summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/ssl/ssltest.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c256
1 files changed, 209 insertions, 47 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 9845ef99ed..517657c024 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -108,6 +108,11 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
111 116
112#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly 117#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
113 on Linux and GNU platforms. */ 118 on Linux and GNU platforms. */
@@ -138,7 +143,16 @@
138#endif 143#endif
139#include <openssl/err.h> 144#include <openssl/err.h>
140#include <openssl/rand.h> 145#include <openssl/rand.h>
141#include <openssl/fips.h> 146#ifndef OPENSSL_NO_RSA
147#include <openssl/rsa.h>
148#endif
149#ifndef OPENSSL_NO_DSA
150#include <openssl/dsa.h>
151#endif
152#ifndef OPENSSL_NO_DH
153#include <openssl/dh.h>
154#endif
155#include <openssl/bn.h>
142 156
143#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly 157#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
144 on Compaq platforms (at least with DEC C). 158 on Compaq platforms (at least with DEC C).
@@ -158,6 +172,9 @@
158#elif defined(OPENSSL_SYS_WINCE) 172#elif defined(OPENSSL_SYS_WINCE)
159# define TEST_SERVER_CERT "\\OpenSSL\\server.pem" 173# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
160# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" 174# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
175#elif defined(OPENSSL_SYS_NETWARE)
176# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
177# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
161#else 178#else
162# define TEST_SERVER_CERT "../apps/server.pem" 179# define TEST_SERVER_CERT "../apps/server.pem"
163# define TEST_CLIENT_CERT "../apps/client.pem" 180# define TEST_CLIENT_CERT "../apps/client.pem"
@@ -165,8 +182,8 @@
165 182
166/* There is really no standard for this, so let's assign some tentative 183/* There is really no standard for this, so let's assign some tentative
167 numbers. In any case, these numbers are only for this test */ 184 numbers. In any case, these numbers are only for this test */
168#define COMP_RLE 1 185#define COMP_RLE 255
169#define COMP_ZLIB 2 186#define COMP_ZLIB 1
170 187
171static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); 188static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
172#ifndef OPENSSL_NO_RSA 189#ifndef OPENSSL_NO_RSA
@@ -207,13 +224,11 @@ static const char rnd_seed[] = "string to make the random number generator think
207 224
208int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); 225int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
209int doit(SSL *s_ssl,SSL *c_ssl,long bytes); 226int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
227static int do_test_cipherlist(void);
210static void sv_usage(void) 228static void sv_usage(void)
211 { 229 {
212 fprintf(stderr,"usage: ssltest [args ...]\n"); 230 fprintf(stderr,"usage: ssltest [args ...]\n");
213 fprintf(stderr,"\n"); 231 fprintf(stderr,"\n");
214#ifdef OPENSSL_FIPS
215 fprintf(stderr,"-F - run test in FIPS mode\n");
216#endif
217 fprintf(stderr," -server_auth - check server certificate\n"); 232 fprintf(stderr," -server_auth - check server certificate\n");
218 fprintf(stderr," -client_auth - do client authentication\n"); 233 fprintf(stderr," -client_auth - do client authentication\n");
219 fprintf(stderr," -proxy - allow proxy certificates\n"); 234 fprintf(stderr," -proxy - allow proxy certificates\n");
@@ -229,6 +244,9 @@ static void sv_usage(void)
229 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); 244 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
230 fprintf(stderr," -no_dhe - disable DHE\n"); 245 fprintf(stderr," -no_dhe - disable DHE\n");
231#endif 246#endif
247#ifndef OPENSSL_NO_ECDH
248 fprintf(stderr," -no_ecdhe - disable ECDHE\n");
249#endif
232#ifndef OPENSSL_NO_SSL2 250#ifndef OPENSSL_NO_SSL2
