Enable tests on Visual Studio

- add patch for aeadtest.c to undef IN
- add patch for ocsp_test.c to call BIO_sock_init() before getaddrinfo()
- define STDERR_FILENO in unistd.h to build pkcs7test.c
- add option ENABLE_VSTEST(default OFF) to enable test on Visual Studio
- modify to pass test data file as an argument (aeadtest, evptest)
- add Windows scripts (ocsptest, pq_test, ssltest, testdsa, testenc, testrsa)
- do not build pidwraptest on MSVC
- fix some indentations

CMakeLists.txt

@@ -26,6 +26,7 @@ string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
 option(ENABLE_ASM "Enable assembly" ON)
 option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
 option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
+option(ENABLE_VSTEST "Enable test on Visual Studio" OFF)
 set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
 
 set(BUILD_NC true)
@@ -294,6 +295,8 @@ add_subdirectory(tls)
 add_subdirectory(include)
 if(NOT MSVC)
 	add_subdirectory(man)
+endif()
+if(NOT MSVC OR ENABLE_VSTEST)
 	add_subdirectory(tests)
 endif()
 

include/compat/unistd.h

@@ -14,6 +14,8 @@
 #include <io.h>
 #include <process.h>
 
+#define STDERR_FILENO   2
+
 #define R_OK    4
 #define W_OK    2
 #define X_OK    0

patches/aeadtest.c.patch

@@ -0,0 +1,15 @@
+--- tests/aeadtest.c.orig	2016-10-18 17:03:33.845870889 +0900
++++ tests/aeadtest.c	2016-10-18 17:11:19.880841283 +0900
+@@ -75,6 +75,12 @@
+ 
+ #define BUF_MAX 1024
+ 
++#ifdef _MSC_VER
++#ifdef IN
++#undef IN
++#endif
++#endif
++
+ /* These are the different types of line that are found in the input file. */
+ enum {
+ 	AEAD = 0,	/* name of the AEAD algorithm. */

patches/ocsp_test.c.patch

@@ -0,0 +1,14 @@
+--- tests/ocsp_test.c.orig	2016-10-18 18:12:39.854607509 +0900
++++ tests/ocsp_test.c	2016-10-18 18:14:29.261600559 +0900
+@@ -16,6 +16,11 @@
+ 	hints.ai_family = AF_INET;
+ 	hints.ai_socktype = SOCK_STREAM;
+ 
++#ifdef _MSC_VER
++	if (BIO_sock_init() != 1)
++		exit(-1);
++#endif
++
+ 	error = getaddrinfo(host, port, &hints, &res);
+ 	if (error != 0) {
+ 		perror("getaddrinfo()");

tests/CMakeLists.txt

@@ -14,8 +14,7 @@ add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_CURRENT_SOURCE_DIR}/../apps/openss
 # aeadtest
 add_executable(aeadtest aeadtest.c)
 target_link_libraries(aeadtest ${OPENSSL_LIBS})
-add_test(aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh)
-set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+add_test(aeadtest aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt)
 
 # aes_wrap
 add_executable(aes_wrap aes_wrap.c)
@@ -25,9 +24,9 @@ add_test(aes_wrap aes_wrap)
 # arc4randomforktest
 # Windows/mingw does not have fork, but Cygwin does.
 if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
-add_executable(arc4randomforktest arc4randomforktest.c)
-target_link_libraries(arc4randomforktest ${OPENSSL_LIBS})
-add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
+	add_executable(arc4randomforktest arc4randomforktest.c)
+	target_link_libraries(arc4randomforktest ${OPENSSL_LIBS})
+	add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
 endif()
 
 # asn1test
@@ -136,19 +135,18 @@ add_test(enginetest enginetest)
 # evptest
 add_executable(evptest evptest.c)
 target_link_libraries(evptest ${OPENSSL_LIBS})
-add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
-set_tests_properties(evptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+add_test(evptest evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptests.txt)
 
 # explicit_bzero
 # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
 if(NOT CMAKE_HOST_WIN32)
-if(HAVE_MEMMEM)
-	add_executable(explicit_bzero explicit_bzero.c)
-else()
-	add_executable(explicit_bzero explicit_bzero.c memmem.c)
-endif()
-target_link_libraries(explicit_bzero ${OPENSSL_LIBS})
-add_test(explicit_bzero explicit_bzero)
+	if(HAVE_MEMMEM)
+		add_executable(explicit_bzero explicit_bzero.c)
+	else()
+		add_executable(explicit_bzero explicit_bzero.c memmem.c)
+	endif()
+	target_link_libraries(explicit_bzero ${OPENSSL_LIBS})
+	add_test(explicit_bzero explicit_bzero)
 endif()
 
