1#! /usr/bin/env perl 2# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use POSIX; 14use File::Basename; 15use File::Copy; 16use OpenSSL::Test qw/:DEFAULT with bldtop_file srctop_file cmdstr/; 17use OpenSSL::Test::Utils; 18 19setup("test_ssl"); 20 21$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); 22 23my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, 24 $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, 25 $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = 26 anydisabled qw/rsa dsa dh ec psk 27 ssl3 tls1 tls1_1 tls1_2 tls1_3 28 dtls dtls1 dtls1_2 ct/; 29my $no_anytls = alldisabled(available_protocols("tls")); 30my $no_anydtls = alldisabled(available_protocols("dtls")); 31 32plan skip_all => "No SSL/TLS/DTLS protocol is support by this OpenSSL build" 33 if $no_anytls && $no_anydtls; 34 35my $digest = "-sha1"; 36my @reqcmd = ("openssl", "req"); 37my @x509cmd = ("openssl", "x509", $digest); 38my @verifycmd = ("openssl", "verify"); 39my @gendsacmd = ("openssl", "gendsa"); 40my $dummycnf = srctop_file("apps", "openssl.cnf"); 41 42my $CAkey = "keyCA.ss"; 43my $CAcert="certCA.ss"; 44my $CAserial="certCA.srl"; 45my $CAreq="reqCA.ss"; 46my $CAconf=srctop_file("test","CAss.cnf"); 47my $CAreq2="req2CA.ss"; # temp 48 49my $Uconf=srctop_file("test","Uss.cnf"); 50my $Ukey="keyU.ss"; 51my $Ureq="reqU.ss"; 52my $Ucert="certU.ss"; 53 54my $Dkey="keyD.ss"; 55my $Dreq="reqD.ss"; 56my $Dcert="certD.ss"; 57 58my $Ekey="keyE.ss"; 59my $Ereq="reqE.ss"; 60my $Ecert="certE.ss"; 61 62my $P1conf=srctop_file("test","P1ss.cnf"); 63my $P1key="keyP1.ss"; 64my $P1req="reqP1.ss"; 65my $P1cert="certP1.ss"; 66my $P1intermediate="tmp_intP1.ss"; 67 68my $P2conf=srctop_file("test","P2ss.cnf"); 69my $P2key="keyP2.ss"; 70my $P2req="reqP2.ss"; 71my $P2cert="certP2.ss"; 72my $P2intermediate="tmp_intP2.ss"; 73 74my $server_sess="server.ss"; 75my $client_sess="client.ss"; 76 77# ssltest_old.c is deprecated in favour of the new framework in ssl_test.c 78# If you're adding tests here, you probably want to convert them to the 79# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead. 80plan tests => 81 1 # For testss 82 +5 # For the first testssl 83 ; 84 85subtest 'test_ss' => sub { 86 if (testss()) { 87 open OUT, ">", "intP1.ss"; 88 copy($CAcert, \*OUT); copy($Ucert, \*OUT); 89 close OUT; 90 91 open OUT, ">", "intP2.ss"; 92 copy($CAcert, \*OUT); copy($Ucert, \*OUT); copy($P1cert, \*OUT); 93 close OUT; 94 } 95}; 96 97note('test_ssl -- key U'); 98testssl("keyU.ss", $Ucert, $CAcert); 99 100# ----------- 101# subtest functions 102sub testss { 103 open RND, ">>", ".rnd"; 104 print RND "string to make the random number generator think it has randomness"; 105 close RND; 106 107 my @req_dsa = ("-newkey", 108 "dsa:".srctop_file("apps", "dsa1024.pem")); 109 my $dsaparams = srctop_file("apps", "dsa1024.pem"); 110 my @req_new; 111 if ($no_rsa) { 112 @req_new = @req_dsa; 113 } else { 114 @req_new = ("-new"); 115 } 116 117 plan tests => 17; 118 119 SKIP: { 120 skip 'failure', 16 unless 121 ok(run(app([@reqcmd, "-config", $CAconf, 122 "-out", $CAreq, "-keyout", $CAkey, 123 @req_new])), 124 'make cert request'); 125 126 skip 'failure', 15 unless 127 ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30", 128 "-req", "-out", $CAcert, "-signkey", $CAkey, 129 "-extfile", $CAconf, "-extensions", "v3_ca"], 130 stdout => "err.ss")), 131 'convert request into self-signed cert'); 132 133 skip 'failure', 14 unless 134 ok(run(app([@x509cmd, "-in", $CAcert, 135 "-x509toreq", "-signkey", $CAkey, "-out", $CAreq2], 136 stdout => "err.ss")), 137 'convert cert into a cert request'); 138 139 skip 'failure', 13 unless 140 ok(run(app([@reqcmd, "-config", $dummycnf, 