout $server_key -out $server_csr \
586 596 -passout pass:$server_pass -subj $subj
587revoke_key=$server_dir/revoke_key.pem 597 check_exit_status $?
588revoke_csr=$server_dir/revoke_csr.pem 598
589revoke_pass=test-revoke-pass 599 start_message "req ... generate server csr#2 (interactive mode)"
590 600
591$openssl_bin req -new -keyout $revoke_key -out $revoke_csr -passout pass:$revoke_pass <<__EOF__ 601 revoke_key=$server_dir/revoke_key.pem
602 revoke_csr=$server_dir/revoke_csr.pem
603 revoke_pass=test-revoke-pass
604
605 $openssl_bin req -new -keyout $revoke_key -out $revoke_csr \
606 -passout pass:$revoke_pass <<__EOF__
592JP 607JP
593Tokyo 608Tokyo
594TEST_DUMMY_COMPANY 609TEST_DUMMY_COMPANY
595revoke.test_dummy.com 610revoke.test_dummy.com
596__EOF__ 611__EOF__
597check_exit_status $? 612 check_exit_status $?
598 613
599#---------#---------#---------#---------#---------#---------#---------#--------- 614 #---------#---------#---------#---------#---------#---------#---------
600 615
601# --- CA operations (issue cert for server) --- 616 # --- CA operations (issue cert for server) ---
602section_message "CA operations (issue cert for server)" 617 section_message "CA operations (issue cert for server)"
603 618
604start_message "ca ... issue cert for server csr#1" 619 start_message "ca ... issue cert for server csr#1"
605 620
606server_cert=$server_dir/server_cert.pem 621 server_cert=$server_dir/server_cert.pem
607$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 622 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
608 -in $server_csr -out $server_cert 623 -in $server_csr -out $server_cert
609check_exit_status $? 624 check_exit_status $?
610 625
611start_message "x509 ... issue cert for server csr#2" 626 start_message "x509 ... issue cert for server csr#2"
612 627
613revoke_cert=$server_dir/revoke_cert.pem 628 revoke_cert=$server_dir/revoke_cert.pem
614$openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAkey $ca_key -passin pass:$ca_pass \ 629 $openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAkey $ca_key \
615 -CAcreateserial -out $revoke_cert 630 -passin pass:$ca_pass -CAcreateserial -out $revoke_cert
616check_exit_status $? 631 check_exit_status $?
617 632
618#---------#---------#---------#---------#---------#---------#---------#--------- 633 #---------#---------#---------#---------#---------#---------#---------
619 634
620# --- CA operations (revoke cert and generate crl) --- 635 # --- CA operations (revoke cert and generate crl) ---
621section_message "CA operations (revoke cert and generate crl)" 636 section_message "CA operations (revoke cert and generate crl)"
622 637
623start_message "ca ... revoke server cert#2" 638 start_message "ca ... revoke server cert#2"
624crl_file=$ca_dir/crl.pem 639 crl_file=$ca_dir/crl.pem
625$openssl_bin ca -gencrl -out $crl_file -crldays 30 -revoke $revoke_cert \ 640 $openssl_bin ca -gencrl -out $crl_file -crldays 30 \
626 -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert 641 -revoke $revoke_cert \
627check_exit_status $? 642 -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert
628 643 check_exit_status $?
629start_message "crl ... CA generates CRL" 644
630$openssl_bin crl -in $crl_file -fingerprint 645 start_message "crl ... CA generates CRL"
631check_exit_status $? 646 $openssl_bin crl -in $crl_file -fingerprint
632 647 check_exit_status $?
633crl_p7=$ca_dir/crl.p7 648
634start_message "crl2pkcs7 ... convert CRL to pkcs7" 649 crl_p7=$ca_dir/crl.p7
635$openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7 650 start_message "crl2pkcs7 ... convert CRL to pkcs7"
636check_exit_status $? 651 $openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7
637 652 check_exit_status $?
