diff options
| author | Alon Bar-Lev <alon.barlev@gmail.com> | 2015-06-21 20:42:12 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-06-24 21:47:29 +0200 |
| commit | 435deb84c9c27d22be04e6a598e874e0bd55ff5b (patch) | |
| tree | cf7562223e3481d66b45b34a7c058e07d6389592 /tests/suite | |
| parent | 503c0cb80bcc8d6194cb414e889c40f59161d81d (diff) | |
| download | gnutls-435deb84c9c27d22be04e6a598e874e0bd55ff5b.tar.gz | |
tests: tab indent + minor style changes
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Diffstat (limited to 'tests/suite')
| -rwxr-xr-x | tests/suite/certs/create-chain.sh | 128 | ||||
| -rwxr-xr-x | tests/suite/chain | 66 | ||||
| -rwxr-xr-x | tests/suite/crl-test | 12 | ||||
| -rwxr-xr-x | tests/suite/eagain | 12 | ||||
| -rwxr-xr-x | tests/suite/invalid-cert | 6 | ||||
| -rwxr-xr-x | tests/suite/testcompat-main-openssl | 1027 | ||||
| -rwxr-xr-x | tests/suite/testcompat-main-polarssl | 662 | ||||
| -rwxr-xr-x | tests/suite/testcompat-openssl | 16 | ||||
| -rwxr-xr-x | tests/suite/testcompat-polarssl | 10 | ||||
| -rwxr-xr-x | tests/suite/testdane | 52 | ||||
| -rwxr-xr-x | tests/suite/testpkcs11 | 616 | ||||
| -rw-r--r-- | tests/suite/testpkcs11.pkcs15 | 40 | ||||
| -rw-r--r-- | tests/suite/testpkcs11.sc-hsm | 48 | ||||
| -rwxr-xr-x | tests/suite/testpkcs11.softhsm | 86 | ||||
| -rwxr-xr-x | tests/suite/testrandom | 83 | ||||
| -rwxr-xr-x | tests/suite/testrng | 88 | ||||
| -rwxr-xr-x | tests/suite/testsrn | 30 |
17 files changed, 1514 insertions, 1468 deletions
diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh index 53f6087f37..9ae68a1d4d 100755 --- a/tests/suite/certs/create-chain.sh +++ b/tests/suite/certs/create-chain.sh @@ -6,9 +6,9 @@ TEMPLATE=tmpl NUM="$1" -if test "${NUM}" = "";then - echo "usage: $0 number" - exit 1 +if test "${NUM}" = ""; then + echo "usage: $0 number" + exit 1 fi LAST=`expr ${NUM} - 1` @@ -18,75 +18,73 @@ mkdir -p "${OUTPUT}" counter=0 while test ${counter} -lt ${NUM}; do - if test ${counter} = ${LAST};then - name="server-${counter}" - else - name="CA-${counter}" - fi - serial="${counter}" + if test ${counter} = ${LAST}; then + name="server-${counter}" + else + name="CA-${counter}" + fi + serial="${counter}" - - "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null - if test ${counter} = 0;then - # ROOT CA - echo "cn = ${name}" >"${TEMPLATE}" - echo "serial = ${serial}" >>"${TEMPLATE}" - echo "ca" >>"${TEMPLATE}" - echo "expiration_days = -1" >>"${TEMPLATE}" - echo "cert_signing_key" >>"${TEMPLATE}" - echo "ocsp_signing_key" >>"${TEMPLATE}" - echo "crl_signing_key" >>"${TEMPLATE}" - "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \ - "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null + "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null + if test ${counter} = 0; then + # ROOT CA + echo "cn = ${name}" >"${TEMPLATE}" + echo "serial = ${serial}" >>"${TEMPLATE}" + echo "ca" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "cert_signing_key" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + echo "crl_signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \ + "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null - echo "serial = ${serial}" >"${TEMPLATE}" - echo "expiration_days = -1" >>"${TEMPLATE}" - "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \ - "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null - else - if test ${counter} = ${LAST};then - # END certificate - echo "cn = ${name}" >"${TEMPLATE}" - echo "dns_name = localhost" >>"${TEMPLATE}" - echo "expiration_days = -1" >>"${TEMPLATE}" - echo "signing_key" >>"${TEMPLATE}" - echo "encryption_key" >>"${TEMPLATE}" - echo "ocsp_signing_key" >>"${TEMPLATE}" - "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ - --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ - --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ - --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null - else - # intermediate CA - echo "cn = ${name}" >"${TEMPLATE}" - echo "serial = ${serial}" >>"${TEMPLATE}" - echo "ca" >>"${TEMPLATE}" - echo "expiration_days = -1" >>"${TEMPLATE}" - echo "ocsp_signing_key" >>"${TEMPLATE}" - echo "cert_signing_key" >>"${TEMPLATE}" - echo "signing_key" >>"${TEMPLATE}" - "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ - --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ - --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ - --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null - fi - fi + echo "serial = ${serial}" >"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \ + "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null + else + if test ${counter} = ${LAST}; then + # END certificate + echo "cn = ${name}" >"${TEMPLATE}" + echo "dns_name = localhost" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "signing_key" >>"${TEMPLATE}" + echo "encryption_key" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ + --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ + --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ + --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null + else + # intermediate CA + echo "cn = ${name}" >"${TEMPLATE}" + echo "serial = ${serial}" >>"${TEMPLATE}" + echo "ca" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + echo "cert_signing_key" >>"${TEMPLATE}" + echo "signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ + --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ + --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ + --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null + fi + fi - counter=`expr ${counter} + 1` - prev_name=${name} + counter=`expr ${counter} + 1` + prev_name=${name} done counter=`expr ${NUM} - 1` while test ${counter} -ge 0; do - if test ${counter} = ${LAST};then - name="server-${counter}" - else - name="CA-${counter}" - fi + if test ${counter} = ${LAST}; then + name="server-${counter}" + else + name="CA-${counter}" + fi - cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain" - - counter=`expr ${counter} - 1` -done + cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain" + counter=`expr ${counter} - 1` +done diff --git a/tests/suite/chain b/tests/suite/chain index 4f00320f07..f67ad163da 100755 --- a/tests/suite/chain +++ b/tests/suite/chain @@ -34,39 +34,39 @@ RET=0 i=1 while test -d X509tests/test${i}; do - find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 2>/dev/null - find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null - if test "${i}" -gt 1; then - find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null - fi - find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null - "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1 - rc=$? - if test $rc != 0 && test $rc != 1; then - echo "Chain ${i} FATAL failure." - RET=1 - else - if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then - echo "Chain ${i} verification was skipped due to known bug." - elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then - if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then - echo "Chain ${i} verification failure UNEXPECTED." - RET=1 - else - echo "Chain ${i} verification success as expected." - fi - elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then - if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then - echo "Chain ${i} verification failure as expected." - else - echo "Chain ${i} verification success UNEXPECTED. " - RET=1 - fi - else - echo "Chain ${i} unclassified." - fi - fi - i=`expr ${i} + 1` + find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 2>/dev/null + find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + if test "${i}" -gt 1; then + find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + fi + find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1 + rc=$? + if test $rc != 0 && test $rc != 1; then + echo "Chain ${i} FATAL failure." + RET=1 + else + if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then + echo "Chain ${i} verification was skipped due to known bug." + elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then + if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then + echo "Chain ${i} verification failure UNEXPECTED." + RET=1 + else + echo "Chain ${i} verification success as expected." + fi + elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then + if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then + echo "Chain ${i} verification failure as expected." + else + echo "Chain ${i} verification success UNEXPECTED. " + RET=1 + fi + else + echo "Chain ${i} unclassified." + fi + fi + i=`expr ${i} + 1` done rm -f out diff --git a/tests/suite/crl-test b/tests/suite/crl-test index 228f74ef29..3a03c81e07 100755 --- a/tests/suite/crl-test +++ b/tests/suite/crl-test @@ -23,8 +23,8 @@ srcdir="${srcdir:-.}" DIFF="${DIFF:-diff}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi rm -f tmp-long.pem @@ -33,16 +33,16 @@ rc=$? # We're done. if test "${rc}" != "0"; then - echo "CRL decoding failed 1!" - exit ${rc} + echo "CRL decoding failed 1!" + exit ${rc} fi ${DIFF} "${srcdir}/crl/long.pem tmp-long.pem" || ${DIFF} --strip-trailing-cr "${srcdir}/crl/long.pem" tmp-long.pem rc=$? if test "${rc}" != "0"; then - echo "CRL decoding failed 2!" - exit ${rc} + echo "CRL decoding failed 2!" + exit ${rc} fi rm -f tmp-long.pem diff --git a/tests/suite/eagain b/tests/suite/eagain index d05bab9cb7..42bb991bdd 100755 --- a/tests/suite/eagain +++ b/tests/suite/eagain @@ -26,18 +26,18 @@ PORT="${PORT:-5445}" $SERV -p "${PORT}" --echo --priority "NORMAL:+ANON-DH" --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 & -pid=$! +PID=$! sleep 2 ./eagain-cli -if [ $? != 0 ];then - exit 1 +if [ $? != 0 ]; then + exit 1 fi -if [ "$pid" != "" ];then - kill $pid - wait +if [ "${PID}" != "" ]; then + kill ${PID} + wait fi exit 0 diff --git a/tests/suite/invalid-cert b/tests/suite/invalid-cert index a9e1f5ebef..00bf1e4e3b 100755 --- a/tests/suite/invalid-cert +++ b/tests/suite/invalid-cert @@ -22,8 +22,8 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi ${VALGRIND} "${CERTTOOL}" --certificate-info --inder --infile "${srcdir}/invalid-cert.der" 2>/dev/null @@ -31,7 +31,7 @@ rc=$? # We're done. if test "${rc}" != "1"; then - exit ${rc} + exit ${rc} fi exit 0 diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl index bac6026f6f..c463895e35 100755 --- a/tests/suite/testcompat-main-openssl +++ b/tests/suite/testcompat-main-openssl @@ -11,9 +11,9 @@ # Redistribution and use in source and binary forms, with or without modification, # are permitted provided that the following conditions are met: # -# 1. Redistributions of source code must retain the above copyright notice, this +# 1. Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright notice, +# 2. Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation and/or # other materials provided with the distribution. # 3. Neither the name of the copyright holder nor the names of its contributors may @@ -23,7 +23,7 @@ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT -# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN @@ -33,13 +33,13 @@ srcdir="${srcdir:-.}" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" unset RETCODE -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -if test "${WINDIR}" != "";then - exit 77 -fi +if test "${WINDIR}" != ""; then + exit 77 +fi . "${srcdir}/../scripts/common.sh" @@ -48,16 +48,16 @@ PORT="${PORT:-${RPORT}}" SERV=openssl OPENSSL_CLI="openssl" -if test -f /etc/debian_version;then - DEBIAN=1 +if test -f /etc/debian_version; then + DEBIAN=1 fi echo "Compatibility checks using "`${SERV} version` ${SERV} version|grep -e 1\.0 >/dev/null 2>&1 SV=$? -if test ${SV} != 0;then - echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests" - exit 77 +if test ${SV} != 0; then + echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests" + exit 77 fi ${SERV} version|grep -e 1\.0\.1 >/dev/null 2>&1 @@ -69,283 +69,283 @@ echo "#################################################" echo "# Client mode tests (gnutls cli-openssl server) #" echo "#################################################" -for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" -do - if ! test -z "${ADD}";then - echo "" - echo "** Modifier: ${ADD}" - fi - - if test "${DEBIAN}" != 1;then - - # It seems debian disabled SSL 3.0 completely on openssl - - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test SSL 3.0 with RSA ciphersuite - echo "Checking SSL 3.0 with RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test SSL 3.0 with DHE-RSA ciphersuite - echo "Checking SSL 3.0 with DHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test SSL 3.0 with DHE-DSS ciphersuite - echo "Checking SSL 3.0 with DHE-DSS..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 & - PID=$! - wait_server ${PID} - - echo "Checking SSL 3.0 with RSA-RC4-MD5..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - if test "${FIPS}" != 1;then - #-cipher RSA-NULL - launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with RSA-NULL ciphersuite - echo "Checking TLS 1.0 with RSA-NULL..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with RSA ciphersuite - echo "Checking TLS 1.0 with RSA and 3DES-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.0 with RSA and AES-128-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.0 with RSA and AES-256-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test TLS 1.0 with DHE-RSA ciphersuite - echo "Checking TLS 1.0 with DHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test TLS 1.0 with DHE-RSA ciphersuite - echo "Checking TLS 1.0 with ECDHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test TLS 1.0 with DHE-DSS ciphersuite - echo "Checking TLS 1.0 with DHE-DSS..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test "${FIPS}" != 1;then - - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with ECDHE-ECDSA ciphersuite - echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with ECDHE-ECDSA ciphersuite - echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test "${FIPS}" != 1;then - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with ECDHE-ECDSA ciphersuite - echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - #-cipher PSK - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.0 with PSK..