 # exptest
@@ -200,7 +198,11 @@ add_test(mont mont)
 if(ENABLE_EXTRATESTS)
 	add_executable(ocsp_test ocsp_test.c)
 	target_link_libraries(ocsp_test ${OPENSSL_LIBS})
-	add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)
+	if(NOT MSVC)
+		add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)
+	else()
+		add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.bat)
+	endif()
 endif()
 
 # optionstest
@@ -216,7 +218,7 @@ add_test(pbkdf2 pbkdf2)
 # pidwraptest
 # pidwraptest relies on an OS-specific way to give out pids and is generally
 # awkward on systems with slow fork
-if(ENABLE_EXTRATESTS)
+if(ENABLE_EXTRATESTS AND NOT MSVC)
 	add_executable(pidwraptest pidwraptest.c)
 	target_link_libraries(pidwraptest ${OPENSSL_LIBS})
 	add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh)
@@ -235,7 +237,11 @@ add_test(poly1305test poly1305test)
 # pq_test
 add_executable(pq_test pq_test.c)
 target_link_libraries(pq_test ${OPENSSL_LIBS})
-add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
+if(NOT MSVC)
+	add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
+else()
+	add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.bat)
+endif()
 set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 
 # randtest
@@ -285,19 +291,35 @@ add_test(sha512test sha512test)
 # ssltest
 add_executable(ssltest ssltest.c)
 target_link_libraries(ssltest ${OPENSSL_LIBS})
-add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
+if(NOT MSVC)
+	add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
+else()
+	add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.bat)
+endif()
 set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 
 # testdsa
-add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
+if(NOT MSVC)
+	add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
+else()
+	add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.bat)
+endif()
 set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 
 # testenc
-add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
+if(NOT MSVC)
+	add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
+else()
+	add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.bat)
+endif()
 set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 
 # testrsa
-add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
+if(NOT MSVC)
+	add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
+else()
+	add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.bat)
+endif()
 set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 
 # timingsafe

tests/Makefile.am

@@ -215,7 +215,7 @@ TESTS += ocsptest.sh
 check_PROGRAMS += ocsp_test
 ocsp_test_SOURCES = ocsp_test.c
 endif
-EXTRA_DIST += ocsptest.sh
+EXTRA_DIST += ocsptest.sh ocsptest.bat
 
 # optionstest
 TESTS += optionstest
@@ -251,7 +251,7 @@ poly1305test_SOURCES = poly1305test.c
 TESTS += pq_test.sh
 check_PROGRAMS += pq_test
 pq_test_SOURCES = pq_test.c
-EXTRA_DIST += pq_test.sh
+EXTRA_DIST += pq_test.sh pq_test.bat
 EXTRA_DIST += pq_expected.txt
 
 # randtest
@@ -303,21 +303,21 @@ sha512test_SOURCES = sha512test.c
 TESTS += ssltest.sh
 check_PROGRAMS += ssltest
 ssltest_SOURCES = ssltest.c
-EXTRA_DIST += ssltest.sh
-EXTRA_DIST += testssl ca.pem server.pem
+EXTRA_DIST += ssltest.sh ssltest.bat
+EXTRA_DIST += testssl testssl.bat ca.pem server.pem
 
 # testdsa
 TESTS += testdsa.sh
-EXTRA_DIST += testdsa.sh
+EXTRA_DIST += testdsa.sh testdsa.bat
 EXTRA_DIST += openssl.cnf
 
 # testenc
 TESTS += testenc.sh
-EXTRA_DIST += testenc.sh
+EXTRA_DIST += testenc.sh testenc.bat
 
 # testrsa
 TESTS += testrsa.sh
-EXTRA_DIST += testrsa.sh
+EXTRA_DIST += testrsa.sh testrsa.bat
 
 # timingsafe
 TESTS += timingsafe

tests/ocsptest.bat

@@ -0,0 +1,11 @@
+@echo off
+setlocal enabledelayedexpansion
+REM	ocsptest.bat
+
+set TEST=Debug\ocsp_test.exe
+if not exist %TEST% exit /b 1
+
+%TEST% www.amazon.com 443 & if !errorlevel! neq 0 exit /b 1
+%TEST% cloudflare.com 443 & if !errorlevel! neq 0 exit /b 1
+
+endlocal

