Fix ssltest logic when some protocols are compiled out.
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Geoff Thorpe <geoff@openssl.org>
This commit is contained in:
@@ -799,7 +799,9 @@ static void sv_usage(void)
|
|||||||
" Use \"openssl ecparam -list_curves\" for all names\n" \
|
" Use \"openssl ecparam -list_curves\" for all names\n" \
|
||||||
" (default is sect163r2).\n");
|
" (default is sect163r2).\n");
|
||||||
#endif
|
#endif
|
||||||
fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
|
fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
|
||||||
|
" When this option is requested, the cipherlist\n"
|
||||||
|
" tests are run instead of handshake tests.\n");
|
||||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||||
fprintf(stderr," -npn_client - have client side offer NPN\n");
|
fprintf(stderr," -npn_client - have client side offer NPN\n");
|
||||||
fprintf(stderr," -npn_server - have server side offer NPN\n");
|
fprintf(stderr," -npn_server - have server side offer NPN\n");
|
||||||
@@ -992,6 +994,7 @@ int main(int argc, char *argv[])
|
|||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
int fips_mode=0;
|
int fips_mode=0;
|
||||||
#endif
|
#endif
|
||||||
|
int no_protocol = 0;
|
||||||
|
|
||||||
verbose = 0;
|
verbose = 0;
|
||||||
debug = 0;
|
debug = 0;
|
||||||
@@ -1101,11 +1104,26 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
else if (strcmp(*argv,"-ssl2") == 0)
|
else if (strcmp(*argv,"-ssl2") == 0)
|
||||||
ssl2=1;
|
{
|
||||||
|
#ifdef OPENSSL_NO_SSL2
|
||||||
|
no_protocol = 1;
|
||||||
|
#endif
|
||||||
|
ssl2 = 1;
|
||||||
|
}
|
||||||
else if (strcmp(*argv,"-tls1") == 0)
|
else if (strcmp(*argv,"-tls1") == 0)
|
||||||
tls1=1;
|
{
|
||||||
|
#ifdef OPENSSL_NO_TLS1
|
||||||
|
no_protocol = 1;
|
||||||
|
#endif
|
||||||
|
tls1 = 1;
|
||||||
|
}
|
||||||
else if (strcmp(*argv,"-ssl3") == 0)
|
else if (strcmp(*argv,"-ssl3") == 0)
|
||||||
ssl3=1;
|
{
|
||||||
|
#ifdef OPENSSL_NO_SSL3
|
||||||
|
no_protocol = 1;
|
||||||
|
#endif
|
||||||
|
ssl3 = 1;
|
||||||
|
}
|
||||||
else if (strncmp(*argv,"-num",4) == 0)
|
else if (strncmp(*argv,"-num",4) == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@@ -1272,15 +1290,41 @@ bad:
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* test_cipherlist prevails over protocol switch: we test the cipherlist
|
||||||
|
* for all enabled protocols.
|
||||||
|
*/
|
||||||
if (test_cipherlist == 1)
|
if (test_cipherlist == 1)
|
||||||
{
|
{
|
||||||
/* ensure that the cipher list are correctly sorted and exit */
|
/* ensure that the cipher list are correctly sorted and exit */
|
||||||
|
fprintf(stdout, "Testing cipherlist order only. Ignoring all "
|
||||||
|
"other options.\n");
|
||||||
if (do_test_cipherlist() == 0)
|
if (do_test_cipherlist() == 0)
|
||||||
EXIT(1);
|
EXIT(1);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ssl2 + ssl3 + tls1 > 1)
|
||||||
|
{
|
||||||
|
fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should "
|
||||||
|
"be requested.\n");
|
||||||
|
EXIT(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Testing was requested for a compiled-out protocol (e.g. SSLv2).
|
||||||
|
* Ideally, we would error out, but the generic test wrapper can't know
|
||||||
|
* when to expect failure. So we do nothing and return success.
|
||||||
|
*/
|
||||||
|
if (no_protocol)
|
||||||
|
{
|
||||||
|
fprintf(stderr, "Testing was requested for a disabled protocol. "
|
||||||
|
"Skipping tests.\n");
|
||||||
|
ret = 0;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
|
if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "This case cannot work. Use -f to perform "
|
fprintf(stderr, "This case cannot work. Use -f to perform "
|
||||||
@@ -1359,30 +1403,25 @@ bad:
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
|
/* At this point, ssl2/ssl3/tls1 is only set if the protocol is available.
|
||||||
|
* (Otherwise we exit early.)
|
||||||
|
* However the compiler doesn't know this, so we ifdef. */
|
||||||
|
#ifndef OPENSSL_NO_SSL2
|
||||||
if (ssl2)
|
if (ssl2)
|
||||||
meth=SSLv2_method();
|
meth=SSLv2_method();
|
||||||
else
|
else
|
||||||
if (tls1)
|
#endif
|
||||||
meth=TLSv1_method();
|
#ifndef OPENSSL_NO_SSL3
|
||||||
else
|
|
||||||
if (ssl3)
|
if (ssl3)
|
||||||
meth=SSLv3_method();
|
meth=SSLv3_method();
|
||||||
else
|
else
|
||||||
meth=SSLv23_method();
|
#endif
|
||||||
#else
|
#ifndef OPENSSL_NO_TLS1
|
||||||
#ifdef OPENSSL_NO_SSL2
|
|
||||||
if (tls1)
|
if (tls1)
|
||||||
meth=TLSv1_method();
|
meth=TLSv1_method();
|
||||||
else
|
else
|
||||||
if (ssl3)
|
#endif
|
||||||
meth=SSLv3_method();
|
|
||||||
else
|
|
||||||
meth=SSLv23_method();
|
meth=SSLv23_method();
|
||||||
#else
|
|
||||||
meth=SSLv2_method();
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
c_ctx=SSL_CTX_new(meth);
|
c_ctx=SSL_CTX_new(meth);
|
||||||
s_ctx=SSL_CTX_new(meth);
|
s_ctx=SSL_CTX_new(meth);
|
||||||
|
Reference in New Issue
Block a user