TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / c1da664e8954883f265e54dc5104bf1c04d8beaf / . / tests / ssl-opt.sh
blob: c815cc3d4851c913edb6cc3b5b745dbe0b73fe75 [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
11PROGS_DIR='../programs/ssl'
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]12P_SRV="$PROGS_DIR/ssl_server2"
13P_CLI="$PROGS_DIR/ssl_client2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]14
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]15TESTS=0
16FAILS=0
17
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]18# print_name <name>
19print_name() {
20 echo -n "$1 "
21 LEN=`echo "$1" | wc -c`
22 LEN=`echo 72 - $LEN | bc`
23 for i in `seq 1 $LEN`; do echo -n '.'; done
24 echo -n ' '
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]25
26 TESTS=`echo $TESTS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]27}
28
29# fail <message>
30fail() {
31 echo "FAIL"
32 echo " $1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]33
34 cp srv_out srv-${TESTS}.log
35 cp cli_out cli-${TESTS}.log
36 echo " outputs saved to srv-${TESTS}.log and cli-${TESTS}.log"
37
38 FAILS=`echo $FAILS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]39}
40
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]41# Usage: run_test name srv_args cli_args cli_exit [option [...]]
42# Options: -s pattern pattern that must be present in server output
43# -c pattern pattern that must be present in client output
44# -S pattern pattern that must be absent in server output
45# -C pattern pattern that must be absent in client output
46run_test() {
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]47 print_name "$1"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]48 shift
49
50 # run the commands
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]51 eval "$1" > srv_out 2>&1 &
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]52 SRV_PID=$!
53 sleep 1
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]54 eval "$2" > cli_out 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]55 CLI_EXIT=$?
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]56 echo SERVERQUIT | openssl s_client -no_ticket \
57 -cert data_files/cli2.crt -key data_files/cli2.key \
58 >/dev/null 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]59 wait $SRV_PID
60 shift 2
61
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]62 # check server exit code
63 if [ $? != 0 ]; then
64 fail "server fail"
65 return
66 fi
67
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]68 # check client exit code
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]69 if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
70 \( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
71 then
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]72 fail "bad client exit code"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]73 return
74 fi
75 shift
76
77 # check options
78 while [ $# -gt 0 ]
79 do
80 case $1 in
81 "-s")
82 if grep "$2" srv_out >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]83 fail "-s $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]84 return
85 fi
86 ;;
87
88 "-c")
89 if grep "$2" cli_out >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]90 fail "-c $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]91 return
92 fi
93 ;;
94
95 "-S")
96 if grep "$2" srv_out >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]97 fail "-S $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]98 return
99 fi
100 ;;
101
102 "-C")
103 if grep "$2" cli_out >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]104 fail "-C $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]105 return
106 fi
107 ;;
108
109 *)
110 echo "Unkown test: $1" >&2
111 exit 1
112 esac
113 shift 2
114 done
115
116 # if we're here, everything is ok
117 echo "PASS"
118 rm -r srv_out cli_out
119}
120
121killall -q openssl ssl_server ssl_server2
122
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]123# Test for SSLv2 ClientHello
124
125run_test "SSLv2 ClientHello #0 (reference)" \
126 "$P_SRV debug_level=3" \
127 "echo GET / HTTP/1.0 | openssl s_client -no_ssl2" \
128 0 \
129 -S "parse client hello v2" \
130 -S "ssl_handshake returned"
131
132# Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello
133run_test "SSLv2 ClientHello #1 (actual test)" \
134 "$P_SRV debug_level=3" \
135 "echo GET / HTTP/1.0 | openssl s_client -cipher DES-CBC-MD5:ALL" \
136 0 \
137 -s "parse client hello v2" \
138 -S "ssl_handshake returned"
139
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]140# Tests for Truncated HMAC extension
141
142run_test "Truncated HMAC #0" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]143 "$P_SRV debug_level=5" \
144 "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]145 0 \
146 -s "dumping 'computed mac' (20 bytes)"
147
148run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]149 "$P_SRV debug_level=5" \
150 "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]151 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]152 -s "dumping 'computed mac' (10 bytes)"
153
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]154# Tests for Session Tickets
155
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]156run_test "Session resume using tickets #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]157 "$P_SRV debug_level=4 tickets=1" \
158 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]159 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]160 -c "client hello, adding session ticket extension" \
161 -s "found session ticket extension" \
162 -s "server hello, adding session ticket extension" \
163 -c "found session_ticket extension" \
164 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]165 -S "session successfully restored from cache" \
166 -s "session successfully restored from ticket" \
