diff options
author | Alon Bar-Lev <alon.barlev@gmail.com> | 2015-06-21 03:00:03 +0300 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-06-21 09:37:22 +0200 |
commit | c18819167b0195f363c9750bd48ac4872c4ef77b (patch) | |
tree | 3e43a9736519da0d80c2b05645debe34d1a5122d | |
parent | 80a60c868a74841866c8d14c84fe65bfb5771215 (diff) | |
download | gnutls-c18819167b0195f363c9750bd48ac4872c4ef77b.tar.gz |
tests: suite: cleanup shell usage
Add quotes for most usages of variables.
Added ${} for variables.
Cleanup indentation to be consistent with other tests.
Fix separate builddir issues.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
-rw-r--r-- | configure.ac | 2 | ||||
-rwxr-xr-x | tests/suite/certs/create-chain.sh | 145 | ||||
-rwxr-xr-x | tests/suite/chain | 68 | ||||
-rwxr-xr-x | tests/suite/crl-test | 20 | ||||
-rwxr-xr-x | tests/suite/eagain | 10 | ||||
-rwxr-xr-x | tests/suite/invalid-cert | 13 | ||||
-rw-r--r-- | tests/suite/testcompat-common | 45 | ||||
-rwxr-xr-x | tests/suite/testcompat-main-openssl | 992 | ||||
-rwxr-xr-x | tests/suite/testcompat-main-polarssl | 526 | ||||
-rwxr-xr-x | tests/suite/testcompat-openssl | 18 | ||||
-rwxr-xr-x | tests/suite/testcompat-polarssl | 6 | ||||
-rwxr-xr-x | tests/suite/testdane | 62 | ||||
-rwxr-xr-x | tests/suite/testpkcs11 | 702 | ||||
-rw-r--r-- | tests/suite/testpkcs11.pkcs15 | 41 | ||||
-rw-r--r-- | tests/suite/testpkcs11.sc-hsm | 49 | ||||
-rwxr-xr-x | tests/suite/testpkcs11.softhsm | 85 | ||||
-rwxr-xr-x | tests/suite/testrandom | 58 | ||||
-rwxr-xr-x | tests/suite/testrng | 128 | ||||
-rwxr-xr-x | tests/suite/testsrn | 78 |
19 files changed, 1517 insertions, 1531 deletions
diff --git a/configure.ac b/configure.ac index 0cbba41457..3701889ab4 100644 --- a/configure.ac +++ b/configure.ac @@ -89,7 +89,7 @@ if test "$use_cxx" != "no"; then AC_LANG_POP(C++) fi AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") -AM_CONDITIONAL(WANT_TEST_SUITE, [test -f tests/suite/mini-eagain2.c]) +AM_CONDITIONAL(WANT_TEST_SUITE, [test -f "${srcdir}/tests/suite/mini-eagain2.c"]) dnl Detect windows build use_accel=yes diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh index 11add614db..53f6087f37 100755 --- a/tests/suite/certs/create-chain.sh +++ b/tests/suite/certs/create-chain.sh @@ -1,93 +1,92 @@ #!/bin/sh -srcdir=${srcdir:-.} -CERTTOOL=${CERTTOOL:-../../../src/certtool$EXEEXT} +CERTTOOL="${CERTTOOL:-../../../src/certtool${EXEEXT}}" OUTPUT=out TEMPLATE=tmpl -NUM=$1 +NUM="$1" -if test "$NUM" = "";then - echo "usage: $0 number" - exit 1 +if test "${NUM}" = "";then + echo "usage: $0 number" + exit 1 fi -LAST=`expr $NUM - 1` +LAST=`expr ${NUM} - 1` -rm -rf $OUTPUT -mkdir -p $OUTPUT +rm -rf "${OUTPUT}" +mkdir -p "${OUTPUT}" counter=0 -while test $counter -lt $NUM; do - if test $counter = $LAST;then - name="server-$counter" - else - name="CA-$counter" - fi - serial=$counter +while test ${counter} -lt ${NUM}; do + if test ${counter} = ${LAST};then + name="server-${counter}" + else + name="CA-${counter}" + fi + serial="${counter}" - - $CERTTOOL --generate-privkey >$OUTPUT/$name.key 2>/dev/null - if test $counter = 0;then - # ROOT CA - echo "cn = $name" >$TEMPLATE - echo "serial = $serial" >>$TEMPLATE - echo "ca" >>$TEMPLATE - echo "expiration_days = -1" >>$TEMPLATE - echo "cert_signing_key" >>$TEMPLATE - echo "ocsp_signing_key" >>$TEMPLATE - echo "crl_signing_key" >>$TEMPLATE - $CERTTOOL --generate-self-signed --load-privkey $OUTPUT/$name.key --outfile \ - $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null + + "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null + if test ${counter} = 0;then + # ROOT CA + echo "cn = ${name}" >"${TEMPLATE}" + echo "serial = ${serial}" >>"${TEMPLATE}" + echo "ca" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "cert_signing_key" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + echo "crl_signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \ + "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null - echo "serial = $serial" >$TEMPLATE - echo "expiration_days = -1" >>$TEMPLATE - $CERTTOOL --generate-crl --load-ca-privkey $OUTPUT/$name.key --load-ca-certificate $OUTPUT/$name.crt --outfile \ - $OUTPUT/$name.crl --template $TEMPLATE 2>/dev/null - else - if test $counter = $LAST;then - # END certificate - echo "cn = $name" >$TEMPLATE - echo "dns_name = localhost" >>$TEMPLATE - echo "expiration_days = -1" >>$TEMPLATE - echo "signing_key" >>$TEMPLATE - echo "encryption_key" >>$TEMPLATE - echo "ocsp_signing_key" >>$TEMPLATE - $CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \ - --load-ca-certificate $OUTPUT/$prev_name.crt \ - --load-ca-privkey $OUTPUT/$prev_name.key \ - --outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null - else - # intermediate CA - echo "cn = $name" >$TEMPLATE - echo "serial = $serial" >>$TEMPLATE - echo "ca" >>$TEMPLATE - echo "expiration_days = -1" >>$TEMPLATE - echo "ocsp_signing_key" >>$TEMPLATE - echo "cert_signing_key" >>$TEMPLATE - echo "signing_key" >>$TEMPLATE - $CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \ - --load-ca-certificate $OUTPUT/$prev_name.crt \ - --load-ca-privkey $OUTPUT/$prev_name.key \ - --outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null - fi - fi + echo "serial = ${serial}" >"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \ + "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null + else + if test ${counter} = ${LAST};then + # END certificate + echo "cn = ${name}" >"${TEMPLATE}" + echo "dns_name = localhost" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "signing_key" >>"${TEMPLATE}" + echo "encryption_key" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ + --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ + --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ + --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null + else + # intermediate CA + echo "cn = ${name}" >"${TEMPLATE}" + echo "serial = ${serial}" >>"${TEMPLATE}" + echo "ca" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + echo "cert_signing_key" >>"${TEMPLATE}" + echo "signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ + --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ + --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ + --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null + fi + fi - counter=`expr $counter + 1` - prev_name=$name + counter=`expr ${counter} + 1` + prev_name=${name} done -counter=`expr $NUM - 1` -while test $counter -ge 0; do - if test $counter = $LAST;then - name="server-$counter" - else - name="CA-$counter" - fi +counter=`expr ${NUM} - 1` +while test ${counter} -ge 0; do + if test ${counter} = ${LAST};then + name="server-${counter}" + else + name="CA-${counter}" + fi - cat $OUTPUT/$name.crt >> $OUTPUT/chain - - counter=`expr $counter - 1` + cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain" + + counter=`expr ${counter} - 1` done diff --git a/tests/suite/chain b/tests/suite/chain index f1967c9811..4f00320f07 100755 --- a/tests/suite/chain +++ b/tests/suite/chain @@ -20,7 +20,7 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -CERTTOOL=../../../src/certtool +CERTTOOL="../../../src/certtool" SUCCESS=" 1 4 7 12 15 16 17 18 24 26 27 30 33 56 57 62 63 " FAILURE=" 2 3 5 6 8 9 10 11 13 14 19 20 21 22 23 25 28 29 31 32 54 55 58 59 60 61 " @@ -33,41 +33,41 @@ mkdir -p chains RET=0 i=1 -while test -d X509tests/test$i; do - find X509tests/test$i -name *.crl -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --crl-info --inder --infile > chains/chain$i.pem 2>/dev/null - find X509tests/test$i -name E*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null - if test "$i" -gt 1; then - find X509tests/test$i -name I*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null - fi - find X509tests/test$i -name T*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null - $CERTTOOL -e --infile chains/chain$i.pem > out 2>&1 - rc=$? - if test $rc != 0 && test $rc != 1; then - echo "Chain $i FATAL failure." - RET=1 +while test -d X509tests/test${i}; do + find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 2>/dev/null + find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + if test "${i}" -gt 1; then + find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + fi + find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1 + rc=$? + if test $rc != 0 && test $rc != 1; then + echo "Chain ${i} FATAL failure." + RET=1 + else + if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then + echo "Chain ${i} verification was skipped due to known bug." + elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then + if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then + echo "Chain ${i} verification failure UNEXPECTED." + RET=1 + else + echo "Chain ${i} verification success as expected." + fi + elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then + if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then + echo "Chain ${i} verification failure as expected." + else + echo "Chain ${i} verification success UNEXPECTED. " + RET=1 + fi else - if echo "$KNOWN_BUGS" | grep " $i " > /dev/null 2>&1; then - echo "Chain $i verification was skipped due to known bug." - elif echo "$SUCCESS" | grep " $i " > /dev/null 2>&1; then - if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then - echo "Chain $i verification failure UNEXPECTED." - RET=1 - else - echo "Chain $i verification success as expected." - fi - elif echo "$FAILURE" | grep " $i " >/dev/null 2>&1; then - if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then - echo "Chain $i verification failure as expected." - else - echo "Chain $i verification success UNEXPECTED. " - RET=1 - fi - else - echo "Chain $i unclassified." - fi + echo "Chain ${i} unclassified." fi - i=`expr $i + 1` + fi + i=`expr ${i} + 1` done rm -f out -exit $RET +exit ${RET} diff --git a/tests/suite/crl-test b/tests/suite/crl-test index de51bde543..228f74ef29 100755 --- a/tests/suite/crl-test +++ b/tests/suite/crl-test @@ -20,29 +20,29 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir=${srcdir:-.