[openssl-dev] [openssl.org #2767] test/testssl script does not exercise TLS 1.2

2016-02-02 Thread Rich Salz via RT 
fixed in current releases.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl.org #2767] test/testssl script does not exercise TLS 1.2

2012-03-20 Thread John Foley via RT 
In version 1.0.1, the TLS unit test script does not invoke any of the
TLS 1.2 methods. 

The attached patch resolves this problem by adding support for the
-tls1_2 option to ssl/ssltest.c.  The test/testssl script is also
modified to utilize this new option.

Index: ssl/ssltest.c
===
--- ssl/ssltest.c	(revision 352)
+++ ssl/ssltest.c	(working copy)
@@ -350,6 +350,7 @@
 #endif
 #ifndef OPENSSL_NO_TLS1
 	fprintf(stderr, -tls1 - use TLSv1\n);
+	fprintf(stderr, -tls1_2   - use TLSv1.2\n);
 #endif
 	fprintf(stderr, -CApath arg   - PEM format directory of CA's\n);
 	fprintf(stderr, -CAfile arg   - PEM format file of CA's\n);
@@ -504,7 +505,7 @@
 	int badop=0;
 	int bio_pair=0;
 	int force=0;
-	int tls1=0,ssl2=0,ssl3=0,ret=1;
+	int tls12=0,tls1=0,ssl2=0,ssl3=0,ret=1;
 	int client_auth=0;
 	int server_auth=0,i;
 	struct app_verify_arg app_verify_arg =
@@ -661,6 +662,8 @@
 			ssl2=1;
 		else if	(strcmp(*argv,-tls1) == 0)
 			tls1=1;
+		else if	(strcmp(*argv,-tls1_2) == 0)
+			tls12=1;
 		else if	(strcmp(*argv,-ssl3) == 0)
 			ssl3=1;
 		else if	(strncmp(*argv,-num,4) == 0)
@@ -794,7 +797,7 @@
 		{
 		fprintf(stderr, This case cannot work.  Use -f to perform 
 			the test anyway (and\n-d to see what happens), 
-			or add one of -ssl2, -ssl3, -tls1, -reuse\n
+			or add one of -ssl2, -ssl3, -tls1, -tls1_2, -reuse\n
 			to avoid protocol mismatch.\n);
 		EXIT(1);
 		}
@@ -874,6 +877,9 @@
 	else 
 	if (tls1)
 		meth=TLSv1_method();
+	else 
+	if (tls12)
+		meth=TLSv1_2_method();
 	else
 	if (ssl3)
 		meth=SSLv3_method();
Index: test/testssl
===
--- test/testssl	(revision 352)
+++ test/testssl	(working copy)
@@ -158,4 +158,31 @@
   $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
 fi
 
+if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+  echo skipping anonymous DH tests
+else
+  echo test tls1.2 with 1024bit anonymous DH, multiple handshakes
+  $ssltest -v -bio_pair -tls1_2 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
+
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
+  echo skipping RSA tests
+else
+  echo 'test tls1.2 with 1024bit RSA, no (EC)DHE, multiple handshakes'
+  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1_2 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
+
+  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+echo skipping RSA+DHE tests
+  else
+echo test tls1.2 with 1024bit RSA, 1024bit DHE, multiple handshakes
+../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1_2 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+  fi
+fi
+
+echo test tls1.2 with PSK
+$ssltest -tls1_2 -cipher PSK -psk abc123 $extra || exit 1
+
+echo test tls1.2 with PSK via BIO pair
+$ssltest -bio_pair -tls1_2 -cipher PSK -psk abc123 $extra || exit 1
+
 exit 0
inline: foleyj.vcf