|
Packit |
aea12f |
#!/bin/sh
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Copyright (c) 2010-2016, Free Software Foundation, Inc.
|
|
Packit |
aea12f |
# Copyright (c) 2012-2016, Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
# All rights reserved.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# This file is part of GnuTLS.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# Redistribution and use in source and binary forms, with or without modification,
|
|
Packit |
aea12f |
# are permitted provided that the following conditions are met:
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# 1. Redistributions of source code must retain the above copyright notice, this
|
|
Packit |
aea12f |
# list of conditions and the following disclaimer.
|
|
Packit |
aea12f |
# 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
Packit |
aea12f |
# this list of conditions and the following disclaimer in the documentation and/or
|
|
Packit |
aea12f |
# other materials provided with the distribution.
|
|
Packit |
aea12f |
# 3. Neither the name of the copyright holder nor the names of its contributors may
|
|
Packit |
aea12f |
# be used to endorse or promote products derived from this software without specific
|
|
Packit |
aea12f |
# prior written permission.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
|
|
Packit |
aea12f |
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
Packit |
aea12f |
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
|
Packit |
aea12f |
# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
Packit |
aea12f |
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
Packit |
aea12f |
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
Packit |
aea12f |
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
Packit |
aea12f |
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
|
|
Packit |
aea12f |
# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
srcdir="${srcdir:-.}"
|
|
Packit |
aea12f |
GNUTLS_SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}"
|
|
Packit |
aea12f |
CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
|
|
Packit |
aea12f |
unset RETCODE
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -x "${CLI}"; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -z "${VALGRIND}"; then
|
|
Packit |
aea12f |
VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${WINDIR}" != ""; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
. "${srcdir}/../scripts/common.sh"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
PORT="${PORT:-${RPORT}}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SERV=openssl
|
|
Packit |
aea12f |
OPENSSL_CLI="$SERV"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Compatibility checks using "`${SERV} version`
|
|
Packit |
aea12f |
${SERV} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1
|
|
Packit |
aea12f |
SV=$?
|
|
Packit |
aea12f |
if test ${SV} != 0; then
|
|
Packit |
aea12f |
echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
. "${srcdir}/testcompat-common"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${SERV} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
|
|
Packit |
aea12f |
HAVE_X25519=$?
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${SERV} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
|
|
Packit |
aea12f |
NO_TLS1_2=$?
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
test $NO_TLS1_2 != 0 && echo "Disabling interop tests for TLS 1.2"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${SERV} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
|
|
Packit |
aea12f |
if test $? = 0;then
|
|
Packit |
aea12f |
NO_DH_PARAMS=0
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
NO_DH_PARAMS=1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Do not use DSS or curves <=256 bits in 1.1.1+ because these
|
|
Packit |
aea12f |
# are not accepted by openssl on debian.
|
|
Packit |
aea12f |
${SERV} version|grep -e '[1-9]\.[1-9]\.[1-9]' >/dev/null 2>&1
|
|
Packit |
aea12f |
if test $? = 0;then
|
|
Packit |
aea12f |
NO_DSS=1
|
|
Packit |
aea12f |
FIPS_CURVES=1
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
${SERV} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1
|
|
Packit |
aea12f |
NO_DSS=$?
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
test $FIPS_CURVES = 1 && echo "Running with FIPS140-2 enabled curves enabled"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test $NO_DSS != 0;then
|
|
Packit |
aea12f |
echo "Disabling interop tests for DSS ciphersuites"
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
DSA_PARAMS="-dkey ${DSA_KEY} -dcert ${DSA_CERT}"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${SERV} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
|
|
Packit |
aea12f |
NO_CAMELLIA=$?
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
test $NO_CAMELLIA != 0 && echo "Disabling interop tests for Camellia ciphersuites"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${SERV} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1
|
|
Packit |
aea12f |
NO_RC4=$?
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
test $NO_RC4 != 0 && echo "Disabling interop tests for RC4 ciphersuites"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${SERV} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
|
|
Packit |
aea12f |
NO_3DES=$?
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
test $NO_3DES != 0 && echo "Disabling interop tests for 3DES ciphersuites"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${SERV} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
|
|
Packit |
aea12f |
NO_NULL=$?
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
test $NO_NULL != 0 && echo "Disabling interop tests for NULL ciphersuites"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DH_PARAMS}" = 0;then
|
|
Packit |
aea12f |
OPENSSL_DH_PARAMS_OPT=""
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
OPENSSL_DH_PARAMS_OPT="-dhparam \"${DH_PARAMS}\""
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${SERV} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
|
|
Packit |
aea12f |
HAVE_NOT_SSL3=$?
