Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
5beb63c4
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
5beb63c4
编写于
9月 03, 2015
作者:
R
Richard Levitte
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Incorporate recent changes that were originally made in test/testssl
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
5ab4f893
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
141 addition
and
36 deletion
+141
-36
test/recipes/80-test_ssl.t
test/recipes/80-test_ssl.t
+141
-36
未找到文件。
test/recipes/80-test_ssl.t
浏览文件 @
5beb63c4
...
...
@@ -6,7 +6,7 @@ use warnings;
use
POSIX
;
use
File::
Spec
;
use
File::
Copy
;
use
OpenSSL::
Test
qw/:DEFAULT with top_file/
;
use
OpenSSL::
Test
qw/:DEFAULT with top_file
cmdstr
/
;
setup
("
test_ssl
");
...
...
@@ -28,6 +28,14 @@ my $Ukey="keyU.ss";
my
$Ureq
=
"
reqU.ss
";
my
$Ucert
=
"
certU.ss
";
my
$Dkey
=
"
keyD.ss
";
my
$Dreq
=
"
reqD.ss
";
my
$Dcert
=
"
certD.ss
";
my
$Ekey
=
"
keyE.ss
";
my
$Ereq
=
"
reqE.ss
";
my
$Ecert
=
"
certE.ss
";
my
$P1conf
=
top_file
("
test
","
P1ss.cnf
");
my
$P1key
=
"
keyP1.ss
";
my
$P1req
=
"
reqP1.ss
";
...
...
@@ -83,58 +91,59 @@ sub testss {
print
RND
"
string to make the random number generator think it has entropy
";
close
RND
;
my
@req_dsa
=
("
-newkey
",
"
dsa:
"
.
File::
Spec
->
catfile
("
..
",
"
apps
",
"
dsa1024.pem
"));;
my
@req_new
;
if
(
run
(
app
(["
openssl
",
"
no-rsa
"],
stdout
=>
undef
)))
{
@req_new
=
("
-newkey
",
"
dsa:
"
.
File::
Spec
->
catfile
("
..
",
"
apps
",
"
dsa512.pem
"));
@req_new
=
@req_dsa
;
}
else
{
@req_new
=
("
-new
");
}
plan
tests
=>
1
5
;
plan
tests
=>
1
7
;
SKIP:
{
skip
'
failure
',
1
4
unless
skip
'
failure
',
1
6
unless
ok
(
run
(
app
([
@reqcmd
,
"
-config
",
$CAconf
,
"
-out
",
$CAreq
,
"
-keyout
",
$CAkey
,
@req_new
])),
'
make cert request
');
skip
'
failure
',
1
3
unless
skip
'
failure
',
1
5
unless
ok
(
run
(
app
([
@x509cmd
,
"
-CAcreateserial
",
"
-in
",
$CAreq
,
"
-days
",
"
30
",
"
-req
",
"
-out
",
$CAcert
,
"
-signkey
",
$CAkey
,
"
-extfile
",
$CAconf
,
"
-extensions
",
"
v3_ca
"],
stdout
=>
"
err.ss
")),
'
convert request into self-signed cert
');
skip
'
failure
',
1
2
unless
skip
'
failure
',
1
4
unless
ok
(
run
(
app
([
@x509cmd
,
"
-in
",
$CAcert
,
"
-x509toreq
",
"
-signkey
",
$CAkey
,
"
-out
",
$CAreq2
],
stdout
=>
"
err.ss
")),
'
convert cert into a cert request
');
skip
'
failure
',
1
1
unless
skip
'
failure
',
1
3
unless
ok
(
run
(
app
([
@reqcmd
,
"
-config
",
$dummycnf
,
"
-verify
",
"
-in
",
$CAreq
,
"
-noout
"])),
'
verify request 1
');
skip
'
failure
',
1
0
unless
skip
'
failure
',
1
2
unless
ok
(
run
(
app
([
@reqcmd
,
"
-config
",
$dummycnf
,
"
-verify
",
"
-in
",
$CAreq2
,
"
-noout
"])),
'
verify request 2
');
skip
'
failure
',
9
unless
skip
'
failure
',
11
unless
ok
(
run
(
app
([
@verifycmd
,
"
-CAfile
",
$CAcert
,
$CAcert
])),
'
verify signature
');
skip
'
failure
',
8
unless
skip
'
failure
',
10
unless
ok
(
run
(
app
([
@reqcmd
,
"
-config
",
$Uconf
,
"
-out
",
$Ureq
,
"
-keyout
",
$Ukey
,
@req_new
],
stdout
=>
"
err.ss
")),
'
make a user cert request
');
skip
'
failure
',
7
unless
skip
'
failure
',
9
unless
ok
(
run
(
app
([
@x509cmd
,
"
-CAcreateserial
",
"
-in
",
$Ureq
,
"
-days
",
"
30
",
"
-req
",
"
-out
",
$Ucert
,
"
-CA
",
$CAcert
,
"
-CAkey
",
$CAkey
,
"
-CAserial
",
$CAserial
,
...