} -DIFF=${DIFF:-diff} -CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} +srcdir="${srcdir:-.}" +DIFF="${DIFF:-diff}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi rm -f tmp-long.pem -$VALGRIND $CERTTOOL --crl-info --inder --infile $srcdir/crl/long.crl --outfile tmp-long.pem +${VALGRIND} "${CERTTOOL}" --crl-info --inder --infile "${srcdir}/crl/long.crl" --outfile tmp-long.pem rc=$? # We're done. -if test "$rc" != "0"; then +if test "${rc}" != "0"; then echo "CRL decoding failed 1!" - exit $rc + exit ${rc} fi -$DIFF $srcdir/crl/long.pem tmp-long.pem || $DIFF --strip-trailing-cr $srcdir/crl/long.pem tmp-long.pem +${DIFF} "${srcdir}/crl/long.pem tmp-long.pem" || ${DIFF} --strip-trailing-cr "${srcdir}/crl/long.pem" tmp-long.pem rc=$? -if test "$rc" != "0"; then +if test "${rc}" != "0"; then echo "CRL decoding failed 2!" - exit $rc + exit ${rc} fi rm -f tmp-long.pem diff --git a/tests/suite/eagain b/tests/suite/eagain index ba95b950bf..d05bab9cb7 100755 --- a/tests/suite/eagain +++ b/tests/suite/eagain @@ -21,23 +21,23 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q" +SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q" PORT="${PORT:-5445}" -$SERV -p $PORT --echo --priority "NORMAL:+ANON-DH" --dhparams $srcdir/params.dh >/dev/null 2>&1 & +$SERV -p "${PORT}" --echo --priority "NORMAL:+ANON-DH" --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 & pid=$! sleep 2 ./eagain-cli if [ $? != 0 ];then - exit 1 + exit 1 fi if [ "$pid" != "" ];then -kill $pid -wait + kill $pid + wait fi exit 0 diff --git a/tests/suite/invalid-cert b/tests/suite/invalid-cert index ec8e26584b..a9e1f5ebef 100755 --- a/tests/suite/invalid-cert +++ b/tests/suite/invalid-cert @@ -20,19 +20,18 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir=${srcdir:-.} -CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -$VALGRIND $CERTTOOL --certificate-info --inder --infile $srcdir/invalid-cert.der 2>/dev/null - +${VALGRIND} "${CERTTOOL}" --certificate-info --inder --infile "${srcdir}/invalid-cert.der" 2>/dev/null rc=$? # We're done. -if test "$rc" != "1"; then - exit $rc +if test "${rc}" != "1"; then + exit ${rc} fi exit 0 diff --git a/tests/suite/testcompat-common b/tests/suite/testcompat-common index 2eda62b26c..b4181e78ed 100644 --- a/tests/suite/testcompat-common +++ b/tests/suite/testcompat-common @@ -1,5 +1,3 @@ -#!/bin/sh - # Copyright (C) 2014 Red Hat, Inc. # All rights reserved. # @@ -29,33 +27,32 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -DSA_CERT=$srcdir/../dsa/cert.dsa.1024.pem -DSA_KEY=$srcdir/../dsa/dsa.1024.pem - -RSA_CERT=$srcdir/../certs/cert-rsa-2432.pem -RSA_KEY=$srcdir/../certs/rsa-2432.pem +DSA_CERT="${srcdir}/../dsa/cert.dsa.1024.pem" +DSA_KEY="${srcdir}/../dsa/dsa.1024.pem" -CA_CERT=$srcdir/../../doc/credentials/x509/ca.pem -CLI_CERT=$srcdir/../../doc/credentials/x509/clicert.pem -CLI_KEY=$srcdir/../../doc/credentials/x509/clikey.pem +RSA_CERT="${srcdir}/../certs/cert-rsa-2432.pem" +RSA_KEY="${srcdir}/../certs/rsa-2432.pem" -CA_ECC_CERT=$srcdir/../certs/ca-cert-ecc.pem -ECC224_CERT=$srcdir/../certs/cert-ecc.pem -ECC224_KEY=$srcdir/../certs/ecc.pem +CA_CERT="${srcdir}/../../doc/credentials/x509/ca.pem" +CLI_CERT="${srcdir}/../../doc/credentials/x509/clicert.pem" +CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey.pem" -ECC256_CERT=$srcdir/../certs/cert-ecc256.pem -ECC256_KEY=$srcdir/../certs/ecc256.pem +CA_ECC_CERT="${srcdir}/../certs/ca-cert-ecc.pem" +ECC224_CERT="${srcdir}/../certs/cert-ecc.pem" +ECC224_KEY="${srcdir}/../certs/ecc.pem" -ECC521_CERT=$srcdir/../certs/cert-ecc521.pem -ECC521_KEY=$srcdir/../certs/ecc521.pem +ECC256_CERT="${srcdir}/../certs/cert-ecc256.pem" +ECC256_KEY="${srcdir}/../certs/ecc256.pem" -ECC384_CERT=$srcdir/../certs/cert-ecc384.pem -ECC384_KEY=$srcdir/../certs/ecc384.pem +ECC521_CERT="${srcdir}/../certs/cert-ecc521.pem" +ECC521_KEY="${srcdir}/../certs/ecc521.pem" -SERV_CERT=$srcdir/../../doc/credentials/x509/cert-rsa.pem -SERV_KEY=$srcdir/../../doc/credentials/x509/key-rsa.pem -SERV_DSA_CERT=$srcdir/../../doc/credentials/x509/cert-dsa.pem -SERV_DSA_KEY=$srcdir/../../doc/credentials/x509/key-dsa.pem +ECC384_CERT="${srcdir}/../certs/cert-ecc384.pem" +ECC384_KEY="${srcdir}/../certs/ecc384.pem" -SERV_PSK=$srcdir/../../doc/credentials/psk-passwd.txt +SERV_CERT="${srcdir}/../../doc/credentials/x509/cert-rsa.pem" +SERV_KEY="${srcdir}/../../doc/credentials/x509/key-rsa.pem" +SERV_DSA_CERT="${srcdir}/../../doc/credentials/x509/cert-dsa.pem" +SERV_DSA_KEY="${srcdir}/../../doc/credentials/x509/key-dsa.pem" +SERV_PSK="${srcdir}/../../doc/credentials/psk-passwd.txt" diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl index 977706bbba..bac6026f6f 100755 --- a/tests/suite/testcompat-main-openssl +++ b/tests/suite/testcompat-main-openssl @@ -31,39 +31,39 @@ # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. srcdir="${srcdir:-.}" -CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" +CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" unset RETCODE if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi if test "${WINDIR}" != "";then exit 77 fi -. $srcdir/../scripts/common.sh +. "${srcdir}/../scripts/common.sh" -PORT="${PORT:-$RPORT}" +PORT="${PORT:-${RPORT}}" SERV=openssl OPENSSL_CLI="openssl" if test -f /etc/debian_version;then - DEBIAN=1 + DEBIAN=1 fi -echo "Compatibility checks using "`$SERV version` -$SERV version|grep -e 1\.0 >/dev/null 2>&1 +echo "Compatibility checks using "`${SERV} version` +${SERV} version|grep -e 1\.0 >/dev/null 2>&1 SV=$? -if test $SV != 0;then +if test ${SV} != 0;then echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests" exit 77 fi -$SERV version|grep -e 1\.0\.1 >/dev/null 2>&1 +${SERV} version|grep -e 1\.0\.1 >/dev/null 2>&1 SV2=$? -. ./testcompat-common +. "${srcdir}/testcompat-common" echo "#################################################" echo "# Client mode tests (gnutls cli-openssl server) #" @@ -71,288 +71,281 @@ echo "#################################################" for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" do + if ! test -z "${ADD}";then + echo "" + echo "** Modifier: ${ADD}" + fi + + if test "${DEBIAN}" != 1;then + + # It seems debian disabled SSL 3.0 completely on openssl + + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test SSL 3.0 with RSA ciphersuite + echo "Checking SSL 3.0 with RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test SSL 3.0 with DHE-RSA ciphersuite + echo "Checking SSL 3.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test SSL 3.0 with DHE-DSS ciphersuite + echo "Checking SSL 3.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 & + PID=$! + wait_server ${PID} + + echo "Checking SSL 3.0 with RSA-RC4-MD5..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + if test "${FIPS}" != 1;then + #-cipher RSA-NULL + launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with RSA-NULL ciphersuite + echo "Checking TLS 1.0 with RSA-NULL..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with RSA ciphersuite + echo "Checking TLS 1.0 with RSA and 3DES-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and AES-128-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and AES-256-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-RSA ciphersuite + echo "Checking TLS 1.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-RSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-DSS ciphersuite + echo "Checking TLS 1.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1;then + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1;then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher PSK + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.0 with PSK..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test ${SV2} = 0;then + # Tests requiring openssl 1.0.1 - TLS 1.2 + #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with RSA and AES-128-GCM..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with RSA and AES-256-GCM..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with ECDHE-RSA..." + "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1;then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1;then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi #FIPS + fi #SV2 + + #-cipher PSK + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with PSK..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with RSA ciphersuite + echo "Checking DTLS 1.0 with RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with DHE-RSA ciphersuite + echo "Checking DTLS 1.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with DHE-DSS ciphersuite + echo "Checking DTLS 1.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" -if ! test -z "$ADD";then -echo "" -echo "** Modifier: $ADD" -fi - -if test "$DEBIAN" != 1;then - -# It seems debian disabled SSL 3.0 completely on openssl - -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test SSL 3.0 with RSA ciphersuite -echo "Checking SSL 3.0 with RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test SSL 3.0 with DHE-RSA ciphersuite -echo "Checking SSL 3.0 with DHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test SSL 3.0 with DHE-DSS ciphersuite -echo "Checking SSL 3.0 with DHE-DSS..