638#---------#---------#---------#---------#---------#---------#---------#--------- 653
639 654 #---------#---------#---------#---------#---------#---------#---------
640# --- server-admin operations (check csr, verify cert, certhash) --- 655
641section_message "server-admin operations (check csr, verify cert, certhash)" 656 # --- server-admin operations (check csr, verify cert, certhash) ---
642 657 section_message "server-admin operations (check csr, verify cert, certhash)"
643start_message "asn1parse ... parse server csr#1" 658
644$openssl_bin asn1parse -in $server_csr -i \ 659 start_message "asn1parse ... parse server csr#1"
645 -dlimit 100 -length 1000 -strparse 01 > $server_csr.asn1parse.out 660 $openssl_bin asn1parse -in $server_csr -i -dlimit 100 -length 1000 \
646check_exit_status $? 661 -strparse 01 > $server_csr.asn1parse.out
647 662 check_exit_status $?
648start_message "verify ... server cert#1" 663
649$openssl_bin verify -verbose -CAfile $ca_cert $server_cert 664 start_message "verify ... server cert#1"
650check_exit_status $? 665 $openssl_bin verify -verbose -CAfile $ca_cert $server_cert
651 666 check_exit_status $?
652start_message "x509 ... get detail info about server cert#1" 667
653$openssl_bin x509 -in $server_cert -text -C -dates -startdate -enddate \ 668 start_message "x509 ... get detail info about server cert#1"
654 -fingerprint -issuer -issuer_hash -issuer_hash_old \ 669 $openssl_bin x509 -in $server_cert -text -C -dates -startdate -enddate \
655 -subject -subject_hash -subject_hash_old -ocsp_uri -ocspid -modulus \ 670 -fingerprint -issuer -issuer_hash -issuer_hash_old \
656 -pubkey -serial -email > $server_cert.x509.out 671 -subject -subject_hash -subject_hash_old -ocsp_uri \
657check_exit_status $? 672 -ocspid -modulus -pubkey -serial -email > $server_cert.x509.out
658 673 check_exit_status $?
659if [ $mingw = 0 ] ; then 674
660 start_message "certhash" 675 if [ $mingw = 0 ] ; then
661 $openssl_bin certhash -v $server_dir 676 start_message "certhash"
662 check_exit_status $? 677 $openssl_bin certhash -v $server_dir
663fi 678 check_exit_status $?
664 679 fi
665# self signed 680
666start_message "x509 ... generate self signed server cert" 681 # self signed
667server_self_cert=$server_dir/server_self_cert.pem 682 start_message "x509 ... generate self signed server cert"
668$openssl_bin x509 -in $server_cert -signkey $server_key -passin pass:$server_pass -out $server_self_cert 683 server_self_cert=$server_dir/server_self_cert.pem
669check_exit_status $? 684 $openssl_bin x509 -in $server_cert -signkey $server_key \
670 685 -passin pass:$server_pass -out $server_self_cert
671#---------#---------#---------#---------#---------#---------#---------#--------- 686 check_exit_status $?
672 687
673# --- Netscape SPKAC operations --- 688 #---------#---------#---------#---------#---------#---------#---------
674section_message "Netscape SPKAC operations" 689
675 690 # --- Netscape SPKAC operations ---
676# server-admin generates SPKAC 691 section_message "Netscape SPKAC operations"
677 692
678start_message "spkac" 693 # server-admin generates SPKAC
679spkacfile=$server_dir/spkac.file 694
680 695 start_message "spkac"
681$openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile 696 spkacfile=$server_dir/spkac.file
682check_exit_status $? 697
683 698 $openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile
684$openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out 699 check_exit_status $?
685check_exit_status $? 700
686 701 $openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out
687spkacreq=$server_dir/spkac.req 702 check_exit_status $?
688cat << __EOF__ > $spkacreq 703
704 spkacreq=$server_dir/spkac.req
705 cat << __EOF__ > $spkacreq
689countryName = JP 706countryName = JP
690stateOrProvinceName = Tokyo 707stateOrProvinceName = Tokyo
691organizationName = TEST_DUMMY_COMPANY 708organizationName = TEST_DUMMY_COMPANY
692commonName = spkac.test_dummy.com 709commonName = spkac.test_dummy.com
693__EOF__ 710__EOF__
694cat $spkacfile >> $spkacreq 711 cat $spkacfile >> $spkacreq
695 712
696# CA signs SPKAC 713 # CA signs SPKAC
697start_message "ca ... CA signs SPKAC csr" 714 start_message "ca ... CA signs SPKAC csr"
698spkaccert=$server_dir/spkac.cert 715 spkaccert=$server_dir/spkac.cert
699$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 716 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
700 -spkac $spkacreq -out $spkaccert 717 -spkac $spkacreq -out $spkaccert
701check_exit_status $? 718 check_exit_status $?
