From 5a22cf96a0a1c34968c0664f99b7ebb7ccf6ed75 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Wed, 6 Apr 2016 16:03:06 +0200 Subject: Replace cipherlist test The old cipherlist test in ssltest.c only tests the internal order of the cipher table, which is pretty useless. Replace this test with a test that catches inadvertent changes to the default cipherlist. Fix run_tests.pl to correctly filter tests that have "list" in their name. (Also includes a small drive-by fix in .gitignore.) Reviewed-by: Rich Salz --- test/ssltest_old.c | 56 +----------------------------------------------------- 1 file changed, 1 insertion(+), 55 deletions(-) (limited to 'test/ssltest_old.c') diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 2fd7da824a..c7f3e1872d 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -799,7 +799,6 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time); int doit(SSL *s_ssl, SSL *c_ssl, long bytes); -static int do_test_cipherlist(void); static void sv_usage(void) { @@ -870,10 +869,6 @@ static void sv_usage(void) fprintf(stderr, " -time - measure processor time used by client and server\n"); fprintf(stderr, " -zlib - use zlib compression\n"); - fprintf(stderr, - " -test_cipherlist - Verifies the order of the ssl cipher lists.\n" - " When this option is requested, the cipherlist\n" - " tests are run instead of handshake tests.\n"); #ifndef OPENSSL_NO_NEXTPROTONEG fprintf(stderr, " -npn_client - have client side offer NPN\n"); fprintf(stderr, " -npn_server - have server side offer NPN\n"); @@ -1102,7 +1097,6 @@ int main(int argc, char *argv[]) COMP_METHOD *cm = NULL; STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #endif - int test_cipherlist = 0; #ifdef OPENSSL_FIPS int fips_mode = 0; #endif @@ -1315,11 +1309,9 @@ int main(int argc, char *argv[]) app_verify_arg.app_verify = 1; } else if (strcmp(*argv, "-proxy") == 0) { app_verify_arg.allow_proxy_certs = 1; - } else if (strcmp(*argv, "-test_cipherlist") == 0) { - test_cipherlist = 1; } #ifndef OPENSSL_NO_NEXTPROTONEG - else if (strcmp(*argv, "-npn_client") == 0) { + else if (strcmp(*argv, "-npn_client") == 0) { npn_client = 1; } else if (strcmp(*argv, "-npn_server") == 0) { npn_server = 1; @@ -1454,22 +1446,6 @@ int main(int argc, char *argv[]) goto end; } - /* - * test_cipherlist prevails over protocol switch: we test the cipherlist - * for all enabled protocols. - */ - if (test_cipherlist == 1) { - /* - * ensure that the cipher list are correctly sorted and exit - */ - fprintf(stdout, "Testing cipherlist order only. Ignoring all " - "other options.\n"); - if (do_test_cipherlist() == 0) - EXIT(1); - ret = 0; - goto end; - } - if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) { fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); @@ -3726,33 +3702,3 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, return psk_len; } #endif - -static int do_test_cipherlist(void) -{ -#ifndef OPENSSL_NO_TLS - int i = 0; - const SSL_METHOD *meth; - const SSL_CIPHER *ci, *tci = NULL; - - /* - * This is required because ssltest "cheats" and uses internal headers to - * call functions, thus avoiding auto-init - */ - OPENSSL_init_crypto(0, NULL); - OPENSSL_init_ssl(0, NULL); - - meth = TLS_method(); - tci = NULL; - while ((ci = meth->get_cipher(i++)) != NULL) { - if (tci != NULL) - if (ci->id >= tci->id) { - fprintf(stderr, "testing SSLv3 cipher list order: "); - fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id); - return 0; - } - tci = ci; - } -#endif - - return 1; -} -- cgit v1.2.3