Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | |
| 3 | # Test various options that are not covered by compat.sh |
| 4 | # |
| 5 | # Here the goal is not to cover every ciphersuite/version, but |
| 6 | # rather specific options (max fragment length, truncated hmac, etc) |
| 7 | # or procedures (session resumption from cache or ticket, renego, etc). |
| 8 | # |
| 9 | # Assumes all options are compiled in. |
| 10 | |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 11 | set -u |
| 12 | |
Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 13 | # default values, can be overriden by the environment |
| 14 | : ${P_SRV:=../programs/ssl/ssl_server2} |
| 15 | : ${P_CLI:=../programs/ssl/ssl_client2} |
Manuel Pégourié-Gonnard | 74faf3c | 2014-03-13 18:47:44 +0100 | [diff] [blame] | 16 | : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 17 | |
Manuel Pégourié-Gonnard | 74faf3c | 2014-03-13 18:47:44 +0100 | [diff] [blame] | 18 | O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key" |
| 19 | O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client" |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 20 | |
Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 21 | TESTS=0 |
| 22 | FAILS=0 |
Manuel Pégourié-Gonnard | 6f4fbbb | 2014-08-14 14:31:29 +0200 | [diff] [blame] | 23 | SKIPS=0 |
Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 24 | |
Manuel Pégourié-Gonnard | 83d8c73 | 2014-04-07 13:24:21 +0200 | [diff] [blame] | 25 | CONFIG_H='../include/polarssl/config.h' |
| 26 | |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 27 | MEMCHECK=0 |
Manuel Pégourié-Gonnard | 417d46c | 2014-03-13 19:17:53 +0100 | [diff] [blame] | 28 | FILTER='.*' |
Manuel Pégourié-Gonnard | 6f4fbbb | 2014-08-14 14:31:29 +0200 | [diff] [blame] | 29 | EXCLUDE='^$' |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 30 | |
| 31 | print_usage() { |
| 32 | echo "Usage: $0 [options]" |
Manuel Pégourié-Gonnard | 417d46c | 2014-03-13 19:17:53 +0100 | [diff] [blame] | 33 | echo -e " -h|--help\tPrint this help." |
| 34 | echo -e " -m|--memcheck\tCheck memory leaks and errors." |
| 35 | echo -e " -f|--filter\tOnly matching tests are executed (default: '$FILTER')" |
| 36 | echo -e " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')" |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 37 | } |
| 38 | |
| 39 | get_options() { |
| 40 | while [ $# -gt 0 ]; do |
| 41 | case "$1" in |
Manuel Pégourié-Gonnard | 417d46c | 2014-03-13 19:17:53 +0100 | [diff] [blame] | 42 | -f|--filter) |
| 43 | shift; FILTER=$1 |
| 44 | ;; |
| 45 | -e|--exclude) |
| 46 | shift; EXCLUDE=$1 |
| 47 | ;; |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 48 | -m|--memcheck) |
| 49 | MEMCHECK=1 |
| 50 | ;; |
| 51 | -h|--help) |
| 52 | print_usage |
| 53 | exit 0 |
| 54 | ;; |
| 55 | *) |
Paul Bakker | 1ebc0c5 | 2014-05-22 15:47:58 +0200 | [diff] [blame] | 56 | echo "Unknown argument: '$1'" |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 57 | print_usage |
| 58 | exit 1 |
| 59 | ;; |
| 60 | esac |
| 61 | shift |
| 62 | done |
| 63 | } |
| 64 | |
Manuel Pégourié-Gonnard | 6f4fbbb | 2014-08-14 14:31:29 +0200 | [diff] [blame] | 65 | # skip next test if OpenSSL can't send SSLv2 ClientHello |
| 66 | requires_openssl_with_sslv2() { |
| 67 | if [ -z "${OPENSSL_HAS_SSL2:-}" ]; then |
| 68 | if openssl ciphers -ssl2 >/dev/null 2>&1; then |
| 69 | OPENSSL_HAS_SSL2="YES" |
| 70 | else |
| 71 | OPENSSL_HAS_SSL2="NO" |
| 72 | fi |
| 73 | fi |
| 74 | if [ "$OPENSSL_HAS_SSL2" = "NO" ]; then |
| 75 | SKIP_NEXT="YES" |
| 76 | fi |
| 77 | } |
| 78 | |
Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 79 | # print_name <name> |
| 80 | print_name() { |
| 81 | echo -n "$1 " |
| 82 | LEN=`echo "$1" | wc -c` |
| 83 | LEN=`echo 72 - $LEN | bc` |
| 84 | for i in `seq 1 $LEN`; do echo -n '.'; done |
| 85 | echo -n ' ' |
Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 86 | |
| 87 | TESTS=`echo $TESTS + 1 | bc` |
Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 88 | } |
| 89 | |
| 90 | # fail <message> |
| 91 | fail() { |
| 92 | echo "FAIL" |
Manuel Pégourié-Gonnard | 3eec604 | 2014-02-27 15:37:24 +0100 | [diff] [blame] | 93 | echo " ! $1" |
Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 94 | |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 95 | cp $SRV_OUT o-srv-${TESTS}.log |
| 96 | cp $CLI_OUT o-cli-${TESTS}.log |
Manuel Pégourié-Gonnard | 3eec604 | 2014-02-27 15:37:24 +0100 | [diff] [blame] | 97 | echo " ! outputs saved to o-srv-${TESTS}.log and o-cli-${TESTS}.log" |
Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 98 | |
| 99 | FAILS=`echo $FAILS + 1 | bc` |
Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 100 | } |
| 101 | |
Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 102 | # is_polar <cmd_line> |
| 103 | is_polar() { |
| 104 | echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null |
| 105 | } |
| 106 | |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 107 | # has_mem_err <log_file_name> |
| 108 | has_mem_err() { |
| 109 | if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && |
| 110 | grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null |
| 111 | then |
| 112 | return 1 # false: does not have errors |
| 113 | else |
| 114 | return 0 # true: has errors |
| 115 | fi |
| 116 | } |
| 117 | |
Manuel Pégourié-Gonnard | 0c1ec47 | 2014-06-20 18:41:11 +0200 | [diff] [blame] | 118 | # wait for server to start: two versions depending on lsof availability |
| 119 | wait_server_start() { |
| 120 | if which lsof >/dev/null; then |
| 121 | # make sure we don't loop forever |
| 122 | ( sleep "$DOG_DELAY"; echo "SERVERSTART TIMEOUT"; kill $MAIN_PID ) & |
| 123 | WATCHDOG_PID=$! |
| 124 | |
| 125 | # make a tight loop, server usually takes less than 1 sec to start |
| 126 | until lsof -nbi TCP:"$PORT" | grep LISTEN >/dev/null; do :; done |
| 127 | |
| 128 | kill $WATCHDOG_PID |
| 129 | wait $WATCHDOG_PID |
| 130 | else |
| 131 | sleep "$START_DELAY" |
| 132 | fi |
| 133 | } |
| 134 | |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 135 | # Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]] |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 136 | # Options: -s pattern pattern that must be present in server output |
| 137 | # -c pattern pattern that must be present in client output |
| 138 | # -S pattern pattern that must be absent in server output |
| 139 | # -C pattern pattern that must be absent in client output |
| 140 | run_test() { |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 141 | NAME="$1" |
| 142 | SRV_CMD="$2" |
| 143 | CLI_CMD="$3" |
| 144 | CLI_EXPECT="$4" |
| 145 | shift 4 |
| 146 | |
Manuel Pégourié-Gonnard | 417d46c | 2014-03-13 19:17:53 +0100 | [diff] [blame] | 147 | if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then : |
| 148 | else |
| 149 | return |
| 150 | fi |
| 151 | |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 152 | print_name "$NAME" |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 153 | |
Manuel Pégourié-Gonnard | 6f4fbbb | 2014-08-14 14:31:29 +0200 | [diff] [blame] | 154 | # should we skip? |
| 155 | if [ "X$SKIP_NEXT" = "XYES" ]; then |
| 156 | SKIP_NEXT="NO" |
| 157 | echo "SKIP" |
| 158 | SKIPS=`echo $SKIPS + 1 | bc` |
| 159 | return |
| 160 | fi |
| 161 | |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 162 | # prepend valgrind to our commands if active |
| 163 | if [ "$MEMCHECK" -gt 0 ]; then |
| 164 | if is_polar "$SRV_CMD"; then |
| 165 | SRV_CMD="valgrind --leak-check=full $SRV_CMD" |
| 166 | fi |
| 167 | if is_polar "$CLI_CMD"; then |
| 168 | CLI_CMD="valgrind --leak-check=full $CLI_CMD" |
| 169 | fi |
| 170 | fi |
| 171 | |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 172 | # run the commands |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 173 | echo "$SRV_CMD" > $SRV_OUT |
| 174 | $SRV_CMD >> $SRV_OUT 2>&1 & |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 175 | SRV_PID=$! |
Manuel Pégourié-Gonnard | 0c1ec47 | 2014-06-20 18:41:11 +0200 | [diff] [blame] | 176 | wait_server_start |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 177 | echo "$CLI_CMD" > $CLI_OUT |
| 178 | eval "$CLI_CMD" >> $CLI_OUT 2>&1 |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 179 | CLI_EXIT=$? |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 180 | echo "EXIT: $CLI_EXIT" >> $CLI_OUT |
Manuel Pégourié-Gonnard | e01af4c | 2014-03-25 14:16:44 +0100 | [diff] [blame] | 181 | |
Manuel Pégourié-Gonnard | 74b1170 | 2014-08-14 15:47:33 +0200 | [diff] [blame] | 182 | # kill the server |
| 183 | kill $SRV_PID |
| 184 | wait $SRV_PID |
Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 185 | |
| 186 | # check if the client and server went at least to the handshake stage |
Paul Bakker | 1ebc0c5 | 2014-05-22 15:47:58 +0200 | [diff] [blame] | 187 | # (useful to avoid tests with only negative assertions and non-zero |
Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 188 | # expected client exit to incorrectly succeed in case of catastrophic |
| 189 | # failure) |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 190 | if is_polar "$SRV_CMD"; then |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 191 | if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; |
Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 192 | else |
| 193 | fail "server failed to start" |
| 194 | return |
| 195 | fi |
| 196 | fi |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 197 | if is_polar "$CLI_CMD"; then |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 198 | if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; |
Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 199 | else |
| 200 | fail "client failed to start" |
| 201 | return |
| 202 | fi |
| 203 | fi |
| 204 | |
Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 205 | # check server exit code |
| 206 | if [ $? != 0 ]; then |
| 207 | fail "server fail" |
| 208 | return |
| 209 | fi |
| 210 | |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 211 | # check client exit code |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 212 | if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ |
| 213 | \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 214 | then |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 215 | fail "bad client exit code" |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 216 | return |
| 217 | fi |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 218 | |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 219 | # check other assertions |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 220 | while [ $# -gt 0 ] |
| 221 | do |
| 222 | case $1 in |
| 223 | "-s") |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 224 | if grep "$2" $SRV_OUT >/dev/null; then :; else |
Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 225 | fail "-s $2" |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 226 | return |
| 227 | fi |
| 228 | ;; |
| 229 | |
| 230 | "-c") |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 231 | if grep "$2" $CLI_OUT >/dev/null; then :; else |
Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 232 | fail "-c $2" |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 233 | return |
| 234 | fi |
| 235 | ;; |
| 236 | |
| 237 | "-S") |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 238 | if grep "$2" $SRV_OUT >/dev/null; then |
Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 239 | fail "-S $2" |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 240 | return |
| 241 | fi |
| 242 | ;; |
| 243 | |
| 244 | "-C") |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 245 | if grep "$2" $CLI_OUT >/dev/null; then |
Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 246 | fail "-C $2" |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 247 | return |
| 248 | fi |
| 249 | ;; |
| 250 | |
| 251 | *) |
Paul Bakker | 1ebc0c5 | 2014-05-22 15:47:58 +0200 | [diff] [blame] | 252 | echo "Unknown test: $1" >&2 |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 253 | exit 1 |
| 254 | esac |
| 255 | shift 2 |
| 256 | done |
| 257 | |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 258 | # check valgrind's results |
| 259 | if [ "$MEMCHECK" -gt 0 ]; then |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 260 | if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 261 | fail "Server has memory errors" |
| 262 | return |
| 263 | fi |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 264 | if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 265 | fail "Client has memory errors" |
| 266 | return |
| 267 | fi |
| 268 | fi |
| 269 | |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 270 | # if we're here, everything is ok |
| 271 | echo "PASS" |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 272 | rm -f $SRV_OUT $CLI_OUT |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 273 | } |
| 274 | |
Manuel Pégourié-Gonnard | a9062e9 | 2014-02-25 16:21:22 +0100 | [diff] [blame] | 275 | cleanup() { |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 276 | rm -f $CLI_OUT $SRV_OUT $SESSION |
Manuel Pégourié-Gonnard | 0c1ec47 | 2014-06-20 18:41:11 +0200 | [diff] [blame] | 277 | kill $SRV_PID >/dev/null 2>&1 |
| 278 | kill $WATCHDOG_PID >/dev/null 2>&1 |
Manuel Pégourié-Gonnard | a9062e9 | 2014-02-25 16:21:22 +0100 | [diff] [blame] | 279 | exit 1 |
| 280 | } |
| 281 | |
Manuel Pégourié-Gonnard | 9dea8bd | 2014-02-26 18:21:02 +0100 | [diff] [blame] | 282 | # |
| 283 | # MAIN |
| 284 | # |
| 285 | |
Manuel Pégourié-Gonnard | 913030c | 2014-03-28 10:12:38 +0100 | [diff] [blame] | 286 | get_options "$@" |
| 287 | |
Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 288 | # sanity checks, avoid an avalanche of errors |
| 289 | if [ ! -x "$P_SRV" ]; then |
| 290 | echo "Command '$P_SRV' is not an executable file" |
| 291 | exit 1 |
| 292 | fi |
| 293 | if [ ! -x "$P_CLI" ]; then |
| 294 | echo "Command '$P_CLI' is not an executable file" |
| 295 | exit 1 |
| 296 | fi |
Manuel Pégourié-Gonnard | 74faf3c | 2014-03-13 18:47:44 +0100 | [diff] [blame] | 297 | if which $OPENSSL_CMD >/dev/null 2>&1; then :; else |
| 298 | echo "Command '$OPENSSL_CMD' not found" |
Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 299 | exit 1 |
| 300 | fi |
| 301 | |
Manuel Pégourié-Gonnard | 32f8f4d | 2014-05-29 11:31:20 +0200 | [diff] [blame] | 302 | # used by watchdog |
| 303 | MAIN_PID="$$" |
| 304 | |
Manuel Pégourié-Gonnard | 0c1ec47 | 2014-06-20 18:41:11 +0200 | [diff] [blame] | 305 | # be more patient with valgrind |
| 306 | if [ "$MEMCHECK" -gt 0 ]; then |
| 307 | START_DELAY=3 |
| 308 | DOG_DELAY=30 |
| 309 | else |
| 310 | START_DELAY=1 |
| 311 | DOG_DELAY=10 |
| 312 | fi |
| 313 | |
Manuel Pégourié-Gonnard | 8066b81 | 2014-05-28 22:59:30 +0200 | [diff] [blame] | 314 | # Pick a "unique" port in the range 10000-19999. |
| 315 | PORT="0000$$" |
Manuel Pégourié-Gonnard | fab2a3c | 2014-06-16 16:54:36 +0200 | [diff] [blame] | 316 | PORT="1$(echo $PORT | tail -c 5)" |
Manuel Pégourié-Gonnard | 8066b81 | 2014-05-28 22:59:30 +0200 | [diff] [blame] | 317 | |
| 318 | # fix commands to use this port |
| 319 | P_SRV="$P_SRV server_port=$PORT" |
| 320 | P_CLI="$P_CLI server_port=$PORT" |
| 321 | O_SRV="$O_SRV -accept $PORT" |
| 322 | O_CLI="$O_CLI -connect localhost:$PORT" |
| 323 | |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 324 | # Also pick a unique name for intermediate files |
| 325 | SRV_OUT="srv_out.$$" |
| 326 | CLI_OUT="cli_out.$$" |
| 327 | SESSION="session.$$" |
| 328 | |
Manuel Pégourié-Gonnard | 6f4fbbb | 2014-08-14 14:31:29 +0200 | [diff] [blame] | 329 | SKIP_NEXT="NO" |
| 330 | |
Manuel Pégourié-Gonnard | a9062e9 | 2014-02-25 16:21:22 +0100 | [diff] [blame] | 331 | trap cleanup INT TERM HUP |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 332 | |
Manuel Pégourié-Gonnard | e73b263 | 2014-07-12 04:00:00 +0200 | [diff] [blame] | 333 | # Basic test |
| 334 | |
| 335 | run_test "Default" \ |
| 336 | "$P_SRV" \ |
| 337 | "$P_CLI" \ |
| 338 | 0 \ |
| 339 | -S "Last error was" \ |
| 340 | -C "Last error was" |
| 341 | |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 342 | # Test for SSLv2 ClientHello |
| 343 | |
Manuel Pégourié-Gonnard | 6f4fbbb | 2014-08-14 14:31:29 +0200 | [diff] [blame] | 344 | requires_openssl_with_sslv2 |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 345 | run_test "SSLv2 ClientHello #0 (reference)" \ |
| 346 | "$P_SRV debug_level=3" \ |
Manuel Pégourié-Gonnard | a3d808e | 2014-02-26 16:33:03 +0100 | [diff] [blame] | 347 | "$O_CLI -no_ssl2" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 348 | 0 \ |
| 349 | -S "parse client hello v2" \ |
| 350 | -S "ssl_handshake returned" |
| 351 | |
| 352 | # Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello |
Manuel Pégourié-Gonnard | 6f4fbbb | 2014-08-14 14:31:29 +0200 | [diff] [blame] | 353 | requires_openssl_with_sslv2 |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 354 | run_test "SSLv2 ClientHello #1 (actual test)" \ |
| 355 | "$P_SRV debug_level=3" \ |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 356 | "$O_CLI -cipher 'DES-CBC-MD5:ALL'" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 357 | 0 \ |
| 358 | -s "parse client hello v2" \ |
| 359 | -S "ssl_handshake returned" |
| 360 | |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 361 | # Tests for Truncated HMAC extension |
| 362 | |
| 363 | run_test "Truncated HMAC #0" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 364 | "$P_SRV debug_level=5" \ |
| 365 | "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 366 | 0 \ |
| 367 | -s "dumping 'computed mac' (20 bytes)" |
| 368 | |
| 369 | run_test "Truncated HMAC #1" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 370 | "$P_SRV debug_level=5" \ |
| 371 | "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ |
Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 372 | 0 \ |
Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 373 | -s "dumping 'computed mac' (10 bytes)" |
| 374 | |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 375 | # Tests for Session Tickets |
| 376 | |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 377 | run_test "Session resume using tickets #1 (basic)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 378 | "$P_SRV debug_level=4 tickets=1" \ |
| 379 | "$P_CLI debug_level=4 tickets=1 reconnect=1" \ |
Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 380 | 0 \ |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 381 | -c "client hello, adding session ticket extension" \ |
| 382 | -s "found session ticket extension" \ |
| 383 | -s "server hello, adding session ticket extension" \ |
| 384 | -c "found session_ticket extension" \ |
| 385 | -c "parse new session ticket" \ |
Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 386 | -S "session successfully restored from cache" \ |
| 387 | -s "session successfully restored from ticket" \ |
| 388 | -s "a session has been resumed" \ |
| 389 | -c "a session has been resumed" |
| 390 | |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 391 | run_test "Session resume using tickets #2 (cache disabled)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 392 | "$P_SRV debug_level=4 tickets=1 cache_max=0" \ |
| 393 | "$P_CLI debug_level=4 tickets=1 reconnect=1" \ |
Manuel Pégourié-Gonnard | dbe1ee1 | 2014-02-21 09:18:13 +0100 | [diff] [blame] | 394 | 0 \ |
| 395 | -c "client hello, adding session ticket extension" \ |
| 396 | -s "found session ticket extension" \ |
| 397 | -s "server hello, adding session ticket extension" \ |
| 398 | -c "found session_ticket extension" \ |
| 399 | -c "parse new session ticket" \ |
| 400 | -S "session successfully restored from cache" \ |
| 401 | -s "session successfully restored from ticket" \ |
| 402 | -s "a session has been resumed" \ |
| 403 | -c "a session has been resumed" |
| 404 | |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 405 | run_test "Session resume using tickets #3 (timeout)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 406 | "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \ |
| 407 | "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \ |
Manuel Pégourié-Gonnard | dbe1ee1 | 2014-02-21 09:18:13 +0100 | [diff] [blame] | 408 | 0 \ |
| 409 | -c "client hello, adding session ticket extension" \ |
| 410 | -s "found session ticket extension" \ |
| 411 | -s "server hello, adding session ticket extension" \ |
| 412 | -c "found session_ticket extension" \ |
| 413 | -c "parse new session ticket" \ |
| 414 | -S "session successfully restored from cache" \ |
| 415 | -S "session successfully restored from ticket" \ |
| 416 | -S "a session has been resumed" \ |
| 417 | -C "a session has been resumed" |
| 418 | |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 419 | run_test "Session resume using tickets #4 (openssl server)" \ |
Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 420 | "$O_SRV" \ |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 421 | "$P_CLI debug_level=4 tickets=1 reconnect=1" \ |
| 422 | 0 \ |
| 423 | -c "client hello, adding session ticket extension" \ |
| 424 | -c "found session_ticket extension" \ |
| 425 | -c "parse new session ticket" \ |
| 426 | -c "a session has been resumed" |
| 427 | |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 428 | run_test "Session resume using tickets #5 (openssl client)" \ |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 429 | "$P_SRV debug_level=4 tickets=1" \ |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 430 | "( $O_CLI -sess_out $SESSION; \ |
| 431 | $O_CLI -sess_in $SESSION; \ |
| 432 | rm -f $SESSION )" \ |
Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 433 | 0 \ |
| 434 | -s "found session ticket extension" \ |
| 435 | -s "server hello, adding session ticket extension" \ |
| 436 | -S "session successfully restored from cache" \ |
| 437 | -s "session successfully restored from ticket" \ |
| 438 | -s "a session has been resumed" |
| 439 | |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 440 | # Tests for Session Resume based on session-ID and cache |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 441 | |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 442 | run_test "Session resume using cache #1 (tickets enabled on client)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 443 | "$P_SRV debug_level=4 tickets=0" \ |