702 719
703start_message "x509 ... convert DER format SPKAC cert to PEM" 720 start_message "x509 ... convert DER format SPKAC cert to PEM"
704spkacpem=$server_dir/spkac.pem 721 spkacpem=$server_dir/spkac.pem
705$openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM 722 $openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM
706check_exit_status $? 723 check_exit_status $?
707 724
708# server-admin cert verify 725 # server-admin cert verify
709 726
710start_message "nseq" 727 start_message "nseq"
711$openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq 728 $openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq
712check_exit_status $? 729 check_exit_status $?
713 730
714#---------#---------#---------#---------#---------#---------#---------#--------- 731 #---------#---------#---------#---------#---------#---------#---------
715 732
716# --- user1 operations (generate user1 key and csr) --- 733 # --- user1 operations (generate user1 key and csr) ---
717section_message "user1 operations (generate user1 key and csr)" 734 section_message "user1 operations (generate user1 key and csr)"
718 735
719# trust 736 # trust
720start_message "x509 ... trust testCA cert" 737 start_message "x509 ... trust testCA cert"
721user1_trust=$user1_dir/user1_trust_ca.pem 738 user1_trust=$user1_dir/user1_trust_ca.pem
722$openssl_bin x509 -in $ca_cert -addtrust clientAuth -setalias "trusted testCA" -purpose -out $user1_trust 739 $openssl_bin x509 -in $ca_cert -addtrust clientAuth \
723check_exit_status $? 740 -setalias "trusted testCA" -purpose -out $user1_trust
724 741 check_exit_status $?
725start_message "req ... generate private key and csr for user1" 742
726 743 start_message "req ... generate private key and csr for user1"
727user1_key=$user1_dir/user1_key.pem 744
728user1_csr=$user1_dir/user1_csr.pem 745 user1_key=$user1_dir/user1_key.pem
729user1_pass=test-user1-pass 746 user1_csr=$user1_dir/user1_csr.pem
730 747 user1_pass=test-user1-pass
731if [ $mingw = 0 ] ; then 748
732 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/' 749 if [ $mingw = 0 ] ; then
733else 750 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/'
734 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\' 751 else
735fi 752 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\'
736 753 fi
737$openssl_bin req -new -keyout $user1_key -out $user1_csr -passout pass:$user1_pass -subj $subj 754
738check_exit_status $? 755 $openssl_bin req -new -keyout $user1_key -out $user1_csr \
739 756 -passout pass:$user1_pass -subj $subj
740#---------#---------#---------#---------#---------#---------#---------#--------- 757 check_exit_status $?
741 758
742# --- CA operations (issue cert for user1) --- 759 #---------#---------#---------#---------#---------#---------#---------
743section_message "CA operations (issue cert for user1)" 760
744 761 # --- CA operations (issue cert for user1) ---
745start_message "ca ... issue cert for user1" 762 section_message "CA operations (issue cert for user1)"
746 763
747user1_cert=$user1_dir/user1_cert.pem 764 start_message "ca ... issue cert for user1"
748$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 765
749 -in $user1_csr -out $user1_cert 766 user1_cert=$user1_dir/user1_cert.pem
750check_exit_status $? 767 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
768 -in $user1_csr -out $user1_cert
769 check_exit_status $?
751} 770}
752 771
753#---------#---------#---------#---------#---------#---------#---------#---------
754function test_tsa { 772function test_tsa {
755# --- TSA operations --- 773 # --- TSA operations ---
756section_message "TSA operations" 774 section_message "TSA operations"
757 775
758tsa_dat=$user1_dir/tsa.dat 776 tsa_dat=$user1_dir/tsa.dat
759cat << __EOF__ > $tsa_dat 777 cat << __EOF__ > $tsa_dat
760Hello Bob, 778Hello Bob,
761Sincerely yours 779Sincerely yours
762Alice 780Alice
763__EOF__ 781__EOF__
764 782
765# Query 783 # Query
766start_message "ts ... create time stamp request" 784 start_message "ts ... create time stamp request"
767 785
768tsa_tsq=$user1_dir/tsa.tsq 786 tsa_tsq=$user1_dir/tsa.tsq
769 787
770$openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq 788 $openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq
771check_exit_status $? 789 check_exit_status $?
