From 3e121542d8b7ab5201c47bbd3ba5611a23c54759 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Wed, 11 Jun 2014 11:56:59 +0200 Subject: Correctly connects to millipede. Location keyword on android.cfg isn't supported, EIP corresponding code has been commented out. I think we should support it in ics-openvpn, so that we can show the location instead of the server name. I've updated all opensssl, openvpn, etc. subprojects from rev 813 of ics-openvpn, and jni too. --- app/openssl/android.testssl/testssl | 44 ++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 13 deletions(-) (limited to 'app/openssl/android.testssl/testssl') diff --git a/app/openssl/android.testssl/testssl b/app/openssl/android.testssl/testssl index 3f24b1d0..5ff48604 100755 --- a/app/openssl/android.testssl/testssl +++ b/app/openssl/android.testssl/testssl @@ -70,15 +70,6 @@ $ssltest -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication $ssltest -server_auth -client_auth $CA $extra || exit 1 -echo test sslv2/sslv3 with both client and server authentication and small client buffers -$ssltest -server_auth -client_auth -c_small_records $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication and small server buffers -$ssltest -server_auth -client_auth -s_small_records $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication and small client and server buffers -$ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1 - echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough $ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1 @@ -112,8 +103,8 @@ echo test sslv2/sslv3 via BIO pair $ssltest $extra || exit 1 if [ $dsa_cert = NO ]; then - echo test sslv2/sslv3 w/o DHE via BIO pair - $ssltest -bio_pair -no_dhe $extra || exit 1 + echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' + $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 fi echo test sslv2/sslv3 with 1024bit DHE via BIO pair @@ -131,6 +122,23 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 +echo "Testing ciphersuites" +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `adb shell /system/bin/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + echo "Testing $cipher" + prot="" + if [ $protocol = "SSLv3" ] ; then + prot="-ssl3" + fi + $ssltest -cipher $cipher $prot + if [ $? -ne 0 ] ; then + echo "Failed $cipher" + exit 1 + fi + done +done + ############################################################################# if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then @@ -143,8 +151,8 @@ fi if [ `adb shell /system/bin/openssl no-rsa` = no-dh ]; then echo skipping RSA tests else - echo test tls1 with 1024bit RSA, no DHE, multiple handshakes - adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 + echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' + adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then echo skipping RSA+DHE tests @@ -160,4 +168,14 @@ $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 echo test tls1 with PSK via BIO pair $ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 +if adb shell /system/bin/openssl no-srp; then + echo skipping SRP tests +else + echo test tls1 with SRP + $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 + + echo test tls1 with SRP via BIO pair + $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 +fi + exit 0 -- cgit v1.2.3