diff options
| author | Emilia Kasper <emilia@openssl.org> | 2015-05-26 14:32:57 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2015-05-27 17:22:56 +0200 |
| commit | 15a06488fcced19b79708a0329313121e01ded7e (patch) | |
| tree | 90cb7a3bec396a346b9d158a408f28023d800e87 | |
| parent | f2e19cb15e3d68c748ce3dc2b791be9a2fc14fd3 (diff) | |
| download | openssl-15a06488fcced19b79708a0329313121e01ded7e.zip openssl-15a06488fcced19b79708a0329313121e01ded7e.tar.gz openssl-15a06488fcced19b79708a0329313121e01ded7e.tar.bz2 | |
Enable DH tests
In master, the 'dh' command is gone, so use 'dhparam' instead to
determine if we're compiled with DH.
Also, set "@SECLEVEL=1" for the weak DH test, so that it actually
passes.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
| -rw-r--r-- | test/ssltest.c | 3 | ||||
| -rw-r--r-- | test/testssl | 10 | ||||
| -rw-r--r-- | test/testssl.com | 2 |
3 files changed, 8 insertions, 7 deletions
diff --git a/test/ssltest.c b/test/ssltest.c index f640d92..26cf96c 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1429,7 +1429,8 @@ int main(int argc, char *argv[]) } /* * Since we will use low security ciphersuites and keys for testing set - * security level to zero. + * security level to zero by default. Tests can override this by adding + * "@SECLEVEL=n" to the cipher string. */ SSL_CTX_set_security_level(c_ctx, 0); SSL_CTX_set_security_level(s_ctx, 0); diff --git a/test/testssl b/test/testssl index 2998b73..0f5db08 100644 --- a/test/testssl +++ b/test/testssl @@ -139,7 +139,7 @@ for protocol in TLSv1.2 SSLv3; do for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do test_cipher $cipher $protocol done - if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then echo "skipping RSA+DHE tests" else for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do @@ -147,9 +147,9 @@ for protocol in TLSv1.2 SSLv3; do done echo "testing connection with weak DH, expecting failure" if [ $protocol = "SSLv3" ] ; then - $ssltest -cipher EDH -dhe512 -ssl3 + $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3 else - $ssltest -cipher EDH -dhe512 + $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 fi if [ $? -eq 0 ]; then echo "FAIL: connection with weak DH succeeded" @@ -167,7 +167,7 @@ done ############################################################################# -if ../util/shlib_wrap.sh ../apps/openssl no-dh; then +if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then echo skipping anonymous DH tests else echo test tls1 with 1024bit anonymous DH, multiple handshakes @@ -180,7 +180,7 @@ else echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 - if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then echo skipping RSA+DHE tests else echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes diff --git a/test/testssl.com b/test/testssl.com index 3782e35..6f9b233 100644 --- a/test/testssl.com +++ b/test/testssl.com @@ -130,7 +130,7 @@ $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ no_rsa=$SEVERITY $ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-dh +$ mcr 'exe_dir'openssl no-dhparam $ no_dh=$SEVERITY $ $ if no_dh |