kc3-lang/libressl/tests/testssl.bat
-
Show log
Commit
-
Hash : 3601512b
Author :
Date : 2023-07-05T10:13:47
update testssl.bat for TLS 1.0 removal
-
tests/testssl.bat
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
@echo on setlocal enabledelayedexpansion REM testssl.bat set key=%1 set cert=%2 set CA=-CAfile %3 set ssltest=%4 -key %key% -cert %cert% -c_key %key% -c_cert %cert% set openssl=%5 set extra=%6 %openssl% version & if !errorlevel! neq 0 exit /b 1 set lines=0 for /f "usebackq" %%s in (`%openssl% x509 -in %cert% -text -noout ^| find "DSA Public Key"`) do ( set /a lines=%lines%+1 ) if %lines% gtr 0 ( set dsa_cert=YES ) else ( set dsa_cert=NO ) REM ######################################################################### echo test sslv2/sslv3 %ssltest% %extra% & if !errorlevel! neq 0 exit /b 1 echo test sslv2/sslv3 with server authentication %ssltest% -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo test sslv2/sslv3 with client authentication %ssltest% -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo test sslv2/sslv3 with both client and server authentication %ssltest% -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo test sslv2/sslv3 via BIO pair %ssltest% %extra% & if !errorlevel! neq 0 exit /b 1 if %dsa_cert%==NO ( echo "test sslv2/sslv3 w/o (EC)DHE via BIO pair" %ssltest% -bio_pair -no_dhe -no_ecdhe %extra% & if !errorlevel! neq 0 exit /b 1 ) echo test sslv2/sslv3 with 1024bit DHE via BIO pair %ssltest% -bio_pair -dhe1024dsa -v %extra% & if !errorlevel! neq 0 exit /b 1 echo test sslv2/sslv3 with server authentication %ssltest% -bio_pair -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo test sslv2/sslv3 with client authentication via BIO pair %ssltest% -bio_pair -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair %ssltest% -bio_pair -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify %ssltest% -bio_pair -server_auth -client_auth -app_verify %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo "Testing ciphersuites" for %%p in ( SSLv3,TLSv1.2 ) do ( echo "Testing ciphersuites for %%p" for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p+aRSA" ^| find "%%p"`) do ( echo "Testing %%c" %ssltest% -cipher %%c -tls1_2 if !errorlevel! neq 0 ( echo "Failed %%c" exit /b 1 ) ) ) for %%p in ( TLSv1.3 ) do ( echo "Testing ciphersuites for %%p" for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p" ^| find "%%p"`) do ( echo "Testing %%c" %ssltest% -cipher %%c if !errorlevel! neq 0 ( echo "Failed %%c" exit /b 1 ) ) ) REM ########################################################################## for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s if %nodh%==no-dh ( echo skipping anonymous DH tests ) else ( echo skipping tls1 tests. ) REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s REM #if %norsa%==no-rsa ( REM # echo skipping RSA tests REM #) else ( REM # echo "test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes" REM # %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -no_dhe -no_ecdhe -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1 REM # REM # for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s REM # if %nodh%==no-dh ( REM # echo skipping RSA+DHE tests REM # ) else ( REM # echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes REM # %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1 REM # ) REM #) REM # REM # DTLS tests REM # echo test dtlsv1_2 %ssltest% -dtls1_2 %extra% & if !errorlevel! neq 0 exit /b 1 echo test dtlsv1_2 with server authentication %ssltest% -dtls1_2 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo test dtlsv1_2 with client authentication %ssltest% -dtls1_2 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo test dtlsv1_2 with both client and server authentication %ssltest% -dtls1_2 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1 echo "Testing DTLS ciphersuites" for %%p in ( SSLv3 ) do ( echo "Testing ciphersuites for %%p" for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4" ^| find "%%p"`) do ( echo "Testing %%c" %ssltest% -cipher %%c -dtls1_2 if !errorlevel! neq 0 ( echo "Failed %%c" exit /b 1 ) ) ) REM # REM # ALPN tests REM # echo "Testing ALPN..." %ssltest% -bio_pair -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1 %ssltest% -bio_pair -alpn_client foo -alpn_server foo ^ -alpn_expected foo & if !errorlevel! neq 0 exit /b 1 %ssltest% -bio_pair -alpn_client foo,bar -alpn_server foo ^ -alpn_expected foo & if !errorlevel! neq 0 exit /b 1 %ssltest% -bio_pair -alpn_client bar,foo -alpn_server foo ^ -alpn_expected foo & if !errorlevel! neq 0 exit /b 1 %ssltest% -bio_pair -alpn_client bar,foo -alpn_server foo,bar ^ -alpn_expected foo & if !errorlevel! neq 0 exit /b 1 %ssltest% -bio_pair -alpn_client bar,foo -alpn_server bar,foo ^ -alpn_expected bar & if !errorlevel! neq 0 exit /b 1 %ssltest% -bio_pair -alpn_client foo,bar -alpn_server bar,foo ^ -alpn_expected bar & if !errorlevel! neq 0 exit /b 1 %ssltest% -bio_pair -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1 endlocal