generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Enable DH tests

Browse Source 
In master, the 'dh' command is gone, so use 'dhparam' instead to
determine if we're compiled with DH.

Also, set "@SECLEVEL=1" for the weak DH test, so that it actually
passes.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
This commit is contained in:
Emilia Kasper 2015-05-26 14:32:57 +02:00
parent f2e19cb15e
commit 15a06488fc
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test/ssltest.c
View File

@ -1429,7 +1429,8 @@ int main(int argc, char *argv[])
} }
/* /*
* Since we will use low security ciphersuites and keys for testing set * Since we will use low security ciphersuites and keys for testing set
* security level to zero. * security level to zero by default. Tests can override this by adding
* "@SECLEVEL=n" to the cipher string.
*/ */
SSL_CTX_set_security_level(c_ctx, 0); SSL_CTX_set_security_level(c_ctx, 0);
SSL_CTX_set_security_level(s_ctx, 0); SSL_CTX_set_security_level(s_ctx, 0);

10
test/testssl
View File

@ -139,7 +139,7 @@ for protocol in TLSv1.2 SSLv3; do
for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
test_cipher $cipher $protocol test_cipher $cipher $protocol
done done
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo "skipping RSA+DHE tests" echo "skipping RSA+DHE tests"
else else
for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
@ -147,9 +147,9 @@ for protocol in TLSv1.2 SSLv3; do
done done
echo "testing connection with weak DH, expecting failure" echo "testing connection with weak DH, expecting failure"
if [ $protocol = "SSLv3" ] ; then if [ $protocol = "SSLv3" ] ; then
$ssltest -cipher EDH -dhe512 -ssl3 $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3
else else
$ssltest -cipher EDH -dhe512 $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512
fi fi
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo "FAIL: connection with weak DH succeeded" echo "FAIL: connection with weak DH succeeded"
@ -167,7 +167,7 @@ done
############################################################################# #############################################################################
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping anonymous DH tests echo skipping anonymous DH tests
else else
echo test tls1 with 1024bit anonymous DH, multiple handshakes echo test tls1 with 1024bit anonymous DH, multiple handshakes
@ -180,7 +180,7 @@ else
echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping RSA+DHE tests echo skipping RSA+DHE tests
else else
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes

2
test/testssl.com
View File

@ -130,7 +130,7 @@ $ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-rsa $ mcr 'exe_dir'openssl no-rsa
$ no_rsa=$SEVERITY $ no_rsa=$SEVERITY
$ define/user sys$output nla0: $ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-dh $ mcr 'exe_dir'openssl no-dhparam
$ no_dh=$SEVERITY $ no_dh=$SEVERITY
$ $
$ if no_dh $ if no_dh