| 444 | "$P_CLI debug_level=4 tickets=1 reconnect=1" \ |
Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 445 | 0 \ |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 446 | -c "client hello, adding session ticket extension" \ |
| 447 | -s "found session ticket extension" \ |
| 448 | -S "server hello, adding session ticket extension" \ |
| 449 | -C "found session_ticket extension" \ |
| 450 | -C "parse new session ticket" \ |
Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 451 | -s "session successfully restored from cache" \ |
| 452 | -S "session successfully restored from ticket" \ |
| 453 | -s "a session has been resumed" \ |
| 454 | -c "a session has been resumed" |
| 455 | |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 456 | run_test "Session resume using cache #2 (tickets enabled on server)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 457 | "$P_SRV debug_level=4 tickets=1" \ |
| 458 | "$P_CLI debug_level=4 tickets=0 reconnect=1" \ |
Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 459 | 0 \ |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 460 | -C "client hello, adding session ticket extension" \ |
| 461 | -S "found session ticket extension" \ |
| 462 | -S "server hello, adding session ticket extension" \ |
| 463 | -C "found session_ticket extension" \ |
| 464 | -C "parse new session ticket" \ |
Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 465 | -s "session successfully restored from cache" \ |
| 466 | -S "session successfully restored from ticket" \ |
| 467 | -s "a session has been resumed" \ |
| 468 | -c "a session has been resumed" |
Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 469 | |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 470 | run_test "Session resume using cache #3 (cache_max=0)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 471 | "$P_SRV debug_level=4 tickets=0 cache_max=0" \ |
| 472 | "$P_CLI debug_level=4 tickets=0 reconnect=1" \ |
Manuel Pégourié-Gonnard | 4c88345 | 2014-02-20 21:32:41 +0100 | [diff] [blame] | 473 | 0 \ |
| 474 | -S "session successfully restored from cache" \ |
| 475 | -S "session successfully restored from ticket" \ |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 476 | -S "a session has been resumed" \ |
| 477 | -C "a session has been resumed" |
Manuel Pégourié-Gonnard | 4c88345 | 2014-02-20 21:32:41 +0100 | [diff] [blame] | 478 | |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 479 | run_test "Session resume using cache #4 (cache_max=1)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 480 | "$P_SRV debug_level=4 tickets=0 cache_max=1" \ |
| 481 | "$P_CLI debug_level=4 tickets=0 reconnect=1" \ |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 482 | 0 \ |
| 483 | -s "session successfully restored from cache" \ |
| 484 | -S "session successfully restored from ticket" \ |
| 485 | -s "a session has been resumed" \ |
| 486 | -c "a session has been resumed" |
| 487 | |
| 488 | run_test "Session resume using cache #5 (timemout > delay)" \ |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 489 | "$P_SRV debug_level=4 tickets=0" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 490 | "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=0" \ |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 491 | 0 \ |
| 492 | -s "session successfully restored from cache" \ |
| 493 | -S "session successfully restored from ticket" \ |
| 494 | -s "a session has been resumed" \ |
| 495 | -c "a session has been resumed" |
| 496 | |
| 497 | run_test "Session resume using cache #6 (timeout < delay)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 498 | "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \ |
| 499 | "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \ |
Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 500 | 0 \ |
| 501 | -S "session successfully restored from cache" \ |
| 502 | -S "session successfully restored from ticket" \ |
| 503 | -S "a session has been resumed" \ |
| 504 | -C "a session has been resumed" |
| 505 | |
| 506 | run_test "Session resume using cache #7 (no timeout)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 507 | "$P_SRV debug_level=4 tickets=0 cache_timeout=0" \ |
| 508 | "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \ |
Manuel Pégourié-Gonnard | 4c88345 | 2014-02-20 21:32:41 +0100 | [diff] [blame] | 509 | 0 \ |
| 510 | -s "session successfully restored from cache" \ |
| 511 | -S "session successfully restored from ticket" \ |
| 512 | -s "a session has been resumed" \ |
| 513 | -c "a session has been resumed" |
| 514 | |
Manuel Pégourié-Gonnard | db735f6 | 2014-02-25 17:57:59 +0100 | [diff] [blame] | 515 | run_test "Session resume using cache #8 (openssl client)" \ |
| 516 | "$P_SRV debug_level=4 tickets=0" \ |
Manuel Pégourié-Gonnard | bc3b16c | 2014-05-28 23:06:50 +0200 | [diff] [blame] | 517 | "( $O_CLI -sess_out $SESSION; \ |
| 518 | $O_CLI -sess_in $SESSION; \ |
| 519 | rm -f $SESSION )" \ |
Manuel Pégourié-Gonnard | db735f6 | 2014-02-25 17:57:59 +0100 | [diff] [blame] | 520 | 0 \ |
| 521 | -s "found session ticket extension" \ |
| 522 | -S "server hello, adding session ticket extension" \ |
| 523 | -s "session successfully restored from cache" \ |
| 524 | -S "session successfully restored from ticket" \ |
| 525 | -s "a session has been resumed" |
| 526 | |
| 527 | run_test "Session resume using cache #9 (openssl server)" \ |
Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 528 | "$O_SRV" \ |
Manuel Pégourié-Gonnard | db735f6 | 2014-02-25 17:57:59 +0100 | [diff] [blame] | 529 | "$P_CLI debug_level=4 tickets=0 reconnect=1" \ |
| 530 | 0 \ |
| 531 | -C "found session_ticket extension" \ |
| 532 | -C "parse new session ticket" \ |
| 533 | -c "a session has been resumed" |
| 534 | |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 535 | # Tests for Max Fragment Length extension |
| 536 | |
Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 537 | run_test "Max fragment length #1" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 538 | "$P_SRV debug_level=4" \ |
| 539 | "$P_CLI debug_level=4" \ |
Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 540 | 0 \ |
| 541 | -C "client hello, adding max_fragment_length extension" \ |
| 542 | -S "found max fragment length extension" \ |
| 543 | -S "server hello, max_fragment_length extension" \ |
| 544 | -C "found max_fragment_length extension" |
| 545 | |
| 546 | run_test "Max fragment length #2" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 547 | "$P_SRV debug_level=4" \ |
| 548 | "$P_CLI debug_level=4 max_frag_len=4096" \ |
Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 549 | 0 \ |
| 550 | -c "client hello, adding max_fragment_length extension" \ |
| 551 | -s "found max fragment length extension" \ |
| 552 | -s "server hello, max_fragment_length extension" \ |
| 553 | -c "found max_fragment_length extension" |
| 554 | |
| 555 | run_test "Max fragment length #3" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 556 | "$P_SRV debug_level=4 max_frag_len=4096" \ |
| 557 | "$P_CLI debug_level=4" \ |
Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 558 | 0 \ |
| 559 | -C "client hello, adding max_fragment_length extension" \ |
| 560 | -S "found max fragment length extension" \ |
| 561 | -S "server hello, max_fragment_length extension" \ |
| 562 | -C "found max_fragment_length extension" |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 563 | |
| 564 | # Tests for renegotiation |
| 565 | |
| 566 | run_test "Renegotiation #0 (none)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 567 | "$P_SRV debug_level=4 exchanges=2" \ |
| 568 | "$P_CLI debug_level=4 exchanges=2" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 569 | 0 \ |
| 570 | -C "client hello, adding renegotiation extension" \ |
| 571 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 572 | -S "found renegotiation extension" \ |
| 573 | -s "server hello, secure renegotiation extension" \ |
| 574 | -c "found renegotiation extension" \ |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 575 | -C "=> renegotiate" \ |
| 576 | -S "=> renegotiate" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 577 | -S "write hello request" |
| 578 | |
| 579 | run_test "Renegotiation #1 (enabled, client-initiated)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 580 | "$P_SRV debug_level=4 exchanges=2 renegotiation=1" \ |
| 581 | "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 582 | 0 \ |
| 583 | -c "client hello, adding renegotiation extension" \ |
| 584 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 585 | -s "found renegotiation extension" \ |
| 586 | -s "server hello, secure renegotiation extension" \ |
| 587 | -c "found renegotiation extension" \ |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 588 | -c "=> renegotiate" \ |
| 589 | -s "=> renegotiate" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 590 | -S "write hello request" |
| 591 | |
| 592 | run_test "Renegotiation #2 (enabled, server-initiated)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 593 | "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \ |
| 594 | "$P_CLI debug_level=4 exchanges=2 renegotiation=1" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 595 | 0 \ |
| 596 | -c "client hello, adding renegotiation extension" \ |
| 597 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 598 | -s "found renegotiation extension" \ |
| 599 | -s "server hello, secure renegotiation extension" \ |
| 600 | -c "found renegotiation extension" \ |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 601 | -c "=> renegotiate" \ |
| 602 | -s "=> renegotiate" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 603 | -s "write hello request" |
| 604 | |
| 605 | run_test "Renegotiation #3 (enabled, double)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 606 | "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \ |
| 607 | "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 608 | 0 \ |
| 609 | -c "client hello, adding renegotiation extension" \ |
| 610 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 611 | -s "found renegotiation extension" \ |
| 612 | -s "server hello, secure renegotiation extension" \ |
| 613 | -c "found renegotiation extension" \ |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 614 | -c "=> renegotiate" \ |
| 615 | -s "=> renegotiate" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 616 | -s "write hello request" |
| 617 | |
| 618 | run_test "Renegotiation #4 (client-initiated, server-rejected)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 619 | "$P_SRV debug_level=4 exchanges=2 renegotiation=0" \ |
| 620 | "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 621 | 1 \ |
| 622 | -c "client hello, adding renegotiation extension" \ |
| 623 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 624 | -S "found renegotiation extension" \ |
