mirror of https://github.com/openssl/openssl
Support disabling any or all TLS or DTLS versions
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
6ada465fb2
commit
6b01bed206
122
Configure
122
Configure
|
@ -820,6 +820,10 @@ my $default_ranlib;
|
||||||
my $perl;
|
my $perl;
|
||||||
my $fips=0;
|
my $fips=0;
|
||||||
|
|
||||||
|
# Known TLS and DTLS protocols
|
||||||
|
my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
|
||||||
|
my @dtls = qw(dtls1 dtls1_2);
|
||||||
|
|
||||||
# Explicitelly known options that are possible to disable. They can
|
# Explicitelly known options that are possible to disable. They can
|
||||||
# be regexps, and will be used like this: /^no-${option}$/
|
# be regexps, and will be used like this: /^no-${option}$/
|
||||||
# For developers: keep it sorted alphabetically
|
# For developers: keep it sorted alphabetically
|
||||||
|
@ -847,6 +851,8 @@ my @disablables = (
|
||||||
"dynamic[-_]engine",
|
"dynamic[-_]engine",
|
||||||
"ec",
|
"ec",
|
||||||
"ec2m",
|
"ec2m",
|
||||||
|
"ecdh",
|
||||||
|
"ecdsa",
|
||||||
"ec_nistp_64_gcc_128",
|
"ec_nistp_64_gcc_128",
|
||||||
"engine",
|
"engine",
|
||||||
"err", # Really???
|
"err", # Really???
|
||||||
|
@ -887,20 +893,22 @@ my @disablables = (
|
||||||
"srtp",
|
"srtp",
|
||||||
"sse2",
|
"sse2",
|
||||||
"ssl",
|
"ssl",
|
||||||
"ssl3",
|
|
||||||
"ssl3-method",
|
|
||||||
"ssl-trace",
|
"ssl-trace",
|
||||||
"static-engine",
|
"static-engine",
|
||||||
"stdio",
|
"stdio",
|
||||||
"store",
|
"store",
|
||||||
"threads",
|
"threads",
|
||||||
"tls",
|
"tls",
|
||||||
"tls1",
|
|
||||||
"unit-test",
|
"unit-test",
|
||||||
"whirlpool",
|
"whirlpool",
|
||||||
"zlib",
|
"zlib",
|
||||||
"zlib-dynamic",
|
"zlib-dynamic",
|
||||||
);
|
);
|
||||||
|
foreach my $proto ((@tls, @dtls))
|
||||||
|
{
|
||||||
|
push(@disablables, $proto);
|
||||||
|
push(@disablables, "$proto-method");
|
||||||
|
}
|
||||||
|
|
||||||
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
|
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
|
||||||
|
|
||||||
|
@ -1000,18 +1008,34 @@ PROCESS_ARGS:
|
||||||
{
|
{
|
||||||
if (!($disabled{$1} eq "experimental"))
|
if (!($disabled{$1} eq "experimental"))
|
||||||
{
|
{
|
||||||
if ($1 eq "ssl")
|
foreach my $proto ((@tls, @dtls))
|
||||||
{
|
{
|
||||||
|
if ($1 eq "$proto-method")
|
||||||
|
{
|
||||||
|
$disabled{"$proto"} = "option($proto-method)";
|
||||||
|
last;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($1 eq "dtls")
|
||||||
|
{
|
||||||
|
foreach my $proto (@dtls)
|
||||||
|
{
|
||||||
|
$disabled{$proto} = "option(dtls)";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
elsif ($1 eq "ssl")
|
||||||
|
{
|
||||||
|
# Last one of its kind
|
||||||
$disabled{"ssl3"} = "option(ssl)";
|
$disabled{"ssl3"} = "option(ssl)";
|
||||||
}
|
}
|
||||||
elsif ($1 eq "tls")
|
elsif ($1 eq "tls")
|
||||||
{
|
{
|
||||||
$disabled{"tls1"} = "option(tls)"
|
# XXX: Tests will fail if all SSL/TLS
|
||||||
}
|
# protocols are disabled.
|
||||||
elsif ($1 eq "ssl3-method")
|
foreach my $proto (@tls)
|
||||||
{
|
{
|
||||||
$disabled{"ssl3-method"} = "option(ssl)";
|
$disabled{$proto} = "option(tls)";
|
||||||
$disabled{"ssl3"} = "option(ssl)";
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -1216,19 +1240,89 @@ if (defined($disabled{"ec"}))
|
||||||
$disabled{"ecdh"} = "forced";
|
$disabled{"ecdh"} = "forced";
|
||||||
}
|
}
|
||||||
|
|
||||||
# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
|
# SSL 3.0 requires MD5 and SHA and either RSA or DSA+DH
|
||||||
if (defined($disabled{"md5"}) || defined($disabled{"sha"})
|
if (defined($disabled{"md5"}) || defined($disabled{"sha"})
|
||||||
|| (defined($disabled{"rsa"})
|
|| (defined($disabled{"rsa"})
|
||||||
&& (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
|
&& (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
|
||||||
{
|
{
|
||||||
$disabled{"ssl3"} = "forced";
|
$disabled{"ssl3"} = "forced";
|
||||||
|
$disabled{"ssl"} = "forced";
|
||||||
|
}
|
||||||
|
|
||||||
|
# (D)TLS 1.0 and TLS 1.1 require MD5 and SHA and either RSA or DSA+DH
|
||||||
|
# or ECDSA + ECDH. (XXX: We don't support PSK-only builds).
|
||||||
|
#
|
||||||
|
if (defined($disabled{"md5"}) || defined($disabled{"sha"})
|
||||||
|
|| (defined($disabled{"rsa"})
|
||||||
|
&& (defined($disabled{"dsa"}) || defined($disabled{"dh"}))
|
||||||
|
&& (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"}))))
|
||||||
|
{
|
||||||
$disabled{"tls1"} = "forced";
|
$disabled{"tls1"} = "forced";
|
||||||
|
$disabled{"dtls1"} = "forced";
|
||||||
|
$disabled{"tls1_1"} = "forced";
|
||||||
|
}
|
||||||
|
|
||||||
|
# (D)TLS 1.2 requires either RSA or DSA+DH or ECDSA + ECDH
|
||||||
|
# So if all are missing, we can't do either TLS or DTLS.
|
||||||
|
# (XXX: We don't support PSK-only builds).
|
||||||
|
#
|
||||||
|
if (defined($disabled{"rsa"})
|
||||||
|
&& (defined($disabled{"dsa"}) || defined($disabled{"dh"}))
|
||||||
|
&& (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"})))
|
||||||
|
{
|
||||||
|
$disabled{"tls"} = "forced";
|
||||||
|
$disabled{"dtls"} = "forced";
|
||||||
|
foreach my $proto ((@tls, @dtls))
|
||||||
|
{
|
||||||
|
$disabled{"$proto"} = "forced";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Avoid protocol support holes. Also disable all versions below N, if version