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher RC4-MD5 & -PID=$! -wait_server $PID - -echo "Checking SSL 3.0 with RSA-RC4-MD5..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA$ADD" --insecure </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -fi - -if test "$FIPS" != 1;then -#-cipher RSA-NULL -launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with RSA-NULL ciphersuite -echo "Checking TLS 1.0 with RSA-NULL..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait -fi - -#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with RSA ciphersuite -echo "Checking TLS 1.0 with RSA and 3DES-CBC..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.0 with RSA and AES-128-CBC..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.0 with RSA and AES-256-CBC..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test TLS 1.0 with DHE-RSA ciphersuite -echo "Checking TLS 1.0 with DHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test TLS 1.0 with DHE-RSA ciphersuite -echo "Checking TLS 1.0 with ECDHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test TLS 1.0 with DHE-DSS ciphersuite -echo "Checking TLS 1.0 with DHE-DSS..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then - -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with ECDHE-ECDSA ciphersuite -echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -fi - -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with ECDHE-ECDSA ciphersuite -echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with ECDHE-ECDSA ciphersuite -echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -fi - -#-cipher PSK -launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & -PID=$! -wait_server $PID - -echo "Checking TLS 1.0 with PSK..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK$ADD" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test $SV2 = 0;then -# Tests requiring openssl 1.0.1 - TLS 1.2 -#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with RSA and AES-128-GCM..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.2 with RSA and AES-256-GCM..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.2 with DHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.2 with ECDHE-RSA..." -$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.2 with DHE-DSS..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)" -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait -fi - -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)" -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)" -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait -fi #FIPS - -fi #SV2 - -#-cipher PSK -launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1_2 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with PSK..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test DTLS 1.0 with RSA ciphersuite -echo "Checking DTLS 1.0 with RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test DTLS 1.0 with DHE-RSA ciphersuite -echo "Checking DTLS 1.0 with DHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test DTLS 1.0 with DHE-DSS ciphersuite -echo "Checking DTLS 1.0 with DHE-DSS..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - + kill ${PID} + wait done echo "Client mode tests were successfully completed" @@ -360,303 +353,300 @@ echo "" echo "###############################################" echo "# Server mode tests (gnutls server-openssl cli#" echo "###############################################" -SERV="../../src/gnutls-serv$EXEEXT -q" +SERV="../../src/gnutls-serv${EXEEXT} -q" # Note that openssl s_client does not return error code on failure for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" do + if ! test -z "${ADD}";then + echo "" + echo "** Modifier: ${ADD}" + fi -if ! test -z "$ADD";then -echo "" -echo "** Modifier: $ADD" -fi - -if test "$DEBIAN" != 1;then + if test "${DEBIAN}" != 1;then -echo "Check SSL 3.0 with RSA ciphersuite" -launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + echo "Check SSL 3.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite" -$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait -echo "Check SSL 3.0 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + echo "Check SSL 3.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait -echo "Check SSL 3.0 with DHE-DSS ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -wait_server $PID + echo "Check SSL 3.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait + fi -fi + #TLS 1.0 -#TLS 1.0 + # This test was disabled because it doesn't work as expected with openssl 1.0.0d + #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + #wait_server ${PID} + # + #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait -# This test was disabled because it doesn't work as expected with openssl 1.0.0d -#echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" -#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -#wait_server $PID -# -#$OPENSSL_CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ -# fail $PID "Failed" -# -#kill $PID -#wait + if test "${FIPS}" != 1;then + echo "Check TLS 1.0 with RSA-NULL ciphersuite" + launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -if test "$FIPS" != 1;then -echo "Check TLS 1.0 with RSA-NULL ciphersuite" -launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -$OPENSSL_CLI s_client -cipher NULL-SHA -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + kill ${PID} + wait + fi -kill $PID -wait -fi + echo "Check TLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -echo "Check TLS 1.0 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + kill ${PID} + wait -kill $PID -wait + echo "Check TLS 1.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -echo "Check TLS 1.0 with DHE-DSS ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -wait_server $PID + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + kill ${PID} + wait -kill $PID -wait + echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + #-cipher ECDHE-RSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -#-cipher ECDHE-RSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + kill ${PID} + wait -kill $PID -wait + if test "${FIPS}" != 1;then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -if test "$FIPS" != 1;then -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + kill ${PID} + wait + fi -kill $PID -wait -fi + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + kill ${PID} + wait -kill $PID -wait + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + kill ${PID} + wait -kill $PID -wait + if test "${FIPS}" != 1;then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -if test "$FIPS" != 1;then -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + kill ${PID} + wait + fi -kill $PID -wait -fi - -echo "Check TLS 1.0 with PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + echo "Check TLS 1.0 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -#-cipher PSK-AES128-SHA -$OPENSSL_CLI s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \ - fail $PID "Failed" + #-cipher PSK-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait -if test $SV2 = 0;then + if test ${SV2} = 0;then -echo "Check TLS 1.2 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + echo "Check TLS 1.2 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait -echo "Check TLS 1.2 with DHE-DSS ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -wait_server $PID + echo "Check TLS 1.2 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait -echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -#-cipher ECDHE-RSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + #-cipher ECDHE-RSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait -if test "$FIPS" != 1;then -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + if test "${FIPS}" != 1;then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait -fi + kill ${PID} + wait + fi -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -kill $PID -wait + kill ${PID} + wait -if test "$FIPS" != 1;then -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + if test "${FIPS}" != 1;then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait -fi + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait + fi -#-cipher PSK-AES128-SHA -$OPENSSL_CLI s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \ - fail $PID "Failed" + echo "Check TLS 1.2 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher PSK-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ + fail ${PID} "Failed" -fi #SV2 + kill ${PID} + wait -# DTLS -echo "Check DTLS 1.0 with RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + fi #SV2 + # DTLS + echo "Check DTLS 1.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" -kill $PID -wait + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + kill ${PID} + wait -echo "Check DTLS 1.0 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + echo "Check DTLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" -kill $PID -wait + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + kill ${PID} + wait -echo "Check DTLS 1.0 with DHE-DSS ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --udp --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -wait_server $PID + echo "Check DTLS 1.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" -kill $PID -wait + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + kill ${PID} + wait done exit 0 diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl index a6df66c023..74261b0802 100755 --- a/tests/suite/testcompat-main-polarssl +++ b/tests/suite/testcompat-main-polarssl @@ -11,9 +11,9 @@ # Redistribution and use in source and binary forms, with or without modification, # are permitted provided that the following conditions are met: # -# 1. Redistributions of source code must retain the above copyright notice, this +# 1. Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright notice, +# 2. Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation and/or # other materials provided with the distribution. # 3. Neither the name of the copyright holder nor the names of its contributors may @@ -23,7 +23,7 @@ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT -# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN @@ -31,386 +31,386 @@ # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. srcdir="${srcdir:-.}" -CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" +CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" LOGFILE=polarssl.log unset RETCODE if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi if test "${WINDIR}" != "";then exit 77 -fi - -. $srcdir/../scripts/common.sh - -PORT="${PORT:-$RPORT}" -if test -x /usr/bin/mbedtls_ssl_client2;then -POLARSSL_CLI="/usr/bin/mbedtls_ssl_client2" -else -POLARSSL_CLI="/usr/libexec/mbedtls/ssl_client2" fi -TXT=`$CLI --priority NORMAL --list|grep SECP224` -if test -z $TEXT;then - ALL_CURVES=0 +. "${srcdir}/../scripts/common.sh" + +PORT="${PORT:-${RPORT}}" +TXT=`"${CLI}" --priority NORMAL --list|grep SECP224` +if test -z "${TXT}";then + ALL_CURVES=0 else - ALL_CURVES=1 + ALL_CURVES=1 fi echo "Compatibility checks using polarssl" -if ! test -x $POLARSSL_CLI;then +for POLARSSL_CLI in \ + /usr/bin/polarssl_ssl_client2 \ + /usr/bin/mbedtls_ssl_client2 \ + /usr/libexec/mbedtls/ssl_client2 \ + ""; do + test -x "${POLARSSL_CLI}" && break +done + +if test -z "${POLARSSL_CLI}";then echo "PolarSSL is required for this test to run" exit 77 fi -$POLARSSL_CLI >/dev/null 2>&1 +"${POLARSSL_CLI}" >/dev/null 2>&1 if test $? = 0;then echo "PolarSSL 1.3.x is required for the tests to run" exit 77 fi -. ./testcompat-common +. "${srcdir}/testcompat-common" echo "" echo "##################################################" echo "# Server mode tests (gnutls server-polarssl cli) #" echo "##################################################" -SERV="../../src/gnutls-serv$EXEEXT -q" +SERV="../../src/gnutls-serv${EXEEXT} -q" -rm -f $LOGFILE +rm -f "${LOGFILE}" for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" do + if ! test -z "${ADD}";then + echo "" + echo "** Modifier: ${ADD}" + fi -if ! test -z "$ADD";then -echo "" -echo "** Modifier: $ADD" -fi - -# SSL 3.0 is disabled in debian's polarssl -if test 0 = 1;then -echo "Check SSL 3.0 with RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID - -$POLARSSL_CLI server_port=$PORT server_name=localhost max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + # SSL 3.0 is disabled in debian's polarssl + if test 0 = 1;then + echo "Check SSL 3.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -kill $PID -wait + "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check SSL 3.0 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + kill ${PID} + wait -$POLARSSL_CLI server_name=localhost server_port=$PORT max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check SSL 3.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -kill $PID -wait + "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -# No DSS for polarssl -#echo "Check SSL 3.0 with DHE-DSS ciphersuite" -#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -#wait_server $PID + kill ${PID} + wait -#$POLARSSL_CLI server_name=localhost server_port=$PORT max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ -# fail $PID "Failed" -# -#kill $PID -#wait -fi + # No DSS for polarssl + #echo "Check SSL 3.0 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! + #wait_server ${PID} -#TLS 1.0 + #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait + fi -echo "Check TLS 1.0 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + #TLS 1.0 -$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -kill $PID -wait + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -#echo "Check TLS 1.0 with DHE-DSS ciphersuite" -#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -#wait_server $PID + kill ${PID} + wait -#$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ -# fail $PID "Failed" + #echo "Check TLS 1.0 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! + #wait_server ${PID} -#kill $PID -#wait + #"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" -echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + #kill ${PID} + #wait -#-cipher ECDHE-RSA-AES128-SHA -$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher ECDHE-RSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.0 with PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher PSK-AES128-SHA -$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.0 with DHE-PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher PSK-AES128-SHA -$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with DHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.0 with ECDHE-PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher PSK-AES128-SHA -$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with ECDHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.0 with RSA-PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher RSA-PSK-AES128-SHA -$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with RSA-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher RSA-PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -if test $ALL_CURVES = 1;then - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! - wait_server $PID + kill ${PID} + wait - #-cipher ECDHE-ECDSA-AES128-SHA - $POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC224_CERT key_file=$ECC224_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + if test ${ALL_CURVES} = 1;then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} - kill $PID - wait -fi + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + kill ${PID} + wait + fi -#-cipher ECDHE-ECDSA-AES128-SHA -$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC256_CERT key_file=$ECC256_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher ECDHE-ECDSA-AES128-SHA -$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC384_CERT key_file=$ECC384_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher ECDHE-ECDSA-AES128-SHA -$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC521_CERT key_file=$ECC521_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + kill ${PID} + wait -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -kill $PID -wait + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + kill ${PID} + wait -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -kill $PID -wait + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + kill ${PID} + wait -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -kill $PID -wait + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + kill ${PID} + wait -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -kill $PID -wait + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID + kill ${PID} + wait -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! + wait_server ${PID} -kill $PID -wait + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -#echo "Check TLS 1.2 with DHE-DSS ciphersuite" -#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -#wait_server $PID -# -#$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ -# fail $PID "Failed" -# -#kill $PID -#wait + kill ${PID} + wait -echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + #echo "Check TLS 1.2 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! + #wait_server ${PID} + # + #"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait -#-cipher ECDHE-RSA-AES128-SHA -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher ECDHE-RSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -if test $ALL_CURVES = 1;then - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! - wait_server $PID + kill ${PID} + wait - #-cipher ECDHE-ECDSA-AES128-SHA - $POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC224_CERT key_file=$ECC224_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + if test ${ALL_CURVES} = 1;then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} - kill $PID - wait -fi + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + kill ${PID} + wait + fi -#-cipher ECDHE-ECDSA-AES128-SHA -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC256_CERT key_file=$ECC256_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher ECDHE-ECDSA-AES128-SHA -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC384_CERT key_file=$ECC384_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher ECDHE-ECDSA-AES128-SHA -$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC521_CERT key_file=$ECC521_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher PSK-AES128-SHA -$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with DHE-PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher PSK-AES128-SHA -$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with DHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with ECDHE-PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher PSK-AES128-SHA -$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with ECDHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" -echo "Check TLS 1.2 with RSA-PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID + kill ${PID} + wait -#-cipher RSA-PSK-AES128-SHA -$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \ - fail $PID "Failed" + echo "Check TLS 1.2 with RSA-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! + wait_server ${PID} -kill $PID -wait + #-cipher RSA-PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + kill ${PID} + wait done -rm -f $LOGFILE +rm -f "${LOGFILE}" exit 0 diff --git a/tests/suite/testcompat-openssl b/tests/suite/testcompat-openssl index f99c8124e8..f82f00e76b 100755 --- a/tests/suite/testcompat-openssl +++ b/tests/suite/testcompat-openssl @@ -30,23 +30,25 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +srcdir="${srcdir:-.