| 625 | -s "server hello, secure renegotiation extension" \ |
| 626 | -c "found renegotiation extension" \ |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 627 | -c "=> renegotiate" \ |
| 628 | -S "=> renegotiate" \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 629 | -S "write hello request" \ |
Manuel Pégourié-Gonnard | 6591962 | 2014-08-19 12:50:30 +0200 | [diff] [blame] | 630 | -c "SSL - Unexpected message at ServerHello in renegotiation" \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 631 | -c "failed" |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 632 | |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 633 | run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 634 | "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \ |
| 635 | "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 636 | 0 \ |
| 637 | -C "client hello, adding renegotiation extension" \ |
| 638 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 639 | -S "found renegotiation extension" \ |
| 640 | -s "server hello, secure renegotiation extension" \ |
| 641 | -c "found renegotiation extension" \ |
Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 642 | -C "=> renegotiate" \ |
| 643 | -S "=> renegotiate" \ |
Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 644 | -s "write hello request" \ |
Manuel Pégourié-Gonnard | a9964db | 2014-07-03 19:29:16 +0200 | [diff] [blame] | 645 | -S "SSL - An unexpected message was received from our peer" \ |
| 646 | -S "failed" |
Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 647 | |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 648 | run_test "Renegotiation #6 (server-initiated, client-rejected, not enforced)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 649 | "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 650 | renego_delay=-1" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 651 | "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 652 | 0 \ |
| 653 | -C "client hello, adding renegotiation extension" \ |
| 654 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 655 | -S "found renegotiation extension" \ |
| 656 | -s "server hello, secure renegotiation extension" \ |
| 657 | -c "found renegotiation extension" \ |
| 658 | -C "=> renegotiate" \ |
| 659 | -S "=> renegotiate" \ |
| 660 | -s "write hello request" \ |
| 661 | -S "SSL - An unexpected message was received from our peer" \ |
| 662 | -S "failed" |
| 663 | |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 664 | # delay 2 for 1 alert record + 1 application data record |
| 665 | run_test "Renegotiation #7 (server-initiated, client-rejected, delay 2)" \ |
| 666 | "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \ |
| 667 | renego_delay=2" \ |
| 668 | "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 669 | 0 \ |
| 670 | -C "client hello, adding renegotiation extension" \ |
| 671 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 672 | -S "found renegotiation extension" \ |
| 673 | -s "server hello, secure renegotiation extension" \ |
| 674 | -c "found renegotiation extension" \ |
| 675 | -C "=> renegotiate" \ |
| 676 | -S "=> renegotiate" \ |
| 677 | -s "write hello request" \ |
| 678 | -S "SSL - An unexpected message was received from our peer" \ |
| 679 | -S "failed" |
| 680 | |
| 681 | run_test "Renegotiation #8 (server-initiated, client-rejected, delay 0)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 682 | "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 683 | renego_delay=0" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 684 | "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 685 | 0 \ |
| 686 | -C "client hello, adding renegotiation extension" \ |
| 687 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 688 | -S "found renegotiation extension" \ |
| 689 | -s "server hello, secure renegotiation extension" \ |
| 690 | -c "found renegotiation extension" \ |
| 691 | -C "=> renegotiate" \ |
| 692 | -S "=> renegotiate" \ |
| 693 | -s "write hello request" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 694 | -s "SSL - An unexpected message was received from our peer" |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 695 | |
| 696 | run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 697 | "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 698 | renego_delay=0" \ |
Manuel Pégourié-Gonnard | a8c0a0d | 2014-08-15 12:07:38 +0200 | [diff] [blame] | 699 | "$P_CLI debug_level=4 exchanges=2 renegotiation=1" \ |
Manuel Pégourié-Gonnard | fae355e | 2014-07-04 14:32:27 +0200 | [diff] [blame] | 700 | 0 \ |
| 701 | -c "client hello, adding renegotiation extension" \ |
| 702 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 703 | -s "found renegotiation extension" \ |
| 704 | -s "server hello, secure renegotiation extension" \ |
| 705 | -c "found renegotiation extension" \ |
| 706 | -c "=> renegotiate" \ |
| 707 | -s "=> renegotiate" \ |
| 708 | -s "write hello request" \ |
| 709 | -S "SSL - An unexpected message was received from our peer" \ |
| 710 | -S "failed" |
| 711 | |
Manuel Pégourié-Gonnard | f07f421 | 2014-08-15 19:04:47 +0200 | [diff] [blame^] | 712 | run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \ |
| 713 | "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \ |
| 714 | "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ |
| 715 | 0 \ |
| 716 | -c "client hello, adding renegotiation extension" \ |
| 717 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 718 | -s "found renegotiation extension" \ |
| 719 | -s "server hello, secure renegotiation extension" \ |
| 720 | -c "found renegotiation extension" \ |
| 721 | -c "=> renegotiate" \ |
| 722 | -s "=> renegotiate" \ |
| 723 | -S "write hello request" |
| 724 | |
| 725 | run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \ |
| 726 | "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ |
| 727 | "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \ |
| 728 | 0 \ |
| 729 | -c "client hello, adding renegotiation extension" \ |
| 730 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ |
| 731 | -s "found renegotiation extension" \ |
| 732 | -s "server hello, secure renegotiation extension" \ |
| 733 | -c "found renegotiation extension" \ |
| 734 | -c "=> renegotiate" \ |
| 735 | -s "=> renegotiate" \ |
| 736 | -s "write hello request" |
| 737 | |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 738 | # Tests for auth_mode |
| 739 | |
| 740 | run_test "Authentication #1 (server badcert, client required)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 741 | "$P_SRV crt_file=data_files/server5-badsign.crt \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 742 | key_file=data_files/server5.key" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 743 | "$P_CLI debug_level=2 auth_mode=required" \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 744 | 1 \ |
| 745 | -c "x509_verify_cert() returned" \ |
| 746 | -c "! self-signed or not signed by a trusted CA" \ |
| 747 | -c "! ssl_handshake returned" \ |
| 748 | -c "X509 - Certificate verification failed" |
| 749 | |
| 750 | run_test "Authentication #2 (server badcert, client optional)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 751 | "$P_SRV crt_file=data_files/server5-badsign.crt \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 752 | key_file=data_files/server5.key" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 753 | "$P_CLI debug_level=2 auth_mode=optional" \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 754 | 0 \ |
| 755 | -c "x509_verify_cert() returned" \ |
| 756 | -c "! self-signed or not signed by a trusted CA" \ |
| 757 | -C "! ssl_handshake returned" \ |
| 758 | -C "X509 - Certificate verification failed" |
| 759 | |
| 760 | run_test "Authentication #3 (server badcert, client none)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 761 | "$P_SRV crt_file=data_files/server5-badsign.crt \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 762 | key_file=data_files/server5.key" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 763 | "$P_CLI debug_level=2 auth_mode=none" \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 764 | 0 \ |
| 765 | -C "x509_verify_cert() returned" \ |
| 766 | -C "! self-signed or not signed by a trusted CA" \ |
| 767 | -C "! ssl_handshake returned" \ |
| 768 | -C "X509 - Certificate verification failed" |
| 769 | |
| 770 | run_test "Authentication #4 (client badcert, server required)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 771 | "$P_SRV debug_level=4 auth_mode=required" \ |
| 772 | "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 773 | key_file=data_files/server5.key" \ |
| 774 | 1 \ |
| 775 | -S "skip write certificate request" \ |
| 776 | -C "skip parse certificate request" \ |
| 777 | -c "got a certificate request" \ |
| 778 | -C "skip write certificate" \ |
| 779 | -C "skip write certificate verify" \ |
| 780 | -S "skip parse certificate verify" \ |
| 781 | -s "x509_verify_cert() returned" \ |
| 782 | -S "! self-signed or not signed by a trusted CA" \ |
| 783 | -s "! ssl_handshake returned" \ |
| 784 | -c "! ssl_handshake returned" \ |
| 785 | -s "X509 - Certificate verification failed" |
| 786 | |
| 787 | run_test "Authentication #5 (client badcert, server optional)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 788 | "$P_SRV debug_level=4 auth_mode=optional" \ |
| 789 | "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 790 | key_file=data_files/server5.key" \ |
| 791 | 0 \ |
| 792 | -S "skip write certificate request" \ |
| 793 | -C "skip parse certificate request" \ |
| 794 | -c "got a certificate request" \ |
| 795 | -C "skip write certificate" \ |
| 796 | -C "skip write certificate verify" \ |
| 797 | -S "skip parse certificate verify" \ |
| 798 | -s "x509_verify_cert() returned" \ |
| 799 | -s "! self-signed or not signed by a trusted CA" \ |
| 800 | -S "! ssl_handshake returned" \ |
| 801 | -C "! ssl_handshake returned" \ |
| 802 | -S "X509 - Certificate verification failed" |
| 803 | |
| 804 | run_test "Authentication #6 (client badcert, server none)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 805 | "$P_SRV debug_level=4 auth_mode=none" \ |
| 806 | "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \ |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 807 | key_file=data_files/server5.key" \ |
| 808 | 0 \ |
| 809 | -s "skip write certificate request" \ |
| 810 | -C "skip parse certificate request" \ |
| 811 | -c "got no certificate request" \ |
| 812 | -c "skip write certificate" \ |
| 813 | -c "skip write certificate verify" \ |
| 814 | -s "skip parse certificate verify" \ |
| 815 | -S "x509_verify_cert() returned" \ |
| 816 | -S "! self-signed or not signed by a trusted CA" \ |
| 817 | -S "! ssl_handshake returned" \ |
| 818 | -C "! ssl_handshake returned" \ |
| 819 | -S "X509 - Certificate verification failed" |
| 820 | |
Manuel Pégourié-Gonnard | de515cc | 2014-02-27 14:58:26 +0100 | [diff] [blame] | 821 | run_test "Authentication #7 (client no cert, server optional)" \ |
| 822 | "$P_SRV debug_level=4 auth_mode=optional" \ |