772 790
773start_message "ts ... print time stamp request" 791 start_message "ts ... print time stamp request"
774 792
775$openssl_bin ts -query -in $tsa_tsq -text 793 $openssl_bin ts -query -in $tsa_tsq -text
776check_exit_status $? 794 check_exit_status $?
777 795
778# Reply 796 # Reply
779start_message "ts ... create time stamp response for a request" 797 start_message "ts ... create time stamp response for a request"
780 798
781tsa_tsr=$user1_dir/tsa.tsr 799 tsa_tsr=$user1_dir/tsa.tsr
782 800
783$openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key -passin pass:$tsa_pass \ 801 $openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key \
784 -signer $tsa_cert -chain $ca_cert -out $tsa_tsr 802 -passin pass:$tsa_pass -signer $tsa_cert -chain $ca_cert \
785check_exit_status $? 803 -out $tsa_tsr
786 804 check_exit_status $?
787# Verify 805
788start_message "ts ... verify time stamp response" 806 # Verify
789 807 start_message "ts ... verify time stamp response"
790$openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr -CAfile $ca_cert -untrusted $tsa_cert 808
791check_exit_status $? 809 $openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr \
810 -CAfile $ca_cert -untrusted $tsa_cert
811 check_exit_status $?
792} 812}
793 813
794#---------#---------#---------#---------#---------#---------#---------#---------
795function test_smime { 814function test_smime {
796# --- S/MIME operations --- 815 # --- S/MIME operations ---
797section_message "S/MIME operations" 816 section_message "S/MIME operations"
798 817
799smime_txt=$user1_dir/smime.txt 818 smime_txt=$user1_dir/smime.txt
800smime_msg=$user1_dir/smime.msg 819 smime_msg=$user1_dir/smime.msg
801smime_ver=$user1_dir/smime.ver 820 smime_ver=$user1_dir/smime.ver
802 821
803cat << __EOF__ > $smime_txt 822 cat << __EOF__ > $smime_txt
804Hello Bob, 823Hello Bob,
805Sincerely yours 824Sincerely yours
806Alice 825Alice
807__EOF__ 826__EOF__
808 827
809# sign 828 # sign
810start_message "smime ... sign to message" 829 start_message "smime ... sign to message"
811 830
812$openssl_bin smime -sign -in $smime_txt -text -out $smime_msg \ 831 $openssl_bin smime -sign -in $smime_txt -text -out $smime_msg \
813 -signer $user1_cert -inkey $user1_key -passin pass:$user1_pass 832 -signer $user1_cert -inkey $user1_key -passin pass:$user1_pass
814check_exit_status $? 833 check_exit_status $?
815 834
816# verify 835 # verify
817start_message "smime ... verify message" 836 start_message "smime ... verify message"
818 837
819$openssl_bin smime -verify -in $smime_msg -signer $user1_cert -CAfile $ca_cert -out $smime_ver 838 $openssl_bin smime -verify -in $smime_msg -signer $user1_cert \
820check_exit_status $? 839 -CAfile $ca_cert -out $smime_ver
840 check_exit_status $?
821} 841}
822 842
823#---------#---------#---------#---------#---------#---------#---------#---------
824function test_ocsp { 843function test_ocsp {
825# --- OCSP operations --- 844 # --- OCSP operations ---
826section_message "OCSP operations" 845 section_message "OCSP operations"
827 846
828# request 847 # request
829start_message "ocsp ... create OCSP request" 848 start_message "ocsp ... create OCSP request"
830 849
831ocsp_req=$user1_dir/ocsp_req.der 850 ocsp_req=$user1_dir/ocsp_req.der
832$openssl_bin ocsp -issuer $ca_cert -cert $server_cert -cert $revoke_cert \ 851 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \
833 -CAfile $ca_cert -reqout $ocsp_req 852 -cert $revoke_cert -CAfile $ca_cert -reqout $ocsp_req
834check_exit_status $? 853 check_exit_status $?
835 854
836# response 855 # response
837start_message "ocsp ... create OCPS response for a request" 856 start_message "ocsp ... create OCPS response for a request"
838 857
839ocsp_res=$user1_dir/ocsp_res.der 858 ocsp_res=$user1_dir/ocsp_res.der
840$openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert -CAfile $ca_cert \ 859 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
841 -rsigner $ocsp_cert -rkey $ocsp_key -reqin $ocsp_req -respout $ocsp_res -text > $ocsp_res.out 2>&1 860 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
842check_exit_status $? 861 -reqin $ocsp_req -respout $ocsp_res -text > $ocsp_res.out 2>&1
843 862 check_exit_status $?