}" + if ! test -x /usr/bin/openssl;then - echo "You need openssl to run this test" - exit 77 + echo "You need openssl to run this test" + exit 77 fi /usr/bin/openssl version|grep fips >/dev/null 2>&1 if test $? = 0;then - export FIPS=1 + export FIPS=1 else - export FIPS=0 + export FIPS=0 fi # Check for datefudge TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null` -if test "$TSTAMP" != "1158969600"; then - echo "You need datefudge to run this test" - exit 77 +if test "${TSTAMP}" != "1158969600"; then + echo "You need datefudge to run this test" + exit 77 fi -datefudge "2012-09-2" ./testcompat-main-openssl +datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl" diff --git a/tests/suite/testcompat-polarssl b/tests/suite/testcompat-polarssl index 3e78deb438..fcaf99bb32 100755 --- a/tests/suite/testcompat-polarssl +++ b/tests/suite/testcompat-polarssl @@ -30,9 +30,11 @@ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +srcdir="${srcdir:-.}" + # Check for datefudge TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null` -if test "$TSTAMP" != "1158969600"; then +if test "${TSTAMP}" != "1158969600"; then echo "You need datefudge to run this test" exit 77 fi @@ -43,4 +45,4 @@ if test $? = 0;then exit 77 fi -datefudge "2012-09-2" ./testcompat-main-polarssl +datefudge "2012-09-2" "${srcdir}/testcompat-main-polarssl" diff --git a/tests/suite/testdane b/tests/suite/testdane index 714a582634..2ec50dc186 100755 --- a/tests/suite/testdane +++ b/tests/suite/testdane @@ -19,64 +19,64 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -DANETOOL="${DANETOOL:-../../src/danetool$EXEEXT}" +DANETOOL="${DANETOOL:-../../src/danetool${EXEEXT}}" unset RETCODE # Unfortunately it is extremely fragile and fails 99% of the # time. if test "${WINDIR}" != "";then exit 77 -fi +fi -. $srcdir/../scripts/common.sh +. "${srcdir}/../scripts/common.sh" # Fine hosts echo "" echo "*** Testing good HTTPS hosts ***" -# www.vulcano.cl dane.nox.su +# www.vulcano.cl dane.nox.su HOSTS="good.dane.verisignlabs.com www.freebsd.org www.kumari.net torproject.org fedoraproject.org" -HOSTS="$HOSTS nohats.ca" -for i in $HOSTS;do -echo -n "$i: " +HOSTS="${HOSTS} nohats.ca" +for host in ${HOSTS};do + echo -n "${host}: " -$DANETOOL --check $i >/dev/null 2>&1 -if [ $? != 0 ];then - echo "Error checking $i" - exit 1 -fi -echo "ok" + "${DANETOOL}" --check "${host}" >/dev/null 2>&1 + if [ $? != 0 ];then + echo "Error checking ${host}" + exit 1 + fi + echo "ok" done echo "" echo "*** Testing good SMTP hosts ***" #HOSTS="dougbarton.us nlnetlabs.nl" HOSTS="nlnetlabs.nl" -for i in $HOSTS;do -echo -n "$i: " +for host in ${HOSTS};do + echo -n "${host}: " -$DANETOOL --check $i --port 25 >/dev/null 2>&1 -if [ $? != 0 ];then - echo "Error checking $i" - exit 1 -fi -echo "ok" + "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1 + if [ $? != 0 ];then + echo "Error checking ${host}" + exit 1 + fi + echo "ok" done echo "" echo "*** Testing bad HTTPS hosts ***" # Not ok -# used to work: dane-broken.rd.nic.fr +# used to work: dane-broken.rd.nic.fr HOSTS="bad-hash.dane.verisignlabs.com bad-params.dane.verisignlabs.com" -HOSTS="$HOSTS bad-sig.dane.verisignlabs.com" -for i in $HOSTS;do -echo -n "$i: " -$DANETOOL --check $i >/dev/null 2>&1 -if [ $? = 0 ];then - echo "Checking $i should have failed" - exit 1 -fi -echo "ok" +HOSTS="${HOSTS} bad-sig.dane.verisignlabs.com" +for host in ${HOSTS};do + echo -n "${host}: " + "${DANETOOL}" --check "${host}" >/dev/null 2>&1 + if [ $? = 0 ];then + echo "Checking ${host} should have failed" + exit 1 + fi + echo "ok" done diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11 index 2a4b88fee5..b301cc3dd0 100755 --- a/tests/suite/testpkcs11 +++ b/tests/suite/testpkcs11 @@ -19,57 +19,57 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -P11TOOL="${P11TOOL:-../../src/p11tool$EXEEXT}" -CERTTOOL="${CERTTOOL:-../../src/certtool$EXEEXT}" +P11TOOL="${P11TOOL:-../../src/p11tool${EXEEXT}}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff -b -B}" -SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q" -CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" +SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q" +CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" RETCODE=0 if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no" + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no" fi -TMPFILE=$srcdir/testpkcs11.debug +TMPFILE="testpkcs11.debug" CERTTOOL_PARAM="--stdout-info" if test "${WINDIR}" != "";then exit 77 fi -P11TOOL="$VALGRIND $P11TOOL --batch" +P11TOOL="${VALGRIND} ${P11TOOL} --batch" -. $srcdir/../scripts/common.sh +. ${srcdir}/../scripts/common.sh -PORT="${PORT:-$RPORT}" +PORT="${PORT:-${RPORT}}" -rm -f $TMPFILE +rm -f "${TMPFILE}" exit_error () { - echo "Check $TMPFILE for additional debugging information" - echo "" - echo "" - tail $TMPFILE - exit 1 + echo "Check ${TMPFILE} for additional debugging information" + echo "" + echo "" + tail "${TMPFILE}" + exit 1 } # $1: token # $2: PIN # $3: filename -# $srcdir/pkcs11-certs/client.key +# ${srcdir}/pkcs11-certs/client.key write_privkey () { - export GNUTLS_PIN=$2 - - filename=$3 - token=$1 - echo -n "* Writing a client private key... " - $P11TOOL $ADDITIONAL_PARAM --login --write --label gnutls-client2 --load-privkey "$filename" "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing a client private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi } @@ -77,18 +77,18 @@ write_privkey () { # $2: PIN # $3: filename write_serv_privkey () { - export GNUTLS_PIN=$2 - - filename=$3 - token=$1 - echo -n "* Writing the server private key... " - $P11TOOL $ADDITIONAL_PARAM --login --write --label serv-key --load-privkey "$filename" "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi } @@ -96,18 +96,18 @@ write_serv_privkey () { # $2: PIN # $3: filename write_serv_cert () { - export GNUTLS_PIN=$2 - - filename=$3 - token=$1 - echo -n "* Writing the server certificate... " - $P11TOOL $ADDITIONAL_PARAM --login --write --no-mark-private --label serv-cert --load-certificate "$filename" "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi } @@ -115,282 +115,282 @@ write_serv_cert () { # $2: PIN # $3: bits generate_rsa_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Generating RSA private key ($bits)... " - $P11TOOL $ADDITIONAL_PARAM --login --id 000102030405 --label gnutls-client --generate-rsa --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit 1 - fi + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating RSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit 1 + fi } # $1: token # $2: PIN # $3: bits generate_temp_rsa_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Generating RSA private key ($bits)... " - $P11TOOL $ADDITIONAL_PARAM --login --label temp-rsa-$bits --generate-rsa --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1 - if test $? = 0;then - RETCODE=0 - echo ok - else - echo failed - RETCODE=1 - fi - -# if test $RETCODE = 0;then -# echo -n "* Testing private key flags... " -# $P11TOOL $ADDITIONAL_PARAM --login --list-keys "$token;object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>$TMPFILE -# if test $? != 0;then -# echo failed -# exit_error -# fi + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating RSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0;then + RETCODE=0 + echo ok + else + echo failed + RETCODE=1 + fi + +# if test ${RETCODE} = 0;then +# echo -n "* Testing private key flags... " +# ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-keys "${token};object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>"${TMPFILE}" +# if test $? != 0;then +# echo failed +# exit_error +# fi # -# grep CKA_WRAP tmp-client-2.pub >>$TMPFILE 2>&1 -# if test $? != 0;then -# echo "failed (no CKA_WRAP)" -# exit_error -# else -# echo ok -# fi -# fi +# grep CKA_WRAP tmp-client-2.pub >>"${TMPFILE}" 2>&1 +# if test $? != 0;then +# echo "failed (no CKA_WRAP)" +# exit_error +# else +# echo ok +# fi +# fi } # $1: token # $2: PIN delete_temp_privkey () { - export GNUTLS_PIN=$2 - token=$1 - type=$3 + export GNUTLS_PIN="$2" + token="$1" + type="$3" - test "$RETCODE" = "0" || return + test "${RETCODE}" = "0" || return - echo -n "* Deleting private key... " - $P11TOOL $ADDITIONAL_PARAM --login --delete "$token;object=temp-$type;object-type=private" >>$TMPFILE 2>&1 + echo -n "* Deleting private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - RETCODE=1 - return - fi + if test $? != 0;then + echo failed + RETCODE=1 + return + fi - RETCODE=0 - echo ok + RETCODE=0 + echo ok } # $1: token # $2: PIN # $3: bits export_pubkey_of_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Exporting public key of generated private key... " - $P11TOOL $ADDITIONAL_PARAM --login --export-pubkey "$token;object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>$TMPFILE 2>&1 - if test $? != 0;then - echo failed - exit 1 - fi - - $DIFF tmp-client.pub tmp-client-2.pub - if test $? != 0;then - echo keys differ - exit 1 - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Exporting