1e1051a39Sopenharmony_ci#! /usr/bin/env perl 2e1051a39Sopenharmony_ci# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ciuse strict; 11e1051a39Sopenharmony_ciuse warnings; 12e1051a39Sopenharmony_ci 13e1051a39Sopenharmony_ciuse POSIX; 14e1051a39Sopenharmony_ciuse File::Basename; 15e1051a39Sopenharmony_ciuse File::Copy; 16e1051a39Sopenharmony_ciuse OpenSSL::Test qw/:DEFAULT with bldtop_file bldtop_dir srctop_file srctop_dir cmdstr data_file/; 17e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 18e1051a39Sopenharmony_ci 19e1051a39Sopenharmony_ciBEGIN { 20e1051a39Sopenharmony_cisetup("test_ssl_old"); 21e1051a39Sopenharmony_ci} 22e1051a39Sopenharmony_ci 23e1051a39Sopenharmony_ciuse lib srctop_dir('Configurations'); 24e1051a39Sopenharmony_ciuse lib bldtop_dir('.'); 25e1051a39Sopenharmony_ci 26e1051a39Sopenharmony_cimy $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 27e1051a39Sopenharmony_cimy ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, 28e1051a39Sopenharmony_ci $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, 29e1051a39Sopenharmony_ci $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = 30e1051a39Sopenharmony_ci anydisabled qw/rsa dsa dh ec psk 31e1051a39Sopenharmony_ci ssl3 tls1 tls1_1 tls1_2 tls1_3 32e1051a39Sopenharmony_ci dtls dtls1 dtls1_2 ct/; 33e1051a39Sopenharmony_ci#If ec and dh are disabled then don't use TLSv1.3 34e1051a39Sopenharmony_ci$no_tls1_3 = 1 if (!$no_tls1_3 && $no_ec && $no_dh); 35e1051a39Sopenharmony_cimy $no_anytls = alldisabled(available_protocols("tls")); 36e1051a39Sopenharmony_cimy $no_anydtls = alldisabled(available_protocols("dtls")); 37e1051a39Sopenharmony_ci 38e1051a39Sopenharmony_ciplan skip_all => "No SSL/TLS/DTLS protocol is support by this OpenSSL build" 39e1051a39Sopenharmony_ci if $no_anytls && $no_anydtls; 40e1051a39Sopenharmony_ci 41e1051a39Sopenharmony_cimy $digest = "-sha1"; 42e1051a39Sopenharmony_cimy @reqcmd = ("openssl", "req"); 43e1051a39Sopenharmony_cimy @x509cmd = ("openssl", "x509", $digest); 44e1051a39Sopenharmony_cimy @verifycmd = ("openssl", "verify"); 45e1051a39Sopenharmony_cimy @genpkeycmd = ("openssl", "genpkey"); 46e1051a39Sopenharmony_cimy $dummycnf = srctop_file("apps", "openssl.cnf"); 47e1051a39Sopenharmony_ci 48e1051a39Sopenharmony_cimy $cnf = srctop_file("test", "ca-and-certs.cnf"); 49e1051a39Sopenharmony_cimy $CAkey = srctop_file("test", "certs", "ca-key.pem"); # "keyCA.ss" 50e1051a39Sopenharmony_cimy $CAcert="certCA.ss"; 51e1051a39Sopenharmony_cimy $CAserial="certCA.srl"; 52e1051a39Sopenharmony_cimy $CAreq="reqCA.ss"; 53e1051a39Sopenharmony_cimy $CAreq2="req2CA.ss"; # temp 54e1051a39Sopenharmony_cimy $Ukey = srctop_file("test", "certs", "ee-key.pem"); # "keyU.ss"; 55e1051a39Sopenharmony_cimy $Ureq="reqU.ss"; 56e1051a39Sopenharmony_cimy $Ucert="certU.ss"; 57e1051a39Sopenharmony_cimy $Dkey="keyD.ss"; 58e1051a39Sopenharmony_cimy $Dreq="reqD.ss"; 59e1051a39Sopenharmony_cimy $Dcert="certD.ss"; 60e1051a39Sopenharmony_cimy $Ekey="keyE.ss"; 61e1051a39Sopenharmony_cimy $Ereq="reqE.ss"; 62e1051a39Sopenharmony_cimy $Ecert="certE.ss"; 63e1051a39Sopenharmony_ci 64e1051a39Sopenharmony_cimy $proxycnf=srctop_file("test", "proxy.cnf"); 65e1051a39Sopenharmony_cimy $P1key= srctop_file("test", "certs", "alt1-key.pem"); # "keyP1.ss"; 66e1051a39Sopenharmony_cimy $P1req="reqP1.ss"; 67e1051a39Sopenharmony_cimy $P1cert="certP1.ss"; 68e1051a39Sopenharmony_cimy $P1intermediate="tmp_intP1.ss"; 69e1051a39Sopenharmony_cimy $P2key= srctop_file("test", "certs", "alt2-key.pem"); # "keyP2.ss"; 70e1051a39Sopenharmony_cimy $P2req="reqP2.ss"; 71e1051a39Sopenharmony_cimy $P2cert="certP2.ss"; 72e1051a39Sopenharmony_cimy $P2intermediate="tmp_intP2.ss"; 73e1051a39Sopenharmony_ci 74e1051a39Sopenharmony_cimy $server_sess="server.ss"; 75e1051a39Sopenharmony_cimy $client_sess="client.ss"; 76e1051a39Sopenharmony_ci 77e1051a39Sopenharmony_ci# ssl_old_test.c is deprecated in favour of the new framework in ssl_test.c 78e1051a39Sopenharmony_ci# If you're adding tests here, you probably want to convert them to the 79e1051a39Sopenharmony_ci# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead. 80e1051a39Sopenharmony_ciplan tests => 81e1051a39Sopenharmony_ci ($no_fips ? 