From 14905877a0eb85ebdc16162e820cda51f0895fc7 Mon Sep 17 00:00:00 2001 From: kinichiro Date: Tue, 18 Oct 2016 17:13:56 +0900 Subject: Enable tests on Visual Studio - add patch for aeadtest.c to undef IN - add patch for ocsp_test.c to call BIO_sock_init() before getaddrinfo() - define STDERR_FILENO in unistd.h to build pkcs7test.c - add option ENABLE_VSTEST(default OFF) to enable test on Visual Studio - modify to pass test data file as an argument (aeadtest, evptest) - add Windows scripts (ocsptest, pq_test, ssltest, testdsa, testenc, testrsa) - do not build pidwraptest on MSVC - fix some indentations --- CMakeLists.txt | 3 + include/compat/unistd.h | 2 + patches/aeadtest.c.patch | 15 +++++ patches/ocsp_test.c.patch | 14 +++++ tests/CMakeLists.txt | 64 ++++++++++++------- tests/Makefile.am | 14 ++--- tests/ocsptest.bat | 11 ++++ tests/pq_test.bat | 14 +++++ tests/ssltest.bat | 18 ++++++ tests/testdsa.bat | 38 +++++++++++ tests/testenc.bat | 69 ++++++++++++++++++++ tests/testrsa.bat | 38 +++++++++++ tests/testssl.bat | 157 ++++++++++++++++++++++++++++++++++++++++++++++ 13 files changed, 429 insertions(+), 28 deletions(-) create mode 100644 patches/aeadtest.c.patch create mode 100644 patches/ocsp_test.c.patch create mode 100644 tests/ocsptest.bat create mode 100644 tests/pq_test.bat create mode 100644 tests/ssltest.bat create mode 100644 tests/testdsa.bat create mode 100644 tests/testenc.bat create mode 100644 tests/testrsa.bat create mode 100644 tests/testssl.bat diff --git a/CMakeLists.txt b/CMakeLists.txt index fd2ef7b..93f3ff6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -26,6 +26,7 @@ string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION}) option(ENABLE_ASM "Enable assembly" ON) option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF) option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF) +option(ENABLE_VSTEST "Enable test on Visual Studio" OFF) set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE) set(BUILD_NC true) @@ -294,6 +295,8 @@ add_subdirectory(tls) add_subdirectory(include) if(NOT MSVC) add_subdirectory(man) +endif() +if(NOT MSVC OR ENABLE_VSTEST) add_subdirectory(tests) endif() diff --git a/include/compat/unistd.h b/include/compat/unistd.h index 6c83e76..52255bb 100644 --- a/include/compat/unistd.h +++ b/include/compat/unistd.h @@ -14,6 +14,8 @@ #include #include +#define STDERR_FILENO 2 + #define R_OK 4 #define W_OK 2 #define X_OK 0 diff --git a/patches/aeadtest.c.patch b/patches/aeadtest.c.patch new file mode 100644 index 0000000..ce62107 --- /dev/null +++ b/patches/aeadtest.c.patch @@ -0,0 +1,15 @@ +--- tests/aeadtest.c.orig 2016-10-18 17:03:33.845870889 +0900 ++++ tests/aeadtest.c 2016-10-18 17:11:19.880841283 +0900 +@@ -75,6 +75,12 @@ + + #define BUF_MAX 1024 + ++#ifdef _MSC_VER ++#ifdef IN ++#undef IN ++#endif ++#endif ++ + /* These are the different types of line that are found in the input file. */ + enum { + AEAD = 0, /* name of the AEAD algorithm. */ diff --git a/patches/ocsp_test.c.patch b/patches/ocsp_test.c.patch new file mode 100644 index 0000000..aa427db --- /dev/null +++ b/patches/ocsp_test.c.patch @@ -0,0 +1,14 @@ +--- tests/ocsp_test.c.orig 2016-10-18 18:12:39.854607509 +0900 ++++ tests/ocsp_test.c 2016-10-18 18:14:29.261600559 +0900 +@@ -16,6 +16,11 @@ + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_STREAM; + ++#ifdef _MSC_VER ++ if (BIO_sock_init() != 1) ++ exit(-1); ++#endif ++ + error = getaddrinfo(host, port, &hints, &res); + if (error != 0) { + perror("getaddrinfo()"); diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 80a248e..7957235 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -14,8 +14,7 @@ add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_CURRENT_SOURCE_DIR}/../apps/openss # aeadtest add_executable(aeadtest aeadtest.c) target_link_libraries(aeadtest ${OPENSSL_LIBS}) -add_test(aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh) -set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") +add_test(aeadtest aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt) # aes_wrap add_executable(aes_wrap aes_wrap.c) @@ -25,9 +24,9 @@ add_test(aes_wrap aes_wrap) # arc4randomforktest # Windows/mingw does not have fork, but Cygwin does. if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW") -add_executable(arc4randomforktest arc4randomforktest.c) -target_link_libraries(arc4randomforktest ${OPENSSL_LIBS}) -add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh) + add_executable(arc4randomforktest arc4randomforktest.c) + target_link_libraries(arc4randomforktest ${OPENSSL_LIBS}) + add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh) endif() # asn1test @@ -136,19 +135,18 @@ add_test(enginetest enginetest) # evptest add_executable(evptest evptest.c) target_link_libraries(evptest ${OPENSSL_LIBS}) -add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh) -set_tests_properties(evptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") +add_test(evptest evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptests.txt) # explicit_bzero # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows if(NOT CMAKE_HOST_WIN32) -if(HAVE_MEMMEM) - add_executable(explicit_bzero explicit_bzero.c) -else() - add_executable(explicit_bzero explicit_bzero.c memmem.c) -endif() -target_link_libraries(explicit_bzero ${OPENSSL_LIBS}) -add_test(explicit_bzero explicit_bzero) + if(HAVE_MEMMEM) + add_executable(explicit_bzero explicit_bzero.c) + else() + add_executable(explicit_bzero explicit_bzero.c memmem.c) + endif() + target_link_libraries(explicit_bzero ${OPENSSL_LIBS}) + add_test(explicit_bzero explicit_bzero) endif() # exptest @@ -200,7 +198,11 @@ add_test(mont mont) if(ENABLE_EXTRATESTS) add_executable(ocsp_test ocsp_test.c) target_link_libraries(ocsp_test ${OPENSSL_LIBS}) - add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh) + if(NOT MSVC) + add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh) + else() + add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.bat) + endif() endif() # optionstest @@ -216,7 +218,7 @@ add_test(pbkdf2 pbkdf2) # pidwraptest # pidwraptest relies on an OS-specific way to give out pids and is generally # awkward on systems with slow fork -if(ENABLE_EXTRATESTS) +if(ENABLE_EXTRATESTS AND NOT MSVC) add_executable(pidwraptest pidwraptest.c) target_link_libraries(pidwraptest ${OPENSSL_LIBS}) add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh) @@ -235,7 +237,11 @@ add_test(poly1305test poly1305test) # pq_test add_executable(pq_test pq_test.c) target_link_libraries(pq_test ${OPENSSL_LIBS}) -add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh) +if(NOT MSVC) + add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh) +else() + add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.bat) +endif() set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") # randtest @@ -285,19 +291,35 @@ add_test(sha512test sha512test) # ssltest add_executable(ssltest ssltest.c) target_link_libraries(ssltest ${OPENSSL_LIBS}) -add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh) +if(NOT MSVC) + add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh) +else() + add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.bat) +endif() set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") # testdsa -add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh) +if(NOT MSVC) + add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh) +else() + add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.bat) +endif() set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") # testenc -add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh) +if(NOT MSVC) + add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh) +else() + add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.bat) +endif() set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") # testrsa -add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh) +if(NOT MSVC) + add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh) +else() + add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.bat) +endif() set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") # timingsafe diff --git a/tests/Makefile.am b/tests/Makefile.am index 5ba7b60..85720c2 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -215,7 +215,7 @@ TESTS += ocsptest.sh check_PROGRAMS += ocsp_test ocsp_test_SOURCES = ocsp_test.c endif -EXTRA_DIST += ocsptest.sh +EXTRA_DIST += ocsptest.sh ocsptest.bat # optionstest TESTS += optionstest @@ -251,7 +251,7 @@ poly1305test_SOURCES = poly1305test.c TESTS += pq_test.sh check_PROGRAMS += pq_test pq_test_SOURCES = pq_test.c -EXTRA_DIST += pq_test.sh +EXTRA_DIST += pq_test.sh pq_test.bat EXTRA_DIST += pq_expected.txt # randtest @@ -303,21 +303,21 @@ sha512test_SOURCES = sha512test.c TESTS += ssltest.sh check_PROGRAMS += ssltest ssltest_SOURCES = ssltest.c -EXTRA_DIST += ssltest.sh -EXTRA_DIST += testssl ca.pem server.pem +EXTRA_DIST += ssltest.sh ssltest.bat +EXTRA_DIST += testssl testssl.bat ca.pem server.pem # testdsa TESTS += testdsa.sh -EXTRA_DIST += testdsa.sh +EXTRA_DIST += testdsa.sh testdsa.bat EXTRA_DIST += openssl.cnf # testenc TESTS += testenc.sh -EXTRA_DIST += testenc.sh +EXTRA_DIST += testenc.sh testenc.bat # testrsa TESTS += testrsa.sh -EXTRA_DIST += testrsa.sh +EXTRA_DIST += testrsa.sh testrsa.bat # timingsafe TESTS += timingsafe diff --git a/tests/ocsptest.bat b/tests/ocsptest.bat new file mode 100644 index 0000000..fa0ae42 --- /dev/null +++ b/tests/ocsptest.bat @@ -0,0 +1,11 @@ +@echo off +setlocal enabledelayedexpansion +REM ocsptest.bat + +set TEST=Debug\ocsp_test.exe +if not exist %TEST% exit /b 1 + +%TEST% www.amazon.com 443 & if !errorlevel! neq 0 exit /b 1 +%TEST% cloudflare.com 443 & if !errorlevel! neq 0 exit /b 1 + +endlocal diff --git a/tests/pq_test.bat b/tests/pq_test.bat new file mode 100644 index 0000000..b665874 --- /dev/null +++ b/tests/pq_test.bat @@ -0,0 +1,14 @@ +@echo off +setlocal enabledelayedexpansion +REM pq_test.bat + +set TEST=Debug\pq_test.exe +if not exist %TEST% exit /b 1 + +set pq_output=pq_output.txt +if exist %pq_output% del %pq_output% + +%TEST% > %pq_output% +fc /b %pq_output% %srcdir%\pq_expected.txt + +endlocal diff --git a/tests/ssltest.bat b/tests/ssltest.bat new file mode 100644 index 0000000..a7c3df5 --- /dev/null +++ b/tests/ssltest.bat @@ -0,0 +1,18 @@ +@echo off +setlocal enabledelayedexpansion +REM ssltest.bat + +set ssltest_bin=Debug\ssltest.exe +if not exist %ssltest_bin% exit /b 1 + +set openssl_bin=..\apps\openssl\Debug\openssl.exe +if not exist %openssl_bin% exit /b 1 + +if "%srcdir%"=="" ( + set srcdir=. +) + +%srcdir%\testssl.bat %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem ^ + %ssltest_bin% %openssl_bin% + +endlocal diff --git a/tests/testdsa.bat b/tests/testdsa.bat new file mode 100644 index 0000000..9a9690e --- /dev/null +++ b/tests/testdsa.bat @@ -0,0 +1,38 @@ +@echo off +setlocal enabledelayedexpansion +REM testdsa.bat + + +REM # Test DSA certificate generation of openssl + +set cmd=..\apps\openssl\Debug\openssl.exe +if not exist %cmd% exit /b 1 + +if "%srcdir%"=="" ( + set srcdir=. +) + +REM # Generate DSA paramter set +%cmd% dsaparam 512 -out dsa512.pem +if !errorlevel! neq 0 ( + exit /b 1 +) + + +REM # Generate a DSA certificate +%cmd% req -config %srcdir%\openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key +if !errorlevel! neq 0 ( + exit /b 1 +) + + +REM # Now check the certificate +%cmd% x509 -text -in testdsa.pem +if !errorlevel! neq 0 ( + exit /b 1 +) + +del testdsa.key dsa512.pem testdsa.pem + +exit /b 0 +endlocal diff --git a/tests/testenc.bat b/tests/testenc.bat new file mode 100644 index 0000000..a925ec3 --- /dev/null +++ b/tests/testenc.bat @@ -0,0 +1,69 @@ +@echo off +setlocal enabledelayedexpansion +REM testenc.bat + +set test=p +set cmd=..