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test $HAVE_NOT_SSL3 = 0;then
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
HAVE_NOT_SSL3=1
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
test $HAVE_NOT_SSL3 != 0 && echo "Disabling interop tests for SSL 3.0"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "#################################################"
|
|
Packit |
aea12f |
echo "# Client mode tests (gnutls cli-openssl server) #"
|
|
Packit |
aea12f |
echo "#################################################"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
run_client_suite() {
|
|
Packit |
aea12f |
ADD=$1
|
|
Packit |
aea12f |
PREFIX=""
|
|
Packit |
aea12f |
if ! test -z "${ADD}"; then
|
|
Packit |
aea12f |
PREFIX="$(echo $ADD|sed 's/://g'): "
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${HAVE_NOT_SSL3}" != 1 && test "${ENABLE_SSL3}" = 1; then
|
|
Packit |
aea12f |
# It seems debian disabled SSL 3.0 completely on openssl
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test SSL 3.0 with RSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking SSL 3.0 with RSA..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test SSL 3.0 with DHE-RSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking SSL 3.0 with DHE-RSA..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DSS}" = 0; then
|
|
Packit |
aea12f |
# Test SSL 3.0 with DHE-DSS ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking SSL 3.0 with DHE-DSS..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_RC4}" != 1; then
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking SSL 3.0 with RSA-RC4-MD5..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_NULL}" = 0; then
|
|
Packit |
aea12f |
#-cipher RSA-NULL
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test TLS 1.0 with RSA-NULL ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with RSA-NULL..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -cipher "ALL" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test TLS 1.0 with RSA ciphersuite
|
|
Packit |
aea12f |
if test "${NO_3DES}" != 1; then
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with RSA and 3DES-CBC..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with RSA and AES-128-CBC..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with RSA and AES-256-CBC..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_CAMELLIA}" != 1; then
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DSS}" = 0; then
|
|
Packit |
aea12f |
# Test TLS 1.0 with DHE-DSS ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with DHE-DSS..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test TLS 1.0 with DHE-RSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with DHE-RSA..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test TLS 1.0 with DHE-RSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${FIPS_CURVES}" != 1; then
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test TLS 1.2 with ECDHE-ECDSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA (SECP192R1)..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-SECP192R1${ADD}" --insecure </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.0 with PSK..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test ${NO_TLS1_2} = 0; then
|
|
Packit |
aea12f |
# Tests requiring openssl 1.0.1 - TLS 1.2
|
|
Packit |
aea12f |
#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with RSA and AES-128-GCM..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with RSA and AES-256-GCM..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with DHE-RSA..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DSS}" = 0; then
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with DHE-DSS..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA..."
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${HAVE_X25519}" = 0; then
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA (X25519)..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --insecure --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${FIPS_CURVES}" != 1; then
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${FIPS_CURVES}" != 1; then
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi #FIPS_CURVES
|
|
Packit |
aea12f |
fi #NO_TLS1_2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Checking TLS 1.2 with PSK..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_udp_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test DTLS 1.0 with RSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking DTLS 1.0 with RSA..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_udp_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test DTLS 1.0 with DHE-RSA ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking DTLS 1.0 with DHE-RSA..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DSS}" = 0; then
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_bare_server $$ s_server -cipher "ALL" -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_udp_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Test DTLS 1.0 with DHE-DSS ciphersuite
|
|
Packit |
aea12f |
echo "${PREFIX}Checking DTLS 1.0 with DHE-DSS..."
|
|
Packit |
aea12f |
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
WAITPID=""
|
|
Packit |
aea12f |
for mod in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
|
|
Packit |
aea12f |
run_client_suite $mod &
|
|
Packit |
aea12f |
WAITPID="$WAITPID $!"
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for i in "$WAITPID";do
|
|
Packit |
aea12f |
wait $i
|
|
Packit |
aea12f |
test $? != 0 && exit 1
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Client mode tests were successfully completed"
|
|
Packit |
aea12f |
echo "${PREFIX}"
|
|
Packit |
aea12f |
echo "${PREFIX}###############################################"
|
|
Packit |
aea12f |
echo "${PREFIX}# Server mode tests (gnutls server-openssl cli#"
|
|
Packit |
aea12f |
echo "${PREFIX}###############################################"
|
|
Packit |
aea12f |
SERV="${GNUTLS_SERV} -q"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Note that openssl s_client does not return error code on failure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
run_server_suite() {
|
|
Packit |
aea12f |
ADD=$1
|
|
Packit |
aea12f |
PREFIX=""
|
|
Packit |
aea12f |
if ! test -z "${ADD}"; then
|
|
Packit |
aea12f |
PREFIX="$(echo $ADD|sed 's/://g'): "
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${HAVE_NOT_SSL3}" != 1 && test "${ENABLE_SSL3}" = 1; then
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check SSL 3.0 with RSA ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+3DES-CBC:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_RC4}" != 1; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check SSL 3.0 with DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DSS}" = 0; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check SSL 3.0 with DHE-DSS ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#TLS 1.0
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# This test was disabled because it doesn't work as expected with openssl 1.0.0d
|
|
Packit |
aea12f |
#echo "${PREFIX}Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
|
|
Packit |
aea12f |
#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
#PID=$!
|
|
Packit |
aea12f |
#wait_server ${PID}
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
#${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
# fail ${PID} "Failed"
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
#kill ${PID}
|
|
Packit |
aea12f |
#wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_NULL}" = 0; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with RSA-NULL ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -cipher DHE -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DSS}" = 0; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -cipher ALL -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-RSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${FIPS_CURVES}" != 1; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${FIPS_CURVES}" != 1; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test ${NO_TLS1_2} = 0; then
|
|
Packit |
aea12f |
# test resumption
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with resumption"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -cipher DHE -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DSS}" = 0; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -cipher DHE -host localhost -cipher ALL -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-RSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${HAVE_X22519}" = 0; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${FIPS_CURVES}" != 1; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1_2 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${FIPS_CURVES}" != 1; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK-AES128-SHA
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
fi #NO_TLS1_2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# DTLS
|
|
Packit |
aea12f |
echo "${PREFIX}Check DTLS 1.0 with RSA ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_udp_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check DTLS 1.0 with DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_udp_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -cipher DHE -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${NO_DSS}" = 0; then
|
|
Packit |
aea12f |
echo "${PREFIX}Check DTLS 1.0 with DHE-DSS ciphersuite"
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_udp_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cipher ALL -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
WAITPID=""
|
|
Packit |
aea12f |
for mod in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" ":%SAFE_RENEGOTIATION"; do
|
|
Packit |
aea12f |
run_server_suite $mod &
|
|
Packit |
aea12f |
WAITPID="$WAITPID $!"
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for i in "$WAITPID";do
|
|
Packit |
aea12f |
wait $i
|
|
Packit |
aea12f |
test $? != 0 && exit 1
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
exit 0
|