167 -s "a session has been resumed" \
168 -c "a session has been resumed"
169
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]170run_test "Session resume using tickets #2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]171 "$P_SRV debug_level=4 tickets=1 cache_max=0" \
172 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]173 0 \
174 -c "client hello, adding session ticket extension" \
175 -s "found session ticket extension" \
176 -s "server hello, adding session ticket extension" \
177 -c "found session_ticket extension" \
178 -c "parse new session ticket" \
179 -S "session successfully restored from cache" \
180 -s "session successfully restored from ticket" \
181 -s "a session has been resumed" \
182 -c "a session has been resumed"
183
184run_test "Session resume using tickets #3" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]185 "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
186 "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]187 0 \
188 -c "client hello, adding session ticket extension" \
189 -s "found session ticket extension" \
190 -s "server hello, adding session ticket extension" \
191 -c "found session_ticket extension" \
192 -c "parse new session ticket" \
193 -S "session successfully restored from cache" \
194 -S "session successfully restored from ticket" \
195 -S "a session has been resumed" \
196 -C "a session has been resumed"
197
198run_test "Session resume using tickets #4" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]199 "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
200 "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]201 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]202 -c "client hello, adding session ticket extension" \
203 -s "found session ticket extension" \
204 -s "server hello, adding session ticket extension" \
205 -c "found session_ticket extension" \
206 -c "parse new session ticket" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]207 -S "session successfully restored from cache" \
208 -s "session successfully restored from ticket" \
209 -s "a session has been resumed" \
210 -c "a session has been resumed"
211
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]212# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]213
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]214run_test "Session resume using cache #1 (tickets enabled on client)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]215 "$P_SRV debug_level=4 tickets=0" \
216 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]217 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]218 -c "client hello, adding session ticket extension" \
219 -s "found session ticket extension" \
220 -S "server hello, adding session ticket extension" \
221 -C "found session_ticket extension" \
222 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]223 -s "session successfully restored from cache" \
224 -S "session successfully restored from ticket" \
225 -s "a session has been resumed" \
226 -c "a session has been resumed"
227
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]228run_test "Session resume using cache #2 (tickets enabled on server)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]229 "$P_SRV debug_level=4 tickets=1" \
230 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]231 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]232 -C "client hello, adding session ticket extension" \
233 -S "found session ticket extension" \
234 -S "server hello, adding session ticket extension" \
235 -C "found session_ticket extension" \
236 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]237 -s "session successfully restored from cache" \
238 -S "session successfully restored from ticket" \
239 -s "a session has been resumed" \
240 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]241
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]242run_test "Session resume using cache #3 (cache_max=0)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]243 "$P_SRV debug_level=4 tickets=0 cache_max=0" \
244 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]245 0 \
246 -S "session successfully restored from cache" \
247 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]248 -S "a session has been resumed" \
249 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]250
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]251run_test "Session resume using cache #4 (cache_max=1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]252 "$P_SRV debug_level=4 tickets=0 cache_max=1" \
253 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]254 0 \
255 -s "session successfully restored from cache" \
256 -S "session successfully restored from ticket" \
257 -s "a session has been resumed" \
258 -c "a session has been resumed"
259
260run_test "Session resume using cache #5 (timemout > delay)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]261 "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \
262 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]263 0 \
264 -s "session successfully restored from cache" \
265 -S "session successfully restored from ticket" \
266 -s "a session has been resumed" \
267 -c "a session has been resumed"
268
269run_test "Session resume using cache #6 (timeout < delay)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]270 "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \
271 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]272 0 \
273 -S "session successfully restored from cache" \
274 -S "session successfully restored from ticket" \
275 -S "a session has been resumed" \
276 -C "a session has been resumed"
277
278run_test "Session resume using cache #7 (no timeout)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]279 "$P_SRV debug_level=4 tickets=0 cache_timeout=0" \
280 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]281 0 \
