From 65b002f39934a755b6db855c9f9ba722d6cef863 Mon Sep 17 00:00:00 2001
From: Bodo Möller <bodo@openssl.org>
Date: Mon, 13 Mar 2000 19:24:39 +0000
Subject: Update test suite so that 'make test' succeeds in 'no-rsa'
 configuration.

---
 test/Makefile.ssl |  14 ++++---
 test/testgen      |  16 +++++---
 test/testss       |  11 +++++-
 test/testssl      | 107 ++++++++++++++++++++++++++++++++++++------------------
 test/treq         |   5 +++
 5 files changed, 106 insertions(+), 47 deletions(-)

(limited to 'test')

diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index a3386d9a7e..02945de5f9 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -206,17 +206,21 @@ test_gen:
 	@echo "Generate and verify a certificate request"
 	@sh ./testgen
 
-test_ss:
+test_ss keyU.ss certU.ss certCA.ss:
 	@echo "Generate and certify a test certificate"
 	@sh ./testss
 
-test_ssl:
+test_ssl: keyU.ss certU.ss certCA.ss
 	@echo "test SSL protocol"
-	@sh ./testssl
+	@sh ./testssl keyU.ss certU.ss certCA.ss
 
 test_ca:
-	@echo "Generate and certify a test certificate via the 'ca' program"
-	@sh ./testca
+	@if ../apps/openssl list-standard-commands | grep '^rsa$$' >/dev/null; then \
+	  echo "Generate and certify a test certificate via the 'ca' program"; \
+	  sh ./testca; \
+	else \
+	  echo "skipping CA.sh test -- requires RSA"; \
+ 	fi
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
diff --git a/test/testgen b/test/testgen
index c5f61b582b..f2db42cb24 100644
--- a/test/testgen
+++ b/test/testgen
@@ -11,13 +11,19 @@ export PATH
 
 echo "generating certificate request"
 
-echo "There should be a 2 sequences of .'s and some +'s."
-echo "There should not be more that at most 80 per line"
-echo "This could take some time."
-
 echo "string to make the random number generator think it has entropy" >> ./.rnd
 
-../apps/openssl req -config test.cnf -new -out testreq.pem
+if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
+  req_new='-new'
+  echo "There should be a 2 sequences of .'s and some +'s."
+  echo "There should not be more that at most 80 per line"
+else
+  req_new='-newkey dsa:../apps/dsa512.pem'
+fi
+
+echo "This could take some time."
+
+../apps/openssl req -config test.cnf $req_new -out testreq.pem
 if [ $? != 0 ]; then
 echo problems creating request
 exit 1
diff --git a/test/testss b/test/testss
index da62997a5f..fc27c83fa7 100644
--- a/test/testss
+++ b/test/testss
@@ -19,7 +19,14 @@ Ucert="certU.ss"
 
 echo
 echo "make a certificate request using 'req'"
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss
+
+if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
+  req_new='-new'
+else
+  req_new='-newkey dsa:../apps/dsa512.pem'
+fi
+
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
 if [ $? != 0 ]; then
 	echo "error using 'req' to generate a certificate request"
 	exit 1
@@ -60,7 +67,7 @@ fi
 
 echo
 echo "make another certificate request using 'req'"
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
 if [ $? != 0 ]; then
 	echo "error using 'req' to generate a certificate request"
 	exit 1
diff --git a/test/testssl b/test/testssl
index e256e38b41..413a14e4cb 100644
--- a/test/testssl
+++ b/test/testssl
@@ -1,86 +1,123 @@
 #!/bin/sh
 
+if [ "$1" = "" ]; then
+  key=../apps/server.pem
+else
+  key="$1"
+fi
+if [ "$2" = "" ]; then
+  cert=../apps/server.pem
+else
+  cert="$2"
+fi
+ssltest="./ssltest -key $1 -cert $2 -c_key $1 -c_cert $2"
+
+if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key'; then
+  dsa_cert=YES
+else
+  dsa_cert=NO
+fi
+
+if [ "$3" = "" ]; then
+  CA="-CApath ../certs"
+else
+  CA="-CAfile $3"
+fi
+
+#############################################################################
+
 echo test sslv2
-./ssltest -ssl2 || exit 1
+$ssltest -ssl2 || exit 1
 
 echo test sslv2 with server authentication
-./ssltest -ssl2 -server_auth -CApath ../certs || exit 1
+$ssltest -ssl2 -server_auth $CA || exit 1
 