tests/pq_test.bat

@@ -0,0 +1,14 @@
+@echo off
+setlocal enabledelayedexpansion
+REM	pq_test.bat
+
+set TEST=Debug\pq_test.exe
+if not exist %TEST% exit /b 1
+
+set pq_output=pq_output.txt
+if exist %pq_output% del %pq_output%
+
+%TEST% > %pq_output%
+fc /b %pq_output% %srcdir%\pq_expected.txt
+
+endlocal

tests/ssltest.bat

@@ -0,0 +1,18 @@
+@echo off
+setlocal enabledelayedexpansion
+REM	ssltest.bat
+
+set ssltest_bin=Debug\ssltest.exe
+if not exist %ssltest_bin% exit /b 1
+
+set openssl_bin=..\apps\openssl\Debug\openssl.exe
+if not exist %openssl_bin% exit /b 1
+
+if "%srcdir%"=="" (
+	set srcdir=.
+)
+
+%srcdir%\testssl.bat %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem ^
+    %ssltest_bin% %openssl_bin%
+
+endlocal

tests/testdsa.bat

@@ -0,0 +1,38 @@
+@echo off
+setlocal enabledelayedexpansion
+REM	testdsa.bat
+
+
+REM # Test DSA certificate generation of openssl
+
+set cmd=..\apps\openssl\Debug\openssl.exe
+if not exist %cmd% exit /b 1
+
+if "%srcdir%"=="" (
+	set srcdir=.
+)
+
+REM # Generate DSA paramter set
+%cmd% dsaparam 512 -out dsa512.pem
+if !errorlevel! neq 0 (
+	exit /b 1
+)
+
+
+REM # Generate a DSA certificate
+%cmd% req -config %srcdir%\openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
+if !errorlevel! neq 0 (
+	exit /b 1
+)
+
+
+REM # Now check the certificate
+%cmd% x509 -text -in testdsa.pem
+if !errorlevel! neq 0 (
+	exit /b 1
+)
+
+del testdsa.key dsa512.pem testdsa.pem
+
+exit /b 0
+endlocal

tests/testenc.bat

@@ -0,0 +1,69 @@
+@echo off
+setlocal enabledelayedexpansion
+REM	testenc.bat
+
+set test=p
+set cmd=..\apps\openssl\Debug\openssl.exe
+if not exist %cmd% exit /b 1
+
+set srcdir=..\..\tests
+
+copy %srcdir%\openssl.cnf %test%
+
+echo cat
+%cmd% enc -in %test% -out %test%.cipher
+%cmd% enc -in %test%.cipher -out %test%.clear
+fc /b %test% %test%.clear
+if !errorlevel! neq 0 (
+	exit /b 1
+) else (
+	del %test%.cipher %test%.clear
+)
+
+echo base64
+%cmd% enc -a -e -in %test% -out %test%.cipher
+%cmd% enc -a -d -in %test%.cipher -out %test%.clear
+fc /b %test% %test%.clear
+if !errorlevel! neq 0 (
+	exit /b 1
+) else (
+	del %test%.cipher %test%.clear
+)
+
+for %%i in (
+	aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8
+	aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb
+	aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
+	aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8
+	aes-256-ecb aes-256-ofb
+	bf-cbc bf-cfb bf-ecb bf-ofb
+	cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
+	des-cbc des-cfb des-cfb8 des-ecb des-ede
+	des-ede-cbc des-ede-cfb des-ede-ofb des-ede3
+	des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc
+	rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
+	rc4 rc4-40
+) do (
+	echo %%i
+	%cmd% %%i -e -k test -in %test% -out %test%.%%i.cipher
+	%cmd% %%i -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear
+	fc /b %test% %test%.%%i.clear
+	if !errorlevel! neq 0 (
+		exit /b 1
+	) else (
+		del %test%.%%i.cipher %test%.%%i.clear
+	)
+
+	echo %%i base64
+	%cmd% %%i -a -e -k test -in %test% -out %test%.%%i.cipher
+	%cmd% %%i -a -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear
+	fc /b %test% %test%.%%i.clear
+	if !errorlevel! neq 0 (
+		exit /b 1
+	) else (
+		del %test%.%%i.cipher %test%.%%i.clear
+	)
+)
+
+del %test%
+endlocal

tests/testrsa.bat

@@ -0,0 +1,38 @@
+@echo off
+setlocal enabledelayedexpansion
+REM	testrsa.bat
+
+
+REM # Test RSA certificate generation of openssl
+
+set cmd=..\apps\openssl\Debug\openssl.exe
+if not exist %cmd% exit /b 1
+
+if "%srcdir%"=="" (
+	set srcdir=.
+)
+
+REM # Generate RSA private key
+%cmd% genrsa -out rsakey.pem
+if !errorlevel! neq 0 (
+	exit /b 1
+)
+
+
+REM # Generate an RSA certificate
+%cmd% req -config %srcdir%\openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
+if !errorlevel! neq 0 (
+	exit /b 1
+)
+
+
+REM # Now check the certificate
+%cmd% x509 -text -in rsacert.pem
+if !errorlevel! neq 0 (
+	exit /b 1
+)
+
+del rsacert.pem rsakey.pem
+
+exit /b 0
+endlocal