0 : 5) # testssl with fips provider 82e1051a39Sopenharmony_ci + 1 # For testss 83e1051a39Sopenharmony_ci + 5 # For the testssl with default provider 84e1051a39Sopenharmony_ci ; 85e1051a39Sopenharmony_ci 86e1051a39Sopenharmony_cisubtest 'test_ss' => sub { 87e1051a39Sopenharmony_ci if (testss()) { 88e1051a39Sopenharmony_ci open OUT, ">", "intP1.ss"; 89e1051a39Sopenharmony_ci copy($CAcert, \*OUT); copy($Ucert, \*OUT); 90e1051a39Sopenharmony_ci close OUT; 91e1051a39Sopenharmony_ci 92e1051a39Sopenharmony_ci open OUT, ">", "intP2.ss"; 93e1051a39Sopenharmony_ci copy($CAcert, \*OUT); copy($Ucert, \*OUT); copy($P1cert, \*OUT); 94e1051a39Sopenharmony_ci close OUT; 95e1051a39Sopenharmony_ci } 96e1051a39Sopenharmony_ci}; 97e1051a39Sopenharmony_ci 98e1051a39Sopenharmony_cinote('test_ssl_old -- key U'); 99e1051a39Sopenharmony_cimy $configfile = srctop_file("test","default-and-legacy.cnf"); 100e1051a39Sopenharmony_ciif (disabled("legacy")) { 101e1051a39Sopenharmony_ci $configfile = srctop_file("test","default.cnf"); 102e1051a39Sopenharmony_ci} 103e1051a39Sopenharmony_ci 104e1051a39Sopenharmony_citestssl($Ukey, $Ucert, $CAcert, "default", $configfile); 105e1051a39Sopenharmony_ciunless ($no_fips) { 106e1051a39Sopenharmony_ci testssl($Ukey, $Ucert, $CAcert, "fips", 107e1051a39Sopenharmony_ci srctop_file("test","fips-and-base.cnf")); 108e1051a39Sopenharmony_ci} 109e1051a39Sopenharmony_ci 110e1051a39Sopenharmony_ci# ----------- 111e1051a39Sopenharmony_ci# subtest functions 112e1051a39Sopenharmony_cisub testss { 113e1051a39Sopenharmony_ci my @req_dsa = ("-newkey", 114e1051a39Sopenharmony_ci "dsa:".data_file("dsa2048.pem")); 115e1051a39Sopenharmony_ci my $dsaparams = data_file("dsa2048.pem"); 116e1051a39Sopenharmony_ci my @req_new; 117e1051a39Sopenharmony_ci if ($no_rsa) { 118e1051a39Sopenharmony_ci @req_new = @req_dsa; 119e1051a39Sopenharmony_ci } else { 120e1051a39Sopenharmony_ci @req_new = ("-new"); 121e1051a39Sopenharmony_ci } 122e1051a39Sopenharmony_ci 123e1051a39Sopenharmony_ci plan tests => 17; 124e1051a39Sopenharmony_ci 125e1051a39Sopenharmony_ci SKIP: { 126e1051a39Sopenharmony_ci skip 'failure', 16 unless 127e1051a39Sopenharmony_ci ok(run(app([@reqcmd, "-config", $cnf, 128e1051a39Sopenharmony_ci "-out", $CAreq, "-key", $CAkey, 129e1051a39Sopenharmony_ci @req_new])), 130e1051a39Sopenharmony_ci 'make cert request'); 131e1051a39Sopenharmony_ci 132e1051a39Sopenharmony_ci skip 'failure', 15 unless 133e1051a39Sopenharmony_ci ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30", 134e1051a39Sopenharmony_ci "-req", "-out", $CAcert, "-signkey", $CAkey, 135e1051a39Sopenharmony_ci "-extfile", $cnf, "-extensions", "v3_ca"], 136e1051a39Sopenharmony_ci stdout => "err.ss")), 137e1051a39Sopenharmony_ci 'convert request into self-signed cert'); 138e1051a39Sopenharmony_ci 139e1051a39Sopenharmony_ci skip 'failure', 14 unless 140e1051a39Sopenharmony_ci ok(run(app([@x509cmd, "-in", $CAcert, 141e1051a39Sopenharmony_ci "-x509toreq", "-signkey", $CAkey, "-out", $CAreq2], 142e1051a39Sopenharmony_ci stdout => "err.ss")), 143e1051a39Sopenharmony_ci 'convert cert into a cert request'); 144e1051a39Sopenharmony_ci 145e1051a39Sopenharmony_ci skip 'failure', 13 unless 146e1051a39Sopenharmony_ci ok(run(app([@reqcmd, "-config", $dummycnf, 147e1051a39Sopenharmony_ci "-verify", "-in", $CAreq, "-noout"])), 148e1051a39Sopenharmony_ci 'verify request 1'); 149e1051a39Sopenharmony_ci 150e1051a39Sopenharmony_ci 151e1051a39Sopenharmony_ci skip 'failure', 12 unless 152e1051a39Sopenharmony_ci ok(run(app([@reqcmd, "-config", $dummycnf, 153e1051a39Sopenharmony_ci "-verify", "-in", $CAreq2, "-noout"])), 154e1051a39Sopenharmony_ci 'verify request 2'); 155e1051a39Sopenharmony_ci 156e1051a39Sopenharmony_ci skip 'failure', 11 unless 157e1051a39Sopenharmony_ci ok(run(app([@verifycmd, "-CAfile", $CAcert, $CAcert])), 158e1051a39Sopenharmony_ci 'verify signature'); 159e1051a39Sopenharmony_ci 160e1051a39Sopenharmony_ci skip 'failure', 10 unless 161e1051a39Sopenharmony_ci ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq", 162e1051a39Sopenharmony_ci "-out", $Ureq, "-key", $Ukey, @req_new], 163e1051a39Sopenharmony_ci stdout => "err.ss")), 164e1051a39Sopenharmony_ci 'make a user cert request'); 165e1051a39Sopenharmony_ci 166e1051a39Sopenharmony_ci skip 'failure', 9 unless 167e1051a39Sopenharmony_ci ok(run(app([@x509cmd, "-CAcreateserial", "-in", $Ureq, "-days", "30", 