|
Packit |
aea12f |
#!/bin/sh
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Copyright (C) 2017 Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# This file is part of GnuTLS.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# GnuTLS is free software; you can redistribute it and/or modify it
|
|
Packit |
aea12f |
# under the terms of the GNU General Public License as published by the
|
|
Packit |
aea12f |
# Free Software Foundation; either version 3 of the License, or (at
|
|
Packit |
aea12f |
# your option) any later version.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
# General Public License for more details.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# You should have received a copy of the GNU General Public License
|
|
Packit |
aea12f |
# along with GnuTLS; if not, write to the Free Software Foundation,
|
|
Packit |
aea12f |
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
srcdir="${srcdir:-.}"
|
|
Packit |
aea12f |
SERV="${SERV:-../src/gnutls-serv${EXEEXT}}"
|
|
Packit |
aea12f |
CLI="${CLI:-../src/gnutls-cli${EXEEXT}}"
|
|
Packit |
aea12f |
unset RETCODE
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -x "${SERV}"; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -x "${CLI}"; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${WINDIR}" != ""; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -z "${VALGRIND}"; then
|
|
Packit |
aea12f |
VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SERV="${SERV} -q"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
. "${srcdir}/scripts/common.sh"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
check_for_datefudge
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking whether server can utilize multiple keys"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem
|
|
Packit |
aea12f |
CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem
|
|
Packit |
aea12f |
KEY2=${srcdir}/../doc/credentials/x509/key-ecc.pem
|
|
Packit |
aea12f |
CERT2=${srcdir}/../doc/credentials/x509/cert-ecc.pem
|
|
Packit |
aea12f |
KEY3=${srcdir}/../doc/credentials/x509/key-rsa-pss.pem
|
|
Packit |
aea12f |
CERT3=${srcdir}/../doc/credentials/x509/cert-rsa-pss.pem
|
|
Packit |
aea12f |
CAFILE=${srcdir}/../doc/credentials/x509/ca.pem
|
|
Packit |
aea12f |
TMPFILE=outcert.$$.tmp
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA" --x509keyfile ${KEY1} --x509certfile ${CERT1} \
|
|
Packit |
aea12f |
--x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3}
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
timeout 1800 datefudge "2017-08-9" \
|
|
Packit |
aea12f |
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA"
|
|
Packit |
aea12f |
fail ${PID} "1. handshake with RSA should have succeeded!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
timeout 1800 datefudge "2017-08-9" \
|
|
Packit |
aea12f |
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-ECDSA"
|
|
Packit |
aea12f |
fail ${PID} "2. handshake with ECC should have succeeded!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
timeout 1800 datefudge "2017-08-9" \
|
|
Packit |
aea12f |
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-SHA256" --save-cert ${TMPFILE}
|
|
Packit |
aea12f |
fail ${PID} "3. handshake with RSA should have succeeded!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
cmp ${TMPFILE} ${CERT1}
|
|
Packit |
aea12f |
if test $? != 0;then
|
|
Packit |
aea12f |
fail ${PID} "3. the certificate used by server was not the expected"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
timeout 1800 datefudge "2017-08-9" \
|
|
Packit |
aea12f |
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA:+SIGN-RSA-SHA256:+SIGN-RSA-PSS-RSAE-SHA256" --save-cert ${TMPFILE}
|
|
Packit |
aea12f |
fail ${PID} "4. handshake with RSA should have succeeded!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# check whether the server used the RSA-PSS certificate when we asked for RSA-PSS signature
|
|
Packit |
aea12f |
timeout 1800 datefudge "2017-08-9" \
|
|
Packit |
aea12f |
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256" --save-cert ${TMPFILE}
|
|
Packit |
aea12f |
fail ${PID} "4. handshake with RSA-PSS and SHA256 should have succeeded!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
cmp ${TMPFILE} ${CERT3}
|
|
Packit |
aea12f |
if test $? != 0;then
|
|
Packit |
aea12f |
fail ${PID} "4. the certificate used by server was not the expected"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
exit 0
|