-echo test sslv2 with client authentication
-./ssltest -ssl2 -client_auth -CApath ../certs || exit 1
+if [ $dsa_cert = NO ]; then
+  echo test sslv2 with client authentication
+  $ssltest -ssl2 -client_auth $CA || exit 1
 
-echo test sslv2 with both client and server authentication
-./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+  echo test sslv2 with both client and server authentication
+  $ssltest -ssl2 -server_auth -client_auth $CA || exit 1
+fi
 
 echo test sslv3
-./ssltest -ssl3 || exit 1
+$ssltest -ssl3 || exit 1
 
 echo test sslv3 with server authentication
-./ssltest -ssl3 -server_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -server_auth $CA || exit 1
 
 echo test sslv3 with client authentication
-./ssltest -ssl3 -client_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -client_auth $CA || exit 1
 
 echo test sslv3 with both client and server authentication
-./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -server_auth -client_auth $CA || exit 1
 
 echo test sslv2/sslv3
-./ssltest || exit 1
+$ssltest || exit 1
 
 echo test sslv2/sslv3 with server authentication
-./ssltest -server_auth -CApath ../certs || exit 1
+$ssltest -server_auth $CA || exit 1
 
 echo test sslv2/sslv3 with client authentication
-./ssltest -client_auth -CApath ../certs || exit 1
+$ssltest -client_auth $CA || exit 1
 
 echo test sslv2/sslv3 with both client and server authentication
-./ssltest -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -server_auth -client_auth $CA || exit 1
 
 echo test sslv2 via BIO pair
-./ssltest -bio_pair -ssl2 || exit 1
+$ssltest -bio_pair -ssl2 || exit 1
 
 echo test sslv2 with server authentication via BIO pair
-./ssltest -bio_pair -ssl2 -server_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -ssl2 -server_auth $CA || exit 1
 
-echo test sslv2 with client authentication via BIO pair
-./ssltest -bio_pair -ssl2 -client_auth -CApath ../certs || exit 1
+if [ $dsa_cert = NO ]; then
+  echo test sslv2 with client authentication via BIO pair
+  $ssltest -bio_pair -ssl2 -client_auth $CA || exit 1
 
-echo test sslv2 with both client and server authentication via BIO pair
-./ssltest -bio_pair -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+  echo test sslv2 with both client and server authentication via BIO pair
+  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA || exit 1
+fi
 
 echo test sslv3 via BIO pair
-./ssltest -bio_pair -ssl3 || exit 1
+$ssltest -bio_pair -ssl3 || exit 1
 
 echo test sslv3 with server authentication via BIO pair
-./ssltest -bio_pair -ssl3 -server_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -ssl3 -server_auth $CA || exit 1
 
 echo test sslv3 with client authentication via BIO pair
-./ssltest -bio_pair -ssl3 -client_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -ssl3 -client_auth $CA || exit 1
 
 echo test sslv3 with both client and server authentication via BIO pair
-./ssltest -bio_pair -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA || exit 1
 
 echo test sslv2/sslv3 via BIO pair
-./ssltest || exit 1
+$ssltest || exit 1
 
-echo test sslv2/sslv3 w/o DHE via BIO pair
-./ssltest -bio_pair -no_dhe || exit 1
+if [ $dsa_cert = NO ]; then
+  echo test sslv2/sslv3 w/o DHE via BIO pair
+  $ssltest -bio_pair -no_dhe || exit 1
+fi
 
 echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-./ssltest -bio_pair -dhe1024dsa -v || exit 1
+$ssltest -bio_pair -dhe1024dsa -v || exit 1
 
 echo test sslv2/sslv3 with server authentication
-./ssltest -bio_pair -server_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -server_auth $CA || exit 1
 
 echo test sslv2/sslv3 with client authentication via BIO pair
-./ssltest -bio_pair -client_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -client_auth $CA || exit 1
 
 echo test sslv2/sslv3 with both client and server authentication via BIO pair
-./ssltest -bio_pair -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -bio_pair -server_auth -client_auth $CA || exit 1
+
+#############################################################################
+
+if ../apps/openssl list-standard-commands | grep '^rsa$' >/dev/null; then
+  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
 
-echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
-./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+fi
 
-echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
 exit 0
diff --git a/test/treq b/test/treq
index 0464c9d902..9f5eb7eea5 100644
--- a/test/treq
+++ b/test/treq
@@ -11,6 +11,11 @@ else
 	t=testreq.pem
 fi
 
+if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then
+  echo "skipping req conversion test for $t"
+  exit 0
+fi
+
 echo testing req conversions
 cp $t fff.p
 
-- 
cgit v1.2.3