[openssl.org #2767] test/testssl script does not exercise TLS 1.2

Tue, 20 Mar 2012 02:42:37 -0700 

In version 1.0.1, the TLS unit test script does not invoke any of the
TLS 1.2 methods. 

The attached patch resolves this problem by adding support for the
-tls1_2 option to ssl/ssltest.c.  The test/testssl script is also
modified to utilize this new option.


Index: ssl/ssltest.c
===================================================================
--- ssl/ssltest.c	(revision 352)
+++ ssl/ssltest.c	(working copy)
@@ -350,6 +350,7 @@
 #endif
 #ifndef OPENSSL_NO_TLS1
 	fprintf(stderr," -tls1         - use TLSv1\n");
+	fprintf(stderr," -tls1_2       - use TLSv1.2\n");
 #endif
 	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
 	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
@@ -504,7 +505,7 @@
 	int badop=0;
 	int bio_pair=0;
 	int force=0;
-	int tls1=0,ssl2=0,ssl3=0,ret=1;
+	int tls12=0,tls1=0,ssl2=0,ssl3=0,ret=1;
 	int client_auth=0;
 	int server_auth=0,i;
 	struct app_verify_arg app_verify_arg =
@@ -661,6 +662,8 @@
 			ssl2=1;
 		else if	(strcmp(*argv,"-tls1") == 0)
 			tls1=1;
+		else if	(strcmp(*argv,"-tls1_2") == 0)
+			tls12=1;
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			ssl3=1;
 		else if	(strncmp(*argv,"-num",4) == 0)
@@ -794,7 +797,7 @@
 		{
 		fprintf(stderr, "This case cannot work.  Use -f to perform "
 			"the test anyway (and\n-d to see what happens), "
-			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+			"or add one of -ssl2, -ssl3, -tls1, -tls1_2, -reuse\n"
 			"to avoid protocol mismatch.\n");
 		EXIT(1);
 		}
@@ -874,6 +877,9 @@
 	else 
 	if (tls1)
 		meth=TLSv1_method();
+	else 
+	if (tls12)
+		meth=TLSv1_2_method();
 	else
 	if (ssl3)
 		meth=SSLv3_method();
Index: test/testssl
===================================================================
--- test/testssl	(revision 352)
+++ test/testssl	(working copy)
@@ -158,4 +158,31 @@
   $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
 fi
 
+if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+  echo skipping anonymous DH tests
+else
+  echo test tls1.2 with 1024bit anonymous DH, multiple handshakes
+  $ssltest -v -bio_pair -tls1_2 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
+
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
+  echo skipping RSA tests
+else
+  echo 'test tls1.2 with 1024bit RSA, no (EC)DHE, multiple handshakes'
+  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1_2 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
+
+  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+    echo skipping RSA+DHE tests
+  else
+    echo test tls1.2 with 1024bit RSA, 1024bit DHE, multiple handshakes
+    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1_2 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+  fi
+fi
+
+echo test tls1.2 with PSK
+$ssltest -tls1_2 -cipher PSK -psk abc123 $extra || exit 1
+
+echo test tls1.2 with PSK via BIO pair
+$ssltest -bio_pair -tls1_2 -cipher PSK -psk abc123 $extra || exit 1
+
 exit 0

<<inline: foleyj.vcf>>

Reply via email to