|
||||||
|
# N is disabled while N+1 is enabled.
|
||||||
|
#
|
||||||
|
my $prev_disabled = 1;
|
||||||
|
my $force_disable = 0;
|
||||||
|
foreach my $proto (reverse(@tls))
|
||||||
|
{
|
||||||
|
if ($force_disable)
|
||||||
|
{
|
||||||
|
$disabled{$proto} = 1;
|
||||||
|
}
|
||||||
|
elsif (! defined($disabled{$proto}))
|
||||||
|
{
|
||||||
|
$prev_disabled = 0;
|
||||||
|
}
|
||||||
|
elsif (! $prev_disabled)
|
||||||
|
{
|
||||||
|
$force_disable = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
my $prev_disabled = 1;
|
||||||
|
my $force_disable = 0;
|
||||||
|
foreach my $proto (reverse(@dtls))
|
||||||
|
{
|
||||||
|
if ($force_disable)
|
||||||
|
{
|
||||||
|
$disabled{$proto} = 1;
|
||||||
|
}
|
||||||
|
elsif (! defined($disabled{$proto}))
|
||||||
|
{
|
||||||
|
$prev_disabled = 0;
|
||||||
|
}
|
||||||
|
elsif (! $prev_disabled)
|
||||||
|
{
|
||||||
|
$force_disable = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (defined($disabled{"dgram"}))
|
if (defined($disabled{"dgram"}))
|
||||||
{
|
{
|
||||||
$disabled{"dtls"} = "forced";
|
$disabled{"dtls"} = "forced";
|
||||||
}
|
$disabled{"dtls1"} = "forced";
|
||||||
|
$disabled{"dtls1_2"} = "forced";
|
||||||
|
}
|
||||||
|
|
||||||
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|
||||||
|| defined($disabled{"dh"}) || defined($disabled{"stdio"}))
|
|| defined($disabled{"dh"}) || defined($disabled{"stdio"}))
|
||||||
|
|
|
@ -78,15 +78,21 @@ OPTIONS ciphers_options[] = {
|
||||||
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
|
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
|
||||||
{"V", OPT_UPPER_V, '-', "Even more verbose"},
|
{"V", OPT_UPPER_V, '-', "Even more verbose"},
|
||||||
{"s", OPT_S, '-', "Only supported ciphers"},
|
{"s", OPT_S, '-', "Only supported ciphers"},
|
||||||
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
|
|
||||||
{"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
|
|
||||||
{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
|
|
||||||
#ifndef OPENSSL_NO_SSL_TRACE
|
|
||||||
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
|
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
|
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
|
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
|
{"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
|
{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_SSL_TRACE
|
||||||
|
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_PSK
|
#ifndef OPENSSL_NO_PSK
|
||||||
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
|
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
|
||||||
#endif
|
#endif
|
||||||
|
@ -153,13 +159,19 @@ int ciphers_main(int argc, char **argv)
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1:
|
case OPT_TLS1:
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
meth = TLSv1_client_method();
|
meth = TLSv1_client_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1_1:
|
case OPT_TLS1_1:
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
meth = TLSv1_1_client_method();
|
meth = TLSv1_1_client_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1_2:
|
case OPT_TLS1_2:
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
meth = TLSv1_2_client_method();
|
meth = TLSv1_2_client_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_PSK:
|
case OPT_PSK:
|
||||||
#ifndef OPENSSL_NO_PSK
|
#ifndef OPENSSL_NO_PSK
|
||||||
|
|
|
@ -754,6 +754,12 @@ static void list_disabled(void)
|
||||||
#if defined(OPENSSL_NO_DTLS)
|
#if defined(OPENSSL_NO_DTLS)
|
||||||
BIO_puts(bio_out, "DTLS\n");
|
BIO_puts(bio_out, "DTLS\n");
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(OPENSSL_NO_DTLS1)
|
||||||
|
BIO_puts(bio_out, "DTLS1\n");
|
||||||
|
#endif
|
||||||
|
#if defined(OPENSSL_NO_DTLS1_2)
|
||||||
|
BIO_puts(bio_out, "DTLS1_2\n");
|
||||||
|
#endif
|
||||||
#ifdef OPENSSL_NO_EC
|
#ifdef OPENSSL_NO_EC
|
||||||
BIO_puts(bio_out, "EC\n");
|
BIO_puts(bio_out, "EC\n");
|
||||||
#endif
|
#endif
|
||||||
|
@ -835,9 +841,24 @@ static void list_disabled(void)
|
||||||
#ifdef OPENSSL_NO_SRTP
|
#ifdef OPENSSL_NO_SRTP
|
||||||
BIO_puts(bio_out, "SRTP\n");
|
BIO_puts(bio_out, "SRTP\n");
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_NO_SSL
|
||||||
|
BIO_puts(bio_out, "SSL\n");
|
||||||
|
#endif
|
||||||
#ifdef OPENSSL_NO_SSL3
|
#ifdef OPENSSL_NO_SSL3
|
||||||
BIO_puts(bio_out, "SSL3\n");
|
BIO_puts(bio_out, "SSL3\n");
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(OPENSSL_NO_TLS)
|
||||||
|
BIO_puts(bio_out, "TLS\n");
|
||||||
|
#endif
|
||||||
|
#ifdef OPENSSL_NO_TLS1
|
||||||
|
BIO_puts(bio_out, "TLS1\n");
|
||||||
|
#endif
|
||||||
|
#ifdef OPENSSL_NO_TLS1_1
|
||||||
|
BIO_puts(bio_out, "TLS1_1\n");
|
||||||
|
#endif
|
||||||
|
#ifdef OPENSSL_NO_TLS1_2
|
||||||
|
BIO_puts(bio_out, "TLS1_2\n");
|
||||||
|
#endif
|
||||||
#ifdef OPENSSL_NO_WHIRLPOOL
|
#ifdef OPENSSL_NO_WHIRLPOOL
|
||||||
BIO_puts(bio_out, "WHIRLPOOL\n");
|
BIO_puts(bio_out, "WHIRLPOOL\n");
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -675,9 +675,6 @@ OPTIONS s_client_options[] = {
|
||||||
{"quiet", OPT_QUIET, '-', "No s_client output"},
|
{"quiet", OPT_QUIET, '-', "No s_client output"},
|
||||||
{"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
|
{"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
|
||||||
{"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
|
{"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
|
||||||
{"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
|
|
||||||
{"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
|
|
||||||
{"tls1", OPT_TLS1, '-', "Just use TLSv1"},
|
|
||||||
{"starttls", OPT_STARTTLS, 's',
|
{"starttls", OPT_STARTTLS, 's',
|
||||||
"Use the appropriate STARTTLS command before starting TLS"},
|
"Use the appropriate STARTTLS command before starting TLS"},
|
||||||
{"xmpphost", OPT_XMPPHOST, 's',
|
{"xmpphost", OPT_XMPPHOST, 's',
|
||||||
|
@ -727,13 +724,26 @@ OPTIONS s_client_options[] = {
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
|
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
|
{"tls1", OPT_TLS1, '-', "Just use TLSv1"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
|
{"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
|
{"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_DTLS
|
#ifndef OPENSSL_NO_DTLS
|
||||||
{"dtls", OPT_DTLS, '-'},
|
{"dtls", OPT_DTLS, '-'},
|
||||||
{"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
|
|
||||||
{"dtls1_2", OPT_DTLS1_2, '-'},
|
|
||||||
{"timeout", OPT_TIMEOUT, '-'},
|
{"timeout", OPT_TIMEOUT, '-'},
|
||||||
{"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
|
{"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
|
{"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
|
{"dtls1_2", OPT_DTLS1_2, '-'},
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_SSL_TRACE
|
#ifndef OPENSSL_NO_SSL_TRACE
|
||||||