...
@@ -143,12 +152,93 @@ sub testss {
&&
run
(
app
([
@verifycmd
,
"
-CAfile
",
$CAcert
,
$Ucert
])),
'
sign user cert request
');
skip
'
failure
',
6
unless
skip
'
failure
',
8
unless
ok
(
run
(
app
([
@x509cmd
,
"
-subject
",
"
-issuer
",
"
-startdate
",
"
-enddate
",
"
-noout
",
"
-in
",
$Ucert
])),
'
Certificate details
');
skip
'
failure
',
7
unless
subtest
'
DSA certificate creation
'
=>
sub
{
plan
skip_all
=>
"
skipping DSA certificate creation
"
if
run
(
app
(["
openssl
",
"
no-dsa
"],
stdout
=>
undef
));
plan
tests
=>
4
;
SKIP:
{
$ENV
{
CN2
}
=
"
DSA Certificate
";
skip
'
failure
',
3
unless
ok
(
run
(
app
([
@reqcmd
,
"
-config
",
$Uconf
,
"
-out
",
$Dreq
,
"
-keyout
",
$Dkey
,
@req_dsa
],
stdout
=>
"
err.ss
")),
"
make a DSA user cert request
");
skip
'
failure
',
2
unless
ok
(
run
(
app
([
@x509cmd
,
"
-CAcreateserial
",
"
-in
",
$Dreq
,
"
-days
",
"
30
",
"
-req
",
"
-out
",
$Dcert
,
"
-CA
",
$CAcert
,
"
-CAkey
",
$CAkey
,
"
-CAserial
",
$CAserial
,
"
-extfile
",
$Uconf
,
"
-extensions
",
"
v3_ee_dsa
"],
stdout
=>
"
err.ss
")),
"
sign DSA user cert request
");
skip
'
failure
',
1
unless
ok
(
run
(
app
([
@verifycmd
,
"
-CAfile
",
$CAcert
,
$Dcert
])),
"
verify DSA user cert
");
skip
'
failure
',
0
unless
ok
(
run
(
app
([
@x509cmd
,
"
-subject
",
"
-issuer
",
"
-startdate
",
"
-enddate
",
"
-noout
",
"
-in
",
$Dcert
])),
"
DSA Certificate details
");
}
};
skip
'
failure
',
6
unless
subtest
'
ECDSA/ECDH certificate creation
'
=>
sub
{
plan
skip_all
=>
"
skipping ECDSA/ECDH certificate creation
"
if
run
(
app
(["
openssl
",
"
no-ec
"],
stdout
=>
undef
));
plan
tests
=>
5
;
SKIP:
{
$ENV
{
CN2
}
=
"
ECDSA Certificate
";
skip
'
failure
',
4
unless
ok
(
run
(
app
(["
openssl
",
"
ecparam
",
"
-name
",
"
P-256
",
"
-out
",
"
ecp.ss
"])),
"
make EC parameters
");
skip
'
failure
',
3
unless
ok
(
run
(
app
([
@reqcmd
,
"
-config
",
$Uconf
,
"
-out
",
$Ereq
,
"
-keyout
",
$Ekey
,
"
-newkey
",
"
ec:ecp.ss
"],
stdout
=>
"
err.ss
")),
"
make a ECDSA/ECDH user cert request
");
skip
'
failure
',
2
unless
ok
(
run
(
app
([
@x509cmd
,
"
-CAcreateserial
",
"
-in
",
$Ereq
,
"
-days
",
"
30
",
"
-req
",
"
-out
",
$Ecert
,
"
-CA
",
