Amended patch to avoid need for -f option with -tls1_1 and -tls1_2 options Best Regards Nick --------
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index cebd4e7..1978eeb 100755 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -432,6 +432,12 @@ static void sv_usage(void) #ifndef OPENSSL_NO_TLS1 fprintf(stderr," -tls1 - use TLSv1\n"); #endif +#ifndef OPENSSL_NO_TLS1 + fprintf(stderr," -tls1_1 - use TLSv1.1\n"); +#endif +#ifndef OPENSSL_NO_TLS1_2 + fprintf(stderr," -tls1_2 - use TLSv1.2\n"); +#endif fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); fprintf(stderr," -cert arg - Server certificate file\n"); @@ -590,7 +596,7 @@ int main(int argc, char *argv[]) int badop=0; int bio_pair=0; int force=0; - int tls1=0,ssl2=0,ssl3=0,ret=1; + int tls1_2=0,tls1_1=0,tls1=0,ssl2=0,ssl3=0,ret=1; int client_auth=0; int server_auth=0,i; struct app_verify_arg app_verify_arg = @@ -744,12 +750,26 @@ int main(int argc, char *argv[]) tls1=1; } #endif +#ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) ssl2=1; +#endif +#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) tls1=1; +#endif +#ifndef OPENSSL_NO_TLS1_1 + else if (strcmp(*argv,"-tls1_1") == 0) + tls1_1=1; +#endif +#ifndef OPENSSL_NO_TLS1_2 + else if (strcmp(*argv,"-tls1_2") == 0) + tls1_2=1; +#endif +#ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) ssl3=1; +#endif else if (strncmp(*argv,"-num",4) == 0) { if (--argc < 1) goto bad; @@ -891,7 +911,7 @@ bad: goto end; } - if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) + if (!ssl2 && !ssl3 && !tls1 && !tls1_1 && !tls1_2 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " @@ -969,23 +989,36 @@ bad: } #endif -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) + if (ssl2) meth=SSLv2_method(); else if (tls1) meth=TLSv1_method(); else + if (tls1_1) + meth=TLSv1_1_method(); + else + if (tls1_2) + meth=TLSv1_2_method(); + else if (ssl3) meth=SSLv3_method(); else +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_method(); #else -#ifdef OPENSSL_NO_SSL2 - meth=SSLv3_method(); +#ifndef OPENSSL_NO_SSL3 + meth=SSLv3_method(); #else - meth=SSLv2_method(); +#ifndef OPENSSL_NO_SSL2 + meth=SSLv2_method(); +#endif #endif + { + fprintf(stderr,"No SSL/TLS methods available\n"); + goto end; + } #endif c_ctx=SSL_CTX_new(meth); @@ -2665,8 +2698,10 @@ static int do_test_cipherlist(void) #ifndef OPENSSL_NO_SSL2 fprintf(stderr, "testing SSLv2 cipher list order: "); meth = SSLv2_method(); + i=0; while ((ci = meth->get_cipher(i++)) != NULL) { + fprintf(stderr,"."); if (tci != NULL) if (ci->id >= tci->id) { @@ -2675,14 +2710,16 @@ static int do_test_cipherlist(void) } tci = ci; } - fprintf(stderr, "ok\n"); + fprintf(stderr, " ok\n"); #endif #ifndef OPENSSL_NO_SSL3 fprintf(stderr, "testing SSLv3 cipher list order: "); meth = SSLv3_method(); tci = NULL; + i=0; while ((ci = meth->get_cipher(i++)) != NULL) { + fprintf(stderr,"."); if (tci != NULL) if (ci->id >= tci->id) { @@ -2691,14 +2728,52 @@ static int do_test_cipherlist(void) } tci = ci; } - fprintf(stderr, "ok\n"); + fprintf(stderr, " ok\n"); #endif #ifndef OPENSSL_NO_TLS1 fprintf(stderr, "testing TLSv1 cipher list order: "); meth = TLSv1_method(); tci = NULL; + i=0; + while ((ci = meth->get_cipher(i++)) != NULL) + { + fprintf(stderr,"."); + if (tci != NULL) + if (ci->id >= tci->id) + { + fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + return 0; + } + tci = ci; + } + fprintf(stderr, " ok\n"); +#endif +#ifndef OPENSSL_NO_TLS1_1 + fprintf(stderr, "testing TLSv1.1 cipher list order: "); + meth = TLSv1_1_method(); + tci = NULL; + i=0; + while ((ci = meth->get_cipher(i++)) != NULL) + { + fprintf(stderr,"."); + if (tci != NULL) + if (ci->id >= tci->id) + { + fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + return 0; + } + tci = ci; + } + fprintf(stderr, " ok\n"); +#endif +#ifndef OPENSSL_NO_TLS1_2 + fprintf(stderr, "testing TLSv1.2 cipher list order: "); + meth = TLSv1_2_method(); + tci = NULL; + i=0; while ((ci = meth->get_cipher(i++)) != NULL) { + fprintf(stderr,"."); if (tci != NULL) if (ci->id >= tci->id) { @@ -2707,7 +2782,7 @@ static int do_test_cipherlist(void) } tci = ci; } - fprintf(stderr, "ok\n"); + fprintf(stderr, " ok\n"); #endif return 1; ________________________________ The details of this company are as follows: G4S Technology Limited, Registered Office: Challenge House, International Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338. This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity. This e-mail has been scanned for all viruses by MessageLabs.