141 "-verify", "-in", $CAreq, "-noout"])), 142 'verify request 1'); 143 144 145 skip 'failure', 12 unless 146 ok(run(app([@reqcmd, "-config", $dummycnf, 147 "-verify", "-in", $CAreq2, "-noout"])), 148 'verify request 2'); 149 150 skip 'failure', 11 unless 151 ok(run(app([@verifycmd, "-CAfile", $CAcert, $CAcert])), 152 'verify signature'); 153 154 skip 'failure', 10 unless 155 ok(run(app([@reqcmd, "-config", $Uconf, 156 "-out", $Ureq, "-keyout", $Ukey, @req_new], 157 stdout => "err.ss")), 158 'make a user cert request'); 159 160 skip 'failure', 9 unless 161 ok(run(app([@x509cmd, "-CAcreateserial", "-in", $Ureq, "-days", "30", 162 "-req", "-out", $Ucert, 163 "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial, 164 "-extfile", $Uconf, "-extensions", "v3_ee"], 165 stdout => "err.ss")) 166 && run(app([@verifycmd, "-CAfile", $CAcert, $Ucert])), 167 'sign user cert request'); 168 169 skip 'failure', 8 unless 170 ok(run(app([@x509cmd, 171 "-subject", "-issuer", "-startdate", "-enddate", 172 "-noout", "-in", $Ucert])), 173 'Certificate details'); 174 175 skip 'failure', 7 unless 176 subtest 'DSA certificate creation' => sub { 177 plan skip_all => "skipping DSA certificate creation" 178 if $no_dsa; 179 180 plan tests => 5; 181 182 SKIP: { 183 $ENV{CN2} = "DSA Certificate"; 184 skip 'failure', 4 unless 185 ok(run(app([@gendsacmd, "-out", $Dkey, 186 $dsaparams], 187 stdout => "err.ss")), 188 "make a DSA key"); 189 skip 'failure', 3 unless 190 ok(run(app([@reqcmd, "-new", "-config", $Uconf, 191 "-out", $Dreq, "-key", $Dkey], 192 stdout => "err.ss")), 193 "make a DSA user cert request"); 194 skip 'failure', 2 unless 195 ok(run(app([@x509cmd, "-CAcreateserial", 196 "-in", $Dreq, 197 "-days", "30", 198 "-req", 199 "-out", $Dcert, 200 "-CA", $CAcert, "-CAkey", $CAkey, 201 "-CAserial", $CAserial, 202 "-extfile", $Uconf, 203 "-extensions", "v3_ee_dsa"], 204 stdout => "err.ss")), 205 "sign DSA user cert request"); 206 skip 'failure', 1 unless 207 ok(run(app([@verifycmd, "-CAfile", $CAcert, $Dcert])), 208 "verify DSA user cert"); 209 skip 'failure', 0 unless 210 ok(run(app([@x509cmd, 211 "-subject", "-issuer", 212 "-startdate", "-enddate", "-noout", 213 "-in", $Dcert])), 214 "DSA Certificate details"); 215 } 216 }; 217 218 skip 'failure', 6 unless 219 subtest 'ECDSA/ECDH certificate creation' => sub { 220 plan skip_all => "skipping ECDSA/ECDH certificate creation" 221 if $no_ec; 222 223 plan tests => 5; 224 225 SKIP: { 226 $ENV{CN2} = "ECDSA Certificate"; 227 skip 'failure', 4 unless 228 ok(run(app(["openssl", "ecparam", "-name", "P-256", 229 "-out", "ecp.ss"])), 230 "make EC parameters"); 231 skip 'failure', 3 unless 232 ok(run(app([@reqcmd, "-config", $Uconf, 233 "-out", $Ereq, "-keyout", $Ekey, 234 "-newkey", "ec:ecp.ss"], 235 stdout => "err.ss")), 236 "make a ECDSA/ECDH user cert request"); 237 skip 'failure', 2 unless 238 ok(run(app([@x509cmd, "-CAcreateserial", 239 "-in", $Ereq, 240 "-days", "30", 241 "-req", 242 "-out", $Ecert, 243 "-CA", $CAcert, "-CAkey", $CAkey, 244 "-CAserial", $CAserial, 245 "-extfile", $Uconf, 246 "-extensions", "v3_ee_ec"], 247 stdout => "err.ss")), 248 "sign ECDSA/ECDH user cert request"); 249 skip 'failure', 1 unless 250 ok(run(app([@verifycmd, "-CAfile", $CAcert, $Ecert])), 251 "verify ECDSA/ECDH user cert"); 252 skip 'failure', 0 unless 253 ok(run(app([@x509cmd, 254 "-subject", "-issuer", 255 "-startdate", "-enddate", "-noout", 256 "-in", $Ecert])), 257 "ECDSA Certificate details"); 258 } 259 }; 260 261 skip 'failure', 5 unless 262 ok(run(app([@reqcmd, "-config", $P1conf, 263 "-out", $P1req, "-keyout", $P1key, @req_new], 264 stdout => "err.ss")), 265 'make a proxy cert request'); 266 267 268 skip 