diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/test/testss | 86 | ||||
| -rw-r--r-- | src/lib/libssl/test/testssl | 14 |
2 files changed, 82 insertions, 18 deletions
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss index 8d3557f356..1a426857d3 100644 --- a/src/lib/libssl/test/testss +++ b/src/lib/libssl/test/testss | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | digest='-md5' | 3 | digest='-sha1' |
| 4 | reqcmd="../apps/openssl req" | 4 | reqcmd="../util/shlib_wrap.sh ../apps/openssl req" |
| 5 | x509cmd="../apps/openssl x509 $digest" | 5 | x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" |
| 6 | verifycmd="../apps/openssl verify" | 6 | verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" |
| 7 | dummycnf="../apps/openssl.cnf" | 7 | dummycnf="../apps/openssl.cnf" |
| 8 | 8 | ||
| 9 | CAkey="keyCA.ss" | 9 | CAkey="keyCA.ss" |
| @@ -17,12 +17,24 @@ Ukey="keyU.ss" | |||
| 17 | Ureq="reqU.ss" | 17 | Ureq="reqU.ss" |
| 18 | Ucert="certU.ss" | 18 | Ucert="certU.ss" |
| 19 | 19 | ||
| 20 | P1conf="P1ss.cnf" | ||
| 21 | P1key="keyP1.ss" | ||
| 22 | P1req="reqP1.ss" | ||
| 23 | P1cert="certP1.ss" | ||
| 24 | P1intermediate="tmp_intP1.ss" | ||
| 25 | |||
| 26 | P2conf="P2ss.cnf" | ||
| 27 | P2key="keyP2.ss" | ||
| 28 | P2req="reqP2.ss" | ||
| 29 | P2cert="certP2.ss" | ||
| 30 | P2intermediate="tmp_intP2.ss" | ||
| 31 | |||
| 20 | echo | 32 | echo |
| 21 | echo "make a certificate request using 'req'" | 33 | echo "make a certificate request using 'req'" |
| 22 | 34 | ||
| 23 | echo "string to make the random number generator think it has entropy" >> ./.rnd | 35 | echo "string to make the random number generator think it has entropy" >> ./.rnd |
| 24 | 36 | ||
| 25 | if ../apps/openssl no-rsa; then | 37 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then |
| 26 | req_new='-newkey dsa:../apps/dsa512.pem' | 38 | req_new='-newkey dsa:../apps/dsa512.pem' |
| 27 | else | 39 | else |
| 28 | req_new='-new' | 40 | req_new='-new' |
| @@ -35,7 +47,7 @@ if [ $? != 0 ]; then | |||
| 35 | fi | 47 | fi |
| 36 | echo | 48 | echo |
| 37 | echo "convert the certificate request into a self signed certificate using 'x509'" | 49 | echo "convert the certificate request into a self signed certificate using 'x509'" |
| 38 | $x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss | 50 | $x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss |
| 39 | if [ $? != 0 ]; then | 51 | if [ $? != 0 ]; then |
| 40 | echo "error using 'x509' to self sign a certificate request" | 52 | echo "error using 'x509' to self sign a certificate request" |
| 41 | exit 1 | 53 | exit 1 |
| @@ -68,18 +80,18 @@ if [ $? != 0 ]; then | |||
| 68 | fi | 80 | fi |
| 69 | 81 | ||
| 70 | echo | 82 | echo |
| 71 | echo "make another certificate request using 'req'" | 83 | echo "make a user certificate request using 'req'" |
| 72 | $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss | 84 | $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss |
| 73 | if [ $? != 0 ]; then | 85 | if [ $? != 0 ]; then |
| 74 | echo "error using 'req' to generate a certificate request" | 86 | echo "error using 'req' to generate a user certificate request" |
| 75 | exit 1 | 87 | exit 1 |
| 76 | fi | 88 | fi |
| 77 | 89 | ||
| 78 | echo | 90 | echo |
| 79 | echo "sign certificate request with the just created CA via 'x509'" | 91 | echo "sign user certificate request with the just created CA via 'x509'" |
| 80 | $x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss | 92 | $x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss |
| 81 | if [ $? != 0 ]; then | 93 | if [ $? != 0 ]; then |
| 82 | echo "error using 'x509' to sign a certificate request" | 94 | echo "error using 'x509' to sign a user certificate request" |
| 83 | exit 1 | 95 | exit 1 |
| 84 | fi | 96 | fi |
| 85 | 97 | ||
| @@ -89,11 +101,63 @@ echo "Certificate details" | |||
| 89 | $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert | 101 | $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert |
| 90 | 102 | ||
| 91 | echo | 103 | echo |
| 104 | echo "make a proxy certificate request using 'req'" | ||
| 105 | $reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss | ||
| 106 | if [ $? != 0 ]; then | ||
| 107 | echo "error using 'req' to generate a proxy certificate request" | ||
| 108 | exit 1 | ||
| 109 | fi | ||
| 110 | |||
| 111 | echo | ||
| 112 | echo "sign proxy certificate request with the just created user certificate via 'x509'" | ||
| 113 | $x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss | ||
| 114 | if [ $? != 0 ]; then | ||
| 115 | echo "error using 'x509' to sign a proxy certificate request" | ||
| 116 | exit 1 | ||