168e1051a39Sopenharmony_ci "-req", "-out", $Ucert, 169e1051a39Sopenharmony_ci "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial, 170e1051a39Sopenharmony_ci "-extfile", $cnf, "-extensions", "v3_ee"], 171e1051a39Sopenharmony_ci stdout => "err.ss")) 172e1051a39Sopenharmony_ci && run(app([@verifycmd, "-CAfile", $CAcert, $Ucert])), 173e1051a39Sopenharmony_ci 'sign user cert request'); 174e1051a39Sopenharmony_ci 175e1051a39Sopenharmony_ci skip 'failure', 8 unless 176e1051a39Sopenharmony_ci ok(run(app([@x509cmd, 177e1051a39Sopenharmony_ci "-subject", "-issuer", "-startdate", "-enddate", 178e1051a39Sopenharmony_ci "-noout", "-in", $Ucert])), 179e1051a39Sopenharmony_ci 'Certificate details'); 180e1051a39Sopenharmony_ci 181e1051a39Sopenharmony_ci skip 'failure', 7 unless 182e1051a39Sopenharmony_ci subtest 'DSA certificate creation' => sub { 183e1051a39Sopenharmony_ci plan skip_all => "skipping DSA certificate creation" 184e1051a39Sopenharmony_ci if $no_dsa; 185e1051a39Sopenharmony_ci 186e1051a39Sopenharmony_ci plan tests => 5; 187e1051a39Sopenharmony_ci 188e1051a39Sopenharmony_ci SKIP: { 189e1051a39Sopenharmony_ci $ENV{CN2} = "DSA Certificate"; 190e1051a39Sopenharmony_ci skip 'failure', 4 unless 191e1051a39Sopenharmony_ci ok(run(app([@genpkeycmd, "-out", $Dkey, 192e1051a39Sopenharmony_ci "-paramfile", $dsaparams], 193e1051a39Sopenharmony_ci stdout => "err.ss")), 194e1051a39Sopenharmony_ci "make a DSA key"); 195e1051a39Sopenharmony_ci skip 'failure', 3 unless 196e1051a39Sopenharmony_ci ok(run(app([@reqcmd, "-new", "-config", $cnf, 197e1051a39Sopenharmony_ci "-section", "userreq", 198e1051a39Sopenharmony_ci "-out", $Dreq, "-key", $Dkey], 199e1051a39Sopenharmony_ci stdout => "err.ss")), 200e1051a39Sopenharmony_ci "make a DSA user cert request"); 201e1051a39Sopenharmony_ci skip 'failure', 2 unless 202e1051a39Sopenharmony_ci ok(run(app([@x509cmd, "-CAcreateserial", 203e1051a39Sopenharmony_ci "-in", $Dreq, 204e1051a39Sopenharmony_ci "-days", "30", 205e1051a39Sopenharmony_ci "-req", 206e1051a39Sopenharmony_ci "-out", $Dcert, 207e1051a39Sopenharmony_ci "-CA", $CAcert, "-CAkey", $CAkey, 208e1051a39Sopenharmony_ci "-CAserial", $CAserial, 209e1051a39Sopenharmony_ci "-extfile", $cnf, 210e1051a39Sopenharmony_ci "-extensions", "v3_ee_dsa"], 211e1051a39Sopenharmony_ci stdout => "err.ss")), 212e1051a39Sopenharmony_ci "sign DSA user cert request"); 213e1051a39Sopenharmony_ci skip 'failure', 1 unless 214e1051a39Sopenharmony_ci ok(run(app([@verifycmd, "-CAfile", $CAcert, $Dcert])), 215e1051a39Sopenharmony_ci "verify DSA user cert"); 216e1051a39Sopenharmony_ci skip 'failure', 0 unless 217e1051a39Sopenharmony_ci ok(run(app([@x509cmd, 218e1051a39Sopenharmony_ci "-subject", "-issuer", 219e1051a39Sopenharmony_ci "-startdate", "-enddate", "-noout", 220e1051a39Sopenharmony_ci "-in", $Dcert])), 221e1051a39Sopenharmony_ci "DSA Certificate details"); 222e1051a39Sopenharmony_ci } 223e1051a39Sopenharmony_ci }; 224e1051a39Sopenharmony_ci 225e1051a39Sopenharmony_ci skip 'failure', 6 unless 226e1051a39Sopenharmony_ci subtest 'ECDSA/ECDH certificate creation' => sub { 227e1051a39Sopenharmony_ci plan skip_all => "skipping ECDSA/ECDH certificate creation" 228e1051a39Sopenharmony_ci if $no_ec; 229e1051a39Sopenharmony_ci 230e1051a39Sopenharmony_ci plan tests => 5; 231e1051a39Sopenharmony_ci 232e1051a39Sopenharmony_ci SKIP: { 233e1051a39Sopenharmony_ci $ENV{CN2} = "ECDSA Certificate"; 234e1051a39Sopenharmony_ci skip 'failure', 4 unless 235e1051a39Sopenharmony_ci ok(run(app(["openssl", "genpkey", "-genparam", 236e1051a39Sopenharmony_ci "-algorithm", "EC", 237e1051a39Sopenharmony_ci "-pkeyopt", "ec_paramgen_curve:P-256", 238e1051a39Sopenharmony_ci "-pkeyopt", "ec_param_enc:named_curve", 239e1051a39Sopenharmony_ci "-out", "ecp.ss"])), 240e1051a39Sopenharmony_ci "make EC parameters"); 241e1051a39Sopenharmony_ci skip 'failure', 3 unless 242e1051a39Sopenharmony_ci ok(run(app([@reqcmd, "-config", $cnf, 243e1051a39Sopenharmony_ci "-section", "userreq", 244e1051a39Sopenharmony_ci "-out", $Ereq, "-keyout", $Ekey, 245e1051a39Sopenharmony_ci "-newkey", "ec:ecp.ss"], 246e1051a39Sopenharmony_ci stdout => "err.ss")), 247e1051a39Sopenharmony_ci "make a ECDSA/ECDH user cert request"); 248e1051a39Sopenharmony_ci skip 'failure', 2 unless 249e1051a39Sopenharmony_ci