tests/testssl.bat

@@ -0,0 +1,157 @@
+@echo off
+setlocal enabledelayedexpansion
+REM	testssl.bat
+
+set key=%1
+set cert=%2
+set CA=-CAfile %3
+set ssltest=%4 -key %key% -cert %cert% -c_key %key% -c_cert %cert%
+set openssl=%5
+set extra=%6
+
+%openssl% version & if !errorlevel! neq 0 exit /b 1
+
+for /f "usebackq" %%s in (`%openssl% x509 -in %cert% -text -noout ^| find /c "DSA Public Key"`) do set lines=%%s
+if %lines% gtr 0 (
+  set dsa_cert=YES
+) else (
+  set dsa_cert=NO
+)
+
+REM #########################################################################
+
+echo test sslv2/sslv3
+%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test sslv2/sslv3 with server authentication
+%ssltest% -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test sslv2/sslv3 with client authentication
+%ssltest% -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test sslv2/sslv3 with both client and server authentication
+%ssltest% -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test sslv2/sslv3 via BIO pair
+%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1
+
+if %dsa_cert%==NO (
+  echo "test sslv2/sslv3 w/o (EC)DHE via BIO pair"
+  %ssltest% -bio_pair -no_dhe -no_ecdhe %extra% & if !errorlevel! neq 0 exit /b 1
+)
+
+echo test sslv2/sslv3 with 1024bit DHE via BIO pair
+%ssltest% -bio_pair -dhe1024dsa -v %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test sslv2/sslv3 with server authentication
+%ssltest% -bio_pair -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+%ssltest% -bio_pair -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+%ssltest% -bio_pair -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+%ssltest% -bio_pair -server_auth -client_auth -app_verify %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo "Testing ciphersuites"
+for %%p in ( TLSv1.2 ) do (
+  echo "Testing ciphersuites for %%p"
+  for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p+aRSA"`) do (
+    echo "Testing %%c"
+    %ssltest% -cipher %%c
+    if !errorlevel! neq 0 (
+      echo "Failed %%c"
+      exit /b 1
+    )
+  )
+)
+
+REM ##########################################################################
+
+for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
+if %nodh%==no-dh (
+  echo skipping anonymous DH tests
+) else (
+  echo test tls1 with 1024bit anonymous DH, multiple handshakes
+  %ssltest% -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
+)
+
+REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s
+REM #if %norsa%==no-rsa (
+REM #  echo skipping RSA tests
+REM #) else (
+REM #  echo "test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes"
+REM #  %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -no_dhe -no_ecdhe -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
+REM #
+REM #  for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
+REM #  if %nodh%==no-dh (
+REM #    echo skipping RSA+DHE tests
+REM #  ) else (
+REM #    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+REM #    %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
+REM #  )
+REM #)
+
+REM #
+REM # DTLS tests
+REM #
+
+echo test dtlsv1
+%ssltest% -dtls1 %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test dtlsv1 with server authentication
+%ssltest% -dtls1 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test dtlsv1 with client authentication
+%ssltest% -dtls1 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo test dtlsv1 with both client and server authentication
+%ssltest% -dtls1 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
+
+echo "Testing DTLS ciphersuites"
+for %%p in ( SSLv3 ) do (
+  echo "Testing ciphersuites for %%p"
+  for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4"`) do (
+    echo "Testing %%c"
+    %ssltest% -cipher %%c -dtls1
+    if !errorlevel! neq 0 (
+      echo "Failed %%c"
+      exit /b 1
+    )
+  )
+)
+
+REM #
+REM # Next Protocol Negotiation tests
+REM #
+echo "Testing NPN..."
+%ssltest% -bio_pair -tls1 -npn_client & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_server & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_server_reject & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_client -npn_server_reject & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_client -npn_server & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse & if !errorlevel! neq 0 exit /b 1
+
+REM #
+REM # ALPN tests
+REM #
+echo "Testing ALPN..."
+%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server foo ^
+  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo ^
+  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo ^
+  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar ^
+  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo ^
+  -alpn_expected bar & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo ^
+  -alpn_expected bar & if !errorlevel! neq 0 exit /b 1
+%ssltest% -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1
+
+endlocal