| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 1 | #!/bin/sh | 
|  | 2 |  | 
|  | 3 | # Test various options that are not covered by compat.sh | 
|  | 4 | # | 
|  | 5 | # Here the goal is not to cover every ciphersuite/version, but | 
|  | 6 | # rather specific options (max fragment length, truncated hmac, etc) | 
|  | 7 | # or procedures (session resumption from cache or ticket, renego, etc). | 
|  | 8 | # | 
|  | 9 | # Assumes all options are compiled in. | 
|  | 10 |  | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 11 | set -u | 
|  | 12 |  | 
| Manuel Pégourié-Gonnard | 913030c | 2014-03-28 10:12:38 +0100 | [diff] [blame] | 13 | # test if it is defined from the environment before assining default | 
|  | 14 | # if yes, assume it means it's a build with all the options we need (SSLv2) | 
|  | 15 | if [ -n "${OPENSSL_CMD:-}" ]; then | 
|  | 16 | OPENSSL_OK=1 | 
|  | 17 | else | 
|  | 18 | OPENSSL_OK=0 | 
|  | 19 | fi | 
|  | 20 |  | 
| Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 21 | # default values, can be overriden by the environment | 
|  | 22 | : ${P_SRV:=../programs/ssl/ssl_server2} | 
|  | 23 | : ${P_CLI:=../programs/ssl/ssl_client2} | 
| Manuel Pégourié-Gonnard | 74faf3c | 2014-03-13 18:47:44 +0100 | [diff] [blame] | 24 | : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 25 |  | 
| Manuel Pégourié-Gonnard | 74faf3c | 2014-03-13 18:47:44 +0100 | [diff] [blame] | 26 | O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key" | 
|  | 27 | O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client" | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 28 |  | 
| Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 29 | TESTS=0 | 
|  | 30 | FAILS=0 | 
|  | 31 |  | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 32 | MEMCHECK=0 | 
| Manuel Pégourié-Gonnard | 417d46c | 2014-03-13 19:17:53 +0100 | [diff] [blame] | 33 | FILTER='.*' | 
| Manuel Pégourié-Gonnard | 913030c | 2014-03-28 10:12:38 +0100 | [diff] [blame] | 34 | if [ "$OPENSSL_OK" -gt 0 ]; then | 
|  | 35 | EXCLUDE='^$' | 
|  | 36 | else | 
|  | 37 | EXCLUDE='SSLv2' | 
|  | 38 | fi | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 39 |  | 
|  | 40 | print_usage() { | 
|  | 41 | echo "Usage: $0 [options]" | 
| Manuel Pégourié-Gonnard | 417d46c | 2014-03-13 19:17:53 +0100 | [diff] [blame] | 42 | echo -e "  -h|--help\tPrint this help." | 
|  | 43 | echo -e "  -m|--memcheck\tCheck memory leaks and errors." | 
|  | 44 | echo -e "  -f|--filter\tOnly matching tests are executed (default: '$FILTER')" | 
|  | 45 | echo -e "  -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')" | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 46 | } | 
|  | 47 |  | 
|  | 48 | get_options() { | 
|  | 49 | while [ $# -gt 0 ]; do | 
|  | 50 | case "$1" in | 
| Manuel Pégourié-Gonnard | 417d46c | 2014-03-13 19:17:53 +0100 | [diff] [blame] | 51 | -f|--filter) | 
|  | 52 | shift; FILTER=$1 | 
|  | 53 | ;; | 
|  | 54 | -e|--exclude) | 
|  | 55 | shift; EXCLUDE=$1 | 
|  | 56 | ;; | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 57 | -m|--memcheck) | 
|  | 58 | MEMCHECK=1 | 
|  | 59 | ;; | 
|  | 60 | -h|--help) | 
|  | 61 | print_usage | 
|  | 62 | exit 0 | 
|  | 63 | ;; | 
|  | 64 | *) | 
|  | 65 | echo "Unkown argument: '$1'" | 
|  | 66 | print_usage | 
|  | 67 | exit 1 | 
|  | 68 | ;; | 
|  | 69 | esac | 
|  | 70 | shift | 
|  | 71 | done | 
|  | 72 | } | 
|  | 73 |  | 
| Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 74 | # print_name <name> | 
|  | 75 | print_name() { | 
|  | 76 | echo -n "$1 " | 
|  | 77 | LEN=`echo "$1" | wc -c` | 
|  | 78 | LEN=`echo 72 - $LEN | bc` | 
|  | 79 | for i in `seq 1 $LEN`; do echo -n '.'; done | 
|  | 80 | echo -n ' ' | 
| Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 81 |  | 
|  | 82 | TESTS=`echo $TESTS + 1 | bc` | 
| Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 83 | } | 
|  | 84 |  | 
|  | 85 | # fail <message> | 
|  | 86 | fail() { | 
|  | 87 | echo "FAIL" | 
| Manuel Pégourié-Gonnard | 3eec604 | 2014-02-27 15:37:24 +0100 | [diff] [blame] | 88 | echo "  ! $1" | 
| Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 89 |  | 