public key of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo failed + exit 1 + fi + + ${DIFF} tmp-client.pub tmp-client-2.pub + if test $? != 0;then + echo keys differ + exit 1 + fi + + echo ok } # $1: token # $2: PIN change_id_of_privkey () { - export GNUTLS_PIN=$2 - token=$1 - - echo -n "* Change the CKA_ID of generated private key... " - $P11TOOL $ADDITIONAL_PARAM --login --set-id "01a1b103" "$token;object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>$TMPFILE 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - $P11TOOL $ADDITIONAL_PARAM --login --list-privkeys "$token;object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>$TMPFILE 2>&1 - if test $? != 0;then - echo "ID didn't change" - exit_error - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Change the CKA_ID of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo "ID didn't change" + exit_error + fi + + echo ok } # $1: token # $2: PIN change_label_of_privkey () { - export GNUTLS_PIN=$2 - token=$1 - - echo -n "* Change the CKA_LABEL of generated private key... " - $P11TOOL $ADDITIONAL_PARAM --login --set-label "new-label" "$token;object=gnutls-client;object-type=private" >>$TMPFILE 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - $P11TOOL $ADDITIONAL_PARAM --login --list-privkeys "$token;object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>$TMPFILE 2>&1 - if test $? != 0;then - echo "label didn't change" - exit_error - fi - - $P11TOOL $ADDITIONAL_PARAM --login --set-label "gnutls-client" "$token;object=new-label;object-type=private" >>$TMPFILE 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Change the CKA_LABEL of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo "label didn't change" + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo failed + exit_error + fi + + echo ok } # $1: token # $2: PIN # $3: bits generate_temp_ecc_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Generating ECC private key ($bits)... " - $P11TOOL $ADDITIONAL_PARAM --login --label temp-ecc-$bits --generate-ecc --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1 - if test $? = 0;then - RETCODE=0 - echo ok - else - echo failed - RETCODE=1 - fi + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating ECC private key (${bits})... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0;then + RETCODE=0 + echo ok + else + echo failed + RETCODE=1 + fi } # $1: token # $2: PIN -# $3: cakey: $srcdir/pkcs11-certs/ca.key -# $4: cacert: $srcdir/pkcs11-certs/ca.crt +# $3: cakey: ${srcdir}/pkcs11-certs/ca.key +# $4: cacert: ${srcdir}/pkcs11-certs/ca.crt # # Tests writing a certificate which corresponds to the given key, # as well as the CA certificate, and tries to export them. write_certificate_test () { - export GNUTLS_PIN=$2 - token=$1 - cakey=$3 - cacert=$4 - pubkey=$5 - - echo -n "* Generating client certificate... " - $CERTTOOL $CERTTOOL_PARAM $ADDITIONAL_PARAM --generate-certificate --load-ca-privkey "$cakey" --load-ca-certificate "$cacert" \ - --template $srcdir/pkcs11-certs/client-tmpl --load-privkey "$token;object=gnutls-client;object-type=private" \ - --load-pubkey "$pubkey" --outfile tmp-client.crt >>$TMPFILE 2>&1 - - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Writing client certificate... " - $P11TOOL $ADDITIONAL_PARAM --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Checking whether ID was correctly set... " - $P11TOOL $ADDITIONAL_PARAM --login --list-certs "$token;object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>$TMPFILE 2>&1 - if test $? != 0;then - echo "ID was not set on copy" - exit_error - fi - echo ok - - echo -n "* Writing certificate of client's CA... " - $P11TOOL $ADDITIONAL_PARAM --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "$cacert" "$token" >>$TMPFILE 2>&1 - ret=$? - if test $ret != 0;then - $P11TOOL $ADDITIONAL_PARAM --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "$cacert" "$token" >>$TMPFILE 2>&1 - ret=$? - fi - - if test $ret = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Testing certificate flags... " - $P11TOOL $ADDITIONAL_PARAM --login --list-all-certs "$token;object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>$TMPFILE - if test $? != 0;then - echo failed - exit_error - fi - - grep CKA_TRUSTED tmp-client-2.pub >>$TMPFILE 2>&1 - if test $? != 0;then - echo "failed (no CKA_TRUSTED)" - #exit_error - fi - - grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>$TMPFILE 2>&1 - if test $? != 0;then - echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)" - #exit_error - fi - - echo ok - - - echo -n "* Trying to obtain back the cert... " - $P11TOOL $ADDITIONAL_PARAM --export "$token;object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>$TMPFILE 2>&1 - $DIFF crt1.tmp $srcdir/pkcs11-certs/ca.crt - if test $? != 0;then - echo "failed. Exported certificate differs (crt1.tmp)!" - exit_error - fi - rm -f crt1.tmp - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Trying to obtain the full chain... " - $P11TOOL $ADDITIONAL_PARAM --login --export-chain "$token;object=gnutls-client;object-type=cert"|$CERTTOOL $CERTTOOL_PARAM -i --outfile crt1.tmp >>$TMPFILE 2>&1 - - cat tmp-client.crt $srcdir/pkcs11-certs/ca.crt|$CERTTOOL $CERTTOOL_PARAM -i >crt2.tmp - $DIFF crt1.tmp crt2.tmp - if test $? != 0;then - echo "failed. Exported certificate chain differs!" - exit_error - fi - rm -f crt1.tmp crt2.tmp - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + token="$1" + cakey="$3" + cacert="$4" + pubkey="$5" + + echo -n "* Generating client certificate... " + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ + --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1 + + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Writing client certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Checking whether ID was correctly set... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo "ID was not set on copy" + exit_error + fi + echo ok + + echo -n "* Writing certificate of client's CA... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 + ret=$? + if test ${ret} != 0;then + ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 + ret=$? + fi + + if test ${ret} = 0;then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Testing certificate flags... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}" + if test $? != 0;then + echo failed + exit_error + fi + + grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo "failed (no CKA_TRUSTED)" + #exit_error + fi + + grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0;then + echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)" + #exit_error + fi + + echo ok + + + echo -n "* Trying to obtain back the cert... " + ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1 + ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt" + if test $? != 0;then + echo "failed. Exported certificate differs (crt1.tmp)!" + exit_error + fi + rm -f crt1.tmp + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Trying to obtain the full chain... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1 + + cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp + ${DIFF} crt1.tmp crt2.tmp + if test $? != 0;then + echo "failed. Exported certificate chain differs!" + exit_error + fi + rm -f crt1.tmp crt2.tmp + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi } @@ -402,39 +402,39 @@ write_certificate_test () { # # Tests using a certificate and key pair using gnutls-serv and gnutls-cli. use_certificate_test () { - export GNUTLS_PIN=$2 - token=$1 - certfile=$3 - keyfile=$4 - cafile=$5 - txt=$6 - - echo -n "* Using PKCS #11 with gnutls-cli ($txt)... " - # start server - launch_pkcs11_server $$ "$ADDITIONAL_PARAM" --echo --priority NORMAL --x509certfile="$certfile" \ - --x509keyfile="$keyfile" --x509cafile="$cafile" \ - --require-client-cert >>$TMPFILE 2>&1 & - - PID=$! - wait_server $PID - - # connect to server using SC - $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 && \ - fail $PID "Connection should have failed!" - - $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$certfile" \ - --x509keyfile="$keyfile" --x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 || \ - fail $PID "Connection (with files) should have succeeded!" - - $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$token;object=gnutls-client;object-type=cert" \ - --x509keyfile="$token;object=gnutls-client;object-type=private" \ - --x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 || \ - fail $PID "Connection (with SC) should have succeeded!" - - kill $PID - wait - - echo ok + export GNUTLS_PIN="$2" + token="$1" + certfile="$3" + keyfile="$4" + cafile="$5" + txt="$6" + + echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " + # start server + launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" \ + --require-client-cert >>"${TMPFILE}" 2>&1 & + + PID=$! + wait_server ${PID} + + # connect to server using SC + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \ + fail ${PID} "Connection should have failed!" + + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ + fail ${PID} "Connection (with files) should have succeeded!" + + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ + --x509keyfile="${token};object=gnutls-client;object-type=private" \ + --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ + fail ${PID} "Connection (with SC) should have succeeded!" + + kill ${PID} + wait + + echo ok } @@ -443,65 +443,65 @@ echo "Testing PKCS11 support" # erase SC -type=$1 +type="$1" -if test -z "$type";then - echo "usage: $0: [pkcs15|softhsm|sc-hsm]" - if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then - echo "assuming 'softhsm'" - echo "" - type=softhsm - else - exit 1 - fi +if test -z "${type}";then + echo "usage: $0: [pkcs15|softhsm|sc-hsm]" + if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then + echo "assuming 'softhsm'" + echo "" + type=softhsm + else + exit 1 + fi fi -. $srcdir/testpkcs11.