\apps\openssl\Debug\openssl.exe +if not exist %cmd% exit /b 1 + +set srcdir=..\..\tests + +copy %srcdir%\openssl.cnf %test% + +echo cat +%cmd% enc -in %test% -out %test%.cipher +%cmd% enc -in %test%.cipher -out %test%.clear +fc /b %test% %test%.clear +if !errorlevel! neq 0 ( + exit /b 1 +) else ( + del %test%.cipher %test%.clear +) + +echo base64 +%cmd% enc -a -e -in %test% -out %test%.cipher +%cmd% enc -a -d -in %test%.cipher -out %test%.clear +fc /b %test% %test%.clear +if !errorlevel! neq 0 ( + exit /b 1 +) else ( + del %test%.cipher %test%.clear +) + +for %%i in ( + aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8 + aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb + aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb + aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 + aes-256-ecb aes-256-ofb + bf-cbc bf-cfb bf-ecb bf-ofb + cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb + des-cbc des-cfb des-cfb8 des-ecb des-ede + des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 + des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc + rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb + rc4 rc4-40 +) do ( + echo %%i + %cmd% %%i -e -k test -in %test% -out %test%.%%i.cipher + %cmd% %%i -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear + fc /b %test% %test%.%%i.clear + if !errorlevel! neq 0 ( + exit /b 1 + ) else ( + del %test%.%%i.cipher %test%.%%i.clear + ) + + echo %%i base64 + %cmd% %%i -a -e -k test -in %test% -out %test%.%%i.cipher + %cmd% %%i -a -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear + fc /b %test% %test%.%%i.clear + if !errorlevel! neq 0 ( + exit /b 1 + ) else ( + del %test%.%%i.cipher %test%.%%i.clear + ) +) + +del %test% +endlocal diff --git a/tests/testrsa.bat b/tests/testrsa.bat new file mode 100644 index 0000000..6d88d21 --- /dev/null +++ b/tests/testrsa.bat @@ -0,0 +1,38 @@ +@echo off +setlocal enabledelayedexpansion +REM testrsa.bat + + +REM # Test RSA certificate generation of openssl + +set cmd=..\apps\openssl\Debug\openssl.exe +if not exist %cmd% exit /b 1 + +if "%srcdir%"=="" ( + set srcdir=. +) + +REM # Generate RSA private key +%cmd% genrsa -out rsakey.pem +if !errorlevel! neq 0 ( + exit /b 1 +) + + +REM # Generate an RSA certificate +%cmd% req -config %srcdir%\openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem +if !errorlevel! neq 0 ( + exit /b 1 +) + + +REM # Now check the certificate +%cmd% x509 -text -in rsacert.pem +if !errorlevel! neq 0 ( + exit /b 1 +) + +del rsacert.pem rsakey.pem + +exit /b 0 +endlocal diff --git a/tests/testssl.bat b/tests/testssl.bat new file mode 100644 index 0000000..f164aeb --- /dev/null +++ b/tests/testssl.bat @@ -0,0 +1,157 @@ +@echo off +setlocal enabledelayedexpansion +REM testssl.bat + +set key=%1 +set cert=%2 +set CA=-CAfile %3 +set ssltest=%4 -key %key% -cert %cert% -c_key %key% -c_cert %cert% +set openssl=%5 +set extra=%6 + +%openssl% version & if !errorlevel! neq 0 exit /b 1 + +for /f "usebackq" %%s in (`%openssl% x509 -in %cert% -text -noout ^| find /c "DSA Public Key"`) do set lines=%%s +if %lines% gtr 0 ( + set dsa_cert=YES +) else ( + set dsa_cert=NO +) + +REM ######################################################################### + +echo test sslv2/sslv3 +%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test sslv2/sslv3 with server authentication +%ssltest% -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test sslv2/sslv3 with client authentication +%ssltest% -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test sslv2/sslv3 with both client and server authentication +%ssltest% -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test sslv2/sslv3 via BIO pair +%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1 + +if %dsa_cert%==NO ( + echo "test sslv2/sslv3 w/o (EC)DHE via BIO pair" + %ssltest% -bio_pair -no_dhe -no_ecdhe %extra% & if !errorlevel! neq 0 exit /b 1 +) + +echo test sslv2/sslv3 with 1024bit DHE via BIO pair +%ssltest% -bio_pair -dhe1024dsa -v %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test sslv2/sslv3 with server authentication +%ssltest% -bio_pair -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test sslv2/sslv3 with client authentication via BIO pair +%ssltest% -bio_pair -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test sslv2/sslv3 with both client and server authentication via BIO pair +%ssltest% -bio_pair -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify +%ssltest% -bio_pair -server_auth -client_auth -app_verify %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo "Testing ciphersuites" +for %%p in ( TLSv1.2 ) do ( + echo "Testing ciphersuites for %%p" + for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p+aRSA"`) do ( + echo "Testing %%c" + %ssltest% -cipher %%c + if !errorlevel! neq 0 ( + echo "Failed %%c" + exit /b 1 + ) + ) +) + +REM ########################################################################## + +for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s +if %nodh%==no-dh ( + echo skipping anonymous DH tests +) else ( + echo test tls1 with 1024bit anonymous DH, multiple handshakes + %ssltest% -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1 +) + +REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s +REM #if %norsa%==no-rsa ( +REM # echo skipping RSA tests +REM #) else ( +REM # echo "test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes" +REM # %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -no_dhe -no_ecdhe -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1 +REM # +REM # for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s +REM # if %nodh%==no-dh ( +REM # echo skipping RSA+DHE tests +REM # ) else ( +REM # echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes +REM # %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1 +REM # ) +REM #) + +REM # +REM # DTLS tests +REM # + +echo test dtlsv1 +%ssltest% -dtls1 %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test dtlsv1 with server authentication +%ssltest% -dtls1 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test dtlsv1 with client authentication +%ssltest% -dtls1 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo test dtlsv1 with both client and server authentication +%ssltest% -dtls1 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 + +echo "Testing DTLS ciphersuites" +for %%p in ( SSLv3 ) do ( + echo "Testing ciphersuites for %%p" + for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4"`) do ( + echo "Testing %%c" + %ssltest% -cipher %%c -dtls1 + if !errorlevel! neq 0 ( + echo "Failed %%c" + exit /b 1 + ) + ) +) + +REM # +REM # Next Protocol Negotiation tests +REM # +echo "Testing NPN..." +%ssltest% -bio_pair -tls1 -npn_client & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -npn_server & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -npn_server_reject & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -npn_client -npn_server_reject & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -npn_client -npn_server & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse & if !errorlevel! neq 0 exit /b 1 + +REM # +REM # ALPN tests +REM # +echo "Testing ALPN..." +%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server foo ^ + -alpn_expected foo & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo ^ + -alpn_expected foo & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo ^ + -alpn_expected foo & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar ^ + -alpn_expected foo & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo ^ + -alpn_expected bar & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo ^ + -alpn_expected bar & if !errorlevel! neq 0 exit /b 1 +%ssltest% -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1 + +endlocal -- cgit v1.2.3-55-g6feb