diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-04-11 14:35:32 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-04-19 08:56:54 +0200 |
| commit | 96a5dd4fa8e9c7b1d45fe934ec7829d494dbd372 (patch) | |
| tree | 7538ef2dfeebced514c85893a5339a27265b13d6 /tests | |
| parent | 89c975cc25d4e7c5040a3f657b732dd1704bfb2b (diff) | |
| download | gnutls-96a5dd4fa8e9c7b1d45fe934ec7829d494dbd372.tar.gz | |
serv, cli: add --keymatexport option
This adds --keymatexport and --keymatexportsize options to both
gnutls-serv and gnutls-cli. Those would be useful for testing
interoperability with other implementations.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/scripts/common.sh | 4 | ||||
| -rwxr-xr-x | tests/suite/testcompat-tls13-openssl.sh | 22 |
2 files changed, 24 insertions, 2 deletions
diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh index 1cce09d04e..a714bcd608 100644 --- a/tests/scripts/common.sh +++ b/tests/scripts/common.sh @@ -158,7 +158,7 @@ launch_server() { shift wait_for_free_port ${PORT} - ${SERV} ${DEBUG} -p "${PORT}" $* >/dev/null & + ${SERV} ${DEBUG} -p "${PORT}" $* >${LOGFILE-/dev/null} & } launch_pkcs11_server() { @@ -177,7 +177,7 @@ launch_bare_server() { shift wait_for_free_port ${PORT} - ${SERV} $* >/dev/null & + ${SERV} $* >${LOGFILE-/dev/null} & } wait_server() { diff --git a/tests/suite/testcompat-tls13-openssl.sh b/tests/suite/testcompat-tls13-openssl.sh index 27ca3826e3..6d17941b8e 100755 --- a/tests/suite/testcompat-tls13-openssl.sh +++ b/tests/suite/testcompat-tls13-openssl.sh @@ -264,6 +264,28 @@ run_client_suite() { kill ${PID} wait + # Try exporting keying material + echo_cmd "${PREFIX}Checking TLS 1.3 to export keying material..." + testdir=`create_testdir tls13-openssl-keymatexport` + eval "${GETPORT}" + LOGFILE="${testdir}/server.out" + launch_bare_server $$ s_server -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -CAfile "${CA_CERT}" -keymatexport label -keymatexportlen 20 + unset LOGFILE + PID=$! + wait_server ${PID} + + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL${ADD}" --keymatexport label --keymatexportsize 20| tee "${testdir}/client.out" >> ${OUTPUT} + grep '^- Key material: ' "${testdir}/client.out" | \ + sed -e 's/^.*: //' -e 'y/abcdef/ABCDEF/' > "${testdir}/client.key" || \ + fail ${PID} "Failed" + grep '^ Keying material: ' "${testdir}/server.out" | \ + sed -e 's/^.*: //' -e 'y/abcdef/ABCDEF/' > "${testdir}/server.key" || \ + fail ${PID} "Failed" + diff "${testdir}/client.key" "${testdir}/server.key" || \ + fail ${PID} "Failed" + kill ${PID} + wait + rm -rf "${testdir}" } |