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test ${SV2} = 0;then - # Tests requiring openssl 1.0.1 - TLS 1.2 - #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with RSA and AES-128-GCM..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.2 with RSA and AES-256-GCM..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.2 with DHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.2 with ECDHE-RSA..." - "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.2 with DHE-DSS..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test "${FIPS}" != 1;then - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)" - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)" - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test "${FIPS}" != 1;then - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)" - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi #FIPS - fi #SV2 - - #-cipher PSK - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with PSK..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & PID=$! - wait_server ${PID} - - # Test DTLS 1.0 with RSA ciphersuite - echo "Checking DTLS 1.0 with RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test DTLS 1.0 with DHE-RSA ciphersuite - echo "Checking DTLS 1.0 with DHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test DTLS 1.0 with DHE-DSS ciphersuite - echo "Checking DTLS 1.0 with DHE-DSS..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" +for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" + if ! test -z "${ADD}"; then + echo "" + echo "** Modifier: ${ADD}" + fi + + if test "${DEBIAN}" != 1; then + + # It seems debian disabled SSL 3.0 completely on openssl - kill ${PID} - wait + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test SSL 3.0 with RSA ciphersuite + echo "Checking SSL 3.0 with RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test SSL 3.0 with DHE-RSA ciphersuite + echo "Checking SSL 3.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test SSL 3.0 with DHE-DSS ciphersuite + echo "Checking SSL 3.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 & + PID=$! + wait_server ${PID} + + echo "Checking SSL 3.0 with RSA-RC4-MD5..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + if test "${FIPS}" != 1; then + #-cipher RSA-NULL + launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with RSA-NULL ciphersuite + echo "Checking TLS 1.0 with RSA-NULL..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with RSA ciphersuite + echo "Checking TLS 1.0 with RSA and 3DES-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and AES-128-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and AES-256-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-RSA ciphersuite + echo "Checking TLS 1.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-RSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-DSS ciphersuite + echo "Checking TLS 1.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher PSK + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.0 with PSK..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test ${SV2} = 0; then + # Tests requiring openssl 1.0.1 - TLS 1.2 + #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with RSA and AES-128-GCM..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with RSA and AES-256-GCM..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with ECDHE-RSA..." + "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi #FIPS + fi #SV2 + + #-cipher PSK + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with PSK..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with RSA ciphersuite + echo "Checking DTLS 1.0 with RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with DHE-RSA ciphersuite + echo "Checking DTLS 1.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with DHE-DSS ciphersuite + echo "Checking DTLS 1.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait done echo "Client mode tests were successfully completed" @@ -357,296 +357,319 @@ SERV="../../src/gnutls-serv${EXEEXT} -q" # Note that openssl s_client does not return error code on failure -for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" -do - if ! test -z "${ADD}";then - echo "" - echo "** Modifier: ${ADD}" - fi - - if test "${DEBIAN}" != 1;then - - echo "Check SSL 3.0 with RSA ciphersuite" - launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" - - echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" - - kill ${PID} - wait +for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"; do + if ! test -z "${ADD}"; then + echo "" + echo "** Modifier: ${ADD}" + fi - echo "Check SSL 3.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + if test "${DEBIAN}" != 1; then - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check SSL 3.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check SSL 3.0 with DHE-DSS ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + kill ${PID} + wait + echo "Check SSL 3.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - kill ${PID} - wait - fi + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - #TLS 1.0 + kill ${PID} + wait - # This test was disabled because it doesn't work as expected with openssl 1.0.0d - #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - #wait_server ${PID} - # - #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - # fail ${PID} "Failed" - # - #kill ${PID} - #wait + echo "Check SSL 3.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - if test "${FIPS}" != 1;then - echo "Check TLS 1.0 with RSA-NULL ciphersuite" - launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" - kill ${PID} - wait - fi + kill ${PID} + wait + fi - echo "Check TLS 1.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + #TLS 1.0 - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + # This test was disabled because it doesn't work as expected with openssl 1.0.0d + #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + #PID=$! + #wait_server ${PID} + # + #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait - kill ${PID} - wait + if test "${FIPS}" != 1; then + echo "Check TLS 1.0 with RSA-NULL ciphersuite" + launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with DHE-DSS ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + kill ${PID} + wait + fi - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-RSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - if test "${FIPS}" != 1;then - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait - fi + #-cipher ECDHE-RSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + if test "${FIPS}" != 1; then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait + fi - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - if test "${FIPS}" != 1;then - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait - fi + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi - echo "Check TLS 1.0 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.0 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - #-cipher PSK-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ - fail ${PID} "Failed" + #-cipher PSK-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - if test ${SV2} = 0;then + if test ${SV2} = 0; then - echo "Check TLS 1.2 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check TLS 1.2 with DHE-DSS ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-RSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-RSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - if test "${FIPS}" != 1;then - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + if test "${FIPS}" != 1; then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait - fi + kill ${PID} + wait + fi - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - if test "${FIPS}" != 1;then - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + if test "${FIPS}" != 1; then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait - fi + kill ${PID} + wait + fi - echo "Check TLS 1.2 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - #-cipher PSK-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ - fail ${PID} "Failed" + #-cipher PSK-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - fi #SV2 + fi #SV2 - # DTLS - echo "Check DTLS 1.0 with RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + # DTLS + echo "Check DTLS 1.