ok(run(app([@x509cmd, "-CAcreateserial", 250e1051a39Sopenharmony_ci "-in", $Ereq, 251e1051a39Sopenharmony_ci "-days", "30", 252e1051a39Sopenharmony_ci "-req", 253e1051a39Sopenharmony_ci "-out", $Ecert, 254e1051a39Sopenharmony_ci "-CA", $CAcert, "-CAkey", $CAkey, 255e1051a39Sopenharmony_ci "-CAserial", $CAserial, 256e1051a39Sopenharmony_ci "-extfile", $cnf, 257e1051a39Sopenharmony_ci "-extensions", "v3_ee_ec"], 258e1051a39Sopenharmony_ci stdout => "err.ss")), 259e1051a39Sopenharmony_ci "sign ECDSA/ECDH user cert request"); 260e1051a39Sopenharmony_ci skip 'failure', 1 unless 261e1051a39Sopenharmony_ci ok(run(app([@verifycmd, "-CAfile", $CAcert, $Ecert])), 262e1051a39Sopenharmony_ci "verify ECDSA/ECDH user cert"); 263e1051a39Sopenharmony_ci skip 'failure', 0 unless 264e1051a39Sopenharmony_ci ok(run(app([@x509cmd, 265e1051a39Sopenharmony_ci "-subject", "-issuer", 266e1051a39Sopenharmony_ci "-startdate", "-enddate", "-noout", 267e1051a39Sopenharmony_ci "-in", $Ecert])), 268e1051a39Sopenharmony_ci "ECDSA Certificate details"); 269e1051a39Sopenharmony_ci } 270e1051a39Sopenharmony_ci }; 271e1051a39Sopenharmony_ci 272e1051a39Sopenharmony_ci skip 'failure', 5 unless 273e1051a39Sopenharmony_ci ok(run(app([@reqcmd, "-config", $proxycnf, 274e1051a39Sopenharmony_ci "-out", $P1req, "-key", $P1key, @req_new], 275e1051a39Sopenharmony_ci stdout => "err.ss")), 276e1051a39Sopenharmony_ci 'make a proxy cert request'); 277e1051a39Sopenharmony_ci 278e1051a39Sopenharmony_ci 279e1051a39Sopenharmony_ci skip 'failure', 4 unless 280e1051a39Sopenharmony_ci ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P1req, "-days", "30", 281e1051a39Sopenharmony_ci "-req", "-out", $P1cert, 282e1051a39Sopenharmony_ci "-CA", $Ucert, "-CAkey", $Ukey, 283e1051a39Sopenharmony_ci "-extfile", $proxycnf, "-extensions", "proxy"], 284e1051a39Sopenharmony_ci stdout => "err.ss")), 285e1051a39Sopenharmony_ci 'sign proxy with user cert'); 286e1051a39Sopenharmony_ci 287e1051a39Sopenharmony_ci copy($Ucert, $P1intermediate); 288e1051a39Sopenharmony_ci run(app([@verifycmd, "-CAfile", $CAcert, 289e1051a39Sopenharmony_ci "-untrusted", $P1intermediate, $P1cert])); 290e1051a39Sopenharmony_ci ok(run(app([@x509cmd, 291e1051a39Sopenharmony_ci "-subject", "-issuer", "-startdate", "-enddate", 292e1051a39Sopenharmony_ci "-noout", "-in", $P1cert])), 293e1051a39Sopenharmony_ci 'Certificate details'); 294e1051a39Sopenharmony_ci 295e1051a39Sopenharmony_ci skip 'failure', 2 unless 296e1051a39Sopenharmony_ci ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req", 297e1051a39Sopenharmony_ci "-out", $P2req, "-key", $P2key, 298e1051a39Sopenharmony_ci @req_new], 299e1051a39Sopenharmony_ci stdout => "err.ss")), 300e1051a39Sopenharmony_ci 'make another proxy cert request'); 301e1051a39Sopenharmony_ci 302e1051a39Sopenharmony_ci 303e1051a39Sopenharmony_ci skip 'failure', 1 unless 304e1051a39Sopenharmony_ci ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P2req, "-days", "30", 305e1051a39Sopenharmony_ci "-req", "-out", $P2cert, 306e1051a39Sopenharmony_ci "-CA", $P1cert, "-CAkey", $P1key, 307e1051a39Sopenharmony_ci "-extfile", $proxycnf, "-extensions", "proxy_2"], 308e1051a39Sopenharmony_ci stdout => "err.ss")), 309e1051a39Sopenharmony_ci 'sign second proxy cert request with the first proxy cert'); 310e1051a39Sopenharmony_ci 311e1051a39Sopenharmony_ci 312e1051a39Sopenharmony_ci open OUT, ">", $P2intermediate; 313e1051a39Sopenharmony_ci copy($Ucert, \*OUT); copy($P1cert, \*OUT); 314e1051a39Sopenharmony_ci close OUT; 315e1051a39Sopenharmony_ci run(app([@verifycmd, "-CAfile", $CAcert, 316e1051a39Sopenharmony_ci "-untrusted", $P2intermediate, $P2cert])); 317e1051a39Sopenharmony_ci ok(run(app([@x509cmd, 318e1051a39Sopenharmony_ci "-subject", "-issuer", "-startdate", "-enddate", 319e1051a39Sopenharmony_ci "-noout", "-in", $P2cert])), 320e1051a39Sopenharmony_ci 'Certificate details'); 321e1051a39Sopenharmony_ci } 322e1051a39Sopenharmony_ci} 323e1051a39Sopenharmony_ci 324e1051a39Sopenharmony_cisub testssl { 325e1051a39Sopenharmony_ci my ($key, $cert, $CAtmp, $provider, $configfile) = @_; 326e1051a39Sopenharmony_ci my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs")); 327e1051a39Sopenharmony_ci my @providerflags = ("-provider", $provider); 328e1051a39Sopenharmony_ci 329e1051a39Sopenharmony_ci if ($provider eq "default" && !disabled("legacy")) { 330e1051a39Sopenharmony_ci push @providerflags, "-provider", "legacy"; 331e1051a39Sopenharmony_ci } 332e1051a39Sopenharmony_ci 333e1051a39Sopenharmony_ci my @ssltest = ("ssl_old_test", 334e1051a39Sopenharmony_ci "-s_key", $key, "-s_cert", $cert, 335e1051a39Sopenharmony_ci "-c_key", $key, "-c_cert", $cert, 336e1051a39Sopenharmony_ci "-config", $configfile, 337e1051a39Sopenharmony_ci @providerflags); 338e1051a39Sopenharmony_ci 339e1051a39Sopenharmony_ci 340e1051a39Sopenharmony_ci my $serverinfo = srctop_file("test","serverinfo.pem"); 341e1051a39Sopenharmony_ci 342e1051a39Sopenharmony_ci my $dsa_cert = 0; 343e1051a39Sopenharmony_ci if (grep /DSA Public Key/, run(app(["openssl", "x509", "-in", $cert, 344e1051a39Sopenharmony_ci "-text", "-noout"]), capture => 1)) { 345e1051a39Sopenharmony_ci $dsa_cert = 1; 346e1051a39Sopenharmony_ci } 347e1051a39Sopenharmony_ci 348e1051a39Sopenharmony_ci 349e1051a39Sopenharmony_ci subtest 'standard SSL tests' => sub { 350e1051a39Sopenharmony_ci ###################################################################### 351e1051a39Sopenharmony_ci plan tests => 19; 352e1051a39Sopenharmony_ci 353e1051a39Sopenharmony_ci SKIP: { 354e1051a39Sopenharmony_ci skip "SSLv3 is not supported by this OpenSSL build", 4 355e1051a39Sopenharmony_ci if disabled("ssl3"); 356e1051a39Sopenharmony_ci 357e1051a39Sopenharmony_ci skip "SSLv3 is not supported by the FIPS provider", 4 358e1051a39Sopenharmony_ci if $provider eq "fips"; 359e1051a39Sopenharmony_ci 360e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-ssl3"])), 361e1051a39Sopenharmony_ci 'test sslv3 via BIO pair'); 362e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])), 363e1051a39Sopenharmony_ci 'test sslv3 with server authentication via BIO pair'); 364e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])), 365e1051a39Sopenharmony_ci 'test sslv3 with client authentication via BIO pair'); 366e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])), 367e1051a39Sopenharmony_ci 'test sslv3 with both server and client authentication via BIO pair'); 368e1051a39Sopenharmony_ci } 369e1051a39Sopenharmony_ci 370e1051a39Sopenharmony_ci SKIP: { 371e1051a39Sopenharmony_ci skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1 372e1051a39Sopenharmony_ci if $no_anytls; 373e1051a39Sopenharmony_ci 374e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair"])), 375e1051a39Sopenharmony_ci 'test sslv2/sslv3 via BIO pair'); 376e1051a39Sopenharmony_ci } 377e1051a39Sopenharmony_ci 378e1051a39Sopenharmony_ci SKIP: { 379e1051a39Sopenharmony_ci skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 14 380e1051a39Sopenharmony_ci if $no_anytls; 381e1051a39Sopenharmony_ci 382e1051a39Sopenharmony_ci SKIP: { 383e1051a39Sopenharmony_ci skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert; 384e1051a39Sopenharmony_ci 385e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])), 386e1051a39Sopenharmony_ci 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'); 387e1051a39Sopenharmony_ci } 388e1051a39Sopenharmony_ci 389e1051a39Sopenharmony_ci SKIP: { 390e1051a39Sopenharmony_ci skip "skipping dhe1024dsa test", 1 391e1051a39Sopenharmony_ci if ($no_dh); 392e1051a39Sopenharmony_ci 393e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])), 394e1051a39Sopenharmony_ci 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); 395e1051a39Sopenharmony_ci } 396e1051a39Sopenharmony_ci 397e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), 398e1051a39Sopenharmony_ci 'test sslv2/sslv3 with server authentication'); 399e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), 400e1051a39Sopenharmony_ci 'test sslv2/sslv3 with client authentication via BIO pair'); 401e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])), 402e1051a39Sopenharmony_ci 'test sslv2/sslv3 with both client and server authentication via BIO pair'); 403e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), 404e1051a39Sopenharmony_ci 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); 405e1051a39Sopenharmony_ci 406e1051a39Sopenharmony_ci SKIP: { 407e1051a39Sopenharmony_ci skip "No IPv4 available on this machine", 4 408e1051a39Sopenharmony_ci unless !disabled("sock") && have_IPv4(); 409e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-ipv4"])), 