$CAcert
,
"
-CAkey
",
$CAkey
,
"
-CAserial
",
$CAserial
,
"
-extfile
",
$Uconf
,
"
-extensions
",
"
v3_ee_ec
"],
stdout
=>
"
err.ss
")),
"
sign ECDSA/ECDH user cert request
");
skip
'
failure
',
1
unless
ok
(
run
(
app
([
@verifycmd
,
"
-CAfile
",
$CAcert
,
$Ecert
])),
"
verify ECDSA/ECDH user cert
");
skip
'
failure
',
0
unless
ok
(
run
(
app
([
@x509cmd
,
"
-subject
",
"
-issuer
",
"
-startdate
",
"
-enddate
",
"
-noout
",
"
-in
",
$Ecert
])),
"
ECDSA Certificate details
");
}
};
skip
'
failure
',
5
unless
ok
(
run
(
app
([
@reqcmd
,
"
-config
",
$P1conf
,
...
...
@@ -210,7 +300,7 @@ sub testssl {
my
@extra
=
@_
;
my
@ssltest
=
("
ssltest
",
"
-
key
",
$key
,
"
-
cert
",
$cert
,
"
-
s_key
",
$key
,
"
-s_
cert
",
$cert
,
"
-c_key
",
$key
,
"
-c_cert
",
$cert
);
my
$serverinfo
=
top_file
("
test
","
serverinfo.pem
");
...
...
@@ -292,42 +382,55 @@ sub testssl {
subtest
"
Testing ciphersuites
"
=>
sub
{
my
$no_dh
=
run
(
app
(["
openssl
",
"
no-dhparam
"],
stdout
=>
undef
));
my
$no_ec
=
run
(
app
(["
openssl
",
"
no-ec
"],
stdout
=>
undef
));
my
@exkeys
=
();
my
$ciphers
=
"
-EXP:-PSK:-SRP:-kDH:-kECDHe
";
if
(
run
(
app
(["
openssl
",
"
no-dhparam
"],
stdout
=>
undef
)))
{
note
"
skipping DHE tests
\n
";
$ciphers
.=
"
:-kDHE
";
}
if
(
run
(
app
(["
openssl
",
"
no-dsa
"],
stdout
=>
undef
)))
{
note
"
skipping DSA tests
\n
";
$ciphers
.=
"
:-aDSA
";
}
else
{
push
@exkeys
,
"
-s_cert
",
"
certD.ss
",
"
-s_key
",
"
keyD.ss
";
}
if
(
run
(
app
(["
openssl
",
"
no-ec
"],
stdout
=>
undef
)))
{
note
"
skipping EC tests
\n
";
$ciphers
.=
"
:!aECDSA:!kECDH
";
}
else
{
push
@exkeys
,
"
-s_cert
",
"
certE.ss
",
"
-s_key
",
"
keyE.ss
";
}
my
@protocols
=
("
TLSv1.2
",
"
SSLv3
");
my
$protocolciphersuitcount
=
0
;
my
%ciphersuites
=
map
{
my
@c
=
map
{
split
(
/:/
,
$_
)
}
map
{
run
(
app
(["
openssl
",
"
ciphers
",
"
$_
"]),
capture
=>
1
);
}
(
"
RSA+
$_
",
$no_dh
?
()
:
"
EDH+aRSA+
$_
:-EXP
",
$no_ec
?
()
:
"
EECDH+aRSA+
$_
:-EXP
"
);
run
(
app
(["
openssl
",
"
ciphers
",
"
${_}
:
$ciphers
"]),
capture
=>
1
);
chomp
@c
;
$protocolciphersuitcount
+=
scalar
@c
;
$_
=>
[
@c
]
}
@protocols
;
plan
tests
=>
$protocolciphersuitcount
+
(
$no_dh
?
