1 files changed, 157 insertions, 0 deletions
diff --git a/tests/testssl.bat b/tests/testssl.bat
new file mode 100644
index 0000000..f164aeb
--- /dev/null
+++ b/tests/testssl.bat
@@ -0,0 +1,157 @@
+@echo off
+setlocal enabledelayedexpansion
+REM     testssl.bat
+set key=%1
+set cert=%2
+set CA=-CAfile %3
+set ssltest=%4 -key %key% -cert %cert% -c_key %key% -c_cert %cert%
+set openssl=%5
+set extra=%6
+%openssl% version & if !errorlevel! neq 0 exit /b 1
+for /f "usebackq" %%s in (`%openssl% x509 -in %cert% -text -noout ^| find /c "DSA Public Key"`) do set lines=%%s
+if %lines% gtr 0 (
+  set dsa_cert=YES
+) else (
+  set dsa_cert=NO
+)
+REM #########################################################################
+echo test sslv2/sslv3
+%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test sslv2/sslv3 with server authentication
+%ssltest% -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test sslv2/sslv3 with client authentication
+%ssltest% -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test sslv2/sslv3 with both client and server authentication
+%ssltest% -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test sslv2/sslv3 via BIO pair
+%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1
+if %dsa_cert%==NO (
+  echo "test sslv2/sslv3 w/o (EC)DHE via BIO pair"
+  %ssltest% -bio_pair -no_dhe -no_ecdhe %extra% & if !errorlevel! neq 0 exit /b 1
+)
+echo test sslv2/sslv3 with 1024bit DHE via BIO pair
+%ssltest% -bio_pair -dhe1024dsa -v %extra% & if !errorlevel! neq 0 exit /b 1
+echo test sslv2/sslv3 with server authentication
+%ssltest% -bio_pair -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test sslv2/sslv3 with client authentication via BIO pair
+%ssltest% -bio_pair -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+%ssltest% -bio_pair -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+%ssltest% -bio_pair -server_auth -client_auth -app_verify %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo "Testing ciphersuites"
+for %%p in ( TLSv1.2 ) do (
+  echo "Testing ciphersuites for %%p"
+  for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p+aRSA"`) do (
+    echo "Testing %%c"
+    %ssltest% -cipher %%c
+    if !errorlevel! neq 0 (
+      echo "Failed %%c"
+      exit /b 1
+    )
+  )
+)
+REM ##########################################################################
+for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
+if %nodh%==no-dh (
+  echo skipping anonymous DH tests
+) else (
+  echo test tls1 with 1024bit anonymous DH, multiple handshakes
+  %ssltest% -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
+)
+REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s
+REM #if %norsa%==no-rsa (
+REM #  echo skipping RSA tests
+REM #) else (
+REM #  echo "test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes"
+REM #  %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -no_dhe -no_ecdhe -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
+REM #
+REM #  for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
+REM #  if %nodh%==no-dh (
+REM #    echo skipping RSA+DHE tests
+REM #  ) else (
+REM #    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+REM #    %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
+REM #  )
+REM #)
+REM #
+REM # DTLS tests
+REM #
+echo test dtlsv1
+%ssltest% -dtls1 %extra% & if !errorlevel! neq 0 exit /b 1
+echo test dtlsv1 with server authentication
+%ssltest% -dtls1 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test dtlsv1 with client authentication
+%ssltest% -dtls1 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo test dtlsv1 with both client and server authentication
+%ssltest% -dtls1 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+echo "Testing DTLS ciphersuites"
+for %%p in ( SSLv3 ) do (
+  echo "Testing ciphersuites for %%p"
+  for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4"`) do (
+    echo "Testing %%c"
+    %ssltest% -cipher %%c -dtls1
+    if !errorlevel! neq 0 (
+      echo "Failed %%c"
+      exit /b 1
+    )
+  )
+)
+REM #
+REM # Next Protocol Negotiation tests
+REM #
+echo "Testing NPN..."
+%ssltest% -bio_pair -tls1 -npn_client & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_server & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_server_reject & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_client -npn_server_reject & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_client -npn_server & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse & if !errorlevel! neq 0 exit /b 1
+REM #
+REM # ALPN tests
+REM #
+echo "Testing ALPN..."
