libreSSL/tests/testssl.bat

@echo off
setlocal enabledelayedexpansion
REM	testssl.bat

set key=%1
set cert=%2
set CA=-CAfile %3
set ssltest=%4 -key %key% -cert %cert% -c_key %key% -c_cert %cert%
set openssl=%5
set extra=%6

%openssl% version & if !errorlevel! neq 0 exit /b 1

for /f "usebackq" %%s in (`%openssl% x509 -in %cert% -text -noout ^| find /c "DSA Public Key"`) do set lines=%%s
if %lines% gtr 0 (
  set dsa_cert=YES
) else (
  set dsa_cert=NO
)

REM #########################################################################

echo test sslv2/sslv3
%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with server authentication
%ssltest% -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with client authentication
%ssltest% -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with both client and server authentication
%ssltest% -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 via BIO pair
%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1

if %dsa_cert%==NO (
  echo "test sslv2/sslv3 w/o (EC)DHE via BIO pair"
  %ssltest% -bio_pair -no_dhe -no_ecdhe %extra% & if !errorlevel! neq 0 exit /b 1
)

echo test sslv2/sslv3 with 1024bit DHE via BIO pair
%ssltest% -bio_pair -dhe1024dsa -v %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with server authentication
%ssltest% -bio_pair -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with client authentication via BIO pair
%ssltest% -bio_pair -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair
%ssltest% -bio_pair -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
%ssltest% -bio_pair -server_auth -client_auth -app_verify %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo "Testing ciphersuites"
for %%p in ( TLSv1.2 ) do (
  echo "Testing ciphersuites for %%p"
  for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p+aRSA"`) do (
    echo "Testing %%c"
    %ssltest% -cipher %%c
    if !errorlevel! neq 0 (
      echo "Failed %%c"
      exit /b 1
    )
  )
)

REM ##########################################################################

for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
if %nodh%==no-dh (
  echo skipping anonymous DH tests
) else (
  echo test tls1 with 1024bit anonymous DH, multiple handshakes
  %ssltest% -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
)

REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s
REM #if %norsa%==no-rsa (
REM #  echo skipping RSA tests
REM #) else (
REM #  echo "test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes"
REM #  %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -no_dhe -no_ecdhe -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
REM #
REM #  for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
REM #  if %nodh%==no-dh (
REM #    echo skipping RSA+DHE tests
REM #  ) else (
REM #    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
REM #    %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
REM #  )
REM #)

REM #
REM # DTLS tests
REM #

echo test dtlsv1
%ssltest% -dtls1 %extra% & if !errorlevel! neq 0 exit /b 1

echo test dtlsv1 with server authentication
%ssltest% -dtls1 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test dtlsv1 with client authentication
%ssltest% -dtls1 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo test dtlsv1 with both client and server authentication
%ssltest% -dtls1 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1

echo "Testing DTLS ciphersuites"
for %%p in ( SSLv3 ) do (
  echo "Testing ciphersuites for %%p"
  for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4"`) do (
    echo "Testing %%c"
    %ssltest% -cipher %%c -dtls1
    if !errorlevel! neq 0 (
      echo "Failed %%c"
      exit /b 1
    )
  )
)

REM #
REM # Next Protocol Negotiation tests
REM #
echo "Testing NPN..."
%ssltest% -bio_pair -tls1 -npn_client & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_server & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_server_reject & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_client -npn_server_reject & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_client -npn_server & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse & if !errorlevel! neq 0 exit /b 1

REM #
REM # ALPN tests
REM #
echo "Testing ALPN..."
%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server foo ^
  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo ^
  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo ^
  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar ^
  -alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo ^
  -alpn_expected bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo ^
  -alpn_expected bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1

endlocal