282 -s "session successfully restored from cache" \
283 -S "session successfully restored from ticket" \
284 -s "a session has been resumed" \
285 -c "a session has been resumed"
286
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]287# Tests for Max Fragment Length extension
288
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]289run_test "Max fragment length #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]290 "$P_SRV debug_level=4" \
291 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]292 0 \
293 -C "client hello, adding max_fragment_length extension" \
294 -S "found max fragment length extension" \
295 -S "server hello, max_fragment_length extension" \
296 -C "found max_fragment_length extension"
297
298run_test "Max fragment length #2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]299 "$P_SRV debug_level=4" \
300 "$P_CLI debug_level=4 max_frag_len=4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]301 0 \
302 -c "client hello, adding max_fragment_length extension" \
303 -s "found max fragment length extension" \
304 -s "server hello, max_fragment_length extension" \
305 -c "found max_fragment_length extension"
306
307run_test "Max fragment length #3" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]308 "$P_SRV debug_level=4 max_frag_len=4096" \
309 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]310 0 \
311 -C "client hello, adding max_fragment_length extension" \
312 -S "found max fragment length extension" \
313 -S "server hello, max_fragment_length extension" \
314 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]315
316# Tests for renegotiation
317
318run_test "Renegotiation #0 (none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]319 "$P_SRV debug_level=4" \
320 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]321 0 \
322 -C "client hello, adding renegotiation extension" \
323 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
324 -S "found renegotiation extension" \
325 -s "server hello, secure renegotiation extension" \
326 -c "found renegotiation extension" \
327 -C "renegotiate" \
328 -S "renegotiate" \
329 -S "write hello request"
330
331run_test "Renegotiation #1 (enabled, client-initiated)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]332 "$P_SRV debug_level=4" \
333 "$P_CLI debug_level=4 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]334 0 \
335 -c "client hello, adding renegotiation extension" \
336 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
337 -s "found renegotiation extension" \
338 -s "server hello, secure renegotiation extension" \
339 -c "found renegotiation extension" \
340 -c "renegotiate" \
341 -s "renegotiate" \
342 -S "write hello request"
343
344run_test "Renegotiation #2 (enabled, server-initiated)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]345 "$P_SRV debug_level=4 renegotiate=1" \
346 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]347 0 \
348 -c "client hello, adding renegotiation extension" \
349 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
350 -s "found renegotiation extension" \
351 -s "server hello, secure renegotiation extension" \
352 -c "found renegotiation extension" \
353 -c "renegotiate" \
354 -s "renegotiate" \
355 -s "write hello request"
356
357run_test "Renegotiation #3 (enabled, double)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]358 "$P_SRV debug_level=4 renegotiate=1" \
359 "$P_CLI debug_level=4 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]360 0 \
361 -c "client hello, adding renegotiation extension" \
362 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
363 -s "found renegotiation extension" \
364 -s "server hello, secure renegotiation extension" \
365 -c "found renegotiation extension" \
366 -c "renegotiate" \
367 -s "renegotiate" \
368 -s "write hello request"
369
370run_test "Renegotiation #4 (client-initiated, server-rejected)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]371 "$P_SRV debug_level=4 renegotiation=0" \
372 "$P_CLI debug_level=4 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]373 1 \
374 -c "client hello, adding renegotiation extension" \
375 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
376 -S "found renegotiation extension" \
377 -s "server hello, secure renegotiation extension" \
378 -c "found renegotiation extension" \
379 -c "renegotiate" \
380 -S "renegotiate" \
381 -S "write hello request"
382
383run_test "Renegotiation #5 (server-initiated, client-rejected)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]384 "$P_SRV debug_level=4 renegotiate=1" \
385 "$P_CLI debug_level=4 renegotiation=0" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]386 0 \
387 -C "client hello, adding renegotiation extension" \
388 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
389 -S "found renegotiation extension" \
390 -s "server hello, secure renegotiation extension" \
391 -c "found renegotiation extension" \
392 -C "renegotiate" \
393 -S "renegotiate" \
394 -s "write hello request" \
395 -s "SSL - An unexpected message was received from our peer" \
396 -s "failed"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]397
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]398# Tests for auth_mode
399
400run_test "Authentication #1 (server badcert, client required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]401 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]402 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]403 "$P_CLI debug_level=2 auth_mode=required" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]404 1 \
405 -c "x509_verify_cert() returned" \
406 -c "! self-signed or not signed by a trusted CA" \
407 -c "! ssl_handshake returned" \
408 -c "X509 - Certificate verification failed"
409