'failure', 4 unless 269 ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P1req, "-days", "30", 270 "-req", "-out", $P1cert, 271 "-CA", $Ucert, "-CAkey", $Ukey, 272 "-extfile", $P1conf, "-extensions", "v3_proxy"], 273 stdout => "err.ss")), 274 'sign proxy with user cert'); 275 276 copy($Ucert, $P1intermediate); 277 run(app([@verifycmd, "-CAfile", $CAcert, 278 "-untrusted", $P1intermediate, $P1cert])); 279 ok(run(app([@x509cmd, 280 "-subject", "-issuer", "-startdate", "-enddate", 281 "-noout", "-in", $P1cert])), 282 'Certificate details'); 283 284 skip 'failure', 2 unless 285 ok(run(app([@reqcmd, "-config", $P2conf, 286 "-out", $P2req, "-keyout", $P2key, 287 @req_new], 288 stdout => "err.ss")), 289 'make another proxy cert request'); 290 291 292 skip 'failure', 1 unless 293 ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P2req, "-days", "30", 294 "-req", "-out", $P2cert, 295 "-CA", $P1cert, "-CAkey", $P1key, 296 "-extfile", $P2conf, "-extensions", "v3_proxy"], 297 stdout => "err.ss")), 298 'sign second proxy cert request with the first proxy cert'); 299 300 301 open OUT, ">", $P2intermediate; 302 copy($Ucert, \*OUT); copy($P1cert, \*OUT); 303 close OUT; 304 run(app([@verifycmd, "-CAfile", $CAcert, 305 "-untrusted", $P2intermediate, $P2cert])); 306 ok(run(app([@x509cmd, 307 "-subject", "-issuer", "-startdate", "-enddate", 308 "-noout", "-in", $P2cert])), 309 'Certificate details'); 310 } 311} 312 313sub testssl { 314 my ($key, $cert, $CAtmp) = @_; 315 my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs")); 316 317 my @ssltest = ("ssltest_old", 318 "-s_key", $key, "-s_cert", $cert, 319 "-c_key", $key, "-c_cert", $cert); 320 321 my $serverinfo = srctop_file("test","serverinfo.pem"); 322 323 my $dsa_cert = 0; 324 if (grep /DSA Public Key/, run(app(["openssl", "x509", "-in", $cert, 325 "-text", "-noout"]), capture => 1)) { 326 $dsa_cert = 1; 327 } 328 329 330 # plan tests => 11; 331 332 subtest 'standard SSL tests' => sub { 333 ###################################################################### 334 plan tests => 13; 335 336 SKIP: { 337 skip "SSLv3 is not supported by this OpenSSL build", 4 338 if disabled("ssl3"); 339 340 ok(run(test([@ssltest, "-bio_pair", "-ssl3"])), 341 'test sslv3 via BIO pair'); 342 ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])), 343 'test sslv3 with server authentication via BIO pair'); 344 ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])), 345 'test sslv3 with client authentication via BIO pair'); 346 ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])), 347 'test sslv3 with both server and client authentication via BIO pair'); 348 } 349 350 SKIP: { 351 skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1 352 if $no_anytls; 353 354 ok(run(test([@ssltest, "-bio_pair"])), 355 'test sslv2/sslv3 via BIO pair'); 356 } 357 358 SKIP: { 359 skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8 360 if $no_anytls; 361 362 SKIP: { 363 skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert; 364 365 ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])), 366 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'); 367 } 368 369 ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])), 370 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); 371 ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), 372 'test sslv2/sslv3 with server authentication'); 373 ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), 374 'test sslv2/sslv3 with client authentication via BIO pair'); 375 ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])), 376 'test sslv2/sslv3 with both client and server authentication via BIO pair'); 377 ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), 