[openssl-commits] [openssl] master update
Emilia Kasper
emilia at openssl.org
Wed May 27 15:27:36 UTC 2015
The branch master has been updated
via 15a06488fcced19b79708a0329313121e01ded7e (commit)
from f2e19cb15e3d68c748ce3dc2b791be9a2fc14fd3 (commit)
- Log -----------------------------------------------------------------
commit 15a06488fcced19b79708a0329313121e01ded7e
Author: Emilia Kasper <emilia at openssl.org>
Date: Tue May 26 14:32:57 2015 +0200
Enable DH tests
In master, the 'dh' command is gone, so use 'dhparam' instead to
determine if we're compiled with DH.
Also, set "@SECLEVEL=1" for the weak DH test, so that it actually
passes.
Reviewed-by: Dr Stephen Henson <steve at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
test/ssltest.c | 3 ++-
test/testssl | 10 +++++-----
test/testssl.com | 2 +-
3 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/test/ssltest.c b/test/ssltest.c
index f640d92..26cf96c 100644
--- a/test/ssltest.c
+++ b/test/ssltest.c
@@ -1429,7 +1429,8 @@ int main(int argc, char *argv[])
}
/*
* Since we will use low security ciphersuites and keys for testing set
- * security level to zero.
+ * security level to zero by default. Tests can override this by adding
+ * "@SECLEVEL=n" to the cipher string.
*/
SSL_CTX_set_security_level(c_ctx, 0);
SSL_CTX_set_security_level(s_ctx, 0);
diff --git a/test/testssl b/test/testssl
index 2998b73..0f5db08 100644
--- a/test/testssl
+++ b/test/testssl
@@ -139,7 +139,7 @@ for protocol in TLSv1.2 SSLv3; do
for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
test_cipher $cipher $protocol
done
- if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+ if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo "skipping RSA+DHE tests"
else
for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
@@ -147,9 +147,9 @@ for protocol in TLSv1.2 SSLv3; do
done
echo "testing connection with weak DH, expecting failure"
if [ $protocol = "SSLv3" ] ; then
- $ssltest -cipher EDH -dhe512 -ssl3
+ $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3
else
- $ssltest -cipher EDH -dhe512
+ $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512
fi
if [ $? -eq 0 ]; then
echo "FAIL: connection with weak DH succeeded"
@@ -167,7 +167,7 @@ done
#############################################################################
-if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping anonymous DH tests
else
echo test tls1 with 1024bit anonymous DH, multiple handshakes
@@ -180,7 +180,7 @@ else
echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
- if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+ if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
echo skipping RSA+DHE tests
else
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
diff --git a/test/testssl.com b/test/testssl.com
index 3782e35..6f9b233 100644
--- a/test/testssl.com
+++ b/test/testssl.com
@@ -130,7 +130,7 @@ $ define/user sys$output nla0:
$ mcr 'exe_dir'openssl no-rsa
$ no_rsa=$SEVERITY
$ define/user sys$output nla0:
-$ mcr 'exe_dir'openssl no-dh
+$ mcr 'exe_dir'openssl no-dhparam
$ no_dh=$SEVERITY
$
$ if no_dh
More information about the openssl-commits
mailing list