#! /usr/bin/perl
use strict;
use warnings;
use POSIX;
use File::Spec;
use File::Copy;
use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/;
use OpenSSL::Test::Utils;
setup("test_ssl");
$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk,
$no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2,
$no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
anydisabled qw/rsa dsa dh ec srp psk
ssl3 tls1 tls1_1 tls1_2
dtls dtls1 dtls1_2 ct/;
my $no_anytls = alldisabled(available_protocols("tls"));
my $no_anydtls = alldisabled(available_protocols("dtls"));
plan skip_all => "No SSL/TLS/DTLS protocol is support by this OpenSSL build"
if $no_anytls && $no_anydtls;
my $digest = "-sha1";
my @reqcmd = ("openssl", "req");
my @x509cmd = ("openssl", "x509", $digest);
my @verifycmd = ("openssl", "verify");
my $dummycnf = srctop_file("apps", "openssl.cnf");
my $CAkey = "keyCA.ss";
my $CAcert="certCA.ss";
my $CAserial="certCA.srl";
my $CAreq="reqCA.ss";
my $CAconf=srctop_file("test","CAss.cnf");
my $CAreq2="req2CA.ss"; # temp
my $Uconf=srctop_file("test","Uss.cnf");
my $Ukey="keyU.ss";
my $Ureq="reqU.ss";
my $Ucert="certU.ss";
my $Dkey="keyD.ss";
my $Dreq="reqD.ss";
my $Dcert="certD.ss";
my $Ekey="keyE.ss";
my $Ereq="reqE.ss";
my $Ecert="certE.ss";
my $P1conf=srctop_file("test","P1ss.cnf");
my $P1key="keyP1.ss";
my $P1req="reqP1.ss";
my $P1cert="certP1.ss";
my $P1intermediate="tmp_intP1.ss";
my $P2conf=srctop_file("test","P2ss.cnf");
my $P2key="keyP2.ss";
my $P2req="reqP2.ss";
my $P2cert="certP2.ss";
my $P2intermediate="tmp_intP2.ss";
plan tests =>
1 # For testss
+ 1 # For ssltest -test_cipherlist
+ 13 # For the first testssl
+ 16 # For the first testsslproxy
+ 16 # For the second testsslproxy
;
subtest 'test_ss' => sub {
if (testss()) {
open OUT, ">", "intP1.ss";
copy($CAcert, \*OUT); copy($Ucert, \*OUT);
close OUT;
open OUT, ">", "intP2.ss";
copy($CAcert, \*OUT); copy($Ucert, \*OUT); copy($P1cert, \*OUT);
close OUT;
}
};
my $check = ok(run(test(["ssltest","-test_cipherlist"])), "running ssltest");
SKIP: {
skip "ssltest ended with error, skipping the rest", 3
if !$check;
note('test_ssl -- key U');
testssl("keyU.ss", $Ucert, $CAcert);
note('test_ssl -- key P1');
testsslproxy("keyP1.ss", "certP1.ss", "intP1.ss", "AB");
note('test_ssl -- key P2');
testsslproxy("keyP2.ss", "certP2.ss", "intP2.ss", "BC");
}
# -----------
# subtest functions
sub testss {
open RND, ">>", ".rnd";
print RND "string to make the random number generator think it has entropy";
close RND;
my @req_dsa = ("-newkey",
"dsa:".srctop_file("apps", "dsa1024.pem"));
my @req_new;
if ($no_rsa) {
@req_new = @req_dsa;
} else {
@req_new = ("-new");
}
plan tests => 17;
SKIP: {
skip 'failure', 16 unless
ok(run(app([@reqcmd, "-config", $CAconf,
"-out", $CAreq, "-keyout", $CAkey,
@req_new])),
'make cert request');
skip 'failure', 15 unless
ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30",
"-req", "-out", $CAcert, "-signkey", $CAkey,
"-extfile", $CAconf, "-extensions", "v3_ca"],
stdout => "err.ss")),
'convert request into self-signed cert');
skip 'failure', 14 unless
ok(run(app([@x509cmd, "-in", $CAcert,
"-x509toreq", "-signkey", $CAkey, "-out", $CAreq2],
stdout =>