410run_test "Authentication #2 (server badcert, client optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]411 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]412 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]413 "$P_CLI debug_level=2 auth_mode=optional" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]414 0 \
415 -c "x509_verify_cert() returned" \
416 -c "! self-signed or not signed by a trusted CA" \
417 -C "! ssl_handshake returned" \
418 -C "X509 - Certificate verification failed"
419
420run_test "Authentication #3 (server badcert, client none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]421 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]422 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]423 "$P_CLI debug_level=2 auth_mode=none" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]424 0 \
425 -C "x509_verify_cert() returned" \
426 -C "! self-signed or not signed by a trusted CA" \
427 -C "! ssl_handshake returned" \
428 -C "X509 - Certificate verification failed"
429
430run_test "Authentication #4 (client badcert, server required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]431 "$P_SRV debug_level=4 auth_mode=required" \
432 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]433 key_file=data_files/server5.key" \
434 1 \
435 -S "skip write certificate request" \
436 -C "skip parse certificate request" \
437 -c "got a certificate request" \
438 -C "skip write certificate" \
439 -C "skip write certificate verify" \
440 -S "skip parse certificate verify" \
441 -s "x509_verify_cert() returned" \
442 -S "! self-signed or not signed by a trusted CA" \
443 -s "! ssl_handshake returned" \
444 -c "! ssl_handshake returned" \
445 -s "X509 - Certificate verification failed"
446
447run_test "Authentication #5 (client badcert, server optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]448 "$P_SRV debug_level=4 auth_mode=optional" \
449 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]450 key_file=data_files/server5.key" \
451 0 \
452 -S "skip write certificate request" \
453 -C "skip parse certificate request" \
454 -c "got a certificate request" \
455 -C "skip write certificate" \
456 -C "skip write certificate verify" \
457 -S "skip parse certificate verify" \
458 -s "x509_verify_cert() returned" \
459 -s "! self-signed or not signed by a trusted CA" \
460 -S "! ssl_handshake returned" \
461 -C "! ssl_handshake returned" \
462 -S "X509 - Certificate verification failed"
463
464run_test "Authentication #6 (client badcert, server none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]465 "$P_SRV debug_level=4 auth_mode=none" \
466 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]467 key_file=data_files/server5.key" \
468 0 \
469 -s "skip write certificate request" \
470 -C "skip parse certificate request" \
471 -c "got no certificate request" \
472 -c "skip write certificate" \
473 -c "skip write certificate verify" \
474 -s "skip parse certificate verify" \
475 -S "x509_verify_cert() returned" \
476 -S "! self-signed or not signed by a trusted CA" \
477 -S "! ssl_handshake returned" \
478 -C "! ssl_handshake returned" \
479 -S "X509 - Certificate verification failed"
480
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]481# tests for SNI
482
483run_test "SNI #0 (no SNI callback)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]484 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]485 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]486 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]487 server_name=localhost" \
488 0 \
489 -S "parse ServerName extension" \
490 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
491 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
492
493run_test "SNI #1 (matching cert 1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]494 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]495 crt_file=data_files/server5.crt key_file=data_files/server5.key \
496 sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]497 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]498 server_name=localhost" \
499 0 \
500 -s "parse ServerName extension" \
501 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
502 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
503
504run_test "SNI #2 (matching cert 2)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]505 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]506 crt_file=data_files/server5.crt key_file=data_files/server5.key \
507 sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]508 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]509 server_name='PolarSSL Server 1'" \
510 0 \
511 -s "parse ServerName extension" \
512 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
513 -c "subject name *: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
514
515run_test "SNI #3 (no matching cert)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]516 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]517 crt_file=data_files/server5.crt key_file=data_files/server5.key \
518 sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame^]519 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]520 server_name='PolarSSL Server 2'" \
521 1 \
522 -s "parse ServerName extension" \
523 -s "ssl_sni_wrapper() returned" \
524 -s "ssl_handshake returned" \
525 -c "ssl_handshake returned" \
526 -c "SSL - A fatal alert message was received from our peer"
527
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]528# Final report
529
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]530echo "------------------------------------------------------------------------"
531
532if [ $FAILS = 0 ]; then
533 echo -n "PASSED"
534else
535 echo -n "FAILED"
536fi
537PASSES=`echo $TESTS - $FAILS | bc`
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]538echo " ($PASSES / $TESTS tests)"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]539
540exit $FAILS