844# ocsp server 863
845start_message "ocsp ... start OCSP server in background" 864 # ocsp server
846 865 start_message "ocsp ... start OCSP server in background"
847ocsp_port=8888 866
848 867 ocsp_port=8888
849$openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert -CAfile $ca_cert \ 868
850 -rsigner $ocsp_cert -rkey $ocsp_key -port '*:'$ocsp_port -nrequest 1 & 869 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
851check_exit_status $? 870 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
852ocsp_svr_pid=$! 871 -port '*:'$ocsp_port -nrequest 1 &
853echo "ocsp server pid = [ $ocsp_svr_pid ]" 872 check_exit_status $?
854sleep 1 873 ocsp_svr_pid=$!
855 874 echo "ocsp server pid = [ $ocsp_svr_pid ]"
856# send query to ocsp server 875 sleep 1
857start_message "ocsp ... send OCSP request to server" 876
858 877 # send query to ocsp server
859ocsp_qry=$user1_dir/ocsp_qry.der 878 start_message "ocsp ... send OCSP request to server"
860$openssl_bin ocsp -issuer $ca_cert -cert $server_cert -cert $revoke_cert \ 879
861 -CAfile $ca_cert -url http://localhost:$ocsp_port -resp_text -respout $ocsp_qry > $ocsp_qry.out 2>&1 880 ocsp_qry=$user1_dir/ocsp_qry.der
862check_exit_status $? 881 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \
882 -cert $revoke_cert -CAfile $ca_cert \
883 -url http://localhost:$ocsp_port -resp_text \
884 -respout $ocsp_qry > $ocsp_qry.out 2>&1
885 check_exit_status $?
863} 886}
864 887
865#---------#---------#---------#---------#---------#---------#---------#---------
866function test_pkcs { 888function test_pkcs {
867# --- PKCS operations --- 889 # --- PKCS operations ---
868section_message "PKCS operations" 890 section_message "PKCS operations"
869 891
870pkcs_pass=test-pkcs-pass 892 pkcs_pass=test-pkcs-pass
871 893
872start_message "pkcs7 ... output certs in crl(pkcs7)" 894 start_message "pkcs7 ... output certs in crl(pkcs7)"
873$openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out 895 $openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out
874check_exit_status $? 896 check_exit_status $?
875 897
876start_message "pkcs8 ... convert key to pkcs8" 898 start_message "pkcs8 ... convert key to pkcs8"
877$openssl_bin pkcs8 -in $user1_key -topk8 -out $user1_key.p8 \ 899 $openssl_bin pkcs8 -in $user1_key -topk8 -out $user1_key.p8 \
878 -passin pass:$user1_pass -passout pass:$user1_pass -v1 pbeWithSHA1AndDES-CBC -v2 des3 900 -passin pass:$user1_pass -passout pass:$user1_pass \
879check_exit_status $? 901 -v1 pbeWithSHA1AndDES-CBC -v2 des3
880 902 check_exit_status $?
881start_message "pkcs8 ... convert pkcs8 to key in DER format" 903
882$openssl_bin pkcs8 -in $user1_key.p8 -passin pass:$user1_pass -outform DER -out $user1_key.p8.der 904 start_message "pkcs8 ... convert pkcs8 to key in DER format"
883check_exit_status $? 905 $openssl_bin pkcs8 -in $user1_key.p8 -passin pass:$user1_pass \
884 906 -outform DER -out $user1_key.p8.der
885start_message "pkcs12 ... create" 907 check_exit_status $?
886$openssl_bin pkcs12 -export -in $server_cert -inkey $server_key -passin pass:$server_pass \ 908
887 -certfile $ca_cert -CAfile $ca_cert -caname "server_p12" -passout pass:$pkcs_pass \ 909 start_message "pkcs12 ... create"
888 -certpbe AES-256-CBC -keypbe AES-256-CBC -chain -out $server_cert.p12 910 $openssl_bin pkcs12 -export -in $server_cert -inkey $server_key \
889check_exit_status $? 911 -passin pass:$server_pass -certfile $ca_cert -CAfile $ca_cert \
890 912 -caname "server_p12" -passout pass:$pkcs_pass \
891start_message "pkcs12 ... verify" 913 -certpbe AES-256-CBC -keypbe AES-256-CBC -chain \
892$openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info -noout 914 -out $server_cert.p12
893check_exit_status $? 915 check_exit_status $?