233 fprintf(stderr," -ssl2 - use SSLv2\n"); 251 fprintf(stderr," -ssl2 - use SSLv2\n");
234#endif 252#endif
@@ -249,7 +267,13 @@ static void sv_usage(void)
249 fprintf(stderr," -f - Test even cases that can't work\n"); 267 fprintf(stderr," -f - Test even cases that can't work\n");
250 fprintf(stderr," -time - measure processor time used by client and server\n"); 268 fprintf(stderr," -time - measure processor time used by client and server\n");
251 fprintf(stderr," -zlib - use zlib compression\n"); 269 fprintf(stderr," -zlib - use zlib compression\n");
252 fprintf(stderr," -time - use rle compression\n"); 270 fprintf(stderr," -rle - use rle compression\n");
271#ifndef OPENSSL_NO_ECDH
272 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
273 " Use \"openssl ecparam -list_curves\" for all names\n" \
274 " (default is sect163r2).\n");
275#endif
276 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
253 } 277 }
254 278
255static void print_details(SSL *c_ssl, const char *prefix) 279static void print_details(SSL *c_ssl, const char *prefix)
@@ -359,6 +383,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
359 } 383 }
360 } 384 }
361 385
386
362int main(int argc, char *argv[]) 387int main(int argc, char *argv[])
363 { 388 {
364 char *CApath=NULL,*CAfile=NULL; 389 char *CApath=NULL,*CAfile=NULL;
@@ -374,24 +399,32 @@ int main(int argc, char *argv[])
374 char *server_key=NULL; 399 char *server_key=NULL;
375 char *client_cert=TEST_CLIENT_CERT; 400 char *client_cert=TEST_CLIENT_CERT;
376 char *client_key=NULL; 401 char *client_key=NULL;
402#ifndef OPENSSL_NO_ECDH
403 char *named_curve = NULL;
404#endif
377 SSL_CTX *s_ctx=NULL; 405 SSL_CTX *s_ctx=NULL;
378 SSL_CTX *c_ctx=NULL; 406 SSL_CTX *c_ctx=NULL;
379 SSL_METHOD *meth=NULL; 407 SSL_METHOD *meth=NULL;
380 SSL *c_ssl,*s_ssl; 408 SSL *c_ssl,*s_ssl;
381 int number=1,reuse=0; 409 int number=1,reuse=0;
382 long bytes=1L; 410 long bytes=256L;
383#ifndef OPENSSL_NO_DH 411#ifndef OPENSSL_NO_DH
384 DH *dh; 412 DH *dh;
385 int dhe1024 = 0, dhe1024dsa = 0; 413 int dhe1024 = 0, dhe1024dsa = 0;
386#endif 414#endif
415#ifndef OPENSSL_NO_ECDH
416 EC_KEY *ecdh = NULL;
417#endif
387 int no_dhe = 0; 418 int no_dhe = 0;
419 int no_ecdhe = 0;
388 int print_time = 0; 420 int print_time = 0;
389 clock_t s_time = 0, c_time = 0; 421 clock_t s_time = 0, c_time = 0;
390 int comp = 0; 422 int comp = 0;
423#ifndef OPENSSL_NO_COMP
391 COMP_METHOD *cm = NULL; 424 COMP_METHOD *cm = NULL;
392#ifdef OPENSSL_FIPS
393 int fips_mode=0;
394#endif 425#endif
426 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
427 int test_cipherlist = 0;
395 428
396 verbose = 0; 429 verbose = 0;
397 debug = 0; 430 debug = 0;
@@ -423,16 +456,7 @@ int main(int argc, char *argv[])
423 456
424 while (argc >= 1) 457 while (argc >= 1)
425 { 458 {
426 if(!strcmp(*argv,"-F")) 459 if (strcmp(*argv,"-server_auth") == 0)
427 {
428#ifdef OPENSSL_FIPS
429 fips_mode=1;
430#else
431 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
432 EXIT(0);
433#endif
434 }
435 else if (strcmp(*argv,"-server_auth") == 0)
436 server_auth=1; 460 server_auth=1;
437 else if (strcmp(*argv,"-client_auth") == 0) 461 else if (strcmp(*argv,"-client_auth") == 0)
438 client_auth=1; 462 client_auth=1;
@@ -470,6 +494,8 @@ int main(int argc, char *argv[])
470 } 494 }
471 else if (strcmp(*argv,"-no_dhe") == 0) 495 else if (strcmp(*argv,"-no_dhe") == 0)
472 no_dhe=1; 496 no_dhe=1;
497 else if (strcmp(*argv,"-no_ecdhe") == 0)
498 no_ecdhe=1;
473 else if (strcmp(*argv,"-ssl2") == 0) 499 else if (strcmp(*argv,"-ssl2") == 0)
474 ssl2=1; 500 ssl2=1;
475 else if (strcmp(*argv,"-tls1") == 0) 501 else if (strcmp(*argv,"-tls1") == 0)
@@ -556,6 +582,16 @@ int main(int argc, char *argv[])
556 { 582 {
557 comp = COMP_RLE; 583 comp = COMP_RLE;
558 } 584 }
585 else if (strcmp(*argv,"-named_curve") == 0)
586 {
587 if (--argc < 1) goto bad;
588#ifndef OPENSSL_NO_ECDH
589 named_curve = *(++argv);
590#else