$type +. "${srcdir}/testpkcs11.${type}" export GNUTLS_PIN=12345678 export GNUTLS_SO_PIN=00000000 -init_card $GNUTLS_PIN $GNUTLS_SO_PIN +init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}" # find token name -TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` +TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` -echo "* Token: $TOKEN" -if test x"$TOKEN" = x;then - echo "Could not find generated token" - exit_error +echo "* Token: ${TOKEN}" +if test "x${TOKEN}" = x;then + echo "Could not find generated token" + exit_error fi #write a given privkey -write_privkey $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/client.key" +write_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/client.key" -generate_temp_ecc_privkey $TOKEN $GNUTLS_PIN 256 -delete_temp_privkey $TOKEN $GNUTLS_PIN ecc-256 +generate_temp_ecc_privkey "${TOKEN}" "${GNUTLS_PIN}" 256 +delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" ecc-256 -generate_temp_ecc_privkey $TOKEN $GNUTLS_PIN 384 -delete_temp_privkey $TOKEN $GNUTLS_PIN ecc-384 +generate_temp_ecc_privkey "${TOKEN}" "${GNUTLS_PIN}" 384 +delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" ecc-384 -generate_temp_rsa_privkey $TOKEN $GNUTLS_PIN 2048 -delete_temp_privkey $TOKEN $GNUTLS_PIN rsa-2048 +generate_temp_rsa_privkey "${TOKEN}" "${GNUTLS_PIN}" 2048 +delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" rsa-2048 -generate_rsa_privkey $TOKEN $GNUTLS_PIN 1024 -change_id_of_privkey $TOKEN $GNUTLS_PIN -export_pubkey_of_privkey $TOKEN $GNUTLS_PIN -change_label_of_privkey $TOKEN $GNUTLS_PIN +generate_rsa_privkey "${TOKEN}" "${GNUTLS_PIN}" 1024 +change_id_of_privkey "${TOKEN}" "${GNUTLS_PIN}" +export_pubkey_of_privkey "${TOKEN}" "${GNUTLS_PIN}" +change_label_of_privkey "${TOKEN}" "${GNUTLS_PIN}" -write_certificate_test $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/ca.key" "$srcdir/pkcs11-certs/ca.crt" tmp-client.pub +write_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/ca.key" "${srcdir}/pkcs11-certs/ca.crt" tmp-client.pub -write_serv_privkey $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/server.key" -write_serv_cert $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/server.crt" +write_serv_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.key" +write_serv_cert "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.crt" -use_certificate_test $TOKEN $GNUTLS_PIN "$TOKEN;object=serv-cert;object-type=cert" "$TOKEN;object=serv-key;object-type=private" "$srcdir/pkcs11-certs/ca.crt" "full URLs" +use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert;object-type=cert" "${TOKEN};object=serv-key;object-type=private" "${srcdir}/pkcs11-certs/ca.crt" "full URLs" -use_certificate_test $TOKEN $GNUTLS_PIN "$TOKEN;object=serv-cert" "$TOKEN;object=serv-key" "$srcdir/pkcs11-certs/ca.crt" "abbrv URLs" +use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/pkcs11-certs/ca.crt" "abbrv URLs" -if test $RETCODE = 0;then - echo "* All smart cards tests succeeded" +if test ${RETCODE} = 0;then + echo "* All smart cards tests succeeded" fi -rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub $TMPFILE +rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub "${TMPFILE}" exit 0 diff --git a/tests/suite/testpkcs11.pkcs15 b/tests/suite/testpkcs11.pkcs15 index d72163b16a..59c535e72f 100644 --- a/tests/suite/testpkcs11.pkcs15 +++ b/tests/suite/testpkcs11.pkcs15 @@ -20,27 +20,26 @@ init_card () { - PIN=$1 - PUK=$2 + PIN="$1" + PUK="$2" - echo -n "* Erasing smart card... " - pkcs15-init -E >$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - cat $TMPFILE - exit_error - fi + echo -n "* Erasing smart card... " + pkcs15-init -E >"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + cat "${TMPFILE}" + exit_error + fi - echo -n "* Initializing smart card... " - pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin $PIN --pin $PIN --puk $PUK --label "GnuTLS-Test" >$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - cat $TMPFILE - exit_error - fi + echo -n "* Initializing smart card... " + pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + cat "${TMPFILE}" + exit_error + fi } - diff --git a/tests/suite/testpkcs11.sc-hsm b/tests/suite/testpkcs11.sc-hsm index 03b86a408f..26ce485c7d 100644 --- a/tests/suite/testpkcs11.sc-hsm +++ b/tests/suite/testpkcs11.sc-hsm @@ -20,32 +20,31 @@ init_card () { - PIN=$1 - PUK=3537363231383830 - export GNUTLS_SO_PIN=$PUK + PIN="$1" + PUK=3537363231383830 + export GNUTLS_SO_PIN="${PUK}" - echo -n "* Erasing smart card... " - sc-hsm-tool --initialize --so-pin $PUK --pin $PIN --label=GnuTLS-Test >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + echo -n "* Erasing smart card... " + sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi - echo -n "* Initializing smart card... " - TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` - if test -z "$TOKEN";then - echo "Could not find initialized card" - exit_error - fi + echo -n "* Initializing smart card... " + TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` + if test -z "${TOKEN}";then + echo "Could not find initialized card" + exit_error + fi - $P11TOOL $ADDITIONAL_PARAM --initialize "$TOKEN" --set-so-pin $PUK --set-pin $PIN --label "GnuTLS-Test" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi } - diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm index c58dde106c..b444e62b05 100755 --- a/tests/suite/testpkcs11.softhsm +++ b/tests/suite/testpkcs11.softhsm @@ -19,57 +19,56 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. if test -f /usr/lib64/pkcs11/libsofthsm2.so;then - ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so" + ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so" else - if test -f /usr/lib/softhsm/libsofthsm.so;then - ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" - else - ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so" - fi + if test -f /usr/lib/softhsm/libsofthsm.so;then + ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" + else + ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so" + fi fi init_card () { - PIN=$1 - PUK=$2 + PIN="$1" + PUK="$2" - if test -x "/usr/bin/softhsm2-util";then - export SOFTHSM2_CONF="softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - $SOFTHSM_TOOL --version|grep "2.0.0b1" >/dev/null 2>&1 - if test $? = 0;then - echo "softhsm2-util 2.0.0b1 is broken" - exit 77 - fi - fi + if test -x "/usr/bin/softhsm2-util";then + export SOFTHSM2_CONF="softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/bin/softhsm2-util" + ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1 + if test $? = 0;then + echo "softhsm2-util 2.0.0b1 is broken" + exit 77 + fi + fi - if test -x "/usr/bin/softhsm";then - export SOFTHSM_CONF="softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - fi + if test -x "/usr/bin/softhsm";then + export SOFTHSM_CONF="softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/bin/softhsm" + fi - if test -z "$SOFTHSM_TOOL";then - echo "Could not find softhsm(2) tool" - exit 77 - fi + if test -z "${SOFTHSM_TOOL}";then + echo "Could not find softhsm(2) tool" + exit 77 + fi - if test -z "$SOFTHSM_CONF";then - rm -rf ./softhsm-testpkcs11.db - mkdir -p ./softhsm-testpkcs11.db - echo "objectstore.backend = file" > $SOFTHSM2_CONF - echo "directories.tokendir = ./softhsm-testpkcs11.db" >> $SOFTHSM2_CONF - else - rm -rf ./softhsm-testpkcs11.db - echo "0:./softhsm-testpkcs11.db" > $SOFTHSM_CONF - fi + if test -z "${SOFTHSM_CONF}";then + rm -rf ./softhsm-testpkcs11.db + mkdir -p ./softhsm-testpkcs11.db + echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" + echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" + else + rm -rf ./softhsm-testpkcs11.db + echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" + fi - echo -n "* Initializing smart card... " - $SOFTHSM_TOOL --init-token --slot 0 --label "GnuTLS-Test" --so-pin $PUK --pin $PIN >/dev/null #2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + echo -n "* Initializing smart card... " + ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit_error + fi } - diff --git a/tests/suite/testrandom b/tests/suite/testrandom index e682375cd9..894b2e9df3 100755 --- a/tests/suite/testrandom +++ b/tests/suite/testrandom @@ -20,10 +20,10 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -srcdir=${srcdir:-.