Merge pull request #4861 from yuhaoth/pr/add-openssl-gnutls-tls1_3-check
Add openssl/gnutls tls1.3 feature tests.
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 01265ae..9ee6b76 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -77,6 +77,14 @@
O_LEGACY_CLI=false
fi
+if [ -n "${OPENSSL_NEXT:-}" ]; then
+ O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
+ O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
+else
+ O_NEXT_SRV=false
+ O_NEXT_CLI=false
+fi
+
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
else
@@ -346,6 +354,57 @@
fi
}
+requires_openssl_next() {
+ if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
+ if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
+ OPENSSL_NEXT_AVAILABLE="YES"
+ else
+ OPENSSL_NEXT_AVAILABLE="NO"
+ fi
+ fi
+ if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
+# skip next test if tls1_3 is not available
+requires_openssl_tls1_3() {
+ requires_openssl_next
+ if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
+ OPENSSL_TLS1_3_AVAILABLE="NO"
+ fi
+ if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then
+ if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null
+ then
+ OPENSSL_TLS1_3_AVAILABLE="YES"
+ else
+ OPENSSL_TLS1_3_AVAILABLE="NO"
+ fi
+ fi
+ if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
+# skip next test if tls1_3 is not available
+requires_gnutls_tls1_3() {
+ requires_gnutls_next
+ if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
+ GNUTLS_TLS1_3_AVAILABLE="NO"
+ fi
+ if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then
+ if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null
+ then
+ GNUTLS_TLS1_3_AVAILABLE="YES"
+ else
+ GNUTLS_TLS1_3_AVAILABLE="NO"
+ fi
+ fi
+ if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
# skip next test if IPv6 isn't available on this host
requires_ipv6() {
if [ -z "${HAS_IPV6:-}" ]; then
@@ -8487,6 +8546,24 @@
-c "EAP-TLS IV is:" \
-s "EAP-TLS IV is:"
+# openssl feature tests: check if tls1.3 exists.
+requires_openssl_tls1_3
+run_test "TLS1.3: Test openssl tls1_3 feature" \
+ "$O_NEXT_SRV -tls1_3 -msg" \
+ "$O_NEXT_CLI -tls1_3 -msg" \
+ 0 \
+ -c "TLS 1.3" \
+ -s "TLS 1.3"
+
+# gnutls feature tests: check if tls1.3 exists.
+requires_gnutls_tls1_3
+run_test "TLS1.3: Test gnutls tls1_3 feature" \
+ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V" \
+ 0 \
+ -s "Version: TLS1.3" \
+ -c "Version: TLS1.3"
+
# TLS1.3 test cases
# TODO: remove or rewrite this test case if #4832 is resolved.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2