378 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); 379 380 SKIP: { 381 skip "No IPv4 available on this machine", 1 382 unless !disabled("sock") && have_IPv4(); 383 ok(run(test([@ssltest, "-ipv4"])), 384 'test TLS via IPv4'); 385 } 386 387 SKIP: { 388 skip "No IPv6 available on this machine", 1 389 unless !disabled("sock") && have_IPv6(); 390 ok(run(test([@ssltest, "-ipv6"])), 391 'test TLS via IPv6'); 392 } 393 } 394 }; 395 396 subtest "Testing ciphersuites" => sub { 397 398 my @exkeys = (); 399 my $ciphers = "-PSK:-SRP"; 400 401 if (!$no_dsa) { 402 push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss"; 403 } 404 405 if (!$no_ec) { 406 push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss"; 407 } 408 409 my @protocols = (); 410 # We only use the flags that ssltest_old understands 411 push @protocols, "-tls1_3" unless $no_tls1_3; 412 push @protocols, "-tls1_2" unless $no_tls1_2; 413 push @protocols, "-tls1" unless $no_tls1; 414 push @protocols, "-ssl3" unless $no_ssl3; 415 my $protocolciphersuitecount = 0; 416 my %ciphersuites = (); 417 my %ciphersstatus = (); 418 foreach my $protocol (@protocols) { 419 my $ciphersstatus = undef; 420 my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol, 421 "ALL:$ciphers"]), 422 capture => 1, statusvar => \$ciphersstatus); 423 $ciphersstatus{$protocol} = $ciphersstatus; 424 if ($ciphersstatus) { 425 $ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) } 426 @ciphers ]; 427 $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}}; 428 } 429 } 430 431 plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build" 432 if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0; 433 434 # The count of protocols is because in addition to the ciphersuites 435 # we got above, we're running a weak DH test for each protocol (except 436 # TLSv1.3) 437 my $testcount = scalar(@protocols) + $protocolciphersuitecount 438 + scalar(keys %ciphersuites); 439 $testcount-- unless $no_tls1_3; 440 plan tests => $testcount; 441 442 foreach my $protocol (@protocols) { 443 ok($ciphersstatus{$protocol}, "Getting ciphers for $protocol"); 444 } 445 446 foreach my $protocol (sort keys %ciphersuites) { 447 note "Testing ciphersuites for $protocol"; 448 # ssltest_old doesn't know -tls1_3, but that's fine, since that's 449 # the default choice if TLSv1.3 enabled 450 my $flag = $protocol eq "-tls1_3" ? "" : $protocol; 451 my $ciphersuites = ""; 452 foreach my $cipher (@{$ciphersuites{$protocol}}) { 453 if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { 454 note "*****SKIPPING $protocol $cipher"; 455 ok(1); 456 } else { 457 if ($protocol eq "-tls1_3") { 458 $ciphersuites = $cipher; 459 $cipher = ""; 460 } 461 ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, 462 "-ciphersuites", $ciphersuites, $flag || ()])), 463 "Testing $cipher"); 464 } 465 } 466 next if $protocol eq "-tls1_3"; 467 is(run(test([@ssltest, 468 "-s_cipher", "EDH", 469 "-c_cipher", 'EDH:@SECLEVEL=1', 470 "-dhe512", 471 $protocol])), 0, 472 "testing connection with weak DH, expecting failure"); 473 } 474 }; 475 476 subtest 'RSA/(EC)DHE/PSK tests' => sub { 477 ###################################################################### 478 479 plan tests => 10; 480 481 SKIP: { 482 skip "TLSv1.0 is not supported by this OpenSSL build", 6 483 if $no_tls1; 484 485 SKIP: { 486 skip "skipping anonymous DH tests", 1 487 if ($no_dh); 488 489 ok(run(test([@ssltest, "-v", "-bio_pair", "-tls1", "-cipher", "ADH", "-dhe1024dsa", "-num", "10", "-f", "-time"])), 490 'test tlsv1 with 1024bit anonymous DH, multiple handshakes'); 491 } 492 493 SKIP: { 494 skip "skipping RSA tests", 2 495 if $no_rsa; 496 497 ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-no_dhe", "-no_ecdhe", "-num", "10", "-f", "-time"])), 498 'test tlsv1 with 1024bit RSA, no (EC)DHE, multiple handshakes'); 499 500 skip "skipping RSA+DHE tests", 1 501 if $no_dh; 502 503 ok(run(test(["ssltest_old", "-v", "-bio_pair", "-tls1", "-s_cert", srctop_file("apps","server2.pem"), "-dhe1024dsa", "-num", "10", "-f", "-time"])), 504 'test tlsv1 with 1024bit RSA, 1024bit DHE, multiple handshakes'); 505 } 506 507 SKIP: { 508 skip "skipping PSK tests", 2 509 if ($no_psk); 510 511 ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])), 512 'test tls1 with PSK'); 513 514 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])), 515 'test tls1 with PSK via BIO pair'); 516 } 517 518 SKIP: { 519 skip "skipping auto PSK tests", 1 520 if ($no_dh || $no_psk || $no_ec); 521 522 ok(run(test(['ssltest_old', '-dhe2048', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])), 523 'test auto DH meets security strength'); 524 } 525 } 526 527 SKIP: { 528 skip "TLSv1.1 is not supported by this OpenSSL build", 4 529 if $no_tls1_1; 530 531 SKIP: { 532 skip "skipping auto DHE PSK test at SECLEVEL 3", 1 533 if ($no_dh || $no_psk); 534 535 ok(run(test(['ssltest_old', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), 536 'test auto DHE PSK meets security strength'); 537 } 538 539 SKIP: { 540 skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 541 if ($no_ec || $no_psk); 542 543 ok(run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), 544 'test auto ECDHE PSK meets security strength'); 545 } 546 547 SKIP: { 548 skip "skipping no RSA PSK at SECLEVEL 3 test", 1 549 if ($no_rsa || $no_psk); 550 551 ok(!run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), 552 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); 553 } 554 555 SKIP: { 556 skip "skipping no PSK at SECLEVEL 3 test", 1 557 if ($no_psk); 558 559 ok(!run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), 560 'test auto PSK does not meet security level 3 requirements (PFS)'); 561 } 562 } 563 564 }; 565 566 subtest 'Custom Extension tests' => sub { 567 ###################################################################### 568 569 plan tests => 1; 570 571 SKIP: { 572 skip "TLSv1.0 is not supported by this OpenSSL build", 1 573 if $no_tls1; 574 575 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext"])), 576 'test tls1 with custom extensions'); 577 } 578 }; 579 580 subtest 'Serverinfo tests' => sub { 581 ###################################################################### 582 583 plan tests => 5; 584 585 SKIP: { 586 skip "TLSv1.0 is not supported by this OpenSSL build", 5 587 if $no_tls1; 588 589 note('echo test tls1 with serverinfo'); 590 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo]))); 591 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct"]))); 592 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_tack"]))); 593 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); 594 ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); 595 } 596 }; 597} 598 599unlink $CAkey; 600unlink $CAcert; 601unlink $CAserial; 602unlink $CAreq; 603unlink $CAreq2; 604 605unlink $Ukey; 606unlink $Ureq; 607unlink $Ucert; 608unlink basename($Ucert, '.ss').'.srl'; 609 610unlink $Dkey; 611unlink $Dreq; 612unlink $Dcert; 613 614unlink $Ekey; 615unlink $Ereq; 616unlink $Ecert; 617 618unlink $P1key; 619unlink $P1req; 620unlink $P1cert; 621unlink basename($P1cert, '.ss').'.srl'; 622unlink $P1intermediate; 623unlink "intP1.ss"; 624 625unlink $P2key; 626unlink $P2req; 627unlink $P2cert; 628unlink $P2intermediate; 629unlink "intP2.ss"; 630 631unlink "ecp.ss"; 632unlink "err.ss"; 633 634unlink $server_sess; 635unlink $client_sess; 636