410e1051a39Sopenharmony_ci 'test TLS via IPv4'); 411e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-ipv4", "-client_ktls"])), 412e1051a39Sopenharmony_ci 'test TLS via IPv4 + ktls(client)'); 413e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-ipv4", "-server_ktls"])), 414e1051a39Sopenharmony_ci 'test TLS via IPv4 + ktls(server)'); 415e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-ipv4", "-client_ktls", "-server_ktls"])), 416e1051a39Sopenharmony_ci 'test TLS via IPv4 + ktls'); 417e1051a39Sopenharmony_ci } 418e1051a39Sopenharmony_ci 419e1051a39Sopenharmony_ci SKIP: { 420e1051a39Sopenharmony_ci skip "No IPv6 available on this machine", 4 421e1051a39Sopenharmony_ci unless !disabled("sock") && have_IPv6(); 422e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-ipv6"])), 423e1051a39Sopenharmony_ci 'test TLS via IPv6'); 424e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-ipv6", "-client_ktls"])), 425e1051a39Sopenharmony_ci 'test TLS via IPv6 + ktls(client)'); 426e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-ipv6", "-server_ktls"])), 427e1051a39Sopenharmony_ci 'test TLS via IPv6 + ktls(client)'); 428e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-ipv6", "-client_ktls", "-server_ktls"])), 429e1051a39Sopenharmony_ci 'test TLS via IPv6 + ktls'); 430e1051a39Sopenharmony_ci } 431e1051a39Sopenharmony_ci } 432e1051a39Sopenharmony_ci }; 433e1051a39Sopenharmony_ci 434e1051a39Sopenharmony_ci subtest "Testing ciphersuites" => sub { 435e1051a39Sopenharmony_ci 436e1051a39Sopenharmony_ci my @exkeys = (); 437e1051a39Sopenharmony_ci my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; 438e1051a39Sopenharmony_ci 439e1051a39Sopenharmony_ci if (!$no_dsa) { 440e1051a39Sopenharmony_ci push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; 441e1051a39Sopenharmony_ci } 442e1051a39Sopenharmony_ci 443e1051a39Sopenharmony_ci if (!$no_ec) { 444e1051a39Sopenharmony_ci push @exkeys, "-s_cert", "certE.ss", "-s_key", $Ekey; 445e1051a39Sopenharmony_ci } 446e1051a39Sopenharmony_ci 447e1051a39Sopenharmony_ci my @protocols = (); 448e1051a39Sopenharmony_ci # We only use the flags that ssl_old_test understands 449e1051a39Sopenharmony_ci push @protocols, "-tls1_3" unless $no_tls1_3; 450e1051a39Sopenharmony_ci push @protocols, "-tls1_2" unless $no_tls1_2; 451e1051a39Sopenharmony_ci push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips"; 452e1051a39Sopenharmony_ci push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips"; 453e1051a39Sopenharmony_ci my $protocolciphersuitecount = 0; 454e1051a39Sopenharmony_ci my %ciphersuites = (); 455e1051a39Sopenharmony_ci my %ciphersstatus = (); 456e1051a39Sopenharmony_ci #There's no "-config" option to the ciphers command so we set the 457e1051a39Sopenharmony_ci #environment variable instead 458e1051a39Sopenharmony_ci my $opensslconf = $ENV{OPENSSL_CONF}; 459e1051a39Sopenharmony_ci $ENV{OPENSSL_CONF} = $configfile; 460e1051a39Sopenharmony_ci foreach my $protocol (@protocols) { 461e1051a39Sopenharmony_ci my $ciphersstatus = undef; 462e1051a39Sopenharmony_ci my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol, 463e1051a39Sopenharmony_ci @providerflags, 464e1051a39Sopenharmony_ci "ALL:$ciphers"]), 465e1051a39Sopenharmony_ci capture => 1, statusvar => \$ciphersstatus); 466e1051a39Sopenharmony_ci $ciphersstatus{$protocol} = $ciphersstatus; 467e1051a39Sopenharmony_ci if ($ciphersstatus) { 468e1051a39Sopenharmony_ci $ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) } 469e1051a39Sopenharmony_ci @ciphers ]; 470e1051a39Sopenharmony_ci $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}}; 471e1051a39Sopenharmony_ci } 472e1051a39Sopenharmony_ci } 473e1051a39Sopenharmony_ci $ENV{OPENSSL_CONF} = $opensslconf; 474e1051a39Sopenharmony_ci 475e1051a39Sopenharmony_ci plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build" 476e1051a39Sopenharmony_ci if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0; 477e1051a39Sopenharmony_ci 478e1051a39Sopenharmony_ci # The count of protocols is because in addition to the ciphersuites 479e1051a39Sopenharmony_ci # we got above, we're running a weak DH test for each protocol (except 480e1051a39Sopenharmony_ci # TLSv1.3) 481e1051a39Sopenharmony_ci my $testcount = scalar(@protocols) + $protocolciphersuitecount 