Lines Matching +full:custom +full:- +full:temp
2 # Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
41 my $digest = "-sha1";
48 my $cnf = srctop_file("test", "ca-and-certs.cnf");
49 my $CAkey = srctop_file("test", "certs", "ca-key.pem"); # "keyCA.ss"
53 my $CAreq2="req2CA.ss"; # temp
54 my $Ukey = srctop_file("test", "certs", "ee-key.pem"); # "keyU.ss";
65 my $P1key= srctop_file("test", "certs", "alt1-key.pem"); # "keyP1.ss";
69 my $P2key= srctop_file("test", "certs", "alt2-key.pem"); # "keyP2.ss";
79 # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
98 note('test_ssl_old -- key U');
99 my $configfile = srctop_file("test","default-and-legacy.cnf");
107 srctop_file("test","fips-and-base.cnf"));
110 # -----------
113 my @req_dsa = ("-newkey",
120 @req_new = ("-new");
127 ok(run(app([@reqcmd, "-config", $cnf,
128 "-out", $CAreq, "-key", $CAkey,
133 ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30",
134 "-req", "-out", $CAcert, "-signkey", $CAkey,
135 "-extfile", $cnf, "-extensions", "v3_ca"],
137 'convert request into self-signed cert');
140 ok(run(app([@x509cmd, "-in", $CAcert,
141 "-x509toreq", "-signkey", $CAkey, "-out", $CAreq2],
146 ok(run(app([@reqcmd, "-config", $dummycnf,
147 "-verify", "-in", $CAreq, "-noout"])),
152 ok(run(app([@reqcmd, "-config", $dummycnf,
153 "-verify", "-in", $CAreq2, "-noout"])),
157 ok(run(app([@verifycmd, "-CAfile", $CAcert, $CAcert])),
161 ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq",
162 "-out", $Ureq, "-key", $Ukey, @req_new],
167 ok(run(app([@x509cmd, "-CAcreateserial", "-in", $Ureq, "-days", "30",
168 "-req", "-out", $Ucert,
169 "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial,
170 "-extfile", $cnf, "-extensions", "v3_ee"],
172 && run(app([@verifycmd, "-CAfile", $CAcert, $Ucert])),
177 "-subject", "-issuer", "-startdate", "-enddate",
178 "-noout", "-in", $Ucert])),
191 ok(run(app([@genpkeycmd, "-out", $Dkey,
192 "-paramfile", $dsaparams],
196 ok(run(app([@reqcmd, "-new", "-config", $cnf,
197 "-section", "userreq",
198 "-out", $Dreq, "-key", $Dkey],
202 ok(run(app([@x509cmd, "-CAcreateserial",
203 "-in", $Dreq,
204 "-days", "30",
205 "-req",
206 "-out", $Dcert,
207 "-CA", $CAcert, "-CAkey", $CAkey,
208 "-CAserial", $CAserial,
209 "-extfile", $cnf,
210 "-extensions", "v3_ee_dsa"],
214 ok(run(app([@verifycmd, "-CAfile", $CAcert, $Dcert])),
218 "-subject", "-issuer",
219 "-startdate", "-enddate", "-noout",
220 "-in", $Dcert])),
235 ok(run(app(["openssl", "genpkey", "-genparam",
236 "-algorithm", "EC",
237 "-pkeyopt", "ec_paramgen_curve:P-256",
238 "-pkeyopt", "ec_param_enc:named_curve",
239 "-out", "ecp.ss"])),
242 ok(run(app([@reqcmd, "-config", $cnf,
243 "-section", "userreq",
244 "-out", $Ereq, "-keyout", $Ekey,
245 "-newkey", "ec:ecp.ss"],
249 ok(run(app([@x509cmd, "-CAcreateserial",
250 "-in", $Ereq,
251 "-days", "30",
252 "-req",
253 "-out", $Ecert,
254 "-CA", $CAcert, "-CAkey", $CAkey,
255 "-CAserial", $CAserial,
256 "-extfile", $cnf,
257 "-extensions", "v3_ee_ec"],
261 ok(run(app([@verifycmd, "-CAfile", $CAcert, $Ecert])),
265 "-subject", "-issuer",
266 "-startdate", "-enddate", "-noout",
267 "-in", $Ecert])),
273 ok(run(app([@reqcmd, "-config", $proxycnf,
274 "-out", $P1req, "-key", $P1key, @req_new],
280 ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P1req, "-days", "30",
281 "-req", "-out", $P1cert,
282 "-CA", $Ucert, "-CAkey", $Ukey,
283 "-extfile", $proxycnf, "-extensions", "proxy"],
288 run(app([@verifycmd, "-CAfile", $CAcert,
289 "-untrusted", $P1intermediate, $P1cert]));
291 "-subject", "-issuer", "-startdate", "-enddate",
292 "-noout", "-in", $P1cert])),
296 ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req",
297 "-out", $P2req, "-key", $P2key,
304 ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P2req, "-days", "30",
305 "-req", "-out", $P2cert,
306 "-CA", $P1cert, "-CAkey", $P1key,
307 "-extfile", $proxycnf, "-extensions", "proxy_2"],