591 fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
592 ++argv;
593#endif
594 }
559 else if (strcmp(*argv,"-app_verify") == 0) 595 else if (strcmp(*argv,"-app_verify") == 0)
560 { 596 {
561 app_verify_arg.app_verify = 1; 597 app_verify_arg.app_verify = 1;
@@ -564,6 +600,10 @@ int main(int argc, char *argv[])
564 { 600 {
565 app_verify_arg.allow_proxy_certs = 1; 601 app_verify_arg.allow_proxy_certs = 1;
566 } 602 }
603 else if (strcmp(*argv,"-test_cipherlist") == 0)
604 {
605 test_cipherlist = 1;
606 }
567 else 607 else
568 { 608 {
569 fprintf(stderr,"unknown option %s\n",*argv); 609 fprintf(stderr,"unknown option %s\n",*argv);
@@ -580,6 +620,14 @@ bad:
580 goto end; 620 goto end;
581 } 621 }
582 622
623 if (test_cipherlist == 1)
624 {
625 /* ensure that the cipher list are correctly sorted and exit */
626 if (do_test_cipherlist() == 0)
627 EXIT(1);
628 ret = 0;
629 goto end;
630 }
583 631
584 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) 632 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
585 { 633 {
@@ -590,20 +638,6 @@ bad:
590 EXIT(1); 638 EXIT(1);
591 } 639 }
592 640
593#ifdef OPENSSL_FIPS
594 if(fips_mode)
595 {
596 if(!FIPS_mode_set(1))
597 {
598 ERR_load_crypto_strings();
599 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
600 EXIT(1);
601 }
602 else
603 fprintf(stderr,"*** IN FIPS MODE ***\n");
604 }
605#endif
606
607 if (print_time) 641 if (print_time)
608 { 642 {
609 if (!bio_pair) 643 if (!bio_pair)
@@ -620,6 +654,7 @@ bad:
620 SSL_library_init(); 654 SSL_library_init();
621 SSL_load_error_strings(); 655 SSL_load_error_strings();
622 656
657#ifndef OPENSSL_NO_COMP
623 if (comp == COMP_ZLIB) cm = COMP_zlib(); 658 if (comp == COMP_ZLIB) cm = COMP_zlib();
624 if (comp == COMP_RLE) cm = COMP_rle(); 659 if (comp == COMP_RLE) cm = COMP_rle();
625 if (cm != NULL) 660 if (cm != NULL)
@@ -643,6 +678,20 @@ bad:
643 ERR_print_errors_fp(stderr); 678 ERR_print_errors_fp(stderr);
644 } 679 }
645 } 680 }
681 ssl_comp_methods = SSL_COMP_get_compression_methods();
682 fprintf(stderr, "Available compression methods:\n");
683 {
684 int j, n = sk_SSL_COMP_num(ssl_comp_methods);
685 if (n == 0)
686 fprintf(stderr, " NONE\n");
687 else
688 for (j = 0; j < n; j++)
689 {
690 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
691 fprintf(stderr, " %d: %s\n", c->id, c->name);
692 }
693 }
694#endif
646 695
647#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) 696#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
648 if (ssl2) 697 if (ssl2)
@@ -697,6 +746,38 @@ bad:
697 (void)no_dhe; 746 (void)no_dhe;
698#endif 747#endif
699 748
749#ifndef OPENSSL_NO_ECDH
750 if (!no_ecdhe)
751 {
752 int nid;
753
754 if (named_curve != NULL)
755 {
756 nid = OBJ_sn2nid(named_curve);
757 if (nid == 0)
758 {
759 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
760 goto end;
761 }
762 }
763 else
764 nid = NID_sect163r2;
765
766 ecdh = EC_KEY_new_by_curve_name(nid);
767 if (ecdh == NULL)
768 {
769 BIO_printf(bio_err, "unable to create curve\n");
770 goto end;
771 }
772
773 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
774 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
775 EC_KEY_free(ecdh);
776 }
777#else
778 (void)no_ecdhe;
779#endif
780
700#ifndef OPENSSL_NO_RSA 781#ifndef OPENSSL_NO_RSA
701 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); 782 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
702#endif 783#endif
@@ -833,6 +914,7 @@ end:
833 CRYPTO_mem_leaks(bio_err); 914 CRYPTO_mem_leaks(bio_err);
834 if (bio_err != NULL) BIO_free(bio_err); 915 if (bio_err != NULL) BIO_free(bio_err);
835 EXIT(ret); 916 EXIT(ret);
917 return ret;
836 } 918 }
837 919
838int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, 920int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
@@ -1323,8 +1405,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
1323 { 1405 {
1324 if (c_write) 1406 if (c_write)
1325 { 1407 {
1326 j=(cw_num > (long)sizeof(cbuf)) 1408 j = (cw_num > (long)sizeof(cbuf)) ?