894 916
895start_message "pkcs12 ... to PEM" 917 start_message "pkcs12 ... verify"
896$openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass \ 918 $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info \
897 -passout pass:$pkcs_pass -out $server_cert.p12.pem 919 -noout
898check_exit_status $? 920 check_exit_status $?
921
922 start_message "pkcs12 ... to PEM"
923 $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass \
924 -passout pass:$pkcs_pass -out $server_cert.p12.pem
925 check_exit_status $?
899} 926}
900 927
901#---------#---------#---------#---------#---------#---------#---------#---------
902function test_server_client { 928function test_server_client {
903# --- client/server operations (TLS) --- 929 # --- client/server operations (TLS) ---
904section_message "client/server operations (TLS)" 930 section_message "client/server operations (TLS)"
905 931
906host="localhost" 932 host="localhost"
907port=4433 933 port=4433
908sess_dat=$user1_dir/s_client_sess.dat 934 sess_dat=$user1_dir/s_client_sess.dat
909s_server_out=$server_dir/s_server_tls.out 935 s_server_out=$server_dir/s_server_tls.out
910 936
911start_message "s_server ... start SSL/TLS test server" 937 start_message "s_server ... start SSL/TLS test server"
912$openssl_bin s_server -accept $port -CAfile $ca_cert \ 938 $openssl_bin s_server -accept $port -CAfile $ca_cert \
913 -cert $server_cert -key $server_key -pass pass:$server_pass \ 939 -cert $server_cert -key $server_key -pass pass:$server_pass \
914 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \ 940 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
915 -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \ 941 -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \
916 -cipher ALL \ 942 -cipher ALL \
917 -msg -tlsextdebug > $s_server_out 2>&1 & 943 -msg -tlsextdebug > $s_server_out 2>&1 &
918check_exit_status $? 944 check_exit_status $?
919s_server_pid=$! 945 s_server_pid=$!
920echo "s_server pid = [ $s_server_pid ]" 946 echo "s_server pid = [ $s_server_pid ]"
921sleep 1 947 sleep 1
922 948
923# protocol = TLSv1 949 # protocol = TLSv1
924 950
925s_client_out=$user1_dir/s_client_tls_1_0.out 951 s_client_out=$user1_dir/s_client_tls_1_0.out
926 952
927start_message "s_client ... connect to SSL/TLS test server by TLSv1" 953 start_message "s_client ... connect to SSL/TLS test server by TLSv1"
928$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \ 954 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
929 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 955 -pause -prexit \
930check_exit_status $? 956 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
931 957 check_exit_status $?
932grep 'Protocol : TLSv1$' $s_client_out > /dev/null 958
933check_exit_status $? 959 grep 'Protocol : TLSv1$' $s_client_out > /dev/null
934 960 check_exit_status $?
935grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 961
936check_exit_status $? 962 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
937 963 check_exit_status $?
938# protocol = TLSv1.1 964
939 965 # protocol = TLSv1.1
940s_client_out=$user1_dir/s_client_tls_1_1.out 966
941 967 s_client_out=$user1_dir/s_client_tls_1_1.out
942start_message "s_client ... connect to SSL/TLS test server by TLSv1.1" 968
943$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \ 969 start_message "s_client ... connect to SSL/TLS test server by TLSv1.1"
944 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 970 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
945check_exit_status $? 971 -pause -prexit \
946 972 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
947grep 'Protocol : TLSv1\.1$' $s_client_out > /dev/null 973 check_exit_status $?
948check_exit_status $? 974
949 975 grep 'Protocol : TLSv1\.1$' $s_client_out > /dev/null
950grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 976 check_exit_status $?
951check_exit_status $? 977
952 978 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
953# protocol = TLSv1.2 979 check_exit_status $?
954 980
955s_client_out=$user1_dir/s_client_tls_1_2.out 981 # protocol = TLSv1.2
956 982
957start_message "s_client ... connect to SSL/TLS test server by TLSv1.2" 983 s_client_out=$user1_dir/s_client_tls_1_2.out
958$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \ 984
959 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 985 start_message "s_client ... connect to SSL/TLS test server by TLSv1.2"
960check_exit_status $? 986 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
961 987 -pause -prexit \
962grep 'Protocol : TLSv1\.2$' $s_client_out > /dev/null 988 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
963check_exit_status $? 989 check_exit_status $?
