I played around with the testssl script in the tests directory and the following change seems to take care of the no-dh issue so that the tests run to completion. This is the last section of the script:
########################################################### if ../apps/openssl no-dh; then echo skipping anonymous DH tests else echo test tls1 with 1024bit anonymous DH, multiple handshakes $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 fi if ../apps/openssl no-rsa; then echo skipping RSA tests else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 fi if ../apps/openssl no-dh; then echo skipping 1024bit DHE tests else echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 fi ########################################################## Chris Brook -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Brook via RT Sent: Wednesday, November 20, 2002 3:36 PM Cc: [EMAIL PROTECTED] Subject: [openssl.org #353] 0.9.7 B4 testssl with no-dh fails I have compiled OpenSSL 0.9.7 Beta 4 with the NO-DH option. The compilation is fine but "ssltest" fails when trying to run the "-dhe1024*" tests. A fix was added in Beta 3 to handle the -dhe1024 & -dhe1024dsa parameters when NO-DH was used but ssltest still tries to run and fails with: ERROR in CLIENT 22172:error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available:s3_clnt.c:569: It would seem that the DH tests should be skipped altogether if the NO-DH option is used, rather than trying to run and failing. The result is that "make test" does not complete. Chris Brook ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
