[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Fri Mar 20 13:17:45 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via b0b723287761ae1b267d6935dc28eb83b6d31d22 (commit)
via ece8574ae6d2b3a06bd13e6142ab9f3c555c890f (commit)
via 3edf1b98e0b713f1655341572e2ac878a2e553f6 (commit)
from 0d6d10d97d67a30fcfec029a0c90d1ae30c68b0b (commit)
- Log -----------------------------------------------------------------
commit b0b723287761ae1b267d6935dc28eb83b6d31d22
Author: Matt Caswell <matt at openssl.org>
Date: Tue Mar 3 16:08:58 2015 +0000
Add DTLS tests to make test
Updated test/testssl script to include the new DTLS capability in ssltest.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
(cherry picked from commit 3c381e54233be3d0dcbce7cc853c4767d979fe90)
commit ece8574ae6d2b3a06bd13e6142ab9f3c555c890f
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Tue Mar 3 15:47:08 2015 +0000
Add DTLS support to ssltest
Reviewed-by: Emilia Käsper <emilia at openssl.org>
(cherry picked from commit 98b8cdd32277cea829c31034a53f2487f750615d)
Conflicts:
ssl/ssltest.c
commit 3edf1b98e0b713f1655341572e2ac878a2e553f6
Author: David Woodhouse <dwmw2 at infradead.org>
Date: Tue Mar 3 15:39:26 2015 +0000
Add DTLS to SSL_get_version
Reviewed-by: Emilia Käsper <emilia at openssl.org>
(cherry picked from commit 504e643e0996fb842ac183023c3a6b9049af50ea)
Conflicts:
ssl/ssl_lib.c
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_lib.c | 6 ++++++
ssl/ssltest.c | 31 ++++++++++++++++++++++++++-----
test/testssl | 24 ++++++++++++++++++++++++
3 files changed, 56 insertions(+), 5 deletions(-)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e9ad2bc..38426b4 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2832,6 +2832,12 @@ const char *SSL_get_version(const SSL *s)
return ("SSLv3");
else if (s->version == SSL2_VERSION)
return ("SSLv2");
+ else if (s->version == DTLS1_BAD_VER)
+ return ("DTLSv0.9");
+ else if (s->version == DTLS1_VERSION)
+ return ("DTLSv1");
+ else if (s->version == DTLS1_2_VERSION)
+ return ("DTLSv1.2");
else
return ("unknown");
}
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 9f5d586..8a6f00f 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -716,6 +716,10 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_TLS1
fprintf(stderr, " -tls1 - use TLSv1\n");
#endif
+#ifndef OPENSSL_NO_DTLS
+ fprintf(stderr, " -dtls1 - use DTLSv1\n");
+ fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
+#endif
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
fprintf(stderr, " -cert arg - Server certificate file\n");
@@ -877,7 +881,7 @@ int main(int argc, char *argv[])
int badop = 0;
int bio_pair = 0;
int force = 0;
- int tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1;
+ int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
@@ -1037,6 +1041,16 @@ int main(int argc, char *argv[])
no_protocol = 1;
#endif
ssl3 = 1;
+ } else if (strcmp(*argv, "-dtls1") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls1 = 1;
+ } else if (strcmp(*argv, "-dtls12") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls12 = 1;
} else if (strncmp(*argv, "-num", 4) == 0) {
if (--argc < 1)
goto bad;
@@ -1172,8 +1186,8 @@ int main(int argc, char *argv[])
goto end;
}
- if (ssl2 + ssl3 + tls1 > 1) {
- fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should "
+ if (ssl2 + ssl3 + tls1 + dtls1 + dtls12 > 1) {
+ fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -dtls1 or -dtls12 should "
"be requested.\n");
EXIT(1);
}
@@ -1190,10 +1204,10 @@ int main(int argc, char *argv[])
goto end;
}
- if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) {
+ if (!ssl2 && !ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+ "or add one of ssl2, -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
"to avoid protocol mismatch.\n");
EXIT(1);
}
@@ -1271,6 +1285,13 @@ int main(int argc, char *argv[])
meth = SSLv3_method();
else
#endif
+#ifndef OPENSSL_NO_DTLS
+ if (dtls1)
+ meth = DTLSv1_method();
+ else if (dtls12)
+ meth = DTLSv1_2_method();
+ else
+#endif
#ifndef OPENSSL_NO_TLS1
if (tls1)
meth = TLSv1_method();
diff --git a/test/testssl b/test/testssl
index e3b342b..64e22b9 100644
--- a/test/testssl
+++ b/test/testssl
@@ -101,6 +101,30 @@ $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 via BIO pair
$ssltest $extra || exit 1
+echo test dtlsv1
+$ssltest -dtls1 $extra || exit 1
+
+echo test dtlsv1 with server authentication
+$ssltest -dtls1 -server_auth $CA $extra || exit 1
+
+echo test dtlsv1 with client authentication
+$ssltest -dtls1 -client_auth $CA $extra || exit 1
+
+echo test dtlsv1 with both client and server authentication
+$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
+
+echo test dtlsv1.2
+$ssltest -dtls12 $extra || exit 1
+
+echo test dtlsv1.2 with server authentication
+$ssltest -dtls12 -server_auth $CA $extra || exit 1
+
+echo test dtlsv1.2 with client authentication
+$ssltest -dtls12 -client_auth $CA $extra || exit 1
+
+echo test dtlsv1.2 with both client and server authentication
+$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
+
if [ $dsa_cert = NO ]; then
echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
$ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
More information about the openssl-commits
mailing list