| 823 | "$P_CLI debug_level=4 crt_file=none key_file=none" \ |
| 824 | 0 \ |
| 825 | -S "skip write certificate request" \ |
| 826 | -C "skip parse certificate request" \ |
| 827 | -c "got a certificate request" \ |
| 828 | -C "skip write certificate$" \ |
| 829 | -C "got no certificate to send" \ |
| 830 | -S "SSLv3 client has no certificate" \ |
| 831 | -c "skip write certificate verify" \ |
| 832 | -s "skip parse certificate verify" \ |
| 833 | -s "! no client certificate sent" \ |
| 834 | -S "! ssl_handshake returned" \ |
| 835 | -C "! ssl_handshake returned" \ |
| 836 | -S "X509 - Certificate verification failed" |
| 837 | |
| 838 | run_test "Authentication #8 (openssl client no cert, server optional)" \ |
| 839 | "$P_SRV debug_level=4 auth_mode=optional" \ |
| 840 | "$O_CLI" \ |
| 841 | 0 \ |
| 842 | -S "skip write certificate request" \ |
| 843 | -s "skip parse certificate verify" \ |
| 844 | -s "! no client certificate sent" \ |
| 845 | -S "! ssl_handshake returned" \ |
| 846 | -S "X509 - Certificate verification failed" |
| 847 | |
| 848 | run_test "Authentication #9 (client no cert, openssl server optional)" \ |
| 849 | "$O_SRV -verify 10" \ |
| 850 | "$P_CLI debug_level=4 crt_file=none key_file=none" \ |
| 851 | 0 \ |
| 852 | -C "skip parse certificate request" \ |
| 853 | -c "got a certificate request" \ |
| 854 | -C "skip write certificate$" \ |
| 855 | -c "skip write certificate verify" \ |
| 856 | -C "! ssl_handshake returned" |
| 857 | |
| 858 | run_test "Authentication #10 (client no cert, ssl3)" \ |
| 859 | "$P_SRV debug_level=4 auth_mode=optional force_version=ssl3" \ |
| 860 | "$P_CLI debug_level=4 crt_file=none key_file=none" \ |
| 861 | 0 \ |
| 862 | -S "skip write certificate request" \ |
| 863 | -C "skip parse certificate request" \ |
| 864 | -c "got a certificate request" \ |
| 865 | -C "skip write certificate$" \ |
| 866 | -c "skip write certificate verify" \ |
| 867 | -c "got no certificate to send" \ |
| 868 | -s "SSLv3 client has no certificate" \ |
| 869 | -s "skip parse certificate verify" \ |
| 870 | -s "! no client certificate sent" \ |
| 871 | -S "! ssl_handshake returned" \ |
| 872 | -C "! ssl_handshake returned" \ |
| 873 | -S "X509 - Certificate verification failed" |
| 874 | |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 875 | # tests for SNI |
| 876 | |
| 877 | run_test "SNI #0 (no SNI callback)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 878 | "$P_SRV debug_level=4 server_addr=127.0.0.1 \ |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 879 | crt_file=data_files/server5.crt key_file=data_files/server5.key" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 880 | "$P_CLI debug_level=0 server_addr=127.0.0.1 \ |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 881 | server_name=localhost" \ |
| 882 | 0 \ |
| 883 | -S "parse ServerName extension" \ |
| 884 | -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ |
| 885 | -c "subject name *: C=NL, O=PolarSSL, CN=localhost" |
| 886 | |
| 887 | run_test "SNI #1 (matching cert 1)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 888 | "$P_SRV debug_level=4 server_addr=127.0.0.1 \ |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 889 | crt_file=data_files/server5.crt key_file=data_files/server5.key \ |
Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 890 | sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 891 | "$P_CLI debug_level=0 server_addr=127.0.0.1 \ |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 892 | server_name=localhost" \ |
| 893 | 0 \ |
| 894 | -s "parse ServerName extension" \ |
| 895 | -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ |
| 896 | -c "subject name *: C=NL, O=PolarSSL, CN=localhost" |
| 897 | |
| 898 | run_test "SNI #2 (matching cert 2)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 899 | "$P_SRV debug_level=4 server_addr=127.0.0.1 \ |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 900 | crt_file=data_files/server5.crt key_file=data_files/server5.key \ |
Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 901 | sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 902 | "$P_CLI debug_level=0 server_addr=127.0.0.1 \ |
Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 903 | server_name=polarssl.example" \ |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 904 | 0 \ |
| 905 | -s "parse ServerName extension" \ |
| 906 | -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ |
Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 907 | -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 908 | |
| 909 | run_test "SNI #3 (no matching cert)" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 910 | "$P_SRV debug_level=4 server_addr=127.0.0.1 \ |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 911 | crt_file=data_files/server5.crt key_file=data_files/server5.key \ |
Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 912 | sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \ |
Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 913 | "$P_CLI debug_level=0 server_addr=127.0.0.1 \ |
Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 914 | server_name=nonesuch.example" \ |
Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 915 | 1 \ |
| 916 | -s "parse ServerName extension" \ |
| 917 | -s "ssl_sni_wrapper() returned" \ |
| 918 | -s "ssl_handshake returned" \ |
| 919 | -c "ssl_handshake returned" \ |
| 920 | -c "SSL - A fatal alert message was received from our peer" |
| 921 | |
Manuel Pégourié-Gonnard | 0b6609b | 2014-02-26 14:45:12 +0100 | [diff] [blame] | 922 | # Tests for non-blocking I/O: exercise a variety of handshake flows |
| 923 | |
| 924 | run_test "Non-blocking I/O #1 (basic handshake)" \ |
| 925 | "$P_SRV nbio=2 tickets=0 auth_mode=none" \ |
| 926 | "$P_CLI nbio=2 tickets=0" \ |
| 927 | 0 \ |
| 928 | -S "ssl_handshake returned" \ |
| 929 | -C "ssl_handshake returned" \ |
| 930 | -c "Read from server: .* bytes read" |
| 931 | |
| 932 | run_test "Non-blocking I/O #2 (client auth)" \ |
| 933 | "$P_SRV nbio=2 tickets=0 auth_mode=required" \ |
| 934 | "$P_CLI nbio=2 tickets=0" \ |
| 935 | 0 \ |
| 936 | -S "ssl_handshake returned" \ |
| 937 | -C "ssl_handshake returned" \ |
| 938 | -c "Read from server: .* bytes read" |
| 939 | |
| 940 | run_test "Non-blocking I/O #3 (ticket)" \ |
| 941 | "$P_SRV nbio=2 tickets=1 auth_mode=none" \ |
| 942 | "$P_CLI nbio=2 tickets=1" \ |
| 943 | 0 \ |
| 944 | -S "ssl_handshake returned" \ |
| 945 | -C "ssl_handshake returned" \ |
| 946 | -c "Read from server: .* bytes read" |
| 947 | |
| 948 | run_test "Non-blocking I/O #4 (ticket + client auth)" \ |
| 949 | "$P_SRV nbio=2 tickets=1 auth_mode=required" \ |
| 950 | "$P_CLI nbio=2 tickets=1" \ |
| 951 | 0 \ |
| 952 | -S "ssl_handshake returned" \ |
| 953 | -C "ssl_handshake returned" \ |
| 954 | -c "Read from server: .* bytes read" |
| 955 | |
| 956 | run_test "Non-blocking I/O #5 (ticket + client auth + resume)" \ |
| 957 | "$P_SRV nbio=2 tickets=1 auth_mode=required" \ |
| 958 | "$P_CLI nbio=2 tickets=1 reconnect=1" \ |
| 959 | 0 \ |
| 960 | -S "ssl_handshake returned" \ |
| 961 | -C "ssl_handshake returned" \ |
| 962 | -c "Read from server: .* bytes read" |
| 963 | |
| 964 | run_test "Non-blocking I/O #6 (ticket + resume)" \ |
| 965 | "$P_SRV nbio=2 tickets=1 auth_mode=none" \ |
| 966 | "$P_CLI nbio=2 tickets=1 reconnect=1" \ |
| 967 | 0 \ |
| 968 | -S "ssl_handshake returned" \ |
| 969 | -C "ssl_handshake returned" \ |
| 970 | -c "Read from server: .* bytes read" |
| 971 | |
| 972 | run_test "Non-blocking I/O #7 (session-id resume)" \ |
| 973 | "$P_SRV nbio=2 tickets=0 auth_mode=none" \ |
| 974 | "$P_CLI nbio=2 tickets=0 reconnect=1" \ |
| 975 | 0 \ |
| 976 | -S "ssl_handshake returned" \ |
| 977 | -C "ssl_handshake returned" \ |
| 978 | -c "Read from server: .* bytes read" |
| 979 | |
Manuel Pégourié-Gonnard | f6521de | 2014-04-07 12:42:04 +0200 | [diff] [blame] | 980 | # Tests for version negotiation |
| 981 | |
Manuel Pégourié-Gonnard | a3d808e | 2014-02-26 16:33:03 +0100 | [diff] [blame] | 982 | run_test "Version check #1 (all -> 1.2)" \ |
| 983 | "$P_SRV" \ |
| 984 | "$P_CLI" \ |
| 985 | 0 \ |
| 986 | -S "ssl_handshake returned" \ |
| 987 | -C "ssl_handshake returned" \ |
| 988 | -s "Protocol is TLSv1.2" \ |
| 989 | -c "Protocol is TLSv1.2" |
| 990 | |
| 991 | run_test "Version check #2 (cli max 1.1 -> 1.1)" \ |
| 992 | "$P_SRV" \ |
| 993 | "$P_CLI max_version=tls1_1" \ |
| 994 | 0 \ |
| 995 | -S "ssl_handshake returned" \ |
| 996 | -C "ssl_handshake returned" \ |
| 997 | -s "Protocol is TLSv1.1" \ |
| 998 | -c "Protocol is TLSv1.1" |
| 999 | |
| 1000 | run_test "Version check #3 (srv max 1.1 -> 1.1)" \ |
| 1001 | "$P_SRV max_version=tls1_1" \ |
| 1002 | "$P_CLI" \ |
| 1003 | 0 \ |
| 1004 | -S "ssl_handshake returned" \ |
| 1005 | -C "ssl_handshake returned" \ |
| 1006 | -s "Protocol is TLSv1.1" \ |
| 1007 | -c "Protocol is TLSv1.1" |
| 1008 | |
| 1009 | run_test "Version check #4 (cli+srv max 1.1 -> 1.1)" \ |
| 1010 | "$P_SRV max_version=tls1_1" \ |
| 1011 | "$P_CLI max_version=tls1_1" \ |
| 1012 | 0 \ |
| 1013 | -S "ssl_handshake returned" \ |
| 1014 | -C "ssl_handshake returned" \ |
| 1015 | -s "Protocol is TLSv1.1" \ |
| 1016 | -c "Protocol is TLSv1.1" |
| 1017 | |
| 1018 | run_test "Version check #5 (cli max 1.1, srv min 1.1 -> 1.1)" \ |
| 1019 | "$P_SRV min_version=tls1_1" \ |
| 1020 | "$P_CLI max_version=tls1_1" \ |
| 1021 | 0 \ |
| 1022 | -S "ssl_handshake returned" \ |
| 1023 | -C "ssl_handshake returned" \ |
| 1024 | -s "Protocol is TLSv1.1" \ |
| 1025 | -c "Protocol is TLSv1.1" |
| 1026 | |
| 1027 | run_test "Version check #6 (cli min 1.1, srv max 1.1 -> 1.1)" \ |
| 1028 | "$P_SRV max_version=tls1_1" \ |
| 1029 | "$P_CLI min_version=tls1_1" \ |
| 1030 | 0 \ |
| 1031 | -S "ssl_handshake returned" \ |
| 1032 | -C "ssl_handshake returned" \ |
| 1033 | -s "Protocol is TLSv1.1" \ |
| 1034 | -c "Protocol is TLSv1.1" |
| 1035 | |
| 1036 | run_test "Version check #7 (cli min 1.2, srv max 1.1 -> fail)" \ |
| 1037 | "$P_SRV max_version=tls1_1" \ |
| 1038 | "$P_CLI min_version=tls1_2" \ |
| 1039 | 1 \ |
| 1040 | -s "ssl_handshake returned" \ |
| 1041 | -c "ssl_handshake returned" \ |
| 1042 | -c "SSL - Handshake protocol not within min/max boundaries" |
| 1043 | |
| 1044 | run_test "Version check #8 (srv min 1.2, cli max 1.1 -> fail)" \ |
| 1045 | "$P_SRV min_version=tls1_2" \ |
| 1046 | "$P_CLI max_version=tls1_1" \ |
| 1047 | 1 \ |
| 1048 | -s "ssl_handshake returned" \ |
| 1049 | -c "ssl_handshake returned" \ |
| 1050 | -s "SSL - Handshake protocol not within min/max boundaries" |
| 1051 | |
Manuel Pégourié-Gonnard | f6521de | 2014-04-07 12:42:04 +0200 | [diff] [blame] | 1052 | # Tests for ALPN extension |
| 1053 | |
Manuel Pégourié-Gonnard | 83d8c73 | 2014-04-07 13:24:21 +0200 | [diff] [blame] | 1054 | if grep '^#define POLARSSL_SSL_ALPN' $CONFIG_H >/dev/null; then |
| 1055 | |
Manuel Pégourié-Gonnard | f6521de | 2014-04-07 12:42:04 +0200 | [diff] [blame] | 1056 | run_test "ALPN #0 (none)" \ |
| 1057 | "$P_SRV debug_level=4" \ |
| 1058 | "$P_CLI debug_level=4" \ |
| 1059 | 0 \ |