964 990
965grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 991 grep 'Protocol : TLSv1\.2$' $s_client_out > /dev/null
966check_exit_status $? 992 check_exit_status $?
967 993
968# all available ciphers with random order 994 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
969 995 check_exit_status $?
970ciphers=`$openssl_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' | sort -R` 996
971cnum=0 997 # all available ciphers with random order
972for c in $ciphers ; do 998
973 cnum=`expr $cnum + 1` 999 ciphers=`$openssl_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' | sort -R`
974 cnstr=`printf %03d $cnum` 1000 cnum=0
975 s_client_out=$user1_dir/s_client_tls_${cnstr}_${c}.out 1001 for c in $ciphers ; do
976 1002 cnum=`expr $cnum + 1`
977 start_message "s_client ... connect to SSL/TLS test server with [ $cnstr ] $c" 1003 cnstr=`printf %03d $cnum`
978 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \ 1004 s_client_out=$user1_dir/s_client_tls_${cnstr}_${c}.out
979 -cipher $c -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1005
980 check_exit_status $? 1006 start_message "s_client ... connect to SSL/TLS test server with [ $cnstr ] $c"
981 1007 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
982 grep "Cipher : $c" $s_client_out > /dev/null 1008 -pause -prexit -cipher $c \
983 check_exit_status $? 1009 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
984 1010 check_exit_status $?
985 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1011
986 check_exit_status $? 1012 grep "Cipher : $c" $s_client_out > /dev/null
987done 1013 check_exit_status $?
988 1014
989# Get session ticket to reuse 1015 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
990 1016 check_exit_status $?
991s_client_out=$user1_dir/s_client_tls_reuse_1.out 1017 done
992 1018
993start_message "s_client ... connect to SSL/TLS test server to get session id" 1019 # Get session ticket to reuse
994$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \ 1020
995 -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \ 1021 s_client_out=$user1_dir/s_client_tls_reuse_1.out
996 -sess_out $sess_dat \ 1022
997 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1023 start_message "s_client ... connect to SSL/TLS test server to get session id"
998check_exit_status $? 1024 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
999 1025 -pause -prexit \
1000grep 'New, TLSv1/SSLv3' $s_client_out > /dev/null 1026 -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \
1001check_exit_status $? 1027 -sess_out $sess_dat \
1002 1028 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1003grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1029 check_exit_status $?
1004check_exit_status $? 1030
1005 1031 grep 'New, TLSv1/SSLv3' $s_client_out > /dev/null
1006# Reuse session ticket 1032 check_exit_status $?
1007 1033
1008s_client_out=$user1_dir/s_client_tls_reuse_2.out 1034 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1009 1035 check_exit_status $?
1010start_message "s_client ... connect to SSL/TLS test server reusing session id" 1036
1011$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \ 1037 # Reuse session ticket
1012 -sess_in $sess_dat \ 1038
1013 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1039 s_client_out=$user1_dir/s_client_tls_reuse_2.out
1014check_exit_status $? 1040
1015 1041 start_message "s_client ... connect to SSL/TLS test server reusing session id"
1016grep 'Reused, TLSv1/SSLv3' $s_client_out > /dev/null 1042 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
1017check_exit_status $? 1043 -pause -prexit -sess_in $sess_dat \
1018 1044 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1019grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1045 check_exit_status $?
1020check_exit_status $? 1046
1021 1047 grep 'Reused, TLSv1/SSLv3' $s_client_out > /dev/null
1022# invalid verification pattern 1048 check_exit_status $?
1023 1049
1024s_client_out=$user1_dir/s_client_tls_invalid.out 1050 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1025 1051 check_exit_status $?
1026start_message "s_client ... connect to SSL/TLS test server but verify error" 1052
1027$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \ 1053 # invalid verification pattern
1028 -showcerts -crl_check -issuer_checks -policy_check \ 1054
1029 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1055 s_client_out=$user1_dir/s_client_tls_invalid.out
1030check_exit_status $? 1056
1031 1057 start_message "s_client ... connect to SSL/TLS test server but verify error"
1032grep 'Verify return code: 24 (invalid CA certificate)' $s_client_out > /dev/null 1058 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
1033check_exit_status $? 1059 -pause -prexit \
1034 1060 -showcerts -crl_check -issuer_checks -policy_check \
1035# s_time 1061 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1036start_message "s_time ... connect to SSL/TLS test server" 1062 check_exit_status $?