| Manuel Pégourié-Gonnard | 3eec604 | 2014-02-27 15:37:24 +0100 | [diff] [blame] | 90 | cp srv_out o-srv-${TESTS}.log | 
|  | 91 | cp cli_out o-cli-${TESTS}.log | 
|  | 92 | echo "  ! outputs saved to o-srv-${TESTS}.log and o-cli-${TESTS}.log" | 
| Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 93 |  | 
|  | 94 | FAILS=`echo $FAILS + 1 | bc` | 
| Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 95 | } | 
|  | 96 |  | 
| Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 97 | # is_polar <cmd_line> | 
|  | 98 | is_polar() { | 
|  | 99 | echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null | 
|  | 100 | } | 
|  | 101 |  | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 102 | # has_mem_err <log_file_name> | 
|  | 103 | has_mem_err() { | 
|  | 104 | if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && | 
|  | 105 | grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null | 
|  | 106 | then | 
|  | 107 | return 1 # false: does not have errors | 
|  | 108 | else | 
|  | 109 | return 0 # true: has errors | 
|  | 110 | fi | 
|  | 111 | } | 
|  | 112 |  | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 113 | # Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]] | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 114 | # Options:  -s pattern  pattern that must be present in server output | 
|  | 115 | #           -c pattern  pattern that must be present in client output | 
|  | 116 | #           -S pattern  pattern that must be absent in server output | 
|  | 117 | #           -C pattern  pattern that must be absent in client output | 
|  | 118 | run_test() { | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 119 | NAME="$1" | 
|  | 120 | SRV_CMD="$2" | 
|  | 121 | CLI_CMD="$3" | 
|  | 122 | CLI_EXPECT="$4" | 
|  | 123 | shift 4 | 
|  | 124 |  | 
| Manuel Pégourié-Gonnard | 417d46c | 2014-03-13 19:17:53 +0100 | [diff] [blame] | 125 | if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then : | 
|  | 126 | else | 
|  | 127 | return | 
|  | 128 | fi | 
|  | 129 |  | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 130 | print_name "$NAME" | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 131 |  | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 132 | # prepend valgrind to our commands if active | 
|  | 133 | if [ "$MEMCHECK" -gt 0 ]; then | 
|  | 134 | if is_polar "$SRV_CMD"; then | 
|  | 135 | SRV_CMD="valgrind --leak-check=full $SRV_CMD" | 
|  | 136 | fi | 
|  | 137 | if is_polar "$CLI_CMD"; then | 
|  | 138 | CLI_CMD="valgrind --leak-check=full $CLI_CMD" | 
|  | 139 | fi | 
|  | 140 | fi | 
|  | 141 |  | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 142 | # run the commands | 
| Manuel Pégourié-Gonnard | ba0b844 | 2014-03-13 17:57:45 +0100 | [diff] [blame] | 143 | echo "$SRV_CMD" > srv_out | 
| Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 144 | $SRV_CMD >> srv_out 2>&1 & | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 145 | SRV_PID=$! | 
|  | 146 | sleep 1 | 
| Manuel Pégourié-Gonnard | ba0b844 | 2014-03-13 17:57:45 +0100 | [diff] [blame] | 147 | echo "$CLI_CMD" > cli_out | 
| Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 148 | eval "$CLI_CMD" >> cli_out 2>&1 | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 149 | CLI_EXIT=$? | 
| Manuel Pégourié-Gonnard | e01af4c | 2014-03-25 14:16:44 +0100 | [diff] [blame] | 150 | echo "EXIT: $CLI_EXIT" >> cli_out | 
|  | 151 |  | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 152 | if is_polar "$SRV_CMD"; then | 
| Manuel Pégourié-Gonnard | 84fd687 | 2014-03-13 18:35:10 +0100 | [diff] [blame] | 153 | "$P_CLI" request_page=SERVERQUIT tickets=0 auth_mode=none \ | 
|  | 154 | crt_file=data_files/cli2.crt key_file=data_files/cli2.key \ | 
|  | 155 | >/dev/null | 
| Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 156 | else | 
|  | 157 | kill $SRV_PID | 
|  | 158 | fi | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 159 | wait $SRV_PID | 
| Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 160 |  | 
|  | 161 | # check if the client and server went at least to the handshake stage | 
|  | 162 | # (usefull to avoid tests with only negative assertions and non-zero | 
