[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri Mar 20 13:17:53 UTC 2015


The branch master has been updated
       via  3c381e54233be3d0dcbce7cc853c4767d979fe90 (commit)
       via  98b8cdd32277cea829c31034a53f2487f750615d (commit)
       via  504e643e0996fb842ac183023c3a6b9049af50ea (commit)
      from  21ab123770ff42d8c5b8e6b1372ecef4881b786d (commit)


- Log -----------------------------------------------------------------
commit 3c381e54233be3d0dcbce7cc853c4767d979fe90
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Mar 3 16:08:58 2015 +0000

    Add DTLS tests to make test
    
    Updated test/testssl script to include the new DTLS capability in ssltest.
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

commit 98b8cdd32277cea829c31034a53f2487f750615d
Author: David Woodhouse <dwmw2 at infradead.org>
Date:   Tue Mar 3 15:47:08 2015 +0000

    Add DTLS support to ssltest
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

commit 504e643e0996fb842ac183023c3a6b9049af50ea
Author: David Woodhouse <dwmw2 at infradead.org>
Date:   Tue Mar 3 15:39:26 2015 +0000

    Add DTLS to SSL_get_version
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_lib.c |  6 ++++++
 ssl/ssltest.c | 31 ++++++++++++++++++++++++++-----
 test/testssl  | 24 ++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a5eb3db..1e9b34f 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2735,6 +2735,12 @@ const char *SSL_get_version(const SSL *s)
         return ("TLSv1");
     else if (s->version == SSL3_VERSION)
         return ("SSLv3");
+    else if (s->version == DTLS1_BAD_VER)
+        return ("DTLSv0.9");
+    else if (s->version == DTLS1_VERSION)
+        return ("DTLSv1");
+    else if (s->version == DTLS1_2_VERSION)
+        return ("DTLSv1.2");
     else
         return ("unknown");
 }
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 12d3efb..a57d505 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -788,6 +788,10 @@ static void sv_usage(void)
     fprintf(stderr, " -ssl3         - use SSLv3\n");
 #endif
     fprintf(stderr, " -tls1         - use TLSv1\n");
+#ifndef OPENSSL_NO_DTLS
+    fprintf(stderr, " -dtls1        - use DTLSv1\n");
+    fprintf(stderr, " -dtls12       - use DTLSv1.2\n");
+#endif
     fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
     fprintf(stderr, " -CAfile arg   - PEM format file of CA's\n");
     fprintf(stderr, " -cert arg     - Server certificate file\n");
@@ -958,7 +962,7 @@ int main(int argc, char *argv[])
     int badop = 0;
     int bio_pair = 0;
     int force = 0;
-    int tls1 = 0, ssl3 = 0, ret = 1;
+    int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl3 = 0, ret = 1;
     int client_auth = 0;
     int server_auth = 0, i;
     struct app_verify_arg app_verify_arg =
@@ -1136,6 +1140,16 @@ int main(int argc, char *argv[])
             no_protocol = 1;
 #endif
             ssl3 = 1;
+        } else if (strcmp(*argv, "-dtls1") == 0) {
+#ifdef OPENSSL_NO_DTLS
+            no_protocol = 1;
+#endif
+            dtls1 = 1;
+        } else if (strcmp(*argv, "-dtls12") == 0) {
+#ifdef OPENSSL_NO_DTLS
+            no_protocol = 1;
+#endif
+            dtls12 = 1;
         } else if (strncmp(*argv, "-num", 4) == 0) {
             if (--argc < 1)
                 goto bad;
@@ -1309,8 +1323,8 @@ int main(int argc, char *argv[])
         goto end;
     }
 
-    if (ssl3 + tls1 > 1) {
-        fprintf(stderr, "At most one of -ssl3, or -tls1 should "
+    if (ssl3 + tls1 + dtls1 + dtls12 > 1) {
+        fprintf(stderr, "At most one of -ssl3, -tls1, -dtls1 or -dtls12 should "
                 "be requested.\n");
         EXIT(1);
     }
@@ -1327,10 +1341,10 @@ int main(int argc, char *argv[])
         goto end;
     }
 
-    if (!ssl3 && !tls1 && number > 1 && !reuse && !force) {
+    if (!ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
         fprintf(stderr, "This case cannot work.  Use -f to perform "
                 "the test anyway (and\n-d to see what happens), "
-                "or add one of -ssl3, -tls1, -reuse\n"
+                "or add one of -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
                 "to avoid protocol mismatch.\n");
         EXIT(1);
     }
@@ -1403,6 +1417,13 @@ int main(int argc, char *argv[])
         meth = SSLv3_method();
     else
 #endif
+#ifndef OPENSSL_NO_DTLS
+    if (dtls1)
+        meth = DTLSv1_method();
+    else if (dtls12)
+        meth = DTLSv1_2_method();
+    else
+#endif
     if (tls1)
         meth = TLSv1_method();
     else
diff --git a/test/testssl b/test/testssl
index 9c790e3..71b4d2a 100644
--- a/test/testssl
+++ b/test/testssl
@@ -73,6 +73,30 @@ $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
 echo test sslv2/sslv3 via BIO pair
 $ssltest $extra || exit 1
 
+echo test dtlsv1
+$ssltest -dtls1 $extra || exit 1
+
+echo test dtlsv1 with server authentication
+$ssltest -dtls1 -server_auth $CA $extra || exit 1
+
+echo test dtlsv1 with client authentication
+$ssltest -dtls1 -client_auth $CA $extra || exit 1
+
+echo test dtlsv1 with both client and server authentication
+$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
+
+echo test dtlsv1.2
+$ssltest -dtls12 $extra || exit 1
+
+echo test dtlsv1.2 with server authentication
+$ssltest -dtls12 -server_auth $CA $extra || exit 1
+
+echo test dtlsv1.2 with client authentication
+$ssltest -dtls12 -client_auth $CA $extra || exit 1
+
+echo test dtlsv1.2 with both client and server authentication
+$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
+
 if [ $dsa_cert = NO ]; then
   echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
   $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1


More information about the openssl-commits mailing list