diff options
| -rw-r--r-- | cpp/test/IceSSL/configuration/AllTests.cpp | 151 |
1 files changed, 0 insertions, 151 deletions
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp index 9d245f28ed5..f90ecf63cbf 100644 --- a/cpp/test/IceSSL/configuration/AllTests.cpp +++ b/cpp/test/IceSSL/configuration/AllTests.cpp @@ -2835,157 +2835,6 @@ allTests(Test::TestHelper* helper, const string& /*testDir*/, bool p12) } # endif - // - // No DSA support in Secure Transport / AIX 7.1 - // -# if !defined(ICE_USE_SECURE_TRANSPORT) && !defined(_AIX) && !defined(ICE_USE_SCHANNEL) - { - // - // DSA PEM keys are not supported with SChannel. Since Windows 10 - // Creator Update DHE_DSS is also disabled by default so DSA keys - // can no longer be used. - // - - // - // Configure a server with RSA and DSA certificates. - // - // First try a client with a DSA certificate. - // - const string ciphers = openSSLVersion >= 0x10100000L ? "DHE:DSS:@SECLEVEL=0" : "DHE:DSS"; - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12, "c_dsa_ca1", "cacert1"); - initData.properties->setProperty("IceSSL.Ciphers", ciphers); - CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); - test(fact); - Test::Properties d = createServerProps(defaultProps, p12, "s_dsa_ca1", "cacert1"); - d["IceSSL.Ciphers"] = ciphers; - d["IceSSL.VerifyPeer"] = "1"; - - Test::ServerPrxPtr server = fact->createServer(d); - try - { - server->ice_ping(); - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); - } - fact->destroyServer(server); - comm->destroy(); - // - // Next try a client with an RSA certificate. - // - initData.properties = createClientProps(defaultProps, p12, "c_rsa_ca1", "cacert1"); - comm = initialize(initData); - fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); - test(fact); - d = createServerProps(defaultProps, p12, "", "cacert1"); - if(p12) - { - d["IceSSL.CertFile"] = "s_rsa_ca1.p12" + sep + "s_dsa_ca1.p12"; - } - else - { - d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem" + sep + "s_dsa_ca1_pub.pem"; - d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem" + sep + "s_dsa_ca1_priv.pem"; - } - d["IceSSL.Ciphers"] = "DEFAULT:DSS"; - d["IceSSL.VerifyPeer"] = "1"; - server = fact->createServer(d); - - try - { - server->ice_ping(); - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); - } - fact->destroyServer(server); - comm->destroy(); - - // - // Next try a client with ADH. This should fail. - // - initData.properties = createClientProps(defaultProps, p12); - initData.properties->setProperty("IceSSL.Ciphers", "ADH"); -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010100fL - // - // With OpenSSL 1.1 disable tls1.3 so that client and server negotiate - // an anon cipher - // - initData.properties->setProperty("IceSSL.Protocols", "tls1_2,tls1_1"); -#endif - comm = initialize(initData); - fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); - test(fact); - d = createServerProps(defaultProps, p12, "", "cacert1"); - d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem" + sep + "s_dsa_ca1_pub.pem"; - d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem" + sep + "s_dsa_ca1_priv.pem"; - d["IceSSL.Ciphers"] = "DEFAULT:DSS"; - d["IceSSL.VerifyPeer"] = "1"; - server = fact->createServer(d); - try - { - server->ice_ping(); - test(false); - } - catch(const ProtocolException&) - { - // Expected. - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); - } - fact->destroyServer(server); - comm->destroy(); - } - - { - // - // Configure a server with RSA and a client with DSA. This should fail. - // - InitializationData initData; - initData.properties = createClientProps(defaultProps, p12, "c_dsa_ca1", "cacert1"); - initData.properties->setProperty("IceSSL.Ciphers", "DSS"); - - CommunicatorPtr comm = initialize(initData); - Test::ServerFactoryPrxPtr fact = ICE_CHECKED_CAST(Test::ServerFactoryPrx, comm->stringToProxy(factoryRef)); - test(fact); - Test::Properties d = createServerProps(defaultProps, p12, "s_rsa_ca1", "cacert1"); - d["IceSSL.VerifyPeer"] = "2"; - - Test::ServerPrxPtr server = fact->createServer(d); - try - { - server->ice_ping(); - test(false); - } - catch(const ProtocolException&) - { - // Expected. - } - catch(const ConnectionLostException&) - { - // Expected. - } - catch(const LocalException& ex) - { - cerr << ex << endl; - test(false); - } - fact->destroyServer(server); - comm->destroy(); - } -# endif - cout << "ok" << endl; -#endif - cout << "testing IceSSL.TrustOnly... " << flush; // // UWP only provides the Subject and Issuer CN and not the full Subject and Issuer DNs, |