| 1060 | -C "client hello, adding alpn extension" \ |
| 1061 | -S "found alpn extension" \ |
| 1062 | -C "got an alert message, type: \\[2:120]" \ |
| 1063 | -S "server hello, adding alpn extension" \ |
| 1064 | -C "found alpn extension " \ |
| 1065 | -C "Application Layer Protocol is" \ |
| 1066 | -S "Application Layer Protocol is" |
| 1067 | |
| 1068 | run_test "ALPN #1 (client only)" \ |
| 1069 | "$P_SRV debug_level=4" \ |
| 1070 | "$P_CLI debug_level=4 alpn=abc,1234" \ |
| 1071 | 0 \ |
| 1072 | -c "client hello, adding alpn extension" \ |
| 1073 | -s "found alpn extension" \ |
| 1074 | -C "got an alert message, type: \\[2:120]" \ |
| 1075 | -S "server hello, adding alpn extension" \ |
| 1076 | -C "found alpn extension " \ |
| 1077 | -c "Application Layer Protocol is (none)" \ |
| 1078 | -S "Application Layer Protocol is" |
| 1079 | |
| 1080 | run_test "ALPN #2 (server only)" \ |
| 1081 | "$P_SRV debug_level=4 alpn=abc,1234" \ |
| 1082 | "$P_CLI debug_level=4" \ |
| 1083 | 0 \ |
| 1084 | -C "client hello, adding alpn extension" \ |
| 1085 | -S "found alpn extension" \ |
| 1086 | -C "got an alert message, type: \\[2:120]" \ |
| 1087 | -S "server hello, adding alpn extension" \ |
| 1088 | -C "found alpn extension " \ |
| 1089 | -C "Application Layer Protocol is" \ |
| 1090 | -s "Application Layer Protocol is (none)" |
| 1091 | |
| 1092 | run_test "ALPN #3 (both, common cli1-srv1)" \ |
| 1093 | "$P_SRV debug_level=4 alpn=abc,1234" \ |
| 1094 | "$P_CLI debug_level=4 alpn=abc,1234" \ |
| 1095 | 0 \ |
| 1096 | -c "client hello, adding alpn extension" \ |
| 1097 | -s "found alpn extension" \ |
| 1098 | -C "got an alert message, type: \\[2:120]" \ |
| 1099 | -s "server hello, adding alpn extension" \ |
| 1100 | -c "found alpn extension" \ |
| 1101 | -c "Application Layer Protocol is abc" \ |
| 1102 | -s "Application Layer Protocol is abc" |
| 1103 | |
| 1104 | run_test "ALPN #4 (both, common cli2-srv1)" \ |
| 1105 | "$P_SRV debug_level=4 alpn=abc,1234" \ |
| 1106 | "$P_CLI debug_level=4 alpn=1234,abc" \ |
| 1107 | 0 \ |
| 1108 | -c "client hello, adding alpn extension" \ |
| 1109 | -s "found alpn extension" \ |
| 1110 | -C "got an alert message, type: \\[2:120]" \ |
| 1111 | -s "server hello, adding alpn extension" \ |
| 1112 | -c "found alpn extension" \ |
| 1113 | -c "Application Layer Protocol is abc" \ |
| 1114 | -s "Application Layer Protocol is abc" |
| 1115 | |
| 1116 | run_test "ALPN #5 (both, common cli1-srv2)" \ |
| 1117 | "$P_SRV debug_level=4 alpn=abc,1234" \ |
| 1118 | "$P_CLI debug_level=4 alpn=1234,abcde" \ |
| 1119 | 0 \ |
| 1120 | -c "client hello, adding alpn extension" \ |
| 1121 | -s "found alpn extension" \ |
| 1122 | -C "got an alert message, type: \\[2:120]" \ |
| 1123 | -s "server hello, adding alpn extension" \ |
| 1124 | -c "found alpn extension" \ |
| 1125 | -c "Application Layer Protocol is 1234" \ |
| 1126 | -s "Application Layer Protocol is 1234" |
| 1127 | |
| 1128 | run_test "ALPN #6 (both, no common)" \ |
| 1129 | "$P_SRV debug_level=4 alpn=abc,123" \ |
| 1130 | "$P_CLI debug_level=4 alpn=1234,abcde" \ |
| 1131 | 1 \ |
| 1132 | -c "client hello, adding alpn extension" \ |
| 1133 | -s "found alpn extension" \ |
| 1134 | -c "got an alert message, type: \\[2:120]" \ |
| 1135 | -S "server hello, adding alpn extension" \ |
| 1136 | -C "found alpn extension" \ |
| 1137 | -C "Application Layer Protocol is 1234" \ |
| 1138 | -S "Application Layer Protocol is 1234" |
| 1139 | |
Manuel Pégourié-Gonnard | 83d8c73 | 2014-04-07 13:24:21 +0200 | [diff] [blame] | 1140 | fi |
| 1141 | |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1142 | # Tests for keyUsage in leaf certificates, part 1: |
| 1143 | # server-side certificate/suite selection |
| 1144 | |
Manuel Pégourié-Gonnard | 17cde5f | 2014-05-22 14:42:39 +0200 | [diff] [blame] | 1145 | run_test "keyUsage srv #1 (RSA, digitalSignature -> (EC)DHE-RSA)" \ |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1146 | "$P_SRV key_file=data_files/server2.key \ |
| 1147 | crt_file=data_files/server2.ku-ds.crt" \ |
| 1148 | "$P_CLI" \ |
| 1149 | 0 \ |
Manuel Pégourié-Gonnard | 17cde5f | 2014-05-22 14:42:39 +0200 | [diff] [blame] | 1150 | -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1151 | |
| 1152 | |
| 1153 | run_test "keyUsage srv #2 (RSA, keyEncipherment -> RSA)" \ |
| 1154 | "$P_SRV key_file=data_files/server2.key \ |
| 1155 | crt_file=data_files/server2.ku-ke.crt" \ |
| 1156 | "$P_CLI" \ |
| 1157 | 0 \ |
| 1158 | -c "Ciphersuite is TLS-RSA-WITH-" |
| 1159 | |
| 1160 | # add psk to leave an option for client to send SERVERQUIT |
| 1161 | run_test "keyUsage srv #3 (RSA, keyAgreement -> fail)" \ |
| 1162 | "$P_SRV psk=abc123 key_file=data_files/server2.key \ |
| 1163 | crt_file=data_files/server2.ku-ka.crt" \ |
| 1164 | "$P_CLI psk=badbad" \ |
| 1165 | 1 \ |
| 1166 | -C "Ciphersuite is " |
| 1167 | |
| 1168 | run_test "keyUsage srv #4 (ECDSA, digitalSignature -> ECDHE-ECDSA)" \ |
| 1169 | "$P_SRV key_file=data_files/server5.key \ |
| 1170 | crt_file=data_files/server5.ku-ds.crt" \ |
| 1171 | "$P_CLI" \ |
| 1172 | 0 \ |
| 1173 | -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" |
| 1174 | |
| 1175 | |
| 1176 | run_test "keyUsage srv #5 (ECDSA, keyAgreement -> ECDH-)" \ |
| 1177 | "$P_SRV key_file=data_files/server5.key \ |
| 1178 | crt_file=data_files/server5.ku-ka.crt" \ |
| 1179 | "$P_CLI" \ |
| 1180 | 0 \ |
| 1181 | -c "Ciphersuite is TLS-ECDH-" |
| 1182 | |
| 1183 | # add psk to leave an option for client to send SERVERQUIT |
| 1184 | run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \ |
| 1185 | "$P_SRV psk=abc123 key_file=data_files/server5.key \ |
| 1186 | crt_file=data_files/server5.ku-ke.crt" \ |
| 1187 | "$P_CLI psk=badbad" \ |
| 1188 | 1 \ |
| 1189 | -C "Ciphersuite is " |
| 1190 | |
| 1191 | # Tests for keyUsage in leaf certificates, part 2: |
Manuel Pégourié-Gonnard | a9db85d | 2014-04-09 14:53:05 +0200 | [diff] [blame] | 1192 | # client-side checking of server cert |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1193 | |
| 1194 | run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \ |
| 1195 | "$O_SRV -key data_files/server2.key \ |
| 1196 | -cert data_files/server2.ku-ds_ke.crt" \ |
| 1197 | "$P_CLI debug_level=2 \ |
| 1198 | force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ |
| 1199 | 0 \ |
Manuel Pégourié-Gonnard | a9db85d | 2014-04-09 14:53:05 +0200 | [diff] [blame] | 1200 | -C "bad certificate (usage extensions)" \ |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1201 | -C "Processing of the Certificate handshake message failed" \ |
| 1202 | -c "Ciphersuite is TLS-" |
| 1203 | |
| 1204 | run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \ |
| 1205 | "$O_SRV -key data_files/server2.key \ |
| 1206 | -cert data_files/server2.ku-ds_ke.crt" \ |
| 1207 | "$P_CLI debug_level=2 \ |
| 1208 | force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ |
| 1209 | 0 \ |
Manuel Pégourié-Gonnard | a9db85d | 2014-04-09 14:53:05 +0200 | [diff] [blame] | 1210 | -C "bad certificate (usage extensions)" \ |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1211 | -C "Processing of the Certificate handshake message failed" \ |
| 1212 | -c "Ciphersuite is TLS-" |
| 1213 | |
| 1214 | run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \ |
| 1215 | "$O_SRV -key data_files/server2.key \ |
| 1216 | -cert data_files/server2.ku-ke.crt" \ |
| 1217 | "$P_CLI debug_level=2 \ |
| 1218 | force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ |
| 1219 | 0 \ |
Manuel Pégourié-Gonnard | a9db85d | 2014-04-09 14:53:05 +0200 | [diff] [blame] | 1220 | -C "bad certificate (usage extensions)" \ |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1221 | -C "Processing of the Certificate handshake message failed" \ |
| 1222 | -c "Ciphersuite is TLS-" |
| 1223 | |
| 1224 | run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \ |
| 1225 | "$O_SRV -key data_files/server2.key \ |
| 1226 | -cert data_files/server2.ku-ke.crt" \ |
| 1227 | "$P_CLI debug_level=2 \ |
| 1228 | force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ |
| 1229 | 1 \ |
Manuel Pégourié-Gonnard | a9db85d | 2014-04-09 14:53:05 +0200 | [diff] [blame] | 1230 | -c "bad certificate (usage extensions)" \ |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1231 | -c "Processing of the Certificate handshake message failed" \ |
| 1232 | -C "Ciphersuite is TLS-" |
| 1233 | |
| 1234 | run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \ |
| 1235 | "$O_SRV -key data_files/server2.key \ |
| 1236 | -cert data_files/server2.ku-ds.crt" \ |
| 1237 | "$P_CLI debug_level=2 \ |
| 1238 | force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ |
| 1239 | 0 \ |
Manuel Pégourié-Gonnard | a9db85d | 2014-04-09 14:53:05 +0200 | [diff] [blame] | 1240 | -C "bad certificate (usage extensions)" \ |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1241 | -C "Processing of the Certificate handshake message failed" \ |
| 1242 | -c "Ciphersuite is TLS-" |
| 1243 | |
| 1244 | run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \ |
| 1245 | "$O_SRV -key data_files/server2.key \ |
| 1246 | -cert data_files/server2.ku-ds.crt" \ |
| 1247 | "$P_CLI debug_level=2 \ |
| 1248 | force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ |
| 1249 | 1 \ |
Manuel Pégourié-Gonnard | a9db85d | 2014-04-09 14:53:05 +0200 | [diff] [blame] | 1250 | -c "bad certificate (usage extensions)" \ |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 1251 | -c "Processing of the Certificate handshake message failed" \ |
| 1252 | -C "Ciphersuite is TLS-" |
| 1253 | |
Manuel Pégourié-Gonnard | a9db85d | 2014-04-09 14:53:05 +0200 | [diff] [blame] | 1254 | # Tests for keyUsage in leaf certificates, part 3: |
| 1255 | # server-side checking of client cert |
| 1256 | |
| 1257 | run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \ |
| 1258 | "$P_SRV debug_level=2 auth_mode=optional" \ |
| 1259 | "$O_CLI -key data_files/server2.key \ |
| 1260 | -cert data_files/server2.ku-ds.crt" \ |
| 1261 | 0 \ |
| 1262 | -S "bad certificate (usage extensions)" \ |
| 1263 | -S "Processing of the Certificate handshake message failed" |
| 1264 | |
| 1265 | run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \ |
| 1266 | "$P_SRV debug_level=2 auth_mode=optional" \ |
| 1267 | "$O_CLI -key data_files/server2.key \ |
| 1268 | -cert data_files/server2.ku-ke.crt" \ |
| 1269 | 0 \ |
| 1270 | -s "bad certificate (usage extensions)" \ |
| 1271 | -S "Processing of the Certificate handshake message failed" |
| 1272 | |
| 1273 | run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \ |
| 1274 | "$P_SRV debug_level=2 auth_mode=required" \ |
| 1275 | "$O_CLI -key data_files/server2.key \ |
| 1276 | -cert data_files/server2.ku-ke.crt" \ |
| 1277 | 1 \ |
| 1278 | -s "bad certificate (usage extensions)" \ |
| 1279 | -s "Processing of the Certificate handshake message failed" |
| 1280 | |
| 1281 | run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \ |
| 1282 | "$P_SRV debug_level=2 auth_mode=optional" \ |
| 1283 | "$O_CLI -key data_files/server5.key \ |
| 1284 | -cert data_files/server5.ku-ds.crt" \ |