{"trace", OPT_TRACE, '-'},
|
{"trace", OPT_TRACE, '-'},
|
||||||
#endif
|
#endif
|
||||||
|
@ -1108,41 +1118,48 @@ int s_client_main(int argc, char **argv)
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1_2:
|
case OPT_TLS1_2:
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
meth = TLSv1_2_client_method();
|
meth = TLSv1_2_client_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1_1:
|
case OPT_TLS1_1:
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
meth = TLSv1_1_client_method();
|
meth = TLSv1_1_client_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1:
|
case OPT_TLS1:
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
meth = TLSv1_client_method();
|
meth = TLSv1_client_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
#ifndef OPENSSL_NO_DTLS
|
|
||||||
case OPT_DTLS:
|
case OPT_DTLS:
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
meth = DTLS_client_method();
|
meth = DTLS_client_method();
|
||||||
socket_type = SOCK_DGRAM;
|
socket_type = SOCK_DGRAM;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_DTLS1:
|
case OPT_DTLS1:
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
meth = DTLSv1_client_method();
|
meth = DTLSv1_client_method();
|
||||||
socket_type = SOCK_DGRAM;
|
socket_type = SOCK_DGRAM;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_DTLS1_2:
|
case OPT_DTLS1_2:
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
meth = DTLSv1_2_client_method();
|
meth = DTLSv1_2_client_method();
|
||||||
socket_type = SOCK_DGRAM;
|
socket_type = SOCK_DGRAM;
|
||||||
break;
|
|
||||||
case OPT_TIMEOUT:
|
|
||||||
enable_timeouts = 1;
|
|
||||||
break;
|
|
||||||
case OPT_MTU:
|
|
||||||
socket_mtu = atol(opt_arg());
|
|
||||||
break;
|
|
||||||
#else
|
|
||||||
case OPT_DTLS:
|
|
||||||
case OPT_DTLS1:
|
|
||||||
case OPT_DTLS1_2:
|
|
||||||
case OPT_TIMEOUT:
|
|
||||||
case OPT_MTU:
|
|
||||||
break;
|
|
||||||
#endif
|
#endif
|
||||||
|
break;
|
||||||
|
case OPT_TIMEOUT:
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
|
enable_timeouts = 1;
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
case OPT_MTU:
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
|
socket_mtu = atol(opt_arg());
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
case OPT_FALLBACKSCSV:
|
case OPT_FALLBACKSCSV:
|
||||||
fallback_scsv = 1;
|
fallback_scsv = 1;
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -863,9 +863,6 @@ OPTIONS s_server_options[] = {
|
||||||
"Do not load certificates from the default certificates directory"},
|
"Do not load certificates from the default certificates directory"},
|
||||||
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
|
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
|
||||||
{"quiet", OPT_QUIET, '-', "No server output"},
|
{"quiet", OPT_QUIET, '-', "No server output"},
|
||||||
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
|
|
||||||
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
|
|
||||||
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
|
|
||||||
{"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
|
{"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
|
||||||
"Disable caching and tickets if ephemeral (EC)DH is used"},
|
"Disable caching and tickets if ephemeral (EC)DH is used"},
|
||||||
{"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
|
{"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
|
||||||
|
@ -937,16 +934,29 @@ OPTIONS s_server_options[] = {
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
{"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
|
{"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
|
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
|
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
|
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_DTLS
|
#ifndef OPENSSL_NO_DTLS
|
||||||
{"dtls", OPT_DTLS, '-'},
|
{"dtls", OPT_DTLS, '-'},
|
||||||
{"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
|
|
||||||
{"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
|
|
||||||
{"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
|
{"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
|
||||||
{"mtu", OPT_MTU, 'p', "Set link layer MTU"},
|
{"mtu", OPT_MTU, 'p', "Set link layer MTU"},
|
||||||
{"chain", OPT_CHAIN, '-', "Read a certificate chain"},
|
{"chain", OPT_CHAIN, '-', "Read a certificate chain"},
|
||||||
{"listen", OPT_LISTEN, '-',
|
{"listen", OPT_LISTEN, '-',
|
||||||
"Listen for a DTLS ClientHello with a cookie and then connect"},
|
"Listen for a DTLS ClientHello with a cookie and then connect"},
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
|
{"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
|
{"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_DH
|
#ifndef OPENSSL_NO_DH
|
||||||
{"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
|
{"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
|
||||||
#endif
|
#endif
|
||||||
|
@ -1039,19 +1049,6 @@ int s_server_main(int argc, char *argv[])
|
||||||
prog = opt_init(argc, argv, s_server_options);
|
prog = opt_init(argc, argv, s_server_options);
|
||||||
while ((o = opt_next()) != OPT_EOF) {
|
while ((o = opt_next()) != OPT_EOF) {
|
||||||
switch (o) {
|
switch (o) {
|
||||||
#ifdef OPENSSL_NO_PSK
|
|
||||||
case OPT_PSK_HINT:
|
|
||||||
case OPT_PSK:
|
|
||||||
#endif
|
|
||||||
#ifdef OPENSSL_NO_DTLS
|
|
||||||
case OPT_DTLS:
|
|
||||||
case OPT_DTLS1:
|
|
||||||
case OPT_DTLS1_2:
|
|
||||||
case OPT_TIMEOUT:
|
|
||||||
case OPT_MTU:
|
|
||||||
case OPT_CHAIN:
|
|
||||||
case OPT_LISTEN:
|
|
||||||
#endif
|
|
||||||
case OPT_EOF:
|
case OPT_EOF:
|
||||||
case OPT_ERR:
|
case OPT_ERR:
|
||||||
opthelp:
|
opthelp:
|
||||||
|
@ -1299,33 +1296,33 @@ int s_server_main(int argc, char *argv[])
|
||||||
case OPT_NO_RESUME_EPHEMERAL:
|
case OPT_NO_RESUME_EPHEMERAL:
|
||||||
no_resume_ephemeral = 1;
|
no_resume_ephemeral = 1;
|
||||||
break;
|
break;
|
||||||
#ifndef OPENSSL_NO_PSK
|
|
||||||
case OPT_PSK_HINT:
|
case OPT_PSK_HINT:
|
||||||
|
#ifndef OPENSSL_NO_PSK
|
||||||
psk_identity_hint = opt_arg();
|
psk_identity_hint = opt_arg();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_PSK:
|
case OPT_PSK:
|
||||||
|
#ifndef OPENSSL_NO_PSK
|
||||||
for (p = psk_key = opt_arg(); *p; p++) {
|
for (p = psk_key = opt_arg(); *p; p++) {
|
||||||
if (isxdigit(*p))
|
if (isxdigit(*p))
|
||||||
continue;
|
continue;
|
||||||
BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
|
BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
break;
|
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_SRP
|
break;
|
||||||
case OPT_SRPVFILE:
|
case OPT_SRPVFILE:
|
||||||
|
#ifndef OPENSSL_NO_SRP
|
||||||
srp_verifier_file = opt_arg();
|
srp_verifier_file = opt_arg();
|
||||||
meth = TLSv1_server_method();
|
meth = TLSv1_server_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_SRPUSERSEED:
|
case OPT_SRPUSERSEED:
|
||||||
|
#ifndef OPENSSL_NO_SRP
|
||||||
srpuserseed = opt_arg();
|
srpuserseed = opt_arg();
|
||||||
meth = TLSv1_server_method();
|
meth = TLSv1_server_method();
|
||||||
break;
|
|
||||||
#else
|
|
||||||
case OPT_SRPVFILE:
|
|
||||||
case OPT_SRPUSERSEED:
|
|
||||||
break;
|
|
||||||
#endif
|
#endif
|
||||||
|
break;
|
||||||
case OPT_REV:
|
case OPT_REV:
|
||||||
rev = 1;
|
rev = 1;
|
||||||
break;
|
break;
|
||||||
|
@ -1347,40 +1344,58 @@ int s_server_main(int argc, char *argv[])
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1_2:
|
case OPT_TLS1_2:
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
meth = TLSv1_2_server_method();
|
meth = TLSv1_2_server_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1_1:
|
case OPT_TLS1_1:
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
meth = TLSv1_1_server_method();
|
meth = TLSv1_1_server_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TLS1:
|
case OPT_TLS1:
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
meth = TLSv1_server_method();
|
meth = TLSv1_server_method();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
#ifndef OPENSSL_NO_DTLS
|
|
||||||
case OPT_DTLS:
|
case OPT_DTLS:
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
meth = DTLS_server_method();
|
meth = DTLS_server_method();
|
||||||
socket_type = SOCK_DGRAM;
|
socket_type = SOCK_DGRAM;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_DTLS1:
|
case OPT_DTLS1:
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
meth = DTLSv1_server_method();
|
meth = DTLSv1_server_method();
|
||||||
socket_type = SOCK_DGRAM;
|
socket_type = SOCK_DGRAM;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_DTLS1_2:
|
case OPT_DTLS1_2:
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
meth = DTLSv1_2_server_method();
|
meth = DTLSv1_2_server_method();
|
||||||
socket_type = SOCK_DGRAM;
|
socket_type = SOCK_DGRAM;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_TIMEOUT:
|
case OPT_TIMEOUT:
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
enable_timeouts = 1;
|
enable_timeouts = 1;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_MTU:
|
case OPT_MTU:
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
socket_mtu = atol(opt_arg());
|
socket_mtu = atol(opt_arg());
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_CHAIN:
|
case OPT_CHAIN:
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
cert_chain = 1;
|
cert_chain = 1;
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case OPT_LISTEN:
|
case OPT_LISTEN:
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
dtlslisten = 1;
|
dtlslisten = 1;
|
||||||
break;
|
|
||||||
#endif
|
#endif
|
||||||
|
break;
|
||||||
case OPT_ID_PREFIX:
|
case OPT_ID_PREFIX:
|
||||||
session_id_prefix = opt_arg();
|
session_id_prefix = opt_arg();
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -121,12 +121,18 @@ static const SSL_METHOD *tls1_get_method(int ver)
|
||||||
{
|
{
|
||||||
if (ver == TLS_ANY_VERSION)
|
if (ver == TLS_ANY_VERSION)
|
||||||
return TLS_method();
|
return TLS_method();
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
if (ver == TLS1_2_VERSION)
|
if (ver == TLS1_2_VERSION)
|
||||||
return TLSv1_2_method();
|
return TLSv1_2_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
if (ver == TLS1_1_VERSION)
|
if (ver == TLS1_1_VERSION)
|
||||||
return TLSv1_1_method();
|
return TLSv1_1_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
if (ver == TLS1_VERSION)
|
if (ver == TLS1_VERSION)
|
||||||
return TLSv1_method();
|
return TLSv1_method();
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
if (ver == SSL3_VERSION)
|
if (ver == SSL3_VERSION)
|
||||||
return (SSLv3_method());
|
return (SSLv3_method());
|
||||||
|
@ -140,20 +146,26 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ossl_statem_connect, tls1_get_method, TLSv1_2_enc_data)
|
ossl_statem_connect, tls1_get_method, TLSv1_2_enc_data)
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
||||||
TLSv1_2_method,
|
TLSv1_2_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ossl_statem_connect, tls1_get_method, TLSv1_2_enc_data)
|
ossl_statem_connect, tls1_get_method, TLSv1_2_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
||||||
TLSv1_1_method,
|
TLSv1_1_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ossl_statem_connect, tls1_get_method, TLSv1_1_enc_data)
|
ossl_statem_connect, tls1_get_method, TLSv1_1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
||||||
TLSv1_method,
|
TLSv1_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ossl_statem_connect, tls1_get_method, TLSv1_enc_data)
|
ossl_statem_connect, tls1_get_method, TLSv1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||||
IMPLEMENT_ssl3_meth_func(SSLv3_method, ossl_statem_accept, ossl_statem_connect,
|
IMPLEMENT_ssl3_meth_func(SSLv3_method, ossl_statem_accept, ossl_statem_connect,
|
||||||
|
@ -169,12 +181,18 @@ static const SSL_METHOD *tls1_get_server_method(int ver)
|
||||||
{
|
{
|
||||||
if (ver == TLS_ANY_VERSION)
|
if (ver == TLS_ANY_VERSION)
|
||||||
return TLS_server_method();
|
return TLS_server_method();
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
if (ver == TLS1_2_VERSION)
|
if (ver == TLS1_2_VERSION)
|
||||||
return TLSv1_2_server_method();
|
return TLSv1_2_server_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
if (ver == TLS1_1_VERSION)
|
if (ver == TLS1_1_VERSION)
|
||||||
return TLSv1_1_server_method();
|
return TLSv1_1_server_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
if (ver == TLS1_VERSION)
|
if (ver == TLS1_VERSION)
|
||||||
return TLSv1_server_method();
|
return TLSv1_server_method();
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
if (ver == SSL3_VERSION)
|
if (ver == SSL3_VERSION)
|
||||||
return (SSLv3_server_method());
|
return (SSLv3_server_method());
|
||||||
|
@ -188,23 +206,29 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
tls1_get_server_method, TLSv1_2_enc_data)
|
tls1_get_server_method, TLSv1_2_enc_data)
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
||||||
TLSv1_2_server_method,
|
TLSv1_2_server_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
tls1_get_server_method, TLSv1_2_enc_data)
|
tls1_get_server_method, TLSv1_2_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
||||||
TLSv1_1_server_method,
|
TLSv1_1_server_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
tls1_get_server_method, TLSv1_1_enc_data)
|
tls1_get_server_method, TLSv1_1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
||||||
TLSv1_server_method,
|
TLSv1_server_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
tls1_get_server_method, TLSv1_enc_data)
|
tls1_get_server_method, TLSv1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||||
IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
|
IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
|
||||||
|
@ -221,12 +245,18 @@ static const SSL_METHOD *tls1_get_client_method(int ver)
