diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-05 15:46:27 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-06 09:52:35 +0100 |
| commit | bf70160547204d5db0890c7ccd8d3013e72b7a07 (patch) | |
| tree | 70b855996c47e58deecea8e99879f0235e0f4223 /tests/suite/testcompat-main | |
| parent | 6c0190253c100195b0c0237e37e955e1e9cccd1b (diff) | |
| download | gnutls-bf70160547204d5db0890c7ccd8d3013e72b7a07.tar.gz | |
tests: separated the two testcompat tests (openssl/polarssl)
Diffstat (limited to 'tests/suite/testcompat-main')
| -rwxr-xr-x | tests/suite/testcompat-main | 603 |
1 files changed, 0 insertions, 603 deletions
diff --git a/tests/suite/testcompat-main b/tests/suite/testcompat-main deleted file mode 100755 index 7ac9d4357f..0000000000 --- a/tests/suite/testcompat-main +++ /dev/null @@ -1,603 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2010-2012 Free Software Foundation, Inc. -# -# Author: Nikos Mavrogiannopoulos -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -srcdir="${srcdir:-.}" -CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" -unset RETCODE -if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" -fi - -if test "${WINDIR}" != "";then - exit 77 -fi - -. $srcdir/../scripts/common.sh - -PORT="${PORT:-$RPORT}" - -SERV=openssl -OPENSSL_CLI="openssl" - -echo "Compatibility checks using "`$SERV version` -$SERV version|grep -e 1\.0 >/dev/null 2>&1 -SV=$? -if test $SV != 0;then - echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests" - exit 77 -fi - -$SERV version|grep -e 1\.0\.1 >/dev/null 2>&1 -SV2=$? - -. ./testcompat-common - -echo "#################################################" -echo "# Client mode tests (gnutls cli-openssl server) #" -echo "#################################################" - -for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" -do - -if ! test -z "$ADD";then -echo "" -echo "** Modifier: $ADD" -fi - -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test SSL 3.0 with RSA ciphersuite -echo "Checking SSL 3.0 with RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test SSL 3.0 with DHE-RSA ciphersuite -echo "Checking SSL 3.0 with DHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test SSL 3.0 with DHE-DSS ciphersuite -echo "Checking SSL 3.0 with DHE-DSS..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - - -if test "$FIPS" != 1;then -#-cipher RSA-NULL -launch_bare_server $$ s_server -cipher NULL -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with RSA-NULL ciphersuite -echo "Checking TLS 1.0 with RSA-NULL..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait -fi - -#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with RSA ciphersuite -echo "Checking TLS 1.0 with RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test TLS 1.0 with DHE-RSA ciphersuite -echo "Checking TLS 1.0 with DHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test TLS 1.0 with DHE-RSA ciphersuite -echo "Checking TLS 1.0 with ECDHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -# Test TLS 1.0 with DHE-DSS ciphersuite -echo "Checking TLS 1.0 with DHE-DSS..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then - -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with ECDHE-ECDSA ciphersuite -echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -fi - -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with ECDHE-ECDSA ciphersuite -echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -# Test TLS 1.0 with ECDHE-ECDSA ciphersuite -echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -fi - -#-cipher PSK -launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & -PID=$! -wait_server $PID - -echo "Checking TLS 1.0 with PSK..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK$ADD" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test $SV2 = 0;then -# Tests requiring openssl 1.0.1 - TLS 1.2 -#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.2 with DHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.2 with ECDHE-RSA..." -$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -echo "Checking TLS 1.2 with DHE-DSS..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)" -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait -fi - -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)" -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -#-cipher ECDHE-ECDSA-AES128-SHA -launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)" -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait -fi #FIPS - -fi #SV2 - -#-cipher PSK -launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1_2 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & -PID=$! -wait_server $PID - -echo "Checking TLS 1.2 with PSK..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test DTLS 1.0 with RSA ciphersuite -echo "Checking DTLS 1.0 with RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test DTLS 1.0 with DHE-RSA ciphersuite -echo "Checking DTLS 1.0 with DHE-RSA..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & -PID=$! -wait_server $PID - -# Test DTLS 1.0 with DHE-DSS ciphersuite -echo "Checking DTLS 1.0 with DHE-DSS..." -$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ - fail $PID "Failed" - -kill $PID -wait - -done - -echo "Client mode tests were successfully completed" -echo "" -echo "###############################################" -echo "# Server mode tests (gnutls server-openssl cli#" -echo "###############################################" -SERV="../../src/gnutls-serv$EXEEXT -q" - -# Note that openssl s_client does not return error code on failure - -for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" -do - -if ! test -z "$ADD";then -echo "" -echo "** Modifier: $ADD" -fi - -echo "Check SSL 3.0 with RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID - -$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -echo "Check SSL 3.0 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID - -$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -echo "Check SSL 3.0 with DHE-DSS ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -wait_server $PID - -$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -#TLS 1.0 - -# This test was disabled because it doesn't work as expected with openssl 1.0.0d -#echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" -#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -#wait_server $PID -# -#$OPENSSL_CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ -# fail $PID "Failed" -# -#kill $PID -#wait - -if test "$FIPS" != 1;then -echo "Check TLS 1.0 with RSA-NULL ciphersuite" -launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID - -$OPENSSL_CLI s_client -cipher NULL-SHA -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait -fi - -echo "Check TLS 1.0 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID - -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -echo "Check TLS 1.0 with DHE-DSS ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -wait_server $PID - -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-RSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait -fi - -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait -fi - -echo "Check TLS 1.0 with PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID - -#-cipher PSK-AES128-SHA -$OPENSSL_CLI s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \ - fail $PID "Failed" - -kill $PID -wait - -if test $SV2 = 0;then - -echo "Check TLS 1.2 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID - -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -echo "Check TLS 1.2 with DHE-DSS ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -wait_server $PID - -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-RSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait -fi - -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -if test "$FIPS" != 1;then -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! -wait_server $PID - -#-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait -fi - -echo "Check TLS 1.2 with PSK ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! -wait_server $PID - -#-cipher PSK-AES128-SHA -$OPENSSL_CLI s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \ - fail $PID "Failed" - -kill $PID -wait - -fi #SV2 - -# DTLS -echo "Check DTLS 1.0 with RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID - - -$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - - -echo "Check DTLS 1.0 with DHE-RSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! -wait_server $PID - - - -$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - - -echo "Check DTLS 1.0 with DHE-DSS ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS$ADD" --udp --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! -wait_server $PID - - -$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ - fail $PID "Failed" - -kill $PID -wait - -done - -exit 0 |