| 1285 | 0 \ |
| 1286 | -S "bad certificate (usage extensions)" \ |
| 1287 | -S "Processing of the Certificate handshake message failed" |
| 1288 | |
| 1289 | run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \ |
| 1290 | "$P_SRV debug_level=2 auth_mode=optional" \ |
| 1291 | "$O_CLI -key data_files/server5.key \ |
| 1292 | -cert data_files/server5.ku-ka.crt" \ |
| 1293 | 0 \ |
| 1294 | -s "bad certificate (usage extensions)" \ |
| 1295 | -S "Processing of the Certificate handshake message failed" |
| 1296 | |
Manuel Pégourié-Gonnard | 0408fd1 | 2014-04-11 11:06:22 +0200 | [diff] [blame] | 1297 | # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection |
| 1298 | |
| 1299 | run_test "extKeyUsage srv #1 (serverAuth -> OK)" \ |
| 1300 | "$P_SRV key_file=data_files/server5.key \ |
| 1301 | crt_file=data_files/server5.eku-srv.crt" \ |
| 1302 | "$P_CLI" \ |
| 1303 | 0 |
| 1304 | |
| 1305 | run_test "extKeyUsage srv #2 (serverAuth,clientAuth -> OK)" \ |
| 1306 | "$P_SRV key_file=data_files/server5.key \ |
| 1307 | crt_file=data_files/server5.eku-srv.crt" \ |
| 1308 | "$P_CLI" \ |
| 1309 | 0 |
| 1310 | |
| 1311 | run_test "extKeyUsage srv #3 (codeSign,anyEKU -> OK)" \ |
| 1312 | "$P_SRV key_file=data_files/server5.key \ |
| 1313 | crt_file=data_files/server5.eku-cs_any.crt" \ |
| 1314 | "$P_CLI" \ |
| 1315 | 0 |
| 1316 | |
| 1317 | # add psk to leave an option for client to send SERVERQUIT |
| 1318 | run_test "extKeyUsage srv #4 (codeSign -> fail)" \ |
| 1319 | "$P_SRV psk=abc123 key_file=data_files/server5.key \ |
| 1320 | crt_file=data_files/server5.eku-cli.crt" \ |
| 1321 | "$P_CLI psk=badbad" \ |
| 1322 | 1 |
| 1323 | |
| 1324 | # Tests for extendedKeyUsage, part 2: client-side checking of server cert |
| 1325 | |
| 1326 | run_test "extKeyUsage cli #1 (serverAuth -> OK)" \ |
| 1327 | "$O_SRV -key data_files/server5.key \ |
| 1328 | -cert data_files/server5.eku-srv.crt" \ |
| 1329 | "$P_CLI debug_level=2" \ |
| 1330 | 0 \ |
| 1331 | -C "bad certificate (usage extensions)" \ |
| 1332 | -C "Processing of the Certificate handshake message failed" \ |
| 1333 | -c "Ciphersuite is TLS-" |
| 1334 | |
| 1335 | run_test "extKeyUsage cli #2 (serverAuth,clientAuth -> OK)" \ |
| 1336 | "$O_SRV -key data_files/server5.key \ |
| 1337 | -cert data_files/server5.eku-srv_cli.crt" \ |
| 1338 | "$P_CLI debug_level=2" \ |
| 1339 | 0 \ |
| 1340 | -C "bad certificate (usage extensions)" \ |
| 1341 | -C "Processing of the Certificate handshake message failed" \ |
| 1342 | -c "Ciphersuite is TLS-" |
| 1343 | |
| 1344 | run_test "extKeyUsage cli #3 (codeSign,anyEKU -> OK)" \ |
| 1345 | "$O_SRV -key data_files/server5.key \ |
| 1346 | -cert data_files/server5.eku-cs_any.crt" \ |
| 1347 | "$P_CLI debug_level=2" \ |
| 1348 | 0 \ |
| 1349 | -C "bad certificate (usage extensions)" \ |
| 1350 | -C "Processing of the Certificate handshake message failed" \ |
| 1351 | -c "Ciphersuite is TLS-" |
| 1352 | |
| 1353 | run_test "extKeyUsage cli #4 (codeSign -> fail)" \ |
| 1354 | "$O_SRV -key data_files/server5.key \ |
| 1355 | -cert data_files/server5.eku-cs.crt" \ |
| 1356 | "$P_CLI debug_level=2" \ |
| 1357 | 1 \ |
| 1358 | -c "bad certificate (usage extensions)" \ |
| 1359 | -c "Processing of the Certificate handshake message failed" \ |
| 1360 | -C "Ciphersuite is TLS-" |
| 1361 | |
| 1362 | # Tests for extendedKeyUsage, part 3: server-side checking of client cert |
| 1363 | |
| 1364 | run_test "extKeyUsage cli-auth #1 (clientAuth -> OK)" \ |
| 1365 | "$P_SRV debug_level=2 auth_mode=optional" \ |
| 1366 | "$O_CLI -key data_files/server5.key \ |
| 1367 | -cert data_files/server5.eku-cli.crt" \ |
| 1368 | 0 \ |
| 1369 | -S "bad certificate (usage extensions)" \ |
| 1370 | -S "Processing of the Certificate handshake message failed" |
| 1371 | |
| 1372 | run_test "extKeyUsage cli-auth #2 (serverAuth,clientAuth -> OK)" \ |
| 1373 | "$P_SRV debug_level=2 auth_mode=optional" \ |
| 1374 | "$O_CLI -key data_files/server5.key \ |
| 1375 | -cert data_files/server5.eku-srv_cli.crt" \ |
| 1376 | 0 \ |
| 1377 | -S "bad certificate (usage extensions)" \ |
| 1378 | -S "Processing of the Certificate handshake message failed" |
| 1379 | |
| 1380 | run_test "extKeyUsage cli-auth #3 (codeSign,anyEKU -> OK)" \ |
| 1381 | "$P_SRV debug_level=2 auth_mode=optional" \ |
| 1382 | "$O_CLI -key data_files/server5.key \ |
| 1383 | -cert data_files/server5.eku-cs_any.crt" \ |
| 1384 | 0 \ |
| 1385 | -S "bad certificate (usage extensions)" \ |
| 1386 | -S "Processing of the Certificate handshake message failed" |
| 1387 | |
| 1388 | run_test "extKeyUsage cli-auth #4 (codeSign -> fail (soft))" \ |
| 1389 | "$P_SRV debug_level=2 auth_mode=optional" \ |
| 1390 | "$O_CLI -key data_files/server5.key \ |
| 1391 | -cert data_files/server5.eku-cs.crt" \ |
| 1392 | 0 \ |
| 1393 | -s "bad certificate (usage extensions)" \ |
| 1394 | -S "Processing of the Certificate handshake message failed" |
| 1395 | |
| 1396 | run_test "extKeyUsage cli-auth #4b (codeSign -> fail (hard))" \ |
| 1397 | "$P_SRV debug_level=2 auth_mode=required" \ |
| 1398 | "$O_CLI -key data_files/server5.key \ |
| 1399 | -cert data_files/server5.eku-cs.crt" \ |
| 1400 | 1 \ |
| 1401 | -s "bad certificate (usage extensions)" \ |
| 1402 | -s "Processing of the Certificate handshake message failed" |
| 1403 | |
Manuel Pégourié-Gonnard | 0cc7e31 | 2014-06-09 11:36:47 +0200 | [diff] [blame] | 1404 | # Tests for DHM parameters loading |
| 1405 | |
| 1406 | run_test "DHM parameters #0 (reference)" \ |
| 1407 | "$P_SRV" \ |
| 1408 | "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ |
| 1409 | debug_level=3" \ |
| 1410 | 0 \ |
| 1411 | -c "value of 'DHM: P ' (2048 bits)" \ |
| 1412 | -c "value of 'DHM: G ' (2048 bits)" |
| 1413 | |
| 1414 | run_test "DHM parameters #1 (other parameters)" \ |
| 1415 | "$P_SRV dhm_file=data_files/dhparams.pem" \ |
| 1416 | "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ |
| 1417 | debug_level=3" \ |
| 1418 | 0 \ |
| 1419 | -c "value of 'DHM: P ' (1024 bits)" \ |
| 1420 | -c "value of 'DHM: G ' (2 bits)" |
| 1421 | |
Manuel Pégourié-Gonnard | a6781c9 | 2014-06-10 15:00:46 +0200 | [diff] [blame] | 1422 | # Tests for PSK callback |
| 1423 | |
Manuel Pégourié-Gonnard | 10c3c9f | 2014-06-10 15:28:52 +0200 | [diff] [blame] | 1424 | run_test "PSK callback #0a (psk, no callback)" \ |
Manuel Pégourié-Gonnard | a6781c9 | 2014-06-10 15:00:46 +0200 | [diff] [blame] | 1425 | "$P_SRV psk=abc123 psk_identity=foo" \ |
| 1426 | "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ |
| 1427 | psk_identity=foo psk=abc123" \ |
| 1428 | 0 \ |
Manuel Pégourié-Gonnard | 10c3c9f | 2014-06-10 15:28:52 +0200 | [diff] [blame] | 1429 | -S "SSL - The server has no ciphersuites in common" \ |
| 1430 | -S "SSL - Unknown identity received" \ |
| 1431 | -S "SSL - Verification of the message MAC failed" |
| 1432 | |
| 1433 | run_test "PSK callback #0b (no psk, no callback)" \ |
| 1434 | "$P_SRV" \ |
| 1435 | "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ |
| 1436 | psk_identity=foo psk=abc123" \ |
| 1437 | 1 \ |
| 1438 | -s "SSL - The server has no ciphersuites in common" \ |
Manuel Pégourié-Gonnard | a6781c9 | 2014-06-10 15:00:46 +0200 | [diff] [blame] | 1439 | -S "SSL - Unknown identity received" \ |
| 1440 | -S "SSL - Verification of the message MAC failed" |
| 1441 | |
| 1442 | run_test "PSK callback #1 (callback overrides other settings)" \ |
| 1443 | "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ |
| 1444 | "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ |
| 1445 | psk_identity=foo psk=abc123" \ |
| 1446 | 1 \ |
Manuel Pégourié-Gonnard | 10c3c9f | 2014-06-10 15:28:52 +0200 | [diff] [blame] | 1447 | -S "SSL - The server has no ciphersuites in common" \ |
Manuel Pégourié-Gonnard | a6781c9 | 2014-06-10 15:00:46 +0200 | [diff] [blame] | 1448 | -s "SSL - Unknown identity received" \ |
| 1449 | -S "SSL - Verification of the message MAC failed" |
| 1450 | |
| 1451 | run_test "PSK callback #2 (first id matches)" \ |
| 1452 | "$P_SRV psk_list=abc,dead,def,beef" \ |
| 1453 | "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ |
| 1454 | psk_identity=abc psk=dead" \ |
| 1455 | 0 \ |
Manuel Pégourié-Gonnard | 10c3c9f | 2014-06-10 15:28:52 +0200 | [diff] [blame] | 1456 | -S "SSL - The server has no ciphersuites in common" \ |
Manuel Pégourié-Gonnard | a6781c9 | 2014-06-10 15:00:46 +0200 | [diff] [blame] | 1457 | -S "SSL - Unknown identity received" \ |
| 1458 | -S "SSL - Verification of the message MAC failed" |
| 1459 | |
| 1460 | run_test "PSK callback #3 (second id matches)" \ |
| 1461 | "$P_SRV psk_list=abc,dead,def,beef" \ |
| 1462 | "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ |
| 1463 | psk_identity=def psk=beef" \ |
| 1464 | 0 \ |
Manuel Pégourié-Gonnard | 10c3c9f | 2014-06-10 15:28:52 +0200 | [diff] [blame] | 1465 | -S "SSL - The server has no ciphersuites in common" \ |
Manuel Pégourié-Gonnard | a6781c9 | 2014-06-10 15:00:46 +0200 | [diff] [blame] | 1466 | -S "SSL - Unknown identity received" \ |
| 1467 | -S "SSL - Verification of the message MAC failed" |
| 1468 | |
| 1469 | run_test "PSK callback #4 (no match)" \ |
| 1470 | "$P_SRV psk_list=abc,dead,def,beef" \ |
| 1471 | "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ |
| 1472 | psk_identity=ghi psk=beef" \ |
| 1473 | 1 \ |
Manuel Pégourié-Gonnard | 10c3c9f | 2014-06-10 15:28:52 +0200 | [diff] [blame] | 1474 | -S "SSL - The server has no ciphersuites in common" \ |
Manuel Pégourié-Gonnard | a6781c9 | 2014-06-10 15:00:46 +0200 | [diff] [blame] | 1475 | -s "SSL - Unknown identity received" \ |
| 1476 | -S "SSL - Verification of the message MAC failed" |
| 1477 | |
| 1478 | run_test "PSK callback #5 (wrong key)" \ |
| 1479 | "$P_SRV psk_list=abc,dead,def,beef" \ |
| 1480 | "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ |
| 1481 | psk_identity=abc psk=beef" \ |
| 1482 | 1 \ |
Manuel Pégourié-Gonnard | 10c3c9f | 2014-06-10 15:28:52 +0200 | [diff] [blame] | 1483 | -S "SSL - The server has no ciphersuites in common" \ |
Manuel Pégourié-Gonnard | a6781c9 | 2014-06-10 15:00:46 +0200 | [diff] [blame] | 1484 | -S "SSL - Unknown identity received" \ |
| 1485 | -s "SSL - Verification of the message MAC failed" |
Manuel Pégourié-Gonnard | 0cc7e31 | 2014-06-09 11:36:47 +0200 | [diff] [blame] | 1486 | |
Manuel Pégourié-Gonnard | 90805a8 | 2014-06-11 14:06:01 +0200 | [diff] [blame] | 1487 | # Tests for ciphersuites per version |
| 1488 | |
| 1489 | run_test "Per-version suites #1" \ |
| 1490 | "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ |
| 1491 | "$P_CLI force_version=ssl3" \ |
| 1492 | 0 \ |
| 1493 | -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" |
| 1494 | |
| 1495 | run_test "Per-version suites #2" \ |
| 1496 | "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ |
| 1497 | "$P_CLI force_version=tls1" \ |
| 1498 | 0 \ |
| 1499 | -c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA" |
| 1500 | |
| 1501 | run_test "Per-version suites #3" \ |
| 1502 | "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ |
| 1503 | "$P_CLI force_version=tls1_1" \ |