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check DTLS 1.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check DTLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check DTLS 1.0 with DHE-DSS ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check DTLS 1.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait done exit 0 diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl index 74261b0802..bf49918cac 100755 --- a/tests/suite/testcompat-main-polarssl +++ b/tests/suite/testcompat-main-polarssl @@ -34,44 +34,44 @@ srcdir="${srcdir:-.}" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" LOGFILE=polarssl.log unset RETCODE -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi . "${srcdir}/../scripts/common.sh" PORT="${PORT:-${RPORT}}" TXT=`"${CLI}" --priority NORMAL --list|grep SECP224` -if test -z "${TXT}";then - ALL_CURVES=0 +if test -z "${TXT}"; then + ALL_CURVES=0 else - ALL_CURVES=1 + ALL_CURVES=1 fi echo "Compatibility checks using polarssl" for POLARSSL_CLI in \ - /usr/bin/polarssl_ssl_client2 \ - /usr/bin/mbedtls_ssl_client2 \ - /usr/libexec/mbedtls/ssl_client2 \ - ""; do - test -x "${POLARSSL_CLI}" && break + /usr/bin/polarssl_ssl_client2 \ + /usr/bin/mbedtls_ssl_client2 \ + /usr/libexec/mbedtls/ssl_client2 \ + ""; do + test -x "${POLARSSL_CLI}" && break done -if test -z "${POLARSSL_CLI}";then - echo "PolarSSL is required for this test to run" - exit 77 +if test -z "${POLARSSL_CLI}"; then + echo "PolarSSL is required for this test to run" + exit 77 fi "${POLARSSL_CLI}" >/dev/null 2>&1 -if test $? = 0;then - echo "PolarSSL 1.3.x is required for the tests to run" - exit 77 +if test $? = 0; then + echo "PolarSSL 1.3.x is required for the tests to run" + exit 77 fi @@ -85,330 +85,358 @@ SERV="../../src/gnutls-serv${EXEEXT} -q" rm -f "${LOGFILE}" -for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" -do - if ! test -z "${ADD}";then - echo "" - echo "** Modifier: ${ADD}" - fi +for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" + if ! test -z "${ADD}"; then + echo "" + echo "** Modifier: ${ADD}" + fi - # SSL 3.0 is disabled in debian's polarssl - if test 0 = 1;then - echo "Check SSL 3.0 with RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + # SSL 3.0 is disabled in debian's polarssl + if test 0 = 1; then + echo "Check SSL 3.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait + + echo "Check SSL 3.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - echo "Check SSL 3.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + kill ${PID} + wait - kill ${PID} - wait + # No DSS for polarssl + #echo "Check SSL 3.0 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + #PID=$! + #wait_server ${PID} + + #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait + fi + + #TLS 1.0 + + echo "Check TLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - # No DSS for polarssl - #echo "Check SSL 3.0 with DHE-DSS ciphersuite" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - #wait_server ${PID} + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - # fail ${PID} "Failed" - # - #kill ${PID} - #wait - fi + kill ${PID} + wait + + #echo "Check TLS 1.0 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + #PID=$! + #wait_server ${PID} + + #"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" + + #kill ${PID} + #wait + + echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-RSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.0 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - #TLS 1.0 + kill ${PID} + wait + + echo "Check TLS 1.0 with DHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - echo "Check TLS 1.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + kill ${PID} + wait + + echo "Check TLS 1.0 with ECDHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - #echo "Check TLS 1.0 with DHE-DSS ciphersuite" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - #wait_server ${PID} + kill ${PID} + wait - #"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - # fail ${PID} "Failed" + echo "Check TLS 1.0 with RSA-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - #kill ${PID} - #wait + #-cipher RSA-PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-RSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + if test ${ALL_CURVES} = 1; then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait + fi - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check TLS 1.0 with DHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + #echo "Check TLS 1.2 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + #PID=$! + #wait_server ${PID} + # + #"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait + + echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-RSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test ${ALL_CURVES} = 1; then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with DHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with ECDHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with RSA-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher RSA-PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.0 with RSA-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher RSA-PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test ${ALL_CURVES} = 1;then - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - #echo "Check TLS 1.2 with DHE-DSS ciphersuite" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - #wait_server ${PID} - # - #"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - # fail ${PID} "Failed" - # - #kill ${PID} - #wait - - echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-RSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test ${ALL_CURVES} = 1;then - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with DHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with ECDHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with RSA-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher RSA-PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait + kill ${PID} + wait done rm -f "${LOGFILE}" diff --git a/tests/suite/testcompat-openssl b/tests/suite/testcompat-openssl index 42b695d8e5..d7f9cc0e02 100755 --- a/tests/suite/testcompat-openssl +++ b/tests/suite/testcompat-openssl @@ -32,16 +32,16 @@ srcdir="${srcdir:-.