|
Packit |
aea12f |
#!/bin/sh
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Copyright (c) 2010-2015, Free Software Foundation, Inc.
|
|
Packit |
aea12f |
# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
# All rights reserved.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# This file is part of GnuTLS.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# Redistribution and use in source and binary forms, with or without modification,
|
|
Packit |
aea12f |
# are permitted provided that the following conditions are met:
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# 1. Redistributions of source code must retain the above copyright notice, this
|
|
Packit |
aea12f |
# list of conditions and the following disclaimer.
|
|
Packit |
aea12f |
# 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
Packit |
aea12f |
# this list of conditions and the following disclaimer in the documentation and/or
|
|
Packit |
aea12f |
# other materials provided with the distribution.
|
|
Packit |
aea12f |
# 3. Neither the name of the copyright holder nor the names of its contributors may
|
|
Packit |
aea12f |
# be used to endorse or promote products derived from this software without specific
|
|
Packit |
aea12f |
# prior written permission.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
|
|
Packit |
aea12f |
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
Packit |
aea12f |
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
|
Packit |
aea12f |
# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
Packit |
aea12f |
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
Packit |
aea12f |
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
Packit |
aea12f |
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
Packit |
aea12f |
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
|
|
Packit |
aea12f |
# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
srcdir="${srcdir:-.}"
|
|
Packit |
aea12f |
CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
|
|
Packit |
aea12f |
LOGFILE=polarssl.log
|
|
Packit |
aea12f |
unset RETCODE
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -x "${CLI}"; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -z "${VALGRIND}"; then
|
|
Packit |
aea12f |
VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${WINDIR}" != ""; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
. "${srcdir}/../scripts/common.sh"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
TXT=`"${CLI}" --priority NORMAL --list|grep SECP224`
|
|
Packit |
aea12f |
if test -z "${TXT}"; then
|
|
Packit |
aea12f |
ALL_CURVES=0
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
ALL_CURVES=1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Compatibility checks using polarssl"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for POLARSSL_CLI in \
|
|
Packit |
aea12f |
/usr/bin/polarssl_ssl_client2 \
|
|
Packit |
aea12f |
/usr/bin/mbedtls_ssl_client2 \
|
|
Packit |
aea12f |
/usr/libexec/mbedtls/ssl_client2 \
|
|
Packit |
aea12f |
""; do
|
|
Packit |
aea12f |
test -x "${POLARSSL_CLI}" && break
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test -z "${POLARSSL_CLI}"; then
|
|
Packit |
aea12f |
echo "PolarSSL is required for this test to run"
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" >/dev/null 2>&1
|
|
Packit |
aea12f |
if test $? = 0; then
|
|
Packit |
aea12f |
echo "PolarSSL 1.3.x is required for the tests to run"
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
. "${srcdir}/testcompat-common"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo ""
|
|
Packit |
aea12f |
echo "##################################################"
|
|
Packit |
aea12f |
echo "# Server mode tests (gnutls server-polarssl cli) #"
|
|
Packit |
aea12f |
echo "##################################################"
|
|
Packit |
aea12f |
SERV="../../src/gnutls-serv${EXEEXT} -q"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
rm -f "${LOGFILE}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
run_server_suite() {
|
|
Packit |
aea12f |
ADD=$1
|
|
Packit |
aea12f |
PREFIX=""
|
|
Packit |
aea12f |
if ! test -z "${ADD}"; then
|
|
Packit |
aea12f |
PREFIX="$(echo $ADD|sed 's/://g'): "
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#TLS 1.0
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite"
|
|
Packit |
aea12f |
#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
#PID=$!
|
|
Packit |
aea12f |
#wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
# fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#kill ${PID}
|
|
Packit |
aea12f |
#wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-RSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with DHE-PSK ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-PSK ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with RSA-PSK ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher RSA-PSK-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test ${ALL_CURVES} = 1; then
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite"
|
|
Packit |
aea12f |
#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
|
|
Packit |
aea12f |
#PID=$!
|
|
Packit |
aea12f |
#wait_server ${PID}
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
#"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
# fail ${PID} "Failed"
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
#kill ${PID}
|
|
Packit |
aea12f |
#wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-RSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test ${ALL_CURVES} = 1; then
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher ECDHE-ECDSA-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with DHE-PSK ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with ECDHE-PSK ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher PSK-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
echo "${PREFIX}Check TLS 1.2 with RSA-PSK ciphersuite"
|
|
Packit |
aea12f |
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server ${PID}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#-cipher RSA-PSK-AES128-SHA
|
|
Packit |
aea12f |
"${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
Packit |
aea12f |
fail ${PID} "Failed"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill ${PID}
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
WAITPID=""
|
|
Packit |
aea12f |
for mod in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
|
|
Packit |
aea12f |
run_server_suite $mod &
|
|
Packit |
aea12f |
WAITPID="$WAITPID $!"
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for i in "$WAITPID";do
|
|
Packit |
aea12f |
wait $i
|
|
Packit |
aea12f |
test $? != 0 && exit 1
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
rm -f "${LOGFILE}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
exit 0
|