diff options
| author |   jsing <jsing@openbsd.org> | 2014-06-21 16:48:05 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-06-21 16:48:05 +0000 |
| commit | c419fba16046685a2e63353d145078638ab0e9c1 (patch) | |
| tree | 1ab2d57ef748f3383d29e8eff98ab45ec2d10e85 /regress/lib/libssl/ssl | |
| parent | Prefix messages about bad command line options and arguments (diff) | |
| download | wireguard-openbsd-c419fba16046685a2e63353d145078638ab0e9c1.tar.xz wireguard-openbsd-c419fba16046685a2e63353d145078638ab0e9c1.zip | |
Add DTLS support to ssltest and wire up some regress tests.
ok miod@
Diffstat (limited to 'regress/lib/libssl/ssl')
| -rw-r--r-- | regress/lib/libssl/ssl/ssltest.c | 19 | ||||
| -rw-r--r-- | regress/lib/libssl/ssl/testssl | 30 |
2 files changed, 41 insertions, 8 deletions
diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c index ad24b1f7131..40a3b77e078 100644 --- a/regress/lib/libssl/ssl/ssltest.c +++ b/regress/lib/libssl/ssl/ssltest.c @@ -268,6 +268,7 @@ sv_usage(void) #ifndef OPENSSL_NO_PSK fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); #endif + fprintf(stderr, " -dtls1 - use DTLSv1\n"); fprintf(stderr, " -ssl3 - use SSLv3\n"); fprintf(stderr, " -tls1 - use TLSv1\n"); fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); @@ -387,7 +388,7 @@ main(int argc, char *argv[]) int badop = 0; int bio_pair = 0; int force = 0; - int tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1; + int tls1 = 0, ssl2 = 0, ssl3 = 0, dtls1 = 0, ret = 1; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -488,13 +489,14 @@ main(int argc, char *argv[]) #else no_psk = 1; #endif - } + } else if (strcmp(*argv, "-dtls1") == 0) + dtls1 = 1; else if (strcmp(*argv, "-ssl2") == 0) ssl2 = 1; - else if (strcmp(*argv, "-tls1") == 0) - tls1 = 1; else if (strcmp(*argv, "-ssl3") == 0) ssl3 = 1; + else if (strcmp(*argv, "-tls1") == 0) + tls1 = 1; else if (strncmp(*argv, "-num", 4) == 0) { if (--argc < 1) goto bad; @@ -595,11 +597,12 @@ bad: goto end; } - if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) { + if (!dtls1 && !ssl2 && !ssl3 && !tls1 && + number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl2, -ssl3, -tls1, -reuse\n" + "or add one of -dtls1, -ssl2, -ssl3, -tls1, -reuse\n" "to avoid protocol mismatch.\n"); exit(1); } @@ -653,7 +656,9 @@ bad: } #endif - if (tls1) + if (dtls1) + meth = DTLSv1_method(); + else if (tls1) meth = TLSv1_method(); else if (ssl3) meth = SSLv3_method(); diff --git a/regress/lib/libssl/ssl/testssl b/regress/lib/libssl/ssl/testssl index ad5624d9177..80f3a1c511c 100644 --- a/regress/lib/libssl/ssl/testssl +++ b/regress/lib/libssl/ssl/testssl @@ -158,4 +158,32 @@ else $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 fi -exit 0 +# +# DTLS +# + +echo test dtlsv1 +$ssltest -dtls1 $extra || exit 1 + +echo test dtlsv1 with server authentication +$ssltest -dtls1 -server_auth $CA $extra || exit 1 + +echo test dtlsv1 with client authentication +$ssltest -dtls1 -client_auth $CA $extra || exit 1 + +echo test dtlsv1 with both client and server authentication +$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 + +echo "Testing DTLS ciphersuites" +for protocol in SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `openssl ciphers "RSA+$protocol" | tr ':' '\n' | + grep -v RC4`; do + echo "Testing $cipher" + $ssltest -cipher $cipher -dtls1 + if [ $? -ne 0 ] ; then + echo "Failed $cipher" + exit 1 + fi + done +done |