+%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server foo ^
+  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo ^
+  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo ^
+  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar ^
+  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo ^
+  -alpn_expected bar & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo ^
+  -alpn_expected bar & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1
+endlocal

diff --git a/tests/testssl.bat b/tests/testssl.bat new file mode 100644 index 0000000..f164aeb --- /dev/null +++ b/tests/testssl.bat
@@ -0,0 +1,157 @@
	1	@echo off
	2	setlocal enabledelayedexpansion
	3	REM testssl.bat
	4
	5	set key=%1
	6	set cert=%2
	7	set CA=-CAfile %3
	8	set ssltest=%4 -key %key% -cert %cert% -c_key %key% -c_cert %cert%
	9	set openssl=%5
	10	set extra=%6
	11
	12	%openssl% version & if !errorlevel! neq 0 exit /b 1
	13
	14	for /f "usebackq" %%s in (`%openssl% x509 -in %cert% -text -noout ^\| find /c "DSA Public Key"`) do set lines=%%s
	15	if %lines% gtr 0 (
	16	set dsa_cert=YES
	17	) else (
	18	set dsa_cert=NO
	19	)
	20
	21	REM #########################################################################
	22
	23	echo test sslv2/sslv3
	24	%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1
	25
	26	echo test sslv2/sslv3 with server authentication
	27	%ssltest% -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	28
	29	echo test sslv2/sslv3 with client authentication
	30	%ssltest% -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	31
	32	echo test sslv2/sslv3 with both client and server authentication
	33	%ssltest% -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	34
	35	echo test sslv2/sslv3 via BIO pair
	36	%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1
	37
	38	if %dsa_cert%==NO (
	39	echo "test sslv2/sslv3 w/o (EC)DHE via BIO pair"
	40	%ssltest% -bio_pair -no_dhe -no_ecdhe %extra% & if !errorlevel! neq 0 exit /b 1
	41	)
	42
	43	echo test sslv2/sslv3 with 1024bit DHE via BIO pair
	44	%ssltest% -bio_pair -dhe1024dsa -v %extra% & if !errorlevel! neq 0 exit /b 1
	45
	46	echo test sslv2/sslv3 with server authentication
	47	%ssltest% -bio_pair -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	48
	49	echo test sslv2/sslv3 with client authentication via BIO pair
	50	%ssltest% -bio_pair -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	51
	52	echo test sslv2/sslv3 with both client and server authentication via BIO pair
	53	%ssltest% -bio_pair -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	54
	55	echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
	56	%ssltest% -bio_pair -server_auth -client_auth -app_verify %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	57
	58	echo "Testing ciphersuites"
	59	for %%p in ( TLSv1.2 ) do (
	60	echo "Testing ciphersuites for %%p"
	61	for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p+aRSA"`) do (
	62	echo "Testing %%c"
	63	%ssltest% -cipher %%c
	64	if !errorlevel! neq 0 (
	65	echo "Failed %%c"
	66	exit /b 1
	67	)
	68	)
	69	)
	70
	71	REM ##########################################################################
	72
	73	for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
	74	if %nodh%==no-dh (
	75	echo skipping anonymous DH tests
	76	) else (
	77	echo test tls1 with 1024bit anonymous DH, multiple handshakes
	78	%ssltest% -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
	79	)
	80
	81	REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s
	82	REM #if %norsa%==no-rsa (
	83	REM # echo skipping RSA tests
	84	REM #) else (
	85	REM # echo "test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes"
	86	REM # %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -no_dhe -no_ecdhe -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
	87	REM #
	88	REM # for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
	89	REM # if %nodh%==no-dh (
	90	REM # echo skipping RSA+DHE tests
	91	REM # ) else (
	92	REM # echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
	93	REM # %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
	94	REM # )
	95	REM #)
	96
	97	REM #
	98	REM # DTLS tests
	99	REM #
	100
	101	echo test dtlsv1
	102	%ssltest% -dtls1 %extra% & if !errorlevel! neq 0 exit /b 1
	103
	104	echo test dtlsv1 with server authentication
	105	%ssltest% -dtls1 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	106
	107	echo test dtlsv1 with client authentication
	108	%ssltest% -dtls1 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	109
	110	echo test dtlsv1 with both client and server authentication
	111	%ssltest% -dtls1 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
	112
	113	echo "Testing DTLS ciphersuites"
	114	for %%p in ( SSLv3 ) do (
	115	echo "Testing ciphersuites for %%p"
	116	for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4"`) do (
	117	echo "Testing %%c"
	118	%ssltest% -cipher %%c -dtls1
	119	if !errorlevel! neq 0 (
	120	echo "Failed %%c"
	121	exit /b 1
	122	)
	123	)
	124	)
	125
	126	REM #
	127	REM # Next Protocol Negotiation tests
	128	REM #
	129	echo "Testing NPN..."
	130	%ssltest% -bio_pair -tls1 -npn_client & if !errorlevel! neq 0 exit /b 1
	131	%ssltest% -bio_pair -tls1 -npn_server & if !errorlevel! neq 0 exit /b 1
	132	%ssltest% -bio_pair -tls1 -npn_server_reject & if !errorlevel! neq 0 exit /b 1
	133	%ssltest% -bio_pair -tls1 -npn_client -npn_server_reject & if !errorlevel! neq 0 exit /b 1
	134	%ssltest% -bio_pair -tls1 -npn_client -npn_server & if !errorlevel! neq 0 exit /b 1
	135	%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 & if !errorlevel! neq 0 exit /b 1
	136	%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse & if !errorlevel! neq 0 exit /b 1
	137
	138	REM #
	139	REM # ALPN tests
	140	REM #
	141	echo "Testing ALPN..."
	142	%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1
	143	%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server foo ^
	144	-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
	145	%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo ^
	146	-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
	147	%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo ^
	148	-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
	149	%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar ^
	150	-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
	151	%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo ^
	152	-alpn_expected bar & if !errorlevel! neq 0 exit /b 1
	153	%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo ^
	154	-alpn_expected bar & if !errorlevel! neq 0 exit /b 1
	155	%ssltest% -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1
	156
	157	endlocal