summaryrefslogtreecommitdiff
path: root/tests/suite/testcompat-main-openssl
diff options
context:
space:
mode:
Diffstat (limited to 'tests/suite/testcompat-main-openssl')
-rwxr-xr-xtests/suite/testcompat-main-openssl603
1 files changed, 603 insertions, 0 deletions
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
new file mode 100755
index 0000000000..7ac9d4357f
--- /dev/null
+++ b/tests/suite/testcompat-main-openssl
@@ -0,0 +1,603 @@
+#!/bin/sh
+
+# Copyright (C) 2010-2012 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+unset RETCODE
+if ! test -z "${VALGRIND}";then
+VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${WINDIR}" != "";then
+ exit 77
+fi
+
+. $srcdir/../scripts/common.sh
+
+PORT="${PORT:-$RPORT}"
+
+SERV=openssl
+OPENSSL_CLI="openssl"
+
+echo "Compatibility checks using "`$SERV version`
+$SERV version|grep -e 1\.0 >/dev/null 2>&1
+SV=$?
+if test $SV != 0;then
+ echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
+ exit 77
+fi
+
+$SERV version|grep -e 1\.0\.1 >/dev/null 2>&1
+SV2=$?
+
+. ./testcompat-common
+
+echo "#################################################"
+echo "# Client mode tests (gnutls cli-openssl server) #"
+echo "#################################################"
+
+for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+do
+
+if ! test -z "$ADD";then
+echo ""
+echo "** Modifier: $ADD"
+fi
+
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test SSL 3.0 with RSA ciphersuite
+echo "Checking SSL 3.0 with RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+# Test SSL 3.0 with DHE-RSA ciphersuite
+echo "Checking SSL 3.0 with DHE-RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+# Test SSL 3.0 with DHE-DSS ciphersuite
+echo "Checking SSL 3.0 with DHE-DSS..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+
+if test "$FIPS" != 1;then
+#-cipher RSA-NULL
+launch_bare_server $$ s_server -cipher NULL -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with RSA-NULL ciphersuite
+echo "Checking TLS 1.0 with RSA-NULL..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+fi
+
+#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with RSA ciphersuite
+echo "Checking TLS 1.0 with RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+# Test TLS 1.0 with DHE-RSA ciphersuite
+echo "Checking TLS 1.0 with DHE-RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+# Test TLS 1.0 with DHE-RSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+# Test TLS 1.0 with DHE-DSS ciphersuite
+echo "Checking TLS 1.0 with DHE-DSS..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test "$FIPS" != 1;then
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+fi
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test "$FIPS" != 1;then
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+fi
+
+#-cipher PSK
+launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+PID=$!
+wait_server $PID
+
+echo "Checking TLS 1.0 with PSK..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK$ADD" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test $SV2 = 0;then
+# Tests requiring openssl 1.0.1 - TLS 1.2
+#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+echo "Checking TLS 1.2 with RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+echo "Checking TLS 1.2 with DHE-RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+echo "Checking TLS 1.2 with ECDHE-RSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+echo "Checking TLS 1.2 with DHE-DSS..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test "$FIPS" != 1;then
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+fi
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test "$FIPS" != 1;then
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+fi #FIPS
+
+fi #SV2
+
+#-cipher PSK
+launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1_2 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+PID=$!
+wait_server $PID
+
+echo "Checking TLS 1.2 with PSK..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test DTLS 1.0 with RSA ciphersuite
+echo "Checking DTLS 1.0 with RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test DTLS 1.0 with DHE-RSA ciphersuite
+echo "Checking DTLS 1.0 with DHE-RSA..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test DTLS 1.0 with DHE-DSS ciphersuite
+echo "Checking DTLS 1.0 with DHE-DSS..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+done
+
+echo "Client mode tests were successfully completed"
+echo ""
+echo "###############################################"
+echo "# Server mode tests (gnutls server-openssl cli#"
+echo "###############################################"
+SERV="../../src/gnutls-serv$EXEEXT -q"
+
+# Note that openssl s_client does not return error code on failure
+
+for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+do
+
+if ! test -z "$ADD";then
+echo ""
+echo "** Modifier: $ADD"
+fi
+
+echo "Check SSL 3.0 with RSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+wait_server $PID
+
+$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+wait_server $PID
+
+$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
+wait_server $PID
+
+$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+#TLS 1.0
+
+# This test was disabled because it doesn't work as expected with openssl 1.0.0d
+#echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
+#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+#wait_server $PID
+#
+#$OPENSSL_CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+# fail $PID "Failed"
+#
+#kill $PID
+#wait
+
+if test "$FIPS" != 1;then
+echo "Check TLS 1.0 with RSA-NULL ciphersuite"
+launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+wait_server $PID
+
+$OPENSSL_CLI s_client -cipher NULL-SHA -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+fi
+
+echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+wait_server $PID
+
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
+wait_server $PID
+
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-RSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test "$FIPS" != 1;then
+echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+fi
+
+echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test "$FIPS" != 1;then
+echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+fi
+
+echo "Check TLS 1.0 with PSK ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
+wait_server $PID
+
+#-cipher PSK-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test $SV2 = 0;then
+
+echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+wait_server $PID
+
+$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
+wait_server $PID
+
+$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-RSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test "$FIPS" != 1;then
+echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+fi
+
+echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+if test "$FIPS" != 1;then
+echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+fi
+
+echo "Check TLS 1.2 with PSK ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
+wait_server $PID
+
+#-cipher PSK-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+fi #SV2
+
+# DTLS
+echo "Check DTLS 1.0 with RSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+wait_server $PID
+
+
+$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+
+echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+wait_server $PID
+
+
+
+$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+
+echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS$ADD" --udp --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
+wait_server $PID
+
+
+$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+done
+
+exit 0
View Lorry Controller Status