}" -if ! test -x /usr/bin/openssl;then - echo "You need openssl to run this test" - exit 77 +if ! test -x /usr/bin/openssl; then + echo "You need openssl to run this test" + exit 77 fi /usr/bin/openssl version|grep fips >/dev/null 2>&1 -if test $? = 0;then - export FIPS=1 +if test $? = 0; then + export FIPS=1 else - export FIPS=0 + export FIPS=0 fi export TZ="UTC" @@ -49,8 +49,8 @@ export TZ="UTC" # Check for datefudge TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null` if test "${TSTAMP}" != "1158969600"; then - echo "You need datefudge to run this test" - exit 77 + echo "You need datefudge to run this test" + exit 77 fi datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl" diff --git a/tests/suite/testcompat-polarssl b/tests/suite/testcompat-polarssl index 41dd59f710..c4dfb361e0 100755 --- a/tests/suite/testcompat-polarssl +++ b/tests/suite/testcompat-polarssl @@ -37,14 +37,14 @@ export TZ="UTC" # Check for datefudge TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null` if test "${TSTAMP}" != "1158969600"; then - echo "You need datefudge to run this test" - exit 77 + echo "You need datefudge to run this test" + exit 77 fi cat /proc/cpuinfo|grep "model name"|grep "VIA Esther" >/dev/null 2>&1 -if test $? = 0;then - echo "PolarSSL is broken on VIA processors" - exit 77 +if test $? = 0; then + echo "PolarSSL is broken on VIA processors" + exit 77 fi datefudge "2012-09-2" "${srcdir}/testcompat-main-polarssl" diff --git a/tests/suite/testdane b/tests/suite/testdane index 2ec50dc186..12d3ce19e7 100755 --- a/tests/suite/testdane +++ b/tests/suite/testdane @@ -24,8 +24,8 @@ unset RETCODE # Unfortunately it is extremely fragile and fails 99% of the # time. -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi . "${srcdir}/../scripts/common.sh" @@ -37,30 +37,30 @@ echo "*** Testing good HTTPS hosts ***" # www.vulcano.cl dane.nox.su HOSTS="good.dane.verisignlabs.com www.freebsd.org www.kumari.net torproject.org fedoraproject.org" HOSTS="${HOSTS} nohats.ca" -for host in ${HOSTS};do - echo -n "${host}: " +for host in ${HOSTS}; do + echo -n "${host}: " - "${DANETOOL}" --check "${host}" >/dev/null 2>&1 - if [ $? != 0 ];then - echo "Error checking ${host}" - exit 1 - fi - echo "ok" + "${DANETOOL}" --check "${host}" >/dev/null 2>&1 + if [ $? != 0 ]; then + echo "Error checking ${host}" + exit 1 + fi + echo "ok" done echo "" echo "*** Testing good SMTP hosts ***" #HOSTS="dougbarton.us nlnetlabs.nl" HOSTS="nlnetlabs.nl" -for host in ${HOSTS};do - echo -n "${host}: " +for host in ${HOSTS}; do + echo -n "${host}: " - "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1 - if [ $? != 0 ];then - echo "Error checking ${host}" - exit 1 - fi - echo "ok" + "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1 + if [ $? != 0 ]; then + echo "Error checking ${host}" + exit 1 + fi + echo "ok" done echo "" @@ -69,14 +69,14 @@ echo "*** Testing bad HTTPS hosts ***" # used to work: dane-broken.rd.nic.fr HOSTS="bad-hash.dane.verisignlabs.com bad-params.dane.verisignlabs.com" HOSTS="${HOSTS} bad-sig.dane.verisignlabs.com" -for host in ${HOSTS};do - echo -n "${host}: " - "${DANETOOL}" --check "${host}" >/dev/null 2>&1 - if [ $? = 0 ];then - echo "Checking ${host} should have failed" - exit 1 - fi - echo "ok" +for host in ${HOSTS}; do + echo -n "${host}: " + "${DANETOOL}" --check "${host}" >/dev/null 2>&1 + if [ $? = 0 ]; then + echo "Checking ${host} should have failed" + exit 1 + fi + echo "ok" done diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11 index b301cc3dd0..53ae752041 100755 --- a/tests/suite/testpkcs11 +++ b/tests/suite/testpkcs11 @@ -26,15 +26,15 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" RETCODE=0 -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no" fi TMPFILE="testpkcs11.debug" CERTTOOL_PARAM="--stdout-info" -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi P11TOOL="${VALGRIND} ${P11TOOL} --batch" @@ -46,11 +46,11 @@ PORT="${PORT:-${RPORT}}" rm -f "${TMPFILE}" exit_error () { - echo "Check ${TMPFILE} for additional debugging information" - echo "" - echo "" - tail "${TMPFILE}" - exit 1 + echo "Check ${TMPFILE} for additional debugging information" + echo "" + echo "" + tail "${TMPFILE}" + exit 1 } # $1: token @@ -58,18 +58,18 @@ exit_error () { # $3: filename # ${srcdir}/pkcs11-certs/client.key write_privkey () { - export GNUTLS_PIN="$2" - filename="$3" - token="$1" - - echo -n "* Writing a client private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing a client private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } @@ -77,18 +77,18 @@ write_privkey () { # $2: PIN # $3: filename write_serv_privkey () { - export GNUTLS_PIN="$2" - filename="$3" - token="$1" - - echo -n "* Writing the server private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } @@ -96,18 +96,18 @@ write_serv_privkey () { # $2: PIN # $3: filename write_serv_cert () { - export GNUTLS_PIN="$2" - filename="$3" - token="$1" - - echo -n "* Writing the server certificate... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } @@ -115,48 +115,48 @@ write_serv_cert () { # $2: PIN # $3: bits generate_rsa_privkey () { - export GNUTLS_PIN="$2" - token="$1" - bits="$3" - - echo -n "* Generating RSA private key ("${bits}")... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit 1 - fi + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating RSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi } # $1: token # $2: PIN # $3: bits generate_temp_rsa_privkey () { - export GNUTLS_PIN="$2" - token="$1" - bits="$3" - - echo -n "* Generating RSA private key ("${bits}")... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 - if test $? = 0;then - RETCODE=0 - echo ok - else - echo failed - RETCODE=1 - fi - -# if test ${RETCODE} = 0;then + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating RSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0; then + RETCODE=0 + echo ok + else + echo failed + RETCODE=1 + fi + +# if test ${RETCODE} = 0; then # echo -n "* Testing private key flags... " # ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-keys "${token};object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>"${TMPFILE}" -# if test $? != 0;then +# if test $? != 0; then # echo failed # exit_error # fi # # grep CKA_WRAP tmp-client-2.pub >>"${TMPFILE}" 2>&1 -# if test $? != 0;then +# if test $? != 0; then # echo "failed (no CKA_WRAP)" # exit_error # else @@ -168,116 +168,116 @@ generate_temp_rsa_privkey () { # $1: token # $2: PIN delete_temp_privkey () { - export GNUTLS_PIN="$2" - token="$1" - type="$3" + export GNUTLS_PIN="$2" + token="$1" + type="$3" - test "${RETCODE}" = "0" || return + test "${RETCODE}" = "0" || return - echo -n "* Deleting private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1 + echo -n "* Deleting private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - RETCODE=1 - return - fi + if test $? != 0; then + echo failed + RETCODE=1 + return + fi - RETCODE=0 - echo ok + RETCODE=0 + echo ok } # $1: token # $2: PIN # $3: bits export_pubkey_of_privkey () { - export GNUTLS_PIN="$2" - token="$1" - bits="$3" - - echo -n "* Exporting public key of generated private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - exit 1 - fi - - ${DIFF} tmp-client.pub tmp-client-2.pub - if test $? != 0;then - echo keys differ - exit 1 - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Exporting public key of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo failed + exit 1 + fi + + ${DIFF} tmp-client.pub tmp-client-2.pub + if test $? != 0; then + echo keys differ + exit 1 + fi + + echo ok } # $1: token # $2: PIN change_id_of_privkey () { - export GNUTLS_PIN="$2" - token="$1" - - echo -n "* Change the CKA_ID of generated private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "ID didn't change" - exit_error - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Change the CKA_ID of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "ID didn't change" + exit_error + fi + + echo ok } # $1: token # $2: PIN change_label_of_privkey () { - export GNUTLS_PIN="$2" - token="$1" - - echo -n "* Change the CKA_LABEL of generated private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "label didn't change" - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Change the CKA_LABEL of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "label didn't change" + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + echo ok } # $1: token # $2: PIN # $3: bits generate_temp_ecc_privkey () { - export GNUTLS_PIN="$2" - token="$1" - bits="$3" - - echo -n "* Generating ECC private key (${bits})... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 - if test $? = 0;then - RETCODE=0 - echo ok - else - echo failed - RETCODE=1 - fi + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating ECC private key (${bits})... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0; then + RETCODE=0 + echo ok + else + echo failed + RETCODE=1 + fi } # $1: token @@ -288,109 +288,109 @@ generate_temp_ecc_privkey () { # Tests writing a certificate which corresponds to the given key, # as well as the CA certificate, and tries to export them. write_certificate_test () { - export GNUTLS_PIN="$2" - token="$1" - cakey="$3" - cacert="$4" - pubkey="$5" - - echo -n "* Generating client certificate... " - "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ - --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ - --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1 - - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Writing client certificate... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Checking whether ID was correctly set... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "ID was not set on copy" - exit_error - fi - echo ok - - echo -n "* Writing certificate of client's CA... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 - ret=$? - if test ${ret} != 0;then - ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 - ret=$? - fi - - if test ${ret} = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Testing certificate flags... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}" - if test $? != 0;then - echo failed - exit_error - fi - - grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "failed (no CKA_TRUSTED)" - #exit_error - fi - - grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)" - #exit_error - fi - - echo ok - - - echo -n "* Trying to obtain back the cert... " - ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1 - ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt" - if test $? != 0;then - echo "failed. Exported certificate differs (crt1.tmp)!" - exit_error - fi - rm -f crt1.tmp - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Trying to obtain the full chain... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1 - - cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp - ${DIFF} crt1.tmp crt2.tmp - if test $? != 0;then - echo "failed. Exported certificate chain differs!" - exit_error - fi - rm -f crt1.tmp crt2.tmp - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + token="$1" + cakey="$3" + cacert="$4" + pubkey="$5" + + echo -n "* Generating client certificate... " + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ + --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1 + + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Writing client certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Checking whether ID was correctly set... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "ID was not set on copy" + exit_error + fi + echo ok + + echo -n "* Writing certificate of client's CA... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 + ret=$? + if test ${ret} != 0; then + ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 + ret=$? + fi + + if test ${ret} = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Testing certificate flags... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}" + if test $? != 0; then + echo failed + exit_error + fi + + grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "failed (no CKA_TRUSTED)" + #exit_error + fi + + grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)" + #exit_error + fi + + echo ok + + + echo -n "* Trying to obtain back the cert... " + ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1 + ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt" + if test $? != 0; then + echo "failed. Exported certificate differs (crt1.tmp)!" + exit_error + fi + rm -f crt1.tmp + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Trying to obtain the full chain... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1 + + cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp + ${DIFF} crt1.tmp crt2.tmp + if test $? != 0; then + echo "failed. Exported certificate chain differs!" + exit_error + fi + rm -f crt1.tmp crt2.tmp + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } @@ -402,39 +402,39 @@ write_certificate_test () { # # Tests using a certificate and key pair using gnutls-serv and gnutls-cli. use_certificate_test () { - export GNUTLS_PIN="$2" - token="$1" - certfile="$3" - keyfile="$4" - cafile="$5" - txt="$6" - - echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " - # start server - launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ - --x509keyfile="$keyfile" --x509cafile="${cafile}" \ - --require-client-cert >>"${TMPFILE}" 2>&1 & - - PID=$! - wait_server ${PID} - - # connect to server using SC - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \ - fail ${PID} "Connection should have failed!" - - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ - --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ - fail ${PID} "Connection (with files) should have succeeded!" - - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ - --x509keyfile="${token};object=gnutls-client;object-type=private" \ - --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ - fail ${PID} "Connection (with SC) should have succeeded!" - - kill ${PID} - wait - - echo ok + export GNUTLS_PIN="$2" + token="$1" + certfile="$3" + keyfile="$4" + cafile="$5" + txt="$6" + + echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " + # start server + launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" \ + --require-client-cert >>"${TMPFILE}" 2>&1 & + + PID=$! + wait_server ${PID} + + # connect to server using SC + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \ + fail ${PID} "Connection should have failed!" + + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ + fail ${PID} "Connection (with files) should have succeeded!" + + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ + --x509keyfile="${token};object=gnutls-client;object-type=private" \ + --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ + fail ${PID} "Connection (with SC) should have succeeded!" + + kill ${PID} + wait + + echo ok } @@ -445,15 +445,15 @@ echo "Testing PKCS11 support" type="$1" -if test -z "${type}";then - echo "usage: $0: [pkcs15|softhsm|sc-hsm]" - if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then - echo "assuming 'softhsm'" - echo "" - type=softhsm - else - exit 1 - fi +if test -z "${type}"; then + echo "usage: $0: [pkcs15|softhsm|sc-hsm]" + if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util"; then + echo "assuming 'softhsm'" + echo "" + type=softhsm + else + exit 1 + fi fi @@ -468,9 +468,9 @@ init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}" TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` echo "* Token: ${TOKEN}" -if test "x${TOKEN}" = x;then - echo "Could not find generated token" - exit_error +if test "x${TOKEN}" = x; then + echo "Could not find generated token" + exit_error fi #write a given privkey @@ -499,8 +499,8 @@ use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert;objec use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/pkcs11-certs/ca.crt" "abbrv URLs" -if test ${RETCODE} = 0;then - echo "* All smart cards tests succeeded" +if test ${RETCODE} = 0; then + echo "* All smart cards tests succeeded" fi rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub "${TMPFILE}" diff --git a/tests/suite/testpkcs11.pkcs15 b/tests/suite/testpkcs11.pkcs15 index 59c535e72f..565282a312 100644 --- a/tests/suite/testpkcs11.pkcs15 +++ b/tests/suite/testpkcs11.pkcs15 @@ -20,26 +20,26 @@ init_card () { - PIN="$1" - PUK="$2" + PIN="$1" + PUK="$2" - echo -n "* Erasing smart card... " - pkcs15-init -E >"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - cat "${TMPFILE}" - exit_error - fi + echo -n "* Erasing smart card... " + pkcs15-init -E >"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + cat "${TMPFILE}" + exit_error + fi - echo -n "* Initializing smart card... " - pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - cat "${TMPFILE}" - exit_error - fi + echo -n "* Initializing smart card... " + pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + cat "${TMPFILE}" + exit_error + fi } diff --git a/tests/suite/testpkcs11.sc-hsm b/tests/suite/testpkcs11.sc-hsm index 26ce485c7d..f3eab685fb 100644 --- a/tests/suite/testpkcs11.sc-hsm +++ b/tests/suite/testpkcs11.sc-hsm @@ -20,31 +20,31 @@ init_card () { - PIN="$1" - PUK=3537363231383830 - export GNUTLS_SO_PIN="${PUK}" + PIN="$1" + PUK=3537363231383830 + export GNUTLS_SO_PIN="${PUK}" - echo -n "* Erasing smart card... " - sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + echo -n "* Erasing smart card... " + sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi - echo -n "* Initializing smart card... " - TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` - if test -z "${TOKEN}";then - echo "Could not find initialized card" - exit_error - fi + echo -n "* Initializing smart card... " + TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` + if test -z "${TOKEN}"; then + echo "Could not find initialized card" + exit_error + fi - ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm index b444e62b05..70badf14c2 100755 --- a/tests/suite/testpkcs11.softhsm +++ b/tests/suite/testpkcs11.softhsm @@ -18,57 +18,57 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -if test -f /usr/lib64/pkcs11/libsofthsm2.so;then - ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so" +if test -f /usr/lib64/pkcs11/libsofthsm2.so; then + ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so" else - if test -f /usr/lib/softhsm/libsofthsm.so;then - ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" - else - ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so" - fi + if test -f /usr/lib/softhsm/libsofthsm.so; then + ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" + else + ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so" + fi fi init_card () { - PIN="$1" - PUK="$2" + PIN="$1" + PUK="$2" - if test -x "/usr/bin/softhsm2-util";then - export SOFTHSM2_CONF="softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1 - if test $? = 0;then - echo "softhsm2-util 2.0.0b1 is broken" - exit 77 - fi - fi + if test -x "/usr/bin/softhsm2-util"; then + export SOFTHSM2_CONF="softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/bin/softhsm2-util" + ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1 + if test $? = 0; then + echo "softhsm2-util 2.0.0b1 is broken" + exit 77 + fi + fi - if test -x "/usr/bin/softhsm";then - export SOFTHSM_CONF="softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - fi + if test -x "/usr/bin/softhsm"; then + export SOFTHSM_CONF="softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/bin/softhsm" + fi - if test -z "${SOFTHSM_TOOL}";then - echo "Could not find softhsm(2) tool" - exit 77 - fi + if test -z "${SOFTHSM_TOOL}"; then + echo "Could not find softhsm(2) tool" + exit 77 + fi - if test -z "${SOFTHSM_CONF}";then - rm -rf ./softhsm-testpkcs11.db - mkdir -p ./softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" - else - rm -rf ./softhsm-testpkcs11.db - echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" - fi + if test -z "${SOFTHSM_CONF}"; then + rm -rf ./softhsm-testpkcs11.db + mkdir -p ./softhsm-testpkcs11.db + echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" + echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" + else + rm -rf ./softhsm-testpkcs11.db + echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" + fi - echo -n "* Initializing smart card... " - ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + echo -n "* Initializing smart card... " + ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } diff --git a/tests/suite/testrandom b/tests/suite/testrandom index 894b2e9df3..79b90d32c0 100755 --- a/tests/suite/testrandom +++ b/tests/suite/testrandom @@ -22,8 +22,8 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi counter=0 @@ -32,56 +32,53 @@ file=test.out counter=0 echo "Testing verification with randomly generated certificates..." -while [ ${counter} -lt 400 ] -do - "${srcdir}/x509random.pl" > "${file}" - ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1 - if test $? != 0;then - continue - fi - - cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem" - - ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1 - ret=$? - if [ ${ret} != 1 ];then - echo "Succeeded verification with ${file}-chain.pem!" - exit 1 - fi - rm -f "${file}.pem" "${file}-chain.pem" - - counter=`expr ${counter} + 1` +while [ ${counter} -lt 400 ]; do + "${srcdir}/x509random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1 + if test $? != 