|  | 163 | # expected client exit to incorrectly succeed in case of catastrophic | 
|  | 164 | # failure) | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 165 | if is_polar "$SRV_CMD"; then | 
| Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 166 | if grep "Performing the SSL/TLS handshake" srv_out >/dev/null; then :; | 
|  | 167 | else | 
|  | 168 | fail "server failed to start" | 
|  | 169 | return | 
|  | 170 | fi | 
|  | 171 | fi | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 172 | if is_polar "$CLI_CMD"; then | 
| Manuel Pégourié-Gonnard | 677884d | 2014-02-25 16:42:31 +0100 | [diff] [blame] | 173 | if grep "Performing the SSL/TLS handshake" cli_out >/dev/null; then :; | 
|  | 174 | else | 
|  | 175 | fail "client failed to start" | 
|  | 176 | return | 
|  | 177 | fi | 
|  | 178 | fi | 
|  | 179 |  | 
| Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 180 | # check server exit code | 
|  | 181 | if [ $? != 0 ]; then | 
|  | 182 | fail "server fail" | 
|  | 183 | return | 
|  | 184 | fi | 
|  | 185 |  | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 186 | # check client exit code | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 187 | if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ | 
|  | 188 | \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 189 | then | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 190 | fail "bad client exit code" | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 191 | return | 
|  | 192 | fi | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 193 |  | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 194 | # check other assertions | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 195 | while [ $# -gt 0 ] | 
|  | 196 | do | 
|  | 197 | case $1 in | 
|  | 198 | "-s") | 
|  | 199 | if grep "$2" srv_out >/dev/null; then :; else | 
| Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 200 | fail "-s $2" | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 201 | return | 
|  | 202 | fi | 
|  | 203 | ;; | 
|  | 204 |  | 
|  | 205 | "-c") | 
|  | 206 | if grep "$2" cli_out >/dev/null; then :; else | 
| Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 207 | fail "-c $2" | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 208 | return | 
|  | 209 | fi | 
|  | 210 | ;; | 
|  | 211 |  | 
|  | 212 | "-S") | 
|  | 213 | if grep "$2" srv_out >/dev/null; then | 
| Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 214 | fail "-S $2" | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 215 | return | 
|  | 216 | fi | 
|  | 217 | ;; | 
|  | 218 |  | 
|  | 219 | "-C") | 
|  | 220 | if grep "$2" cli_out >/dev/null; then | 
| Manuel Pégourié-Gonnard | f8bdbb5 | 2014-02-21 09:20:14 +0100 | [diff] [blame] | 221 | fail "-C $2" | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 222 | return | 
|  | 223 | fi | 
|  | 224 | ;; | 
|  | 225 |  | 
|  | 226 | *) | 
|  | 227 | echo "Unkown test: $1" >&2 | 
|  | 228 | exit 1 | 
|  | 229 | esac | 
|  | 230 | shift 2 | 
|  | 231 | done | 
|  | 232 |  | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 233 | # check valgrind's results | 
|  | 234 | if [ "$MEMCHECK" -gt 0 ]; then | 
|  | 235 | if is_polar "$SRV_CMD" && has_mem_err srv_out; then | 
|  | 236 | fail "Server has memory errors" | 
|  | 237 | return | 
|  | 238 | fi | 
|  | 239 | if is_polar "$CLI_CMD" && has_mem_err cli_out; then | 
|  | 240 | fail "Client has memory errors" | 
|  | 241 | return | 
|  | 242 | fi | 
|  | 243 | fi | 
|  | 244 |  | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 245 | # if we're here, everything is ok | 
|  | 246 | echo "PASS" | 
| Manuel Pégourié-Gonnard | a3d808e | 2014-02-26 16:33:03 +0100 | [diff] [blame] | 247 | rm -f srv_out cli_out | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 248 | } | 
|  | 249 |  | 
| Manuel Pégourié-Gonnard | a9062e9 | 2014-02-25 16:21:22 +0100 | [diff] [blame] | 250 | cleanup() { | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 251 | rm -f cli_out srv_out sess | 
| Manuel Pégourié-Gonnard | a9062e9 | 2014-02-25 16:21:22 +0100 | [diff] [blame] | 252 | kill $SRV_PID | 
|  | 253 | exit 1 | 
|  | 254 | } | 
|  | 255 |  | 
| Manuel Pégourié-Gonnard | 9dea8bd | 2014-02-26 