summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/ssl/ssltest.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c43
1 files changed, 32 insertions, 11 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 517657c024..b09c542087 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -229,6 +229,9 @@ static void sv_usage(void)
229 { 229 {
230 fprintf(stderr,"usage: ssltest [args ...]\n"); 230 fprintf(stderr,"usage: ssltest [args ...]\n");
231 fprintf(stderr,"\n"); 231 fprintf(stderr,"\n");
232#ifdef OPENSSL_FIPS
233 fprintf(stderr,"-F - run test in FIPS mode\n");
234#endif
232 fprintf(stderr," -server_auth - check server certificate\n"); 235 fprintf(stderr," -server_auth - check server certificate\n");
233 fprintf(stderr," -client_auth - do client authentication\n"); 236 fprintf(stderr," -client_auth - do client authentication\n");
234 fprintf(stderr," -proxy - allow proxy certificates\n"); 237 fprintf(stderr," -proxy - allow proxy certificates\n");
@@ -410,7 +413,7 @@ int main(int argc, char *argv[])
410 long bytes=256L; 413 long bytes=256L;
411#ifndef OPENSSL_NO_DH 414#ifndef OPENSSL_NO_DH
412 DH *dh; 415 DH *dh;
413 int dhe1024 = 0, dhe1024dsa = 0; 416 int dhe1024 = 1, dhe1024dsa = 0;
414#endif 417#endif
415#ifndef OPENSSL_NO_ECDH 418#ifndef OPENSSL_NO_ECDH
416 EC_KEY *ecdh = NULL; 419 EC_KEY *ecdh = NULL;
@@ -425,6 +428,9 @@ int main(int argc, char *argv[])
425#endif 428#endif
426 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; 429 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
427 int test_cipherlist = 0; 430 int test_cipherlist = 0;
431#ifdef OPENSSL_FIPS
432 int fips_mode=0;
433#endif
428 434
429 verbose = 0; 435 verbose = 0;
430 debug = 0; 436 debug = 0;
@@ -456,7 +462,16 @@ int main(int argc, char *argv[])
456 462
457 while (argc >= 1) 463 while (argc >= 1)
458 { 464 {
459 if (strcmp(*argv,"-server_auth") == 0) 465 if(!strcmp(*argv,"-F"))
466 {
467#ifdef OPENSSL_FIPS
468 fips_mode=1;
469#else
470 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
471 EXIT(0);
472#endif
473 }
474 else if (strcmp(*argv,"-server_auth") == 0)
460 server_auth=1; 475 server_auth=1;
461 else if (strcmp(*argv,"-client_auth") == 0) 476 else if (strcmp(*argv,"-client_auth") == 0)
462 client_auth=1; 477 client_auth=1;
@@ -638,6 +653,20 @@ bad:
638 EXIT(1); 653 EXIT(1);
639 } 654 }
640 655
656#ifdef OPENSSL_FIPS
657 if(fips_mode)
658 {
659 if(!FIPS_mode_set(1))
660 {
661 ERR_load_crypto_strings();
662 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
663 EXIT(1);
664 }
665 else
666 fprintf(stderr,"*** IN FIPS MODE ***\n");
667 }
668#endif
669
641 if (print_time) 670 if (print_time)
642 { 671 {
643 if (!bio_pair) 672 if (!bio_pair)
@@ -2059,20 +2088,12 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2059 } 2088 }
2060 2089
2061#ifndef OPENSSL_NO_X509_VERIFY 2090#ifndef OPENSSL_NO_X509_VERIFY
2062# ifdef OPENSSL_FIPS
2063 if(s->version == TLS1_VERSION)
2064 FIPS_allow_md5(1);
2065# endif
2066 ok = X509_verify_cert(ctx); 2091 ok = X509_verify_cert(ctx);
2067# ifdef OPENSSL_FIPS
2068 if(s->version == TLS1_VERSION)
2069 FIPS_allow_md5(0);
2070# endif
2071#endif 2092#endif
2072 2093
2073 if (cb_arg->proxy_auth) 2094 if (cb_arg->proxy_auth)
2074 { 2095 {
2075 if (ok) 2096 if (ok > 0)
2076 { 2097 {
2077 const char *cond_end = NULL; 2098 const char *cond_end = NULL;
2078 2099
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 04:53:02 +0000