0; then + continue + fi + + cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem" + + ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1 + ret=$? + if [ ${ret} != 1 ]; then + echo "Succeeded verification with ${file}-chain.pem!" + exit 1 + fi + rm -f "${file}.pem" "${file}-chain.pem" + + counter=`expr ${counter} + 1` done echo "Testing with randomly generated certificates..." -while [ ${counter} -lt 200 ] -do - "${srcdir}/x509random.pl" > "${file}" - ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null - ret=$? - if [ ${ret} != 0 -a ${ret} != 1 ];then - echo "Unknown exit code with ${file}" - exit 1 - fi - - counter=`expr ${counter} + 1` +while [ ${counter} -lt 200 ]; do + "${srcdir}/x509random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null + ret=$? + if [ ${ret} != 0 -a ${ret} != 1 ]; then + echo "Unknown exit code with ${file}" + exit 1 + fi + + counter=`expr ${counter} + 1` done counter=0 echo "Testing with random ASN.1 data..." -while [ ${counter} -lt 200 ] -do - "${srcdir}/asn1random.pl" > "${file}" - ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null - ret=$? - if [ ${ret} != 0 -a ${ret} != 1 ];then - echo "Unknown exit code with ${file}" - exit 1 - fi - - counter=`expr ${counter} + 1` +while [ ${counter} -lt 200 ]; do + "${srcdir}/asn1random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null + ret=$? + if [ ${ret} != 0 -a ${ret} != 1 ]; then + echo "Unknown exit code with ${file}" + exit 1 + fi + + counter=`expr ${counter} + 1` done rm -f "${file}" diff --git a/tests/suite/testrng b/tests/suite/testrng index 16fb4d5010..c45c9300eb 100755 --- a/tests/suite/testrng +++ b/tests/suite/testrng @@ -20,22 +20,22 @@ srcdir="${srcdir:-.}" -if ! test -x "/usr/bin/dieharder";then - exit 77 +if ! test -x "/usr/bin/dieharder"; then + exit 77 fi VERSION=`dieharder -l|grep version|cut -d ' ' -f 6` -if test "$1" = "full";then - OPTIONS="-a" +if test "$1" = "full"; then + OPTIONS="-a" else - if test "${VERSION}" = "2.28.1";then - OPTIONS="-d 5" - OPTIONS2="-d 10" - else - OPTIONS="-d 202" - OPTIONS2="-d 10" - fi + if test "${VERSION}" = "2.28.1"; then + OPTIONS="-d 5" + OPTIONS2="-d 10" + else + OPTIONS="-d 202" + OPTIONS2="-d 10" + fi fi OUTFILE=rng.log @@ -51,9 +51,9 @@ rm -f "${RNGFILE2}" RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1` -if test -z "${RINPUTNO}";then - echo "Cannot determine dieharder option for raw file input, assuming 201" - RINPUTNO=201 +if test -z "${RINPUTNO}"; then + echo "Cannot determine dieharder option for raw file input, assuming 201" + RINPUTNO=201 fi echo "" @@ -64,31 +64,31 @@ echo "Testing nonce PRNG" cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1 ret=$? -if test ${ret} = 0;then - echo "numbers are repeated in nonce!" - exit 1 +if test ${ret} = 0; then + echo "numbers are repeated in nonce!" + exit 1 fi ./rng nonce 100000000 "${RNGFILE}" dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 -if ! test -z "${OPTIONS2}";then - dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}"; then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" = "0";then - echo "test failed for nonce" - exit 1 +if test "${ret}" = "0"; then + echo "test failed for nonce" + exit 1 fi grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0"; then + echo "could not run dieharder test?" + exit 1 fi cat "${OUTFILE}" @@ -101,32 +101,32 @@ echo "Testing key PRNG" cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1 ret=$? -if test ${ret} = 0;then - echo "numbers are repeated in nonce!" - exit 1 +if test ${ret} = 0; then + echo "numbers are repeated in nonce!" + exit 1 fi ./rng key 100000000 "${RNGFILE}" dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 -if ! test -z "${OPTIONS2}";then - dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}"; then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" = "0";then - echo "test failed for key" - exit 1 +if test "${ret}" = "0"; then + echo "test failed for key" + exit 1 fi grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0"; then + echo "could not run dieharder test?" + exit 1 fi cat "${OUTFILE}" @@ -136,23 +136,23 @@ echo "Testing /dev/zero PRNG" dd if=/dev/zero of="${RNGFILE}" bs=4 count=10000000 >/dev/null 2>&1 dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 -if ! test -z "${OPTIONS2}";then - dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}"; then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" = "0";then - echo "test succeeded for /dev/zero!!!" - exit 1 +if test "${ret}" = "0"; then + echo "test succeeded for /dev/zero!!!" + exit 1 fi grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0"; then + echo "could not run dieharder test?" + exit 1 fi cat "${OUTFILE}" diff --git a/tests/suite/testsrn b/tests/suite/testsrn index 783ed9dbbf..3ea2c1506e 100755 --- a/tests/suite/testsrn +++ b/tests/suite/testsrn @@ -25,8 +25,8 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" unset RETCODE -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi . "${srcdir}/../scripts/common.sh" @@ -40,19 +40,19 @@ PID=$! wait_server ${PID} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "0. Renegotiation should have succeeded!" + fail ${PID} "0. Renegotiation should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "1. Safe rehandshake should have succeeded!" + fail ${PID} "1. Safe rehandshake should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "2. Unsafe rehandshake should have succeeded!" + fail ${PID} "2. Unsafe rehandshake should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "3. Unsafe negotiation should have succeeded!" + fail ${PID} "3. Unsafe negotiation should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail ${PID} "4. Unsafe renegotiation should have failed!" + fail ${PID} "4. Unsafe renegotiation should have failed!" kill ${PID} @@ -63,16 +63,16 @@ PID=$! wait_server ${PID} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "5. Safe rehandshake should have succeeded!" + fail ${PID} "5. Safe rehandshake should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "6. Unsafe rehandshake should have succeeded!" + fail ${PID} "6. Unsafe rehandshake should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail ${PID} "7. Unsafe negotiation should have failed!" + fail ${PID} "7. Unsafe negotiation should have failed!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail ${PID} "8. Unsafe renegotiation should have failed!" + fail ${PID} "8. Unsafe renegotiation should have failed!" kill ${PID} wait @@ -82,16 +82,16 @@ PID=$! wait_server ${PID} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail ${PID} "9. Initial connection should have failed!" + fail ${PID} "9. Initial connection should have failed!" "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "10. Unsafe connection should have succeeded!" + fail ${PID} "10. Unsafe connection should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "11. Unsafe negotiation should have succeeded!" + fail ${PID} "11. Unsafe negotiation should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "12. Unsafe renegotiation should have succeeded!" + fail ${PID} "12. Unsafe renegotiation should have succeeded!" kill ${PID} wait |