# Commands covered: tls::ciphers
#
# This file contains a collection of tests for one or more of the Tcl
# built-in commands. Sourcing this file into Tcl runs the tests and
# generates output for errors. No output means no errors were found.
#
# All rights reserved.
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
#
if {[lsearch [namespace children] ::tcltest] == -1} {
package require tcltest
namespace import ::tcltest::*
}
# The build dir is added as the first element of $PATH
package require tls
# One of these should == 1, depending on what type of ssl library
# tls was compiled against. (RSA BSAFE SSL-C or OpenSSL).
#
set ::tcltest::testConstraints(rsabsafe) 0
set ::tcltest::testConstraints(openssl) [string match "OpenSSL*" [tls::version]]
set ::EXPECTEDCIPHERS(rsabsafe) {
EDH-DSS-RC4-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
DES-CBC3-SHA
RC4-SHA
RC4-MD5
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA
EXP-EDH-DSS-DES-56-SHA
EXP-EDH-DSS-RC4-56-SHA
EXP-DES-56-SHA
EXP-RC4-56-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
}
set ::EXPECTEDCIPHERS(openssl) {
AES128-SHA
AES256-SHA
DES-CBC-SHA
DES-CBC3-SHA
DHE-DSS-AES128-SHA
DHE-DSS-AES256-SHA
DHE-DSS-RC4-SHA
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
EDH-DSS-DES-CBC-SHA
EDH-DSS-DES-CBC3-SHA
EDH-RSA-DES-CBC-SHA
EDH-RSA-DES-CBC3-SHA
EXP-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
EXP1024-DES-CBC-SHA
EXP1024-DHE-DSS-DES-CBC-SHA
EXP1024-DHE-DSS-RC4-SHA
EXP1024-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC4-SHA
IDEA-CBC-SHA
RC4-MD5
RC4-SHA
}
set ::EXPECTEDCIPHERS(openssl0.9.8) {
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
AES256-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
DES-CBC3-SHA
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
AES128-SHA
IDEA-CBC-SHA
RC4-SHA
RC4-MD5
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
}
set version ""
if {[string match "OpenSSL*" [tls::version]]} {
regexp {OpenSSL ([\d\.]+)} [tls::version] -> version
}
if {![info exists ::EXPECTEDCIPHERS(openssl$version)]} {
set version ""
}
proc listcompare {wants haves} {
array set want {}
array set have {}
foreach item $wants { set want($item) 1 }
foreach item $haves { set have($item) 1 }
foreach item [lsort -dictionary [array names have]] {
if {[info exists want($item)]} {
unset want($item) have($item)
}
}
if {[array size want] || [array size have]} {
return [list MISSING [array names want] UNEXPECTED [array names have]]
}
}
test ciphers-1.1 {Tls::ciphers for ssl3} {rsabsafe} {
# This will fail if you compiled against OpenSSL.
# Change the constraint setting above.
listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers ssl3]
} {}
test ciphers-1.2 {Tls::ciphers for tls1} {rsabsafe} {
# This will fail if you compiled against OpenSSL.
# Change the constraint setting above.
listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
} {}
test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} {
# This will fail if you compiled against RSA bsafe or with a
# different set of defines than the default.
# Change the constraint setting above.
listcompare $::EXPECTEDCIPHERS(openssl$version) [tls::ciphers ssl3]
} {}
# This version of the test is correct for OpenSSL only.
# An equivalent test for the RSA BSAFE SSL-C is earlier in this file.
test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
# This will fail if you compiled against RSA bsafe or with a
# different set of defines than the default.
# Change the constraint setting in all.tcl
listcompare $::EXPECTEDCIPHERS(openssl$version) [tls::ciphers tls1]
} {}
# cleanup
::tcltest::cleanupTests
return