| 117 | fi | ||
| 118 | |||
| 119 | cat $Ucert > $P1intermediate | ||
| 120 | $verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert | ||
| 121 | echo | ||
| 122 | echo "Certificate details" | ||
| 123 | $x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert | ||
| 124 | |||
| 125 | echo | ||
| 126 | echo "make another proxy certificate request using 'req'" | ||
| 127 | $reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss | ||
| 128 | if [ $? != 0 ]; then | ||
| 129 | echo "error using 'req' to generate another proxy certificate request" | ||
| 130 | exit 1 | ||
| 131 | fi | ||
| 132 | |||
| 133 | echo | ||
| 134 | echo "sign second proxy certificate request with the first proxy certificate via 'x509'" | ||
| 135 | $x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss | ||
| 136 | if [ $? != 0 ]; then | ||
| 137 | echo "error using 'x509' to sign a second proxy certificate request" | ||
| 138 | exit 1 | ||
| 139 | fi | ||
| 140 | |||
| 141 | cat $Ucert $P1cert > $P2intermediate | ||
| 142 | $verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert | ||
| 143 | echo | ||
| 144 | echo "Certificate details" | ||
| 145 | $x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert | ||
| 146 | |||
| 147 | echo | ||
| 92 | echo The generated CA certificate is $CAcert | 148 | echo The generated CA certificate is $CAcert |
| 93 | echo The generated CA private key is $CAkey | 149 | echo The generated CA private key is $CAkey |
| 94 | 150 | ||
| 95 | echo The generated user certificate is $Ucert | 151 | echo The generated user certificate is $Ucert |
| 96 | echo The generated user private key is $Ukey | 152 | echo The generated user private key is $Ukey |
| 97 | 153 | ||
| 154 | echo The first generated proxy certificate is $P1cert | ||
| 155 | echo The first generated proxy private key is $P1key | ||
| 156 | |||
| 157 | echo The second generated proxy certificate is $P2cert | ||
| 158 | echo The second generated proxy private key is $P2key | ||
| 159 | |||
| 98 | /bin/rm err.ss | 160 | /bin/rm err.ss |
| 161 | #/bin/rm $P1intermediate | ||
| 162 | #/bin/rm $P2intermediate | ||
| 99 | exit 0 | 163 | exit 0 |
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl index ca8e718022..8ac90ae5ee 100644 --- a/src/lib/libssl/test/testssl +++ b/src/lib/libssl/test/testssl | |||
| @@ -10,9 +10,9 @@ if [ "$2" = "" ]; then | |||
| 10 | else | 10 | else |
| 11 | cert="$2" | 11 | cert="$2" |
| 12 | fi | 12 | fi |
| 13 | ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" | 13 | ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" |
| 14 | 14 | ||
| 15 | if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then | 15 | if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then |
| 16 | dsa_cert=YES | 16 | dsa_cert=YES |
| 17 | else | 17 | else |
| 18 | dsa_cert=NO | 18 | dsa_cert=NO |
| @@ -121,24 +121,24 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 | |||
| 121 | 121 | ||
| 122 | ############################################################################# | 122 | ############################################################################# |
| 123 | 123 | ||
| 124 | if ../apps/openssl no-dh; then | 124 | if ../util/shlib_wrap.sh ../apps/openssl no-dh; then |
| 125 | echo skipping anonymous DH tests | 125 | echo skipping anonymous DH tests |
| 126 | else | 126 | else |
| 127 | echo test tls1 with 1024bit anonymous DH, multiple handshakes | 127 | echo test tls1 with 1024bit anonymous DH, multiple handshakes |
| 128 | $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 | 128 | $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 |
| 129 | fi | 129 | fi |
| 130 | 130 | ||
| 131 | if ../apps/openssl no-rsa; then | 131 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then |
| 132 | echo skipping RSA tests | 132 | echo skipping RSA tests |
| 133 | else | 133 | else |
| 134 | echo test tls1 with 1024bit RSA, no DHE, multiple handshakes | 134 | echo test tls1 with 1024bit RSA, no DHE, multiple handshakes |
| 135 | ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 | 135 | ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 |
| 136 | 136 | ||
| 137 | if ../apps/openssl no-dh; then | 137 | if ../util/shlib_wrap.sh ../apps/openssl no-dh; then |
| 138 | echo skipping RSA+DHE tests | 138 | echo skipping RSA+DHE tests |
| 139 | else | 139 | else |
| 140 | echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes | 140 | echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes |
| 141 | ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 | 141 | ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 |
| 142 | fi | 142 | fi |
| 143 | fi | 143 | fi |
| 144 | 144 | ||