0
:
2
);
# The count of protocols is because in addition to the ciphersuits
# we got above, we're running a weak DH test for each protocol
plan
tests
=>
$protocolciphersuitcount
+
scalar
(
@protocols
);
foreach
my
$protocol
(
@protocols
)
{
note
"
Testing ciphersuites for
$protocol
";
foreach
my
$cipher
(
@
{
$ciphersuites
{
$protocol
}})
{
ok
(
run
(
test
([
@ssltest
,
"
-cipher
",
$cipher
,
ok
(
run
(
test
([
@ssltest
,
@exkeys
,
"
-cipher
",
$cipher
,
$protocol
eq
"
SSLv3
"
?
("
-ssl3
")
:
()])),
"
Testing
$cipher
");
}
if
(
!
$no_dh
)
{
is
(
run
(
test
([
@ssltest
,
"
-s_cipher
",
"
EDH
",
"
-c_cipher
",
'
EDH:@SECLEVEL=1
',
"
-dhe512
",
$protocol
eq
"
SSLv3
"
?
("
-ssl3
")
:
()])),
0
,
"
testing connection with weak DH, expecting failure
");
}
is
(
run
(
test
([
@ssltest
,
"
-s_cipher
",
"
EDH
",
"
-c_cipher
",
'
EDH:@SECLEVEL=1
',
"
-dhe512
",
$protocol
eq
"
SSLv3
"
?
("
-ssl3
")
:
()])),
0
,
"
testing connection with weak DH, expecting failure
");
}
};
...
...
@@ -351,13 +454,13 @@ sub testssl {
skip
"
skipping RSA tests
",
2
if
(
run
(
app
(["
openssl
",
"
no-rsa
"],
stdout
=>
undef
)));
ok
(
run
(
test
(["
ssltest
",
"
-v
",
"
-bio_pair
",
"
-tls1
",
"
-cert
",
top_file
("
apps
","
server2.pem
"),
"
-no_dhe
",
"
-no_ecdhe
",
"
-num
",
"
10
",
"
-f
",
"
-time
",
@extra
])),
ok
(
run
(
test
(["
ssltest
",
"
-v
",
"
-bio_pair
",
"
-tls1
",
"
-
s_
cert
",
top_file
("
apps
","
server2.pem
"),
"
-no_dhe
",
"
-no_ecdhe
",
"
-num
",
"
10
",
"
-f
",
"
-time
",
@extra
])),
'
test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes
');
skip
"
skipping RSA+DHE tests
",
1
if
(
run
(
app
(["
openssl
",
"
no-dhparam
"],
stdout
=>
undef
)));
ok
(
run
(
test
(["
ssltest
",
"
-v
",
"
-bio_pair
",
"
-tls1
",
"
-cert
",
top_file
("
apps
","
server2.pem
"),
"
-dhe1024dsa
",
"
-num
",
"
10
",
"
-f
",
"
-time
",
@extra
])),
ok
(
run
(
test
(["
ssltest
",
"
-v
",
"
-bio_pair
",
"
-tls1
",
"
-
s_
cert
",
top_file
("
apps
","
server2.pem
"),
"
-dhe1024dsa
",
"
-num
",
"
10
",
"
-f
",
"
-time
",
@extra
])),
'
test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes
');
}
}
...
...
@@ -464,7 +567,9 @@ sub testsslproxy {
foreach
my
$auth
(('
A
',
'
B
',
'
C
',
'
BC
'))
{
foreach
my
$cond
(('
A
',
'
B
',
'
C
',
'
A|B&!C
'))
{
# Exit code 3 is when ssltest couldn't parse the condition
with
({
exit_checker
=>
sub
{
return
shift
==
3
?
0
:
1
;
}
},
with
({
exit_checker
=>
sub
{
my
$x
=
shift
;
return
(
$x
==
1
||
$x
==
3
)
?
0
:
1
;
}
},
sub
{
testssl
(
$a1
,
$a2
,
$a3
,
"
-proxy
",
"
-proxy_auth
",
$auth
,
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录