} -CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi counter=0 @@ -32,58 +32,58 @@ file=test.out counter=0 echo "Testing verification with randomly generated certificates..." -while [ $counter -lt 400 ] +while [ ${counter} -lt 400 ] do - $srcdir/x509random.pl > $srcdir/$file - $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file --outfile $srcdir/$file.pem >/dev/null 2>&1 + "${srcdir}/x509random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1 if test $? != 0;then - continue + continue fi - cat $srcdir/$file.pem $srcdir/../certs/ca-cert-ecc.pem > $srcdir/$file-chain.pem + cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem" - $VALGRIND $CERTTOOL -e --infile $srcdir/$file-chain.pem >/dev/null 2>&1 + ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1 ret=$? - if [ $ret != 1 ];then - echo "Succeeded verification with $file-chain.pem!" - exit 1 + if [ ${ret} != 1 ];then + echo "Succeeded verification with ${file}-chain.pem!" + exit 1 fi - rm -f $srcdir/$file.pem $srcdir/$file-chain.pem + rm -f "${file}.pem" "${file}-chain.pem" - counter=`expr $counter + 1` + counter=`expr ${counter} + 1` done echo "Testing with randomly generated certificates..." -while [ $counter -lt 200 ] +while [ ${counter} -lt 200 ] do - $srcdir/x509random.pl > $srcdir/$file - $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file >/dev/null + "${srcdir}/x509random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null ret=$? - if [ $ret != 0 -a $ret != 1 ];then - echo "Unknown exit code with $file" - exit 1 + if [ ${ret} != 0 -a ${ret} != 1 ];then + echo "Unknown exit code with ${file}" + exit 1 fi - counter=`expr $counter + 1` + counter=`expr ${counter} + 1` done counter=0 echo "Testing with random ASN.1 data..." -while [ $counter -lt 200 ] +while [ ${counter} -lt 200 ] do - $srcdir/asn1random.pl > $srcdir/$file - $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file >/dev/null 2>/dev/null + "${srcdir}/asn1random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null ret=$? - if [ $ret != 0 -a $ret != 1 ];then - echo "Unknown exit code with $file" - exit 1 + if [ ${ret} != 0 -a ${ret} != 1 ];then + echo "Unknown exit code with ${file}" + exit 1 fi - counter=`expr $counter + 1` + counter=`expr ${counter} + 1` done -rm -f $srcdir/$file +rm -f "${file}" exit 0 diff --git a/tests/suite/testrng b/tests/suite/testrng index c780cf4540..16fb4d5010 100755 --- a/tests/suite/testrng +++ b/tests/suite/testrng @@ -29,7 +29,7 @@ VERSION=`dieharder -l|grep version|cut -d ' ' -f 6` if test "$1" = "full";then OPTIONS="-a" else - if test "$VERSION" = "2.28.1";then + if test "${VERSION}" = "2.28.1";then OPTIONS="-d 5" OPTIONS2="-d 10" else @@ -42,122 +42,122 @@ OUTFILE=rng.log RNGFILE=rng.out RNGFILE2=rng2.out -rm -f $OUTFILE -rm -f $RNGFILE -rm -f $RNGFILE2 +rm -f "${OUTFILE}" +rm -f "${RNGFILE}" +rm -f "${RNGFILE2}" -. $srcdir/../scripts/common.sh +. "${srcdir}/../scripts/common.sh" RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1` -if test -z "$RINPUTNO";then - echo "Cannot determine dieharder option for raw file input, assuming 201" - RINPUTNO=201 +if test -z "${RINPUTNO}";then + echo "Cannot determine dieharder option for raw file input, assuming 201" + RINPUTNO=201 fi echo "" echo "Testing nonce PRNG" -./rng nonce 64 $RNGFILE -./rng nonce 64 $RNGFILE2 -cmp $RNGFILE $RNGFILE2 >/dev/null 2>&1 +./rng nonce 64 "${RNGFILE}" +./rng nonce 64 "${RNGFILE2}" +cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1 ret=$? -if test $ret = 0;then - echo "numbers are repeated in nonce!" - exit 1 +if test ${ret} = 0;then + echo "numbers are repeated in nonce!" + exit 1 fi -./rng nonce 100000000 $RNGFILE +./rng nonce 100000000 "${RNGFILE}" -dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1 -if ! test -z "$OPTIONS2";then - dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1 +dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}";then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi -grep FAILED $OUTFILE >/dev/null 2>&1 +grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "$ret" = "0";then - echo "test failed for nonce" - exit 1 +if test "${ret}" = "0";then + echo "test failed for nonce" + exit 1 fi -grep PASSED $OUTFILE >/dev/null 2>&1 +grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "$ret" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0";then + echo "could not run dieharder test?" + exit 1 fi -cat $OUTFILE -rm -f $OUTFILE +cat "${OUTFILE}" +rm -f "${OUTFILE}" echo "" echo "Testing key PRNG" -./rng key 64 $RNGFILE -./rng key 64 $RNGFILE2 -cmp $RNGFILE $RNGFILE2 >/dev/null 2>&1 +./rng key 64 "${RNGFILE}" +./rng key 64 "${RNGFILE2}" +cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1 ret=$? -if test $ret = 0;then - echo "numbers are repeated in nonce!" - exit 1 +if test ${ret} = 0;then + echo "numbers are repeated in nonce!" + exit 1 fi -./rng key 100000000 $RNGFILE +./rng key 100000000 "${RNGFILE}" -dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1 -if ! test -z "$OPTIONS2";then - dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1 +dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}";then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi -grep FAILED $OUTFILE >/dev/null 2>&1 +grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "$ret" = "0";then - echo "test failed for key" - exit 1 +if test "${ret}" = "0";then + echo "test failed for key" + exit 1 fi -grep PASSED $OUTFILE >/dev/null 2>&1 +grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "$ret" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0";then + echo "could not run dieharder test?" + exit 1 fi -cat $OUTFILE -rm -f $OUTFILE +cat "${OUTFILE}" +rm -f "${OUTFILE}" echo "" echo "Testing /dev/zero PRNG" -dd if=/dev/zero of=$RNGFILE bs=4 count=10000000 >/dev/null 2>&1 +dd if=/dev/zero of="${RNGFILE}" bs=4 count=10000000 >/dev/null 2>&1 -dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1 -if ! test -z "$OPTIONS2";then - dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1 +dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}";then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi -grep PASSED $OUTFILE >/dev/null 2>&1 +grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "$ret" = "0";then - echo "test succeeded for /dev/zero!!!" - exit 1 +if test "${ret}" = "0";then + echo "test succeeded for /dev/zero!!!" + exit 1 fi -grep FAILED $OUTFILE >/dev/null 2>&1 +grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "$ret" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0";then + echo "could not run dieharder test?" + exit 1 fi -cat $OUTFILE -rm -f $OUTFILE -rm -f $RNGFILE -rm -f $RNGFILE2 +cat "${OUTFILE}" +rm -f "${OUTFILE}" +rm -f "${RNGFILE}" +rm -f "${RNGFILE2}" exit 0 diff --git a/tests/suite/testsrn b/tests/suite/testsrn index 826bb4a574..783ed9dbbf 100755 --- a/tests/suite/testsrn +++ b/tests/suite/testsrn @@ -21,79 +21,79 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q" -CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" +SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q" +CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" unset RETCODE if test "${WINDIR}" != "";then exit 77 fi -. $srcdir/../scripts/common.sh +. "${srcdir}/../scripts/common.sh" -PORT="${PORT:-$RPORT}" +PORT="${PORT:-${RPORT}}" echo "Checking Safe renegotiation" -launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 & +launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 & PID=$! -wait_server $PID +wait_server ${PID} -$CLI -p $PORT 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "0. Renegotiation should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "0. Renegotiation should have succeeded!" -$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "1. Safe rehandshake should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "1. Safe rehandshake should have succeeded!" -$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "2. Unsafe rehandshake should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "2. Unsafe rehandshake should have succeeded!" -$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "3. Unsafe negotiation should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "3. Unsafe negotiation should have succeeded!" -$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail $PID "4. Unsafe renegotiation should have failed!" +"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ + fail ${PID} "4. Unsafe renegotiation should have failed!" -kill $PID +kill ${PID} wait -launch_server $$ --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 & +launch_server $$ --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 & PID=$! -wait_server $PID +wait_server ${PID} -$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "5. Safe rehandshake should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "5. Safe rehandshake should have succeeded!" -$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "6. Unsafe rehandshake should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "6. Unsafe rehandshake should have succeeded!" -$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail $PID "7. Unsafe negotiation should have failed!" +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ + fail ${PID} "7. Unsafe negotiation should have failed!" -$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail $PID "8. Unsafe renegotiation should have failed!" +"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ + fail ${PID} "8. Unsafe renegotiation should have failed!" -kill $PID +kill ${PID} wait -launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 & +launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 & PID=$! -wait_server $PID +wait_server ${PID} -$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail $PID "9. Initial connection should have failed!" +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ + fail ${PID} "9. Initial connection should have failed!" -$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "10. Unsafe connection should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "10. Unsafe connection should have succeeded!" -$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "11. Unsafe negotiation should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "11. Unsafe negotiation should have succeeded!" -$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail $PID "12. Unsafe renegotiation should have succeeded!" +"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ + fail ${PID} "12. Unsafe renegotiation should have succeeded!" -kill $PID +kill ${PID} wait exit 0 |