9 cert=../apps/server.pem
14 ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
16 ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
18 if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
24 if [ "$3" = "" ]; then
30 if [ "$4" = "" ]; then
36 #############################################################################
38 echo test ssl3 is forbidden in FIPS mode
39 $ssltest -ssl3 $extra && exit 1
41 if ../util/shlib_wrap.sh ../apps/openssl ciphers SSLv2 >/dev/null 2>&1; then
42 echo test ssl2 is forbidden in FIPS mode
43 $ssltest -ssl2 $extra && exit 1
45 echo ssl2 disabled: skipping test
49 $ssltest -tls1 $extra || exit 1
51 echo test tls1 with server authentication
52 $ssltest -tls1 -server_auth $CA $extra || exit 1
54 echo test tls1 with client authentication
55 $ssltest -tls1 -client_auth $CA $extra || exit 1
57 echo test tls1 with both client and server authentication
58 $ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1
60 echo test tls1 via BIO pair
61 $ssltest -bio_pair -tls1 $extra || exit 1
63 echo test tls1 with server authentication via BIO pair
64 $ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1
66 echo test tls1 with client authentication via BIO pair
67 $ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1
69 echo test tls1 with both client and server authentication via BIO pair
70 $ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1
72 # note that all the below actually choose TLS...
74 if [ $dsa_cert = NO ]; then
75 echo test sslv2/sslv3 w/o DHE via BIO pair
76 $ssltest -bio_pair -no_dhe $extra || exit 1
79 echo test sslv2/sslv3 with 1024bit DHE via BIO pair
80 $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
82 echo test sslv2/sslv3 with server authentication
83 $ssltest -bio_pair -server_auth $CA $extra || exit 1
85 echo test sslv2/sslv3 with client authentication via BIO pair
86 $ssltest -bio_pair -client_auth $CA $extra || exit 1
88 echo test sslv2/sslv3 with both client and server authentication via BIO pair
89 $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
91 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
92 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
94 #############################################################################
96 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
97 echo skipping anonymous DH tests
99 echo test tls1 with 1024bit anonymous DH, multiple handshakes
100 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
103 if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
104 echo skipping RSA tests
106 echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
107 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
109 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
110 echo skipping RSA+DHE tests
112 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
113 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1