Amended patch to avoid need for –f option with -tls1_1 and -tls1_2 options Best Regards Nick -------- diff --git a/ssl/ssltest.c b/ssl/ssltest.c index cebd4e7..1978eeb 100755 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -432,6 +432,12 @@ static void sv_usage(void) #ifndef OPENSSL_NO_TLS1 fprintf(stderr," -tls1 - use TLSv1\n"); #endif +#ifndef OPENSSL_NO_TLS1 + fprintf(stderr," -tls1_1 - use TLSv1.1\n"); +#endif +#ifndef OPENSSL_NO_TLS1_2 + fprintf(stderr," -tls1_2 - use TLSv1.2\n"); +#endif fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); fprintf(stderr," -cert arg - Server certificate file\n"); @@ -590,7 +596,7 @@ int main(int argc, char *argv[]) int badop=0; int bio_pair=0; int force=0; - int tls1=0,ssl2=0,ssl3=0,ret=1; + int tls1_2=0,tls1_1=0,tls1=0,ssl2=0,ssl3=0,ret=1; int client_auth=0; int server_auth=0,i; struct app_verify_arg app_verify_arg = @@ -744,12 +750,26 @@ int main(int argc, char *argv[]) tls1=1; } #endif +#ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) ssl2=1; +#endif +#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) tls1=1; +#endif +#ifndef OPENSSL_NO_TLS1_1 + else if (strcmp(*argv,"-tls1_1") == 0) + tls1_1=1; +#endif +#ifndef OPENSSL_NO_TLS1_2 + else if (strcmp(*argv,"-tls1_2") == 0) + tls1_2=1; +#endif +#ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) ssl3=1; +#endif else if (strncmp(*argv,"-num",4) == 0) { if (--argc < 1) goto bad; @@ -891,7 +911,7 @@ bad: goto end; } - if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) + if (!ssl2 && !ssl3 && !tls1 && !tls1_1 && !tls1_2 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " @@ -969,23 +989,36 @@ bad: } #endif -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) + if (ssl2) meth=SSLv2_method(); else
if (tls1) meth=TLSv1_method(); else + if (tls1_1) + meth=TLSv1_1_method(); + else + if (tls1_2) + meth=TLSv1_2_method(); + else if (ssl3) meth=SSLv3_method(); else +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_method(); #else -#ifdef OPENSSL_NO_SSL2 - meth=SSLv3_method(); +#ifndef OPENSSL_NO_SSL3 + meth=SSLv3_method(); #else - meth=SSLv2_method(); +#ifndef OPENSSL_NO_SSL2 + meth=SSLv2_method(); +#endif #endif + { + fprintf(stderr,"No SSL/TLS methods available\n"); + goto end; + } #endif c_ctx=SSL_CTX_new(meth); @@ -2665,8 +2698,10 @@ static int do_test_cipherlist(void) #ifndef OPENSSL_NO_SSL2 fprintf(stderr, "testing SSLv2 cipher list order: "); meth = SSLv2_method(); + i=0; while ((ci = meth->get_cipher(i++)) != NULL) { + fprintf(stderr,"."); if (tci != NULL) if (ci->id >= tci->id) { @@ -2675,14 +2710,16 @@ static int do_test_cipherlist(void) } tci = ci; } - fprintf(stderr, "ok\n"); + fprintf(stderr, " ok\n"); #endif #ifndef OPENSSL_NO_SSL3 fprintf(stderr, "testing SSLv3 cipher list order: "); meth = SSLv3_method(); tci = NULL; + i=0; while ((ci = meth->get_cipher(i++)) != NULL) { + fprintf(stderr,"."); if (tci != NULL) if (ci->id >= tci->id) { @@ -2691,14 +2728,52 @@ static int do_test_cipherlist(void) } tci = ci; } - fprintf(stderr, "ok\n"); + fprintf(stderr, " ok\n"); #endif #ifndef OPENSSL_NO_TLS1 fprintf(stderr, "testing TLSv1 cipher list order: "); meth = TLSv1_method(); tci = NULL; + i=0; + while ((ci = meth->get_cipher(i++)) != NULL) + { + fprintf(stderr,"."); + if (tci != NULL) + if (ci->id >= tci->id) + { + fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + return 0; + } + tci = ci; + } + fprintf(stderr, " ok\n"); +#endif +#ifndef OPENSSL_NO_TLS1_1 + fprintf(stderr, "testing TLSv1.1 cipher list order: "); + meth = TLSv1_1_method(); + tci = NULL; + i=0; + while ((ci = meth->get_cipher(i++)) != NULL) + { + fprintf(stderr,"."); + if (tci != NULL) + if (ci->id >= tci->id) + { + fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + return 0; + } + tci = ci; + } + fprintf(stderr, " ok\n"); +#endif +#ifndef OPENSSL_NO_TLS1_2 + fprintf(stderr, "testing TLSv1.2 cipher list order: "); + meth = TLSv1_2_method(); + tci = NULL; + i=0; while ((ci = meth->get_cipher(i++)) != NULL) { + fprintf(stderr,"."); if (tci != NULL) if (ci->id >= tci->id) { @@ -2707,7 +2782,7 @@ static int do_test_cipherlist(void) } tci = ci; } - fprintf(stderr, "ok\n"); + fprintf(stderr, " ok\n"); #endif return 1; The details of this company are as follows: G4S Technology Limited, Registered Office: Challenge House, International Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338. This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity. This e-mail has been scanned for all viruses by MessageLabs. |