1327 ?sizeof(cbuf):(int)cw_num; 1409 (int)sizeof(cbuf) : (int)cw_num;
1328 i=BIO_write(c_bio,cbuf,j); 1410 i=BIO_write(c_bio,cbuf,j);
1329 if (i < 0) 1411 if (i < 0)
1330 { 1412 {
@@ -1454,8 +1536,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
1454 } 1536 }
1455 else 1537 else
1456 { 1538 {
1457 j=(sw_num > (long)sizeof(sbuf))? 1539 j = (sw_num > (long)sizeof(sbuf)) ?
1458 sizeof(sbuf):(int)sw_num; 1540 (int)sizeof(sbuf) : (int)sw_num;
1459 i=BIO_write(s_bio,sbuf,j); 1541 i=BIO_write(s_bio,sbuf,j);
1460 if (i < 0) 1542 if (i < 0)
1461 { 1543 {
@@ -1642,7 +1724,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
1642 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); 1724 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
1643 while(i-- > 0) 1725 while(i-- > 0)
1644 { 1726 {
1645 char c = *s++; 1727 int c = *s++;
1646 if (isascii(c) && isalpha(c)) 1728 if (isascii(c) && isalpha(c))
1647 { 1729 {
1648 if (islower(c)) 1730 if (islower(c))
@@ -1703,11 +1785,11 @@ static int process_proxy_cond_adders(unsigned int letters[26],
1703static int process_proxy_cond_val(unsigned int letters[26], 1785static int process_proxy_cond_val(unsigned int letters[26],
1704 const char *cond, const char **cond_end, int *pos, int indent) 1786 const char *cond, const char **cond_end, int *pos, int indent)
1705 { 1787 {
1706 char c; 1788 int c;
1707 int ok = 1; 1789 int ok = 1;
1708 int negate = 0; 1790 int negate = 0;
1709 1791
1710 while(isspace(*cond)) 1792 while(isspace((int)*cond))
1711 { 1793 {
1712 cond++; (*pos)++; 1794 cond++; (*pos)++;
1713 } 1795 }
@@ -1722,7 +1804,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
1722 { 1804 {
1723 negate = !negate; 1805 negate = !negate;
1724 cond++; (*pos)++; 1806 cond++; (*pos)++;
1725 while(isspace(*cond)) 1807 while(isspace((int)*cond))
1726 { 1808 {
1727 cond++; (*pos)++; 1809 cond++; (*pos)++;
1728 } 1810 }
@@ -1737,7 +1819,7 @@ static int process_proxy_cond_val(unsigned int letters[26],
1737 cond = *cond_end; 1819 cond = *cond_end;
1738 if (ok < 0) 1820 if (ok < 0)
1739 goto end; 1821 goto end;
1740 while(isspace(*cond)) 1822 while(isspace((int)*cond))
1741 { 1823 {
1742 cond++; (*pos)++; 1824 cond++; (*pos)++;
1743 } 1825 }
@@ -1797,7 +1879,7 @@ static int process_proxy_cond_multipliers(unsigned int letters[26],
1797 1879
1798 while(ok >= 0) 1880 while(ok >= 0)
1799 { 1881 {
1800 while(isspace(*cond)) 1882 while(isspace((int)*cond))
1801 { 1883 {
1802 cond++; (*pos)++; 1884 cond++; (*pos)++;
1803 } 1885 }
@@ -1864,7 +1946,7 @@ static int process_proxy_cond_adders(unsigned int letters[26],
1864 1946
1865 while(ok >= 0) 1947 while(ok >= 0)
1866 { 1948 {
1867 while(isspace(*cond)) 1949 while(isspace((int)*cond))
1868 { 1950 {
1869 cond++; (*pos)++; 1951 cond++; (*pos)++;
1870 } 1952 }
@@ -1947,7 +2029,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1947 letters[i] = 0; 2029 letters[i] = 0;
1948 for(sp = cb_arg->proxy_auth; *sp; sp++) 2030 for(sp = cb_arg->proxy_auth; *sp; sp++)
1949 { 2031 {
1950 char c = *sp; 2032 int c = *sp;
1951 if (isascii(c) && isalpha(c)) 2033 if (isascii(c) && isalpha(c))
1952 { 2034 {
1953 if (islower(c)) 2035 if (islower(c))