315 run(app([@verifycmd, "-CAfile", $CAcert,
316 "-untrusted", $P2intermediate, $P2cert]));
318 "-subject", "-issuer", "-startdate", "-enddate",
319 "-noout", "-in", $P2cert])),
326 my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
327 my @providerflags = ("-provider", $provider);
330 push @providerflags, "-provider", "legacy";
334 "-s_key", $key, "-s_cert", $cert,
335 "-c_key", $key, "-c_cert", $cert,
336 "-config", $configfile,
343 if (grep /DSA Public Key/, run(app(["openssl", "x509", "-in", $cert,
344 "-text", "-noout"]), capture => 1)) {
360 ok(run(test([@ssltest, "-bio_pair", "-ssl3"])),
362 ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])),
364 ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])),
366 ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])),
374 ok(run(test([@ssltest, "-bio_pair"])),
385 ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])),
393 ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
397 ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
399 ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
401 ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])),
403 ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
409 ok(run(test([@ssltest, "-ipv4"])),
411 ok(run(test([@ssltest, "-ipv4", "-client_ktls"])),
413 ok(run(test([@ssltest, "-ipv4", "-server_ktls"])),
415 ok(run(test([@ssltest, "-ipv4", "-client_ktls", "-server_ktls"])),
422 ok(run(test([@ssltest, "-ipv6"])),
424 ok(run(test([@ssltest, "-ipv6", "-client_ktls"])),
426 ok(run(test([@ssltest, "-ipv6", "-server_ktls"])),
428 ok(run(test([@ssltest, "-ipv6", "-client_ktls", "-server_ktls"])),
437 my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
440 push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
444 push @exkeys, "-s_cert", "certE.ss", "-s_key", $Ekey;
449 push @protocols, "-tls1_3" unless $no_tls1_3;
450 push @protocols, "-tls1_2" unless $no_tls1_2;
451 push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips";
452 push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips";
456 #There's no "-config" option to the ciphers command so we set the
462 my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol,
483 $testcount-- unless $no_tls1_3;
492 # ssl_old_test doesn't know -tls1_3, but that's fine, since that's
494 my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
497 if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
501 if ($protocol eq "-tls1_3") {
507 ok(run(test([@ssltest, @exkeys, "-cipher",
509 "-ciphersuites", $ciphersuites,
514 next if $protocol eq "-tls1_3";
521 "-s_cipher", "EDH",
522 "-c_cipher", 'EDH:@SECLEVEL=1',
523 "-dhe512",
543 …ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", …
551 …t", "-provider", "default", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem…
557 …_test", "-provider", "default", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2…
565 ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
568 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
576 … ok(run(test(['ssl_old_test', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])),
589 …ok(run(test(['ssl_old_test', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:…
597 …ok(run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:E…
605 …ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:…
613 …ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:…
620 subtest 'Custom Extension tests' => sub {
629 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])),
630 'test tls1 with custom extensions');
644 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo])));
645 …ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct"]))…
646 …ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_tack"])…
647 …ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "…
648 …ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext", "-serverinfo_file", $serverinfo, "-ser…