diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libssl/ssl/ssltest.c | 19 | ||||
| -rw-r--r-- | src/regress/lib/libssl/ssl/testssl | 30 |
2 files changed, 41 insertions, 8 deletions
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index ad24b1f713..40a3b77e07 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c | |||
| @@ -268,6 +268,7 @@ sv_usage(void) | |||
| 268 | #ifndef OPENSSL_NO_PSK | 268 | #ifndef OPENSSL_NO_PSK |
| 269 | fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); | 269 | fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); |
| 270 | #endif | 270 | #endif |
| 271 | fprintf(stderr, " -dtls1 - use DTLSv1\n"); | ||
| 271 | fprintf(stderr, " -ssl3 - use SSLv3\n"); | 272 | fprintf(stderr, " -ssl3 - use SSLv3\n"); |
| 272 | fprintf(stderr, " -tls1 - use TLSv1\n"); | 273 | fprintf(stderr, " -tls1 - use TLSv1\n"); |
| 273 | fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); | 274 | fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); |
| @@ -387,7 +388,7 @@ main(int argc, char *argv[]) | |||
| 387 | int badop = 0; | 388 | int badop = 0; |
| 388 | int bio_pair = 0; | 389 | int bio_pair = 0; |
| 389 | int force = 0; | 390 | int force = 0; |
| 390 | int tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1; | 391 | int tls1 = 0, ssl2 = 0, ssl3 = 0, dtls1 = 0, ret = 1; |
| 391 | int client_auth = 0; | 392 | int client_auth = 0; |
| 392 | int server_auth = 0, i; | 393 | int server_auth = 0, i; |
| 393 | struct app_verify_arg app_verify_arg = | 394 | struct app_verify_arg app_verify_arg = |
| @@ -488,13 +489,14 @@ main(int argc, char *argv[]) | |||
| 488 | #else | 489 | #else |
| 489 | no_psk = 1; | 490 | no_psk = 1; |
| 490 | #endif | 491 | #endif |
| 491 | } | 492 | } else if (strcmp(*argv, "-dtls1") == 0) |
| 493 | dtls1 = 1; | ||
| 492 | else if (strcmp(*argv, "-ssl2") == 0) | 494 | else if (strcmp(*argv, "-ssl2") == 0) |
| 493 | ssl2 = 1; | 495 | ssl2 = 1; |
| 494 | else if (strcmp(*argv, "-tls1") == 0) | ||
| 495 | tls1 = 1; | ||
| 496 | else if (strcmp(*argv, "-ssl3") == 0) | 496 | else if (strcmp(*argv, "-ssl3") == 0) |
| 497 | ssl3 = 1; | 497 | ssl3 = 1; |
| 498 | else if (strcmp(*argv, "-tls1") == 0) | ||
| 499 | tls1 = 1; | ||
| 498 | else if (strncmp(*argv, "-num", 4) == 0) { | 500 | else if (strncmp(*argv, "-num", 4) == 0) { |
| 499 | if (--argc < 1) | 501 | if (--argc < 1) |
| 500 | goto bad; | 502 | goto bad; |
| @@ -595,11 +597,12 @@ bad: | |||
| 595 | goto end; | 597 | goto end; |
| 596 | } | 598 | } |
| 597 | 599 | ||
| 598 | if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) { | 600 | if (!dtls1 && !ssl2 && !ssl3 && !tls1 && |
| 601 | number > 1 && !reuse && !force) { | ||
| 599 | fprintf(stderr, | 602 | fprintf(stderr, |
| 600 | "This case cannot work. Use -f to perform " | 603 | "This case cannot work. Use -f to perform " |
| 601 | "the test anyway (and\n-d to see what happens), " | 604 | "the test anyway (and\n-d to see what happens), " |
| 602 | "or add one of -ssl2, -ssl3, -tls1, -reuse\n" | 605 | "or add one of -dtls1, -ssl2, -ssl3, -tls1, -reuse\n" |
| 603 | "to avoid protocol mismatch.\n"); | 606 | "to avoid protocol mismatch.\n"); |
| 604 | exit(1); | 607 | exit(1); |
| 605 | } | 608 | } |
| @@ -653,7 +656,9 @@ bad: | |||
| 653 | } | 656 | } |
| 654 | #endif | 657 | #endif |
| 655 | 658 | ||
| 656 | if (tls1) | 659 | if (dtls1) |
| 660 | meth = DTLSv1_method(); | ||
| 661 | else if (tls1) | ||
| 657 | meth = TLSv1_method(); | 662 | meth = TLSv1_method(); |
| 658 | else if (ssl3) | 663 | else if (ssl3) |
| 659 | meth = SSLv3_method(); | 664 | meth = SSLv3_method(); |
diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl index ad5624d917..80f3a1c511 100644 --- a/src/regress/lib/libssl/ssl/testssl +++ b/src/regress/lib/libssl/ssl/testssl | |||
| @@ -158,4 +158,32 @@ else | |||
| 158 | $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 | 158 | $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 |
| 159 | fi | 159 | fi |
| 160 | 160 | ||
| 161 | exit 0 | 161 | # |
| 162 | # DTLS | ||
| 163 | # | ||
| 164 | |||
| 165 | echo test dtlsv1 | ||
| 166 | $ssltest -dtls1 $extra || exit 1 | ||
| 167 | |||
| 168 | echo test dtlsv1 with server authentication | ||
| 169 | $ssltest -dtls1 -server_auth $CA $extra || exit 1 | ||
| 170 | |||
| 171 | echo test dtlsv1 with client authentication | ||
| 172 | $ssltest -dtls1 -client_auth $CA $extra || exit 1 | ||
| 173 | |||
| 174 | echo test dtlsv1 with both client and server authentication | ||
| 175 | $ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 | ||
| 176 | |||
| 177 | echo "Testing DTLS ciphersuites" | ||
| 178 | for protocol in SSLv3; do | ||
| 179 | echo "Testing ciphersuites for $protocol" | ||
| 180 | for cipher in `openssl ciphers "RSA+$protocol" | tr ':' '\n' | | ||
| 181 | grep -v RC4`; do | ||
| 182 | echo "Testing $cipher" | ||
| 183 | $ssltest -cipher $cipher -dtls1 | ||
| 184 | if [ $? -ne 0 ] ; then | ||
| 185 | echo "Failed $cipher" | ||
| 186 | exit 1 | ||
| 187 | fi | ||
| 188 | done | ||
| 189 | done | ||