@@ -1977,7 +2059,15 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1977 } 2059 }
1978 2060
1979#ifndef OPENSSL_NO_X509_VERIFY 2061#ifndef OPENSSL_NO_X509_VERIFY
2062# ifdef OPENSSL_FIPS
2063 if(s->version == TLS1_VERSION)
2064 FIPS_allow_md5(1);
2065# endif
1980 ok = X509_verify_cert(ctx); 2066 ok = X509_verify_cert(ctx);
2067# ifdef OPENSSL_FIPS
2068 if(s->version == TLS1_VERSION)
2069 FIPS_allow_md5(0);
2070# endif
1981#endif 2071#endif
1982 2072
1983 if (cb_arg->proxy_auth) 2073 if (cb_arg->proxy_auth)
@@ -2012,14 +2102,29 @@ static RSA *rsa_tmp=NULL;
2012 2102
2013static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 2103static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2014 { 2104 {
2105 BIGNUM *bn = NULL;
2015 if (rsa_tmp == NULL) 2106 if (rsa_tmp == NULL)
2016 { 2107 {
2108 bn = BN_new();
2109 rsa_tmp = RSA_new();
2110 if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
2111 {
2112 BIO_printf(bio_err, "Memory error...");
2113 goto end;
2114 }
2017 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 2115 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
2018 (void)BIO_flush(bio_err); 2116 (void)BIO_flush(bio_err);
2019 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); 2117 if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
2118 {
2119 BIO_printf(bio_err, "Error generating key.");
2120 RSA_free(rsa_tmp);
2121 rsa_tmp = NULL;
2122 }
2123end:
2020 BIO_printf(bio_err,"\n"); 2124 BIO_printf(bio_err,"\n");
2021 (void)BIO_flush(bio_err); 2125 (void)BIO_flush(bio_err);
2022 } 2126 }
2127 if(bn) BN_free(bn);
2023 return(rsa_tmp); 2128 return(rsa_tmp);
2024 } 2129 }
2025 2130
@@ -2130,3 +2235,60 @@ static DH *get_dh1024dsa()
2130 return(dh); 2235 return(dh);
2131 } 2236 }
2132#endif 2237#endif
2238
2239static int do_test_cipherlist(void)
2240 {
2241 int i = 0;
2242 const SSL_METHOD *meth;
2243 SSL_CIPHER *ci, *tci = NULL;
2244
2245#ifndef OPENSSL_NO_SSL2
2246 fprintf(stderr, "testing SSLv2 cipher list order: ");
2247 meth = SSLv2_method();
2248 while ((ci = meth->get_cipher(i++)) != NULL)
2249 {
2250 if (tci != NULL)
2251 if (ci->id >= tci->id)
2252 {
2253 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2254 return 0;
2255 }
2256 tci = ci;
2257 }
2258 fprintf(stderr, "ok\n");
2259#endif
2260#ifndef OPENSSL_NO_SSL3
2261 fprintf(stderr, "testing SSLv3 cipher list order: ");
2262 meth = SSLv3_method();
2263 tci = NULL;
2264 while ((ci = meth->get_cipher(i++)) != NULL)
2265 {
2266 if (tci != NULL)
2267 if (ci->id >= tci->id)
2268 {
2269 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2270 return 0;
2271 }
2272 tci = ci;
2273 }
2274 fprintf(stderr, "ok\n");
2275#endif
2276#ifndef OPENSSL_NO_TLS1
2277 fprintf(stderr, "testing TLSv1 cipher list order: ");
2278 meth = TLSv1_method();
2279 tci = NULL;
2280 while ((ci = meth->get_cipher(i++)) != NULL)
2281 {
2282 if (tci != NULL)
2283 if (ci->id >= tci->id)
2284 {
2285 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2286 return 0;
2287 }
2288 tci = ci;
2289 }
2290 fprintf(stderr, "ok\n");
2291#endif
2292
2293 return 1;
2294 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 13:45:41 +0000