|
||||||
{
|
{
|
||||||
if (ver == TLS_ANY_VERSION)
|
if (ver == TLS_ANY_VERSION)
|
||||||
return TLS_client_method();
|
return TLS_client_method();
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
if (ver == TLS1_2_VERSION)
|
if (ver == TLS1_2_VERSION)
|
||||||
return TLSv1_2_client_method();
|
return TLSv1_2_client_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
if (ver == TLS1_1_VERSION)
|
if (ver == TLS1_1_VERSION)
|
||||||
return TLSv1_1_client_method();
|
return TLSv1_1_client_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
if (ver == TLS1_VERSION)
|
if (ver == TLS1_VERSION)
|
||||||
return TLSv1_client_method();
|
return TLSv1_client_method();
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
if (ver == SSL3_VERSION)
|
if (ver == SSL3_VERSION)
|
||||||
return (SSLv3_client_method());
|
return (SSLv3_client_method());
|
||||||
|
@ -240,23 +270,29 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
tls1_get_client_method, TLSv1_2_enc_data)
|
tls1_get_client_method, TLSv1_2_enc_data)
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
|
||||||
TLSv1_2_client_method,
|
TLSv1_2_client_method,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
tls1_get_client_method, TLSv1_2_enc_data)
|
tls1_get_client_method, TLSv1_2_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
|
||||||
TLSv1_1_client_method,
|
TLSv1_1_client_method,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
tls1_get_client_method, TLSv1_1_enc_data)
|
tls1_get_client_method, TLSv1_1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_METHOD
|
||||||
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
|
||||||
TLSv1_client_method,
|
TLSv1_client_method,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
tls1_get_client_method, TLSv1_enc_data)
|
tls1_get_client_method, TLSv1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||||
IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
|
IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
|
||||||
|
@ -272,25 +308,33 @@ static const SSL_METHOD *dtls1_get_method(int ver)
|
||||||
{
|
{
|
||||||
if (ver == DTLS_ANY_VERSION)
|
if (ver == DTLS_ANY_VERSION)
|
||||||
return DTLS_method();
|
return DTLS_method();
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
else if (ver == DTLS1_VERSION)
|
else if (ver == DTLS1_VERSION)
|
||||||
return DTLSv1_method();
|
return DTLSv1_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
else if (ver == DTLS1_2_VERSION)
|
else if (ver == DTLS1_2_VERSION)
|
||||||
return DTLSv1_2_method();
|
return DTLSv1_2_method();
|
||||||
|
#endif
|
||||||
else
|
else
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
||||||
DTLSv1_method,
|
DTLSv1_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
dtls1_get_method, DTLSv1_enc_data)
|
dtls1_get_method, DTLSv1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
||||||
DTLSv1_2_method,
|
DTLSv1_2_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
dtls1_get_method, DTLSv1_2_enc_data)
|
dtls1_get_method, DTLSv1_2_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
||||||
DTLS_method,
|
DTLS_method,
|
||||||
|
@ -298,7 +342,6 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
dtls1_get_method, DTLSv1_2_enc_data)
|
dtls1_get_method, DTLSv1_2_enc_data)
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* DTLS server methods
|
* DTLS server methods
|
||||||
*/
|
*/
|
||||||
|
@ -307,25 +350,33 @@ static const SSL_METHOD *dtls1_get_server_method(int ver)
|
||||||
{
|
{
|
||||||
if (ver == DTLS_ANY_VERSION)
|
if (ver == DTLS_ANY_VERSION)
|
||||||
return DTLS_server_method();
|
return DTLS_server_method();
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
else if (ver == DTLS1_VERSION)
|
else if (ver == DTLS1_VERSION)
|
||||||
return DTLSv1_server_method();
|
return DTLSv1_server_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
else if (ver == DTLS1_2_VERSION)
|
else if (ver == DTLS1_2_VERSION)
|
||||||
return DTLSv1_2_server_method();
|
return DTLSv1_2_server_method();
|
||||||
|
#endif
|
||||||
else
|
else
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
||||||
DTLSv1_server_method,
|
DTLSv1_server_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
dtls1_get_server_method, DTLSv1_enc_data)
|
dtls1_get_server_method, DTLSv1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
||||||
DTLSv1_2_server_method,
|
DTLSv1_2_server_method,
|
||||||
ossl_statem_accept,
|
ossl_statem_accept,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
dtls1_get_server_method, DTLSv1_2_enc_data)
|
dtls1_get_server_method, DTLSv1_2_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
||||||
DTLS_server_method,
|
DTLS_server_method,
|
||||||
|
@ -342,25 +393,33 @@ static const SSL_METHOD *dtls1_get_client_method(int ver)
|
||||||
{
|
{
|
||||||
if (ver == DTLS_ANY_VERSION)
|
if (ver == DTLS_ANY_VERSION)
|
||||||
return DTLS_client_method();
|
return DTLS_client_method();
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
else if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
|
else if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
|
||||||
return DTLSv1_client_method();
|
return DTLSv1_client_method();
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
else if (ver == DTLS1_2_VERSION)
|
else if (ver == DTLS1_2_VERSION)
|
||||||
return DTLSv1_2_client_method();
|
return DTLSv1_2_client_method();
|
||||||
|
#endif
|
||||||
else
|
else
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_METHOD
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
|
||||||
DTLSv1_client_method,
|
DTLSv1_client_method,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
dtls1_get_client_method, DTLSv1_enc_data)
|
dtls1_get_client_method, DTLSv1_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2_METHOD
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
|
||||||
DTLSv1_2_client_method,
|
DTLSv1_2_client_method,
|
||||||
ssl_undefined_function,
|
ssl_undefined_function,
|
||||||
ossl_statem_connect,
|
ossl_statem_connect,
|
||||||
dtls1_get_client_method, DTLSv1_2_enc_data)
|
dtls1_get_client_method, DTLSv1_2_enc_data)
|
||||||
|
#endif
|
||||||
|
|
||||||
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
|
||||||
DTLS_client_method,
|
DTLS_client_method,
|
||||||
|
|
|
@ -727,11 +727,25 @@ typedef struct {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static const version_info tls_version_table[] = {
|
static const version_info tls_version_table[] = {
|
||||||
|
#ifndef OPENSSL_NO_TLS1_2
|
||||||
{ TLS1_2_VERSION, TLSv1_2_client_method, TLSv1_2_server_method },
|
{ TLS1_2_VERSION, TLSv1_2_client_method, TLSv1_2_server_method },
|
||||||
|
#else
|
||||||
|
{ TLS1_2_VERSION, NULL, NULL },
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1_1
|
||||||
{ TLS1_1_VERSION, TLSv1_1_client_method, TLSv1_1_server_method },
|
{ TLS1_1_VERSION, TLSv1_1_client_method, TLSv1_1_server_method },