1037$openssl_bin s_time -connect $host:$port -CAfile $ca_cert -time 2 1063
1038check_exit_status $? 1064 grep 'Verify return code: 24 (invalid CA certificate)' $s_client_out \
1039 1065 > /dev/null
1040# sess_id 1066 check_exit_status $?
1041start_message "sess_id" 1067
1042$openssl_bin sess_id -in $sess_dat -text -out $sess_dat.out 1068 # s_time
1043check_exit_status $? 1069 start_message "s_time ... connect to SSL/TLS test server"
1044 1070 $openssl_bin s_time -connect $host:$port -CAfile $ca_cert -time 2
1045stop_s_server 1071 check_exit_status $?
1072
1073 # sess_id
1074 start_message "sess_id"
1075 $openssl_bin sess_id -in $sess_dat -text -out $sess_dat.out
1076 check_exit_status $?
1077
1078 stop_s_server
1046} 1079}
1047 1080
1048#---------#---------#---------#---------#---------#---------#---------#---------
1049function test_speed { 1081function test_speed {
1050# === PERFORMANCE === 1082 # === PERFORMANCE ===
1051section_message "PERFORMANCE" 1083 section_message "PERFORMANCE"
1052 1084
1053if [ $no_long_tests = 0 ] ; then 1085 if [ $no_long_tests = 0 ] ; then
1054 start_message "speed" 1086 start_message "speed"
1055 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed 1087 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed
1056 check_exit_status $? 1088 check_exit_status $?
1057else 1089 else
1058 start_message "SKIPPNG speed (quick mode)" 1090 start_message "SKIPPNG speed (quick mode)"
1059fi 1091 fi
1060} 1092}
1061 1093
1062#---------#---------#---------#---------#---------#---------#---------#---------
1063function test_version { 1094function test_version {
1064# --- VERSION INFORMATION --- 1095 # --- VERSION INFORMATION ---
1065section_message "VERSION INFORMATION" 1096 section_message "VERSION INFORMATION"
1066 1097
1067start_message "version" 1098 start_message "version"
1068$openssl_bin version -a 1099 $openssl_bin version -a
1069check_exit_status $? 1100 check_exit_status $?
1070} 1101}
1071 1102
1072#---------#---------#---------#---------#---------#---------#---------#--------- 1103#---------#---------#---------#---------#---------#---------#---------#---------
@@ -1076,13 +1107,13 @@ openssl_bin=${OPENSSL:-/usr/bin/openssl}
1076no_long_tests=0 1107no_long_tests=0
1077 1108
1078while [ "$1" != "" ]; do 1109while [ "$1" != "" ]; do
1079 case $1 in 1110 case $1 in
1080 -q | --quick ) shift 1111 -q | --quick ) shift
1081 no_long_tests=1 1112 no_long_tests=1
1082 ;; 1113 ;;
1083 * ) usage 1114 * ) usage
1084 exit 1 1115 exit 1
1085 esac 1116 esac
1086done 1117done
1087 1118
1088# 1119#
@@ -1091,8 +1122,8 @@ done
1091ssldir="appstest_dir" 1122ssldir="appstest_dir"
1092 1123
1093if [ -d $ssldir ] ; then 1124if [ -d $ssldir ] ; then
1094 echo "directory [ $ssldir ] exists, this script deletes this directory ..." 1125 echo "directory [ $ssldir ] exists, this script deletes this directory ..."
1095 /bin/rm -rf $ssldir 1126 /bin/rm -rf $ssldir
1096fi 1127fi
1097 1128
1098mkdir -p $ssldir 1129mkdir -p $ssldir
@@ -1111,9 +1142,9 @@ touch $OPENSSL_CONF
1111 1142
1112uname_s=`uname -s | grep 'MINGW'` 1143uname_s=`uname -s | grep 'MINGW'`
1113if [ "$uname_s" = "" ] ; then 1144if [ "$uname_s" = "" ] ; then
1114 mingw=0 1145 mingw=0
1115else 1146else
1116 mingw=1 1147 mingw=1
1117fi 1148fi
1118 1149
1119# 1150#
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 10:29:36 +0000