482e1051a39Sopenharmony_ci + scalar(keys %ciphersuites); 483e1051a39Sopenharmony_ci $testcount-- unless $no_tls1_3; 484e1051a39Sopenharmony_ci plan tests => $testcount; 485e1051a39Sopenharmony_ci 486e1051a39Sopenharmony_ci foreach my $protocol (@protocols) { 487e1051a39Sopenharmony_ci ok($ciphersstatus{$protocol}, "Getting ciphers for $protocol"); 488e1051a39Sopenharmony_ci } 489e1051a39Sopenharmony_ci 490e1051a39Sopenharmony_ci foreach my $protocol (sort keys %ciphersuites) { 491e1051a39Sopenharmony_ci note "Testing ciphersuites for $protocol"; 492e1051a39Sopenharmony_ci # ssl_old_test doesn't know -tls1_3, but that's fine, since that's 493e1051a39Sopenharmony_ci # the default choice if TLSv1.3 enabled 494e1051a39Sopenharmony_ci my $flag = $protocol eq "-tls1_3" ? "" : $protocol; 495e1051a39Sopenharmony_ci my $ciphersuites = ""; 496e1051a39Sopenharmony_ci foreach my $cipher (@{$ciphersuites{$protocol}}) { 497e1051a39Sopenharmony_ci if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { 498e1051a39Sopenharmony_ci note "*****SKIPPING $protocol $cipher"; 499e1051a39Sopenharmony_ci ok(1); 500e1051a39Sopenharmony_ci } else { 501e1051a39Sopenharmony_ci if ($protocol eq "-tls1_3") { 502e1051a39Sopenharmony_ci $ciphersuites = $cipher; 503e1051a39Sopenharmony_ci $cipher = ""; 504e1051a39Sopenharmony_ci } else { 505e1051a39Sopenharmony_ci $cipher = $cipher.':@SECLEVEL=0'; 506e1051a39Sopenharmony_ci } 507e1051a39Sopenharmony_ci ok(run(test([@ssltest, @exkeys, "-cipher", 508e1051a39Sopenharmony_ci $cipher, 509e1051a39Sopenharmony_ci "-ciphersuites", $ciphersuites, 510e1051a39Sopenharmony_ci $flag || ()])), 511e1051a39Sopenharmony_ci "Testing $cipher"); 512e1051a39Sopenharmony_ci } 513e1051a39Sopenharmony_ci } 514e1051a39Sopenharmony_ci next if $protocol eq "-tls1_3"; 515e1051a39Sopenharmony_ci 516e1051a39Sopenharmony_ci SKIP: { 517e1051a39Sopenharmony_ci skip "skipping dhe512 test", 1 518e1051a39Sopenharmony_ci if ($no_dh); 519e1051a39Sopenharmony_ci 520e1051a39Sopenharmony_ci is(run(test([@ssltest, 521e1051a39Sopenharmony_ci "-s_cipher", "EDH", 522e1051a39Sopenharmony_ci "-c_cipher", 'EDH:@SECLEVEL=1', 523e1051a39Sopenharmony_ci "-dhe512", 524e1051a39Sopenharmony_ci $protocol])), 0, 525e1051a39Sopenharmony_ci "testing connection with weak DH, expecting failure"); 526e1051a39Sopenharmony_ci } 527e1051a39Sopenharmony_ci } 528e1051a39Sopenharmony_ci }; 529e1051a39Sopenharmony_ci 530e1051a39Sopenharmony_ci subtest 'RSA/(EC)DHE/PSK tests' => sub { 531e1051a39Sopenharmony_ci ###################################################################### 532e1051a39Sopenharmony_ci 533e1051a39Sopenharmony_ci plan tests => 10; 534e1051a39Sopenharmony_ci 535e1051a39Sopenharmony_ci SKIP: { 536e1051a39Sopenharmony_ci skip "TLSv1.0 is not supported by this OpenSSL build", 6 537e1051a39Sopenharmony_ci if $no_tls1 || $provider eq "fips"; 538e1051a39Sopenharmony_ci 539e1051a39Sopenharmony_ci SKIP: { 540e1051a39Sopenharmony_ci skip "skipping anonymous DH tests", 1 541e1051a39Sopenharmony_ci if ($no_dh); 542e1051a39Sopenharmony_ci 543e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])), 544e1051a39Sopenharmony_ci 'test tlsv1 with 1024bit anonymous DH, multiple handshakes'); 545e1051a39Sopenharmony_ci } 546e1051a39Sopenharmony_ci 547e1051a39Sopenharmony_ci SKIP: { 548e1051a39Sopenharmony_ci skip "skipping RSA tests", 2 549e1051a39Sopenharmony_ci if $no_rsa; 550e1051a39Sopenharmony_ci 551e1051a39Sopenharmony_ci ok(run(test(["ssl_old_test", "-provider", "default", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])), 552e1051a39Sopenharmony_ci 'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes'); 553e1051a39Sopenharmony_ci 554e1051a39Sopenharmony_ci skip "skipping RSA+DHE tests", 1 555e1051a39Sopenharmony_ci if $no_dh; 556e1051a39Sopenharmony_ci 557e1051a39Sopenharmony_ci ok(run(test(["ssl_old_test", "-provider", "default", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])), 558e1051a39Sopenharmony_ci 'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes'); 559e1051a39Sopenharmony_ci } 560e1051a39Sopenharmony_ci 561e1051a39Sopenharmony_ci SKIP: { 562e1051a39Sopenharmony_ci skip "skipping PSK tests", 2 563e1051a39Sopenharmony_ci if ($no_psk); 564e1051a39Sopenharmony_ci 565e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])), 566e1051a39Sopenharmony_ci 'test tls1 with PSK'); 567e1051a39Sopenharmony_ci 568e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])), 569e1051a39Sopenharmony_ci 'test tls1 with PSK via BIO pair'); 570e1051a39Sopenharmony_ci } 571e1051a39Sopenharmony_ci 572e1051a39Sopenharmony_ci SKIP: { 573e1051a39Sopenharmony_ci skip "skipping auto DH PSK tests", 1 574e1051a39Sopenharmony_ci if ($no_dh || $no_psk); 575e1051a39Sopenharmony_ci 576e1051a39Sopenharmony_ci ok(run(test(['ssl_old_test', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])), 577e1051a39Sopenharmony_ci 'test auto DH meets security strength'); 578e1051a39Sopenharmony_ci } 579e1051a39Sopenharmony_ci } 580e1051a39Sopenharmony_ci 581e1051a39Sopenharmony_ci SKIP: { 582e1051a39Sopenharmony_ci skip "TLSv1.1 is not supported by this OpenSSL build", 4 583e1051a39Sopenharmony_ci if $no_tls1_1; 584e1051a39Sopenharmony_ci 585e1051a39Sopenharmony_ci SKIP: { 586e1051a39Sopenharmony_ci skip "skipping auto DHE PSK test at SECLEVEL 3", 1 587e1051a39Sopenharmony_ci if ($no_dh || $no_psk); 588e1051a39Sopenharmony_ci 589e1051a39Sopenharmony_ci ok(run(test(['ssl_old_test', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), 590e1051a39Sopenharmony_ci 'test auto DHE PSK meets security strength'); 591e1051a39Sopenharmony_ci } 592e1051a39Sopenharmony_ci 593e1051a39Sopenharmony_ci SKIP: { 594e1051a39Sopenharmony_ci skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 595e1051a39Sopenharmony_ci if ($no_ec || $no_psk); 596e1051a39Sopenharmony_ci 597e1051a39Sopenharmony_ci ok(run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), 598e1051a39Sopenharmony_ci 'test auto ECDHE PSK meets security strength'); 599e1051a39Sopenharmony_ci } 600e1051a39Sopenharmony_ci 601e1051a39Sopenharmony_ci SKIP: { 602e1051a39Sopenharmony_ci skip "skipping no RSA PSK at SECLEVEL 3 test", 1 603e1051a39Sopenharmony_ci if ($no_rsa || $no_psk); 604e1051a39Sopenharmony_ci 605e1051a39Sopenharmony_ci ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), 606e1051a39Sopenharmony_ci 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); 607e1051a39Sopenharmony_ci } 608e1051a39Sopenharmony_ci 609e1051a39Sopenharmony_ci SKIP: { 610e1051a39Sopenharmony_ci skip "skipping no PSK at SECLEVEL 3 test", 1 611e1051a39Sopenharmony_ci if ($no_psk); 612e1051a39Sopenharmony_ci 613e1051a39Sopenharmony_ci ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), 614e1051a39Sopenharmony_ci 'test auto PSK does not meet security level 3 requirements (PFS)'); 615e1051a39Sopenharmony_ci } 616e1051a39Sopenharmony_ci } 617e1051a39Sopenharmony_ci 618e1051a39Sopenharmony_ci }; 619e1051a39Sopenharmony_ci 620e1051a39Sopenharmony_ci subtest 'Custom Extension tests' => sub { 621e1051a39Sopenharmony_ci ###################################################################### 622e1051a39Sopenharmony_ci 623e1051a39Sopenharmony_ci plan tests => 1; 624e1051a39Sopenharmony_ci 625e1051a39Sopenharmony_ci SKIP: { 626e1051a39Sopenharmony_ci skip "TLSv1.0 is not supported by this OpenSSL build", 1 627e1051a39Sopenharmony_ci if $no_tls1 || $provider eq "fips"; 628e1051a39Sopenharmony_ci 629e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])), 630e1051a39Sopenharmony_ci 'test tls1 with custom extensions'); 631e1051a39Sopenharmony_ci } 632e1051a39Sopenharmony_ci }; 633e1051a39Sopenharmony_ci 634e1051a39Sopenharmony_ci subtest 'Serverinfo tests' => sub { 635e1051a39Sopenharmony_ci ###################################################################### 636e1051a39Sopenharmony_ci 637e1051a39Sopenharmony_ci plan tests => 5; 638e1051a39Sopenharmony_ci 639e1051a39Sopenharmony_ci SKIP: { 640e1051a39Sopenharmony_ci skip "TLSv1.0 is not supported by this OpenSSL build", 5 641e1051a39Sopenharmony_ci if $no_tls1 || $provider eq "fips"; 642e1051a39Sopenharmony_ci 643e1051a39Sopenharmony_ci note('echo test tls1 with serverinfo'); 644e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo]))); 645e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct"]))); 646e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_tack"]))); 647e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); 648e1051a39Sopenharmony_ci ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); 649e1051a39Sopenharmony_ci } 650e1051a39Sopenharmony_ci }; 651e1051a39Sopenharmony_ci} 652