|
||||||
|
#else
|
||||||
|
{ TLS1_1_VERSION, NULL, NULL },
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
{ TLS1_VERSION, TLSv1_client_method, TLSv1_server_method },
|
{ TLS1_VERSION, TLSv1_client_method, TLSv1_server_method },
|
||||||
|
#else
|
||||||
|
{ TLS1_VERSION, NULL, NULL },
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
{ SSL3_VERSION, SSLv3_client_method, SSLv3_server_method },
|
{ SSL3_VERSION, SSLv3_client_method, SSLv3_server_method },
|
||||||
|
#else
|
||||||
|
{ SSL3_VERSION, NULL, NULL },
|
||||||
#endif
|
#endif
|
||||||
{ 0, NULL, NULL },
|
{ 0, NULL, NULL },
|
||||||
};
|
};
|
||||||
|
@ -741,8 +755,16 @@ static const version_info tls_version_table[] = {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static const version_info dtls_version_table[] = {
|
static const version_info dtls_version_table[] = {
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
{ DTLS1_2_VERSION, DTLSv1_2_client_method, DTLSv1_2_server_method },
|
{ DTLS1_2_VERSION, DTLSv1_2_client_method, DTLSv1_2_server_method },
|
||||||
|
#else
|
||||||
|
{ DTLS1_2_VERSION, NULL, NULL },
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
{ DTLS1_VERSION, DTLSv1_client_method, DTLSv1_server_method },
|
{ DTLS1_VERSION, DTLSv1_client_method, DTLSv1_server_method },
|
||||||
|
#else
|
||||||
|
{ DTLS1_VERSION, NULL, NULL },
|
||||||
|
#endif
|
||||||
{ 0, NULL, NULL },
|
{ 0, NULL, NULL },
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -11,8 +11,12 @@ use OpenSSL::Test::Utils;
|
||||||
|
|
||||||
setup("test_ssl");
|
setup("test_ssl");
|
||||||
|
|
||||||
my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk, $no_ssl3, $no_dtls) =
|
my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk,
|
||||||
disabled qw/rsa dsa dh ec srp psk ssl3 dtls/;
|
$no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2,
|
||||||
|
$no_dtls, $no_dtls1, $no_dtls1_2) =
|
||||||
|
disabled qw/rsa dsa dh ec srp psk
|
||||||
|
ssl3 tls1 tls1_1 tls1_2
|
||||||
|
dtls dtls1 dtls1_2/;
|
||||||
|
|
||||||
my $digest = "-sha1";
|
my $digest = "-sha1";
|
||||||
my @reqcmd = ("openssl", "req");
|
my @reqcmd = ("openssl", "req");
|
||||||
|
@ -55,7 +59,7 @@ my $P2intermediate="tmp_intP2.ss";
|
||||||
plan tests =>
|
plan tests =>
|
||||||
1 # For testss
|
1 # For testss
|
||||||
+ 1 # For ssltest -test_cipherlist
|
+ 1 # For ssltest -test_cipherlist
|
||||||
+ 9 # For the first testssl
|
+ 10 # For the first testssl
|
||||||
+ 16 # For the first testsslproxy
|
+ 16 # For the first testsslproxy
|
||||||
+ 16 # For the second testsslproxy
|
+ 16 # For the second testsslproxy
|
||||||
;
|
;
|
||||||
|
@ -316,7 +320,7 @@ sub testssl {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# plan tests => 9;
|
# plan tests => 10;
|
||||||
|
|
||||||
subtest 'standard SSL tests' => sub {
|
subtest 'standard SSL tests' => sub {
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -407,7 +411,9 @@ sub testssl {
|
||||||
push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss";
|
push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss";
|
||||||
}
|
}
|
||||||
|
|
||||||
my @protocols = ("TLSv1.2", "SSLv3");
|
my @protocols = ();
|
||||||
|
push(@protocols, "TLSv1.2") unless $no_tls1_2;
|
||||||
|
push(@protocols, "SSLv3") unless $no_ssl3;
|
||||||
my $protocolciphersuitcount = 0;
|
my $protocolciphersuitcount = 0;
|
||||||
my %ciphersuites =
|
my %ciphersuites =
|
||||||
map { my @c =
|
map { my @c =
|
||||||
|
@ -568,514 +574,98 @@ sub testssl {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
subtest 'Version min/max tests' => sub {
|
subtest 'TLS Version min/max tests' => sub {
|
||||||
|
my @protos;
|
||||||
|
push(@protos, "ssl3") unless $no_ssl3;
|
||||||
|
push(@protos, "tls1") unless $no_tls1;
|
||||||
|
push(@protos, "tls1.1") unless $no_tls1_1;
|
||||||
|
push(@protos, "tls1.2") unless $no_tls1_2;
|
||||||
|
my @minprotos = (undef, @protos);
|
||||||
|
my @maxprotos = (@protos, undef);
|
||||||
|
my @shdprotos = (@protos, $protos[$#protos]);
|
||||||
|
my $n = ((@protos+2) * (@protos+3))/2 - 2;
|
||||||
|
my $ntests = $n * $n;
|
||||||
|
plan tests => $ntests;
|
||||||
|
skip "TLS disabled", 1 if $ntests == 1;
|
||||||
|
|
||||||
plan tests => 425;
|
my $should;
|
||||||
|
for (my $smin = 0; $smin < @minprotos; ++$smin) {
|
||||||
|
for (my $smax = $smin ? $smin - 1 : 0; $smax < @maxprotos; ++$smax) {
|
||||||
|
for (my $cmin = 0; $cmin < @minprotos; ++$cmin) {
|
||||||
|
for (my $cmax = $cmin ? $cmin - 1 : 0; $cmax < @maxprotos; ++$cmax) {
|
||||||
|
if ($cmax < $smin-1) {
|
||||||
|
$should = "fail-server";
|
||||||
|
} elsif ($smax < $cmin-1) {
|
||||||
|
$should = "fail-client";
|
||||||
|
} elsif ($cmax > $smax) {
|
||||||
|
$should = $shdprotos[$smax];
|
||||||
|
} else {
|
||||||
|
$should = $shdprotos[$cmax];
|
||||||
|
}
|
||||||
|
|
||||||
SKIP : {
|
my @args = @ssltest;
|
||||||
skip "ssl3 disabled", 76 if $no_ssl3;
|
push(@args, "-should_negotiate", $should);
|
||||||
|
push(@args, "-server_min_proto", $minprotos[$smin])
|
||||||
|
if (defined($minprotos[$smin]));
|
||||||
|
push(@args, "-server_max_proto", $maxprotos[$smax])
|
||||||
|
if (defined($maxprotos[$smax]));
|
||||||
|
push(@args, "-client_min_proto", $minprotos[$cmin])
|
||||||
|
if (defined($minprotos[$cmin]));
|
||||||
|
push(@args, "-client_max_proto", $maxprotos[$cmax])
|
||||||
|
if (defined($maxprotos[$cmax]));
|
||||||
|
my $ok = run(test[@args]);
|
||||||
|
if (! $ok) {
|
||||||
|
print STDERR "\nsmin=$smin, smax=$smax, cmin=$cmin, cmax=$cmax\n";
|
||||||
|
print STDERR "\nFailed: @args\n";
|
||||||
|
}
|
||||||
|
ok($ok);
|
||||||
|
}}}}
|
||||||
|
};
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
subtest 'DTLS Version min/max tests' => sub {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "ssl3"])));
|
my @protos;
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "ssl3"])));
|
push(@protos, "dtls1") unless ($no_dtls1 || $no_dtls);
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "ssl3"])));
|
push(@protos, "dtls1.2") unless ($no_dtls1_2 || $no_dtls);
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "fail-client"])));
|
my @minprotos = (undef, @protos);
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
my @maxprotos = (@protos, undef);
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
my @shdprotos = (@protos, $protos[$#protos]);
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
my $n = ((@protos+2) * (@protos+3))/2 - 2;
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
my $ntests = $n * $n;
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
plan tests => $ntests;
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
skip "DTLS disabled", 1 if $ntests == 1;
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_min_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
my $should;