| 1504 | 0 \ |
| 1505 | -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" |
| 1506 | |
| 1507 | run_test "Per-version suites #4" \ |
| 1508 | "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ |
| 1509 | "$P_CLI force_version=tls1_2" \ |
| 1510 | 0 \ |
| 1511 | -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" |
| 1512 | |
Manuel Pégourié-Gonnard | 95c0a63 | 2014-06-11 18:32:36 +0200 | [diff] [blame] | 1513 | # Tests for ssl_get_bytes_avail() |
| 1514 | |
| 1515 | run_test "ssl_get_bytes_avail #1 (no extra data)" \ |
| 1516 | "$P_SRV" \ |
| 1517 | "$P_CLI request_size=100" \ |
| 1518 | 0 \ |
| 1519 | -s "Read from client: 100 bytes read$" |
| 1520 | |
| 1521 | run_test "ssl_get_bytes_avail #2 (extra data)" \ |
| 1522 | "$P_SRV" \ |
| 1523 | "$P_CLI request_size=500" \ |
| 1524 | 0 \ |
| 1525 | -s "Read from client: 500 bytes read (.*+.*)" |
Manuel Pégourié-Gonnard | 90805a8 | 2014-06-11 14:06:01 +0200 | [diff] [blame] | 1526 | |
Manuel Pégourié-Gonnard | ee41503 | 2014-06-18 15:08:56 +0200 | [diff] [blame] | 1527 | # Tests for small packets |
| 1528 | |
| 1529 | run_test "Small packet SSLv3 BlockCipher" \ |
| 1530 | "$P_SRV" \ |
| 1531 | "$P_CLI request_size=1 force_version=ssl3 \ |
| 1532 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ |
| 1533 | 0 \ |
| 1534 | -s "Read from client: 1 bytes read" |
| 1535 | |
| 1536 | run_test "Small packet SSLv3 StreamCipher" \ |
| 1537 | "$P_SRV" \ |
| 1538 | "$P_CLI request_size=1 force_version=ssl3 \ |
| 1539 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ |
| 1540 | 0 \ |
| 1541 | -s "Read from client: 1 bytes read" |
| 1542 | |
| 1543 | run_test "Small packet TLS 1.0 BlockCipher" \ |
| 1544 | "$P_SRV" \ |
| 1545 | "$P_CLI request_size=1 force_version=tls1 \ |
| 1546 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ |
| 1547 | 0 \ |
| 1548 | -s "Read from client: 1 bytes read" |
| 1549 | |
| 1550 | run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \ |
| 1551 | "$P_SRV" \ |
| 1552 | "$P_CLI request_size=1 force_version=tls1 \ |
| 1553 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ |
| 1554 | trunc_hmac=1" \ |
| 1555 | 0 \ |
| 1556 | -s "Read from client: 1 bytes read" |
| 1557 | |
| 1558 | run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \ |
| 1559 | "$P_SRV" \ |
| 1560 | "$P_CLI request_size=1 force_version=tls1 \ |
| 1561 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ |
| 1562 | trunc_hmac=1" \ |
| 1563 | 0 \ |
| 1564 | -s "Read from client: 1 bytes read" |
| 1565 | |
| 1566 | run_test "Small packet TLS 1.1 BlockCipher" \ |
| 1567 | "$P_SRV" \ |
| 1568 | "$P_CLI request_size=1 force_version=tls1_1 \ |
| 1569 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ |
| 1570 | 0 \ |
| 1571 | -s "Read from client: 1 bytes read" |
| 1572 | |
| 1573 | run_test "Small packet TLS 1.1 StreamCipher" \ |
| 1574 | "$P_SRV" \ |
| 1575 | "$P_CLI request_size=1 force_version=tls1_1 \ |
| 1576 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ |
| 1577 | 0 \ |
| 1578 | -s "Read from client: 1 bytes read" |
| 1579 | |
| 1580 | run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \ |
| 1581 | "$P_SRV" \ |
| 1582 | "$P_CLI request_size=1 force_version=tls1_1 \ |
| 1583 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ |
| 1584 | trunc_hmac=1" \ |
| 1585 | 0 \ |
| 1586 | -s "Read from client: 1 bytes read" |
| 1587 | |
| 1588 | run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \ |
| 1589 | "$P_SRV" \ |
| 1590 | "$P_CLI request_size=1 force_version=tls1_1 \ |
| 1591 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ |
| 1592 | trunc_hmac=1" \ |
| 1593 | 0 \ |
| 1594 | -s "Read from client: 1 bytes read" |
| 1595 | |
| 1596 | run_test "Small packet TLS 1.2 BlockCipher" \ |
| 1597 | "$P_SRV" \ |
| 1598 | "$P_CLI request_size=1 force_version=tls1_2 \ |
| 1599 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ |
| 1600 | 0 \ |
| 1601 | -s "Read from client: 1 bytes read" |
| 1602 | |
| 1603 | run_test "Small packet TLS 1.2 BlockCipher larger MAC" \ |
| 1604 | "$P_SRV" \ |
| 1605 | "$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ |
| 1606 | 0 \ |
| 1607 | -s "Read from client: 1 bytes read" |
| 1608 | |
| 1609 | run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \ |
| 1610 | "$P_SRV" \ |
| 1611 | "$P_CLI request_size=1 force_version=tls1_2 \ |
| 1612 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ |
| 1613 | trunc_hmac=1" \ |
| 1614 | 0 \ |
| 1615 | -s "Read from client: 1 bytes read" |
| 1616 | |
| 1617 | run_test "Small packet TLS 1.2 StreamCipher" \ |
| 1618 | "$P_SRV" \ |
| 1619 | "$P_CLI request_size=1 force_version=tls1_2 \ |
| 1620 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ |
| 1621 | 0 \ |
| 1622 | -s "Read from client: 1 bytes read" |
| 1623 | |
| 1624 | run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \ |
| 1625 | "$P_SRV" \ |
| 1626 | "$P_CLI request_size=1 force_version=tls1_2 \ |
| 1627 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ |
| 1628 | trunc_hmac=1" \ |
| 1629 | 0 \ |
| 1630 | -s "Read from client: 1 bytes read" |
| 1631 | |
| 1632 | run_test "Small packet TLS 1.2 AEAD" \ |
| 1633 | "$P_SRV" \ |
| 1634 | "$P_CLI request_size=1 force_version=tls1_2 \ |
| 1635 | force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ |
| 1636 | 0 \ |
| 1637 | -s "Read from client: 1 bytes read" |
| 1638 | |
| 1639 | run_test "Small packet TLS 1.2 AEAD shorter tag" \ |
| 1640 | "$P_SRV" \ |
| 1641 | "$P_CLI request_size=1 force_version=tls1_2 \ |
| 1642 | force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ |
| 1643 | 0 \ |
| 1644 | -s "Read from client: 1 bytes read" |
| 1645 | |
Manuel Pégourié-Gonnard | 8920f69 | 2014-06-18 22:05:08 +0200 | [diff] [blame] | 1646 | # Test for large packets |
| 1647 | |
| 1648 | run_test "Large packet SSLv3 BlockCipher" \ |
| 1649 | "$P_SRV" \ |
| 1650 | "$P_CLI request_size=16384 force_version=ssl3 \ |
| 1651 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ |
| 1652 | 0 \ |
| 1653 | -s "Read from client: 16384 bytes read" |
| 1654 | |
| 1655 | run_test "Large packet SSLv3 StreamCipher" \ |
| 1656 | "$P_SRV" \ |
| 1657 | "$P_CLI request_size=16384 force_version=ssl3 \ |
| 1658 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ |
| 1659 | 0 \ |
| 1660 | -s "Read from client: 16384 bytes read" |
| 1661 | |
| 1662 | run_test "Large packet TLS 1.0 BlockCipher" \ |
| 1663 | "$P_SRV" \ |
| 1664 | "$P_CLI request_size=16384 force_version=tls1 \ |
| 1665 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ |
| 1666 | 0 \ |
| 1667 | -s "Read from client: 16384 bytes read" |
| 1668 | |
| 1669 | run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ |
| 1670 | "$P_SRV" \ |
| 1671 | "$P_CLI request_size=16384 force_version=tls1 \ |
| 1672 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ |
| 1673 | trunc_hmac=1" \ |
| 1674 | 0 \ |
| 1675 | -s "Read from client: 16384 bytes read" |
| 1676 | |
| 1677 | run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ |
| 1678 | "$P_SRV" \ |
| 1679 | "$P_CLI request_size=16384 force_version=tls1 \ |
| 1680 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ |
| 1681 | trunc_hmac=1" \ |
| 1682 | 0 \ |
| 1683 | -s "Read from client: 16384 bytes read" |
| 1684 | |
| 1685 | run_test "Large packet TLS 1.1 BlockCipher" \ |
| 1686 | "$P_SRV" \ |
| 1687 | "$P_CLI request_size=16384 force_version=tls1_1 \ |
| 1688 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ |
| 1689 | 0 \ |
| 1690 | -s "Read from client: 16384 bytes read" |
| 1691 | |
| 1692 | run_test "Large packet TLS 1.1 StreamCipher" \ |
| 1693 | "$P_SRV" \ |
| 1694 | "$P_CLI request_size=16384 force_version=tls1_1 \ |
| 1695 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ |
| 1696 | 0 \ |
| 1697 | -s "Read from client: 16384 bytes read" |
| 1698 | |
| 1699 | run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ |
| 1700 | "$P_SRV" \ |
| 1701 | "$P_CLI request_size=16384 force_version=tls1_1 \ |
| 1702 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ |
| 1703 | trunc_hmac=1" \ |
| 1704 | 0 \ |
| 1705 | -s "Read from client: 16384 bytes read" |
| 1706 | |
| 1707 | run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ |
| 1708 | "$P_SRV" \ |
| 1709 | "$P_CLI request_size=16384 force_version=tls1_1 \ |
| 1710 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ |
| 1711 | trunc_hmac=1" \ |
| 1712 | 0 \ |
| 1713 | -s "Read from client: 16384 bytes read" |
| 1714 | |
| 1715 | run_test "Large packet TLS 1.2 BlockCipher" \ |
| 1716 | "$P_SRV" \ |
| 1717 | "$P_CLI request_size=16384 force_version=tls1_2 \ |
| 1718 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ |
| 1719 | 0 \ |
| 1720 | -s "Read from client: 16384 bytes read" |
| 1721 | |
| 1722 | run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ |
| 1723 | "$P_SRV" \ |
| 1724 | "$P_CLI request_size=16384 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ |
| 1725 | 0 \ |
| 1726 | -s "Read from client: 16384 bytes read" |
| 1727 | |
| 1728 | run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ |
| 1729 | "$P_SRV" \ |
| 1730 | "$P_CLI request_size=16384 force_version=tls1_2 \ |
| 1731 | force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ |
| 1732 | trunc_hmac=1" \ |
| 1733 | 0 \ |
| 1734 | -s "Read from client: 16384 bytes read" |
| 1735 | |
| 1736 | run_test "Large packet TLS 1.2 StreamCipher" \ |
| 1737 | "$P_SRV" \ |
| 1738 | "$P_CLI request_size=16384 force_version=tls1_2 \ |
| 1739 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ |
| 1740 | 0 \ |
| 1741 | -s "Read from client: 16384 bytes read" |
| 1742 | |
| 1743 | run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ |
| 1744 | "$P_SRV" \ |
| 1745 | "$P_CLI request_size=16384 force_version=tls1_2 \ |
| 1746 | force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ |
| 1747 | trunc_hmac=1" \ |
| 1748 | 0 \ |
| 1749 | -s "Read from client: 16384 bytes read" |
| 1750 | |
| 1751 | run_test "Large packet TLS 1.2 AEAD" \ |
| 1752 | "$P_SRV" \ |
| 1753 | "$P_CLI request_size=16384 force_version=tls1_2 \ |
| 1754 | force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ |
| 1755 | 0 \ |
| 1756 | -s "Read from client: 16384 bytes read" |
| 1757 | |
| 1758 | run_test "Large packet TLS 1.2 AEAD shorter tag" \ |
| 1759 | "$P_SRV" \ |
| 1760 | "$P_CLI request_size=16384 force_version=tls1_2 \ |
| 1761 | force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ |
| 1762 | 0 \ |
| 1763 | -s "Read from client: 16384 bytes read" |
| 1764 | |
Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 1765 | # Final report |
| 1766 | |
Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 1767 | echo "------------------------------------------------------------------------" |
| 1768 | |
| 1769 | if [ $FAILS = 0 ]; then |
| 1770 | echo -n "PASSED" |
| 1771 | else |
| 1772 | echo -n "FAILED" |
| 1773 | fi |
| 1774 | PASSES=`echo $TESTS - $FAILS | bc` |
Manuel Pégourié-Gonnard | 6f4fbbb | 2014-08-14 14:31:29 +0200 | [diff] [blame] | 1775 | echo " ($PASSES / $TESTS tests ($SKIPS skipped))" |
Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 1776 | |
| 1777 | exit $FAILS |