|
1 | 1 | #!/bin/bash |
2 | 2 |
|
3 | | -#openssl.test |
| 3 | +# openssl.test |
4 | 4 |
|
5 | 5 | # Enviornment variables used: |
6 | 6 | # OPENSSL (openssl app to use) |
@@ -409,6 +409,14 @@ OIFS=$IFS # store old separator to reset |
409 | 409 | # |
410 | 410 | # Start |
411 | 411 | # |
| 412 | +echo |
| 413 | +echo "wolfSSL configuration:" |
| 414 | +./config.status --config |
| 415 | +echo |
| 416 | +echo "OpenSSL version:" |
| 417 | +$OPENSSL version -a |
| 418 | +echo |
| 419 | + |
412 | 420 | ps -p $PPID >/dev/null 2>&1 |
413 | 421 | if [ "$?" = "1" ] |
414 | 422 | then |
@@ -494,51 +502,86 @@ esac |
494 | 502 |
|
495 | 503 | if [ "$wolf_certs" != "" ] |
496 | 504 | then |
| 505 | + echo |
| 506 | + # Check if RSA certificates supported in wolfSSL |
| 507 | + wolf_rsa=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-cert.pem" 2>&1` |
| 508 | + case $wolf_rsa in |
| 509 | + *"ca file"*) |
| 510 | + echo "wolfSSL does not support RSA" |
| 511 | + wolf_rsa="" |
| 512 | + ;; |
| 513 | + *) |
| 514 | + ;; |
| 515 | + esac |
| 516 | + if [ "$wolf_rsa" != "" ]; then |
| 517 | + echo "wolfSSL supports RSA" |
| 518 | + fi |
497 | 519 | # Check if ECC certificates supported in wolfSSL |
498 | | - wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/ca-ecc-cert.pem" 2>&1` |
| 520 | + wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1` |
499 | 521 | case $wolf_ecc in |
500 | 522 | *"ca file"*) |
| 523 | + echo "wolfSSL does not support ECDSA" |
501 | 524 | wolf_ecc="" |
502 | 525 | ;; |
503 | 526 | *) |
504 | 527 | ;; |
505 | 528 | esac |
| 529 | + if [ "$wolf_ecc" != "" ]; then |
| 530 | + echo "wolfSSL supports ECDSA" |
| 531 | + fi |
506 | 532 | # Check if Ed25519 certificates supported in wolfSSL |
507 | 533 | wolf_ed25519=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1` |
508 | 534 | case $wolf_ed25519 in |
509 | 535 | *"ca file"*) |
| 536 | + echo "wolfSSL does not support Ed25519" |
510 | 537 | wolf_ed25519="" |
511 | 538 | ;; |
512 | 539 | *) |
513 | 540 | ;; |
514 | 541 | esac |
| 542 | + if [ "$wolf_ed25519" != "" ]; then |
| 543 | + echo "wolfSSL supports Ed25519" |
| 544 | + fi |
515 | 545 | # Check if Ed25519 certificates supported in OpenSSL |
516 | 546 | openssl_ed25519=`$OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1` |
517 | 547 | case $openssl_ed25519 in |
518 | 548 | *"unable to load"*) |
| 549 | + echo "OpenSSL does not support Ed25519" |
519 | 550 | wolf_ed25519="" |
520 | 551 | ;; |
521 | 552 | *) |
522 | 553 | ;; |
523 | 554 | esac |
| 555 | + if [ "$wolf_ed25519" != "" ]; then |
| 556 | + echo "OpenSSL supports Ed25519" |
| 557 | + fi |
524 | 558 | # Check if Ed448 certificates supported in wolfSSL |
525 | 559 | wolf_ed448=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1` |
526 | 560 | case $wolf_ed448 in |
527 | 561 | *"ca file"*) |
| 562 | + echo "wolfSSL does not support Ed448" |
528 | 563 | wolf_ed448="" |
529 | 564 | ;; |
530 | 565 | *) |
531 | 566 | ;; |
532 | 567 | esac |
| 568 | + if [ "$wolf_ed448" != "" ]; then |
| 569 | + echo "wolfSSL supports Ed448" |
| 570 | + fi |
533 | 571 | # Check if Ed448 certificates supported in OpenSSL |
534 | 572 | openssl_ed448=`$OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1` |
535 | 573 | case $openssl_ed448 in |
536 | 574 | *"unable to load"*) |
| 575 | + echo "OpenSSL does not support Ed448" |
537 | 576 | wolf_ed448="" |
538 | 577 | ;; |
539 | 578 | *) |
540 | 579 | ;; |
541 | 580 | esac |
| 581 | + if [ "$wolf_ed448" != "" ]; then |
| 582 | + echo "OpenSSL supports Ed448" |
| 583 | + fi |
| 584 | + echo |
542 | 585 | fi |
543 | 586 |
|
544 | 587 | openssl_tls13=`$OPENSSL s_client -help 2>&1` |
@@ -664,7 +707,7 @@ if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ] |
664 | 707 | then |
665 | 708 | cert_file="${CERT_DIR}/server-ecc.pem" |
666 | 709 | key_file="${CERT_DIR}/ecc-key.pem" |
667 | | - ca_file="${CERT_DIR}/client-ca.pem" |
| 710 | + ca_file="${CERT_DIR}/client-ecc-cert.pem" |
668 | 711 |
|
669 | 712 | openssl_suite="ECDH[E]-ECDSA" |
670 | 713 | start_openssl_server |
|
727 | 770 | tls13_psk_openssl_port=$server_port |
728 | 771 | tls13_psk_openssl_pid=$server_pid |
729 | 772 |
|
730 | | - psk="-s" |
| 773 | + psk="-s --openssl-psk" |
731 | 774 | wolfssl_suite="TLSv1.3_PSK" |
732 | 775 | start_wolfssl_server |
733 | 776 | tls13_psk_wolfssl_port=$server_port |
|
977 | 1020 | *ECDHE-ECDSA*|*ECDH-ECDSA*) |
978 | 1021 | if [ "$wolf_ecc" != "" ] |
979 | 1022 | then |
980 | | - cert="${CERT_DIR}/client-cert.pem" |
981 | | - key="${CERT_DIR}/client-key.pem" |
| 1023 | + cert="${CERT_DIR}/client-ecc-cert.pem" |
| 1024 | + key="${CERT_DIR}/ecc-client-key.pem" |
982 | 1025 | caCert="${CERT_DIR}/ca-ecc-cert.pem" |
983 | 1026 |
|
984 | 1027 | port=$ecdsa_openssl_port |
|
1090 | 1133 |
|
1091 | 1134 | wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) |
1092 | 1135 | port=$tls13_psk_openssl_port |
1093 | | - psk="-s" |
| 1136 | + psk="-s --openssl-psk" |
1094 | 1137 | # OpenSSL doesn't support DH for key exchange so do no PSK |
1095 | 1138 | # DHE when ECC not supported |
1096 | 1139 | if [ "$wolf_ecc" = "" ] |
|
0 commit comments