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
for (my $smin = 0; $smin < @minprotos; ++$smin) {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
for (my $smax = $smin ? $smin - 1 : 0; $smax < @maxprotos; ++$smax) {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
for (my $cmin = 0; $cmin < @minprotos; ++$cmin) {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
for (my $cmax = $cmin ? $cmin - 1 : 0; $cmax < @maxprotos; ++$cmax) {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
if ($cmax < $smin-1) {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
$should = "fail-server";
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
} elsif ($smax < $cmin-1) {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
$should = "fail-client";
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
} elsif ($cmax > $smax) {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1"])));
|
$should = $shdprotos[$smax];
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-should_negotiate", "tls1"])));
|
} else {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
$should = $shdprotos[$cmax];
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_min_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
}
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
my @args = (@ssltest, "-dtls");
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
push(@args, "-should_negotiate", $should);
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
push(@args, "-server_min_proto", $minprotos[$smin])
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
if (defined($minprotos[$smin]));
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
push(@args, "-server_max_proto", $maxprotos[$smax])
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
if (defined($maxprotos[$smax]));
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
push(@args, "-client_min_proto", $minprotos[$cmin])
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
if (defined($minprotos[$cmin]));
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
push(@args, "-client_max_proto", $maxprotos[$cmax])
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
if (defined($maxprotos[$cmax]));
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.1"])));
|
my $ok = run(test[@args]);
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-should_negotiate", "tls1.1"])));
|
if (! $ok) {
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
print STDERR "\nsmin=$smin, smax=$smax, cmin=$cmin, cmax=$cmax\n";
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
print STDERR "\nFailed: @args\n";
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
}
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
ok($ok);
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
}}}}
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-server_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
}
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-server_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-server_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_max_proto", "ssl3", "-should_negotiate", "fail-server"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_max_proto", "tls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 19 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_min_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
}
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1.1", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_min_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_min_proto", "tls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-server_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "ssl3 disabled", 6 if $no_ssl3;
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "ssl3", "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "ssl3", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "ssl3", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "ssl3", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "ssl3", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-client_max_proto", "ssl3", "-should_negotiate", "ssl3"])));
|
|
||||||
}
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1", "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1.1", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1.2", "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1.1", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-client_min_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-client_max_proto", "tls1", "-should_negotiate", "tls1"])));
|
|
||||||
ok(run(test([@ssltest, "-client_max_proto", "tls1.1", "-should_negotiate", "tls1.1"])));
|
|
||||||
ok(run(test([@ssltest, "-client_max_proto", "tls1.2", "-should_negotiate", "tls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-should_negotiate", "tls1.2"])));
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
skip "dtls disabled", 64 if $no_dtls;
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1.2", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-server_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-server_max_proto", "dtls1.2", "-client_max_proto", "dtls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-server_max_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-server_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-client_min_proto", "dtls1.2", "-should_negotiate", "fail-client"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1.2", "-client_min_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1.2", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-client_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-client_min_proto", "dtls1", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-client_min_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1", "-should_negotiate", "dtls1.2"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-client_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-client_min_proto", "dtls1", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-client_min_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-client_max_proto", "dtls1", "-should_negotiate", "fail-server"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-server_min_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-client_min_proto", "dtls1", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-client_min_proto", "dtls1.2", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-client_min_proto", "dtls1", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-client_min_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-client_max_proto", "dtls1", "-should_negotiate", "dtls1"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-client_max_proto", "dtls1.2", "-should_negotiate", "dtls1.2"])));
|
|
||||||
ok(run(test([@ssltest, "-dtls", "-should_negotiate", "dtls1.2"])));
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1140,7 +730,7 @@ sub testsslproxy {
|
||||||
my $auth = $_->[0]->[0];
|
my $auth = $_->[0]->[0];
|
||||||
my $cond = $_->[0]->[1];
|
my $cond = $_->[0]->[1];
|
||||||
my $res = $_->[1];
|
my $res = $_->[1];
|
||||||
is(run(test([@ssltest, "-ssl3", "-server_auth", @CA,
|
is(run(test([@ssltest, "-server_auth", @CA,
|
||||||
"-proxy", "-proxy_auth", $auth,
|
"-proxy", "-proxy_auth", $auth,
|
||||||
"-proxy_cond", $cond])), $res,
|
"-proxy_cond", $cond])), $res,
|
||||||
"test tlsv1, server auth, proxy auth $auth and cond $cond (expect "
|
"test tlsv1, server auth, proxy auth $auth and cond $cond (expect "
|
||||||
|
|
|
@ -776,14 +776,20 @@ static void sv_usage(void)
|
||||||
fprintf(stderr, " -srpuser user - SRP username to use\n");
|
fprintf(stderr, " -srpuser user - SRP username to use\n");
|
||||||
fprintf(stderr, " -srppass arg - password for 'user'\n");
|
fprintf(stderr, " -srppass arg - password for 'user'\n");
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
#ifndef OPENSSL_NO_SSL3
|
||||||
fprintf(stderr, " -ssl3 - use SSLv3\n");
|
fprintf(stderr, " -ssl3 - use SSLv3\n");
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
fprintf(stderr, " -tls1 - use TLSv1\n");
|
fprintf(stderr, " -tls1 - use TLSv1\n");
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_DTLS
|
#ifndef OPENSSL_NO_DTLS
|
||||||
fprintf(stderr, " -dtls - use DTLS\n");
|
fprintf(stderr, " -dtls - use DTLS\n");
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
fprintf(stderr, " -dtls1 - use DTLSv1\n");
|
fprintf(stderr, " -dtls1 - use DTLSv1\n");
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
|
fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
|
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
|
||||||
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
|
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
|
||||||
|
@ -1046,7 +1052,7 @@ int main(int argc, char *argv[])
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
int fips_mode = 0;
|
int fips_mode = 0;
|
||||||
#endif
|
#endif
|
||||||
int no_protocol = 0;
|
int no_protocol;
|
||||||
|
|
||||||
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
|
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
|
||||||
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
|
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
|
||||||
|
@ -1173,24 +1179,12 @@ int main(int argc, char *argv[])
|
||||||
else if (strcmp(*argv, "-tls1") == 0) {
|
else if (strcmp(*argv, "-tls1") == 0) {
|
||||||
tls1 = 1;
|
tls1 = 1;
|
||||||
} else if (strcmp(*argv, "-ssl3") == 0) {
|
} else if (strcmp(*argv, "-ssl3") == 0) {
|
||||||
#ifdef OPENSSL_NO_SSL3_METHOD
|
|
||||||
no_protocol = 1;
|
|
||||||
#endif
|
|
||||||
ssl3 = 1;
|
ssl3 = 1;
|
||||||
} else if (strcmp(*argv, "-dtls1") == 0) {
|
} else if (strcmp(*argv, "-dtls1") == 0) {
|
||||||
#ifdef OPENSSL_NO_DTLS
|
|
||||||
no_protocol = 1;
|
|
||||||
#endif
|
|
||||||
dtls1 = 1;
|
dtls1 = 1;
|
||||||
} else if (strcmp(*argv, "-dtls12") == 0) {
|
} else if (strcmp(*argv, "-dtls12") == 0) {
|
||||||
#ifdef OPENSSL_NO_DTLS
|
|
||||||
no_protocol = 1;
|
|
||||||
#endif
|
|
||||||
dtls12 = 1;
|
dtls12 = 1;
|
||||||
} else if (strcmp(*argv, "-dtls") == 0) {
|
} else if (strcmp(*argv, "-dtls") == 0) {
|
||||||
#ifdef OPENSSL_NO_DTLS
|
|
||||||
no_protocol = 1;
|
|
||||||
#endif
|
|
||||||
dtls = 1;
|
dtls = 1;
|
||||||
} else if (strncmp(*argv, "-num", 4) == 0) {
|
} else if (strncmp(*argv, "-num", 4) == 0) {
|
||||||
if (--argc < 1)
|
if (--argc < 1)
|
||||||
|
@ -1365,6 +1359,28 @@ int main(int argc, char *argv[])
|
||||||
EXIT(1);
|
EXIT(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef OPENSSL_NO_SSL3
|
||||||
|
if (ssl3)
|
||||||
|
no_protocol = 1;
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifdef OPENSSL_NO_TLS1
|
||||||
|
if (tls1)
|
||||||
|
no_protocol = 1;
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
|
||||||
|
if (dtls1)
|
||||||
|
no_protocol = 1;
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
|
||||||
|
if (dtls12)
|
||||||
|
no_protocol = 1;
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
no_protocol = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Testing was requested for a compiled-out protocol (e.g. SSLv3).
|
* Testing was requested for a compiled-out protocol (e.g. SSLv3).
|
||||||
* Ideally, we would error out, but the generic test wrapper can't know
|
* Ideally, we would error out, but the generic test wrapper can't know
|
||||||
|
@ -1444,23 +1460,31 @@ int main(int argc, char *argv[])
|
||||||
* (Otherwise we exit early.) However the compiler doesn't know this, so
|
* (Otherwise we exit early.) However the compiler doesn't know this, so
|
||||||
* we ifdef.
|
* we ifdef.
|
||||||
*/
|
*/
|
||||||
|
#ifndef OPENSSL_NO_DTLS
|
||||||
|
#ifndef OPENSSL_NO_DTLS1
|
||||||
|
if (dtls1)
|
||||||
|
meth = DTLSv1_method();
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DTLS1_2
|
||||||
|
if (dtls12)
|
||||||
|
meth = DTLSv1_2_method();
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
if (dtls)
|
||||||
|
meth = DTLS_method();
|
||||||
|
else
|
||||||
|
#endif
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
if (ssl3)
|
if (ssl3)
|
||||||
meth = SSLv3_method();
|
meth = SSLv3_method();
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_DTLS
|
#ifndef OPENSSL_NO_TLS1
|
||||||
if (dtls1)
|
|
||||||
meth = DTLSv1_method();
|
|
||||||
else if (dtls12)
|
|
||||||
meth = DTLSv1_2_method();
|
|
||||||
else if (dtls)
|
|
||||||
meth = DTLS_method();
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
if (tls1)
|
if (tls1)
|
||||||
meth = TLSv1_method();
|
meth = TLSv1_method();
|
||||||
else
|
else
|
||||||
|
#endif
|
||||||
meth = TLS_method();
|
meth = TLS_method();
|
||||||
|
|
||||||
c_ctx = SSL_CTX_new(meth);
|
c_ctx = SSL_CTX_new(meth);
|
||||||
|
@ -3163,9 +3187,11 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
|
||||||
|
|
||||||
static int do_test_cipherlist(void)
|
static int do_test_cipherlist(void)
|
||||||
{
|
{
|
||||||
|
#if !defined(OPENSSL_NO_SSL3) || !defined(OPENSSL_NO_TLS1)
|
||||||
int i = 0;
|
int i = 0;
|
||||||
const SSL_METHOD *meth;
|
const SSL_METHOD *meth;
|
||||||
const SSL_CIPHER *ci, *tci = NULL;
|
const SSL_CIPHER *ci, *tci = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SSL3
|
#ifndef OPENSSL_NO_SSL3
|
||||||
meth = SSLv3_method();
|
meth = SSLv3_method();
|
||||||
|
@ -3180,6 +3206,7 @@ static int do_test_cipherlist(void)
|
||||||
tci = ci;
|
tci = ci;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_TLS1
|
||||||
meth = TLSv1_method();
|
meth = TLSv1_method();
|
||||||
tci = NULL;
|
tci = NULL;
|
||||||
while ((ci = meth->get_cipher(i++)) != NULL) {
|
while ((ci = meth->get_cipher(i++)) != NULL) {
|
||||||
|
@ -3191,6 +3218,7 @@ static int do_test_cipherlist(void)
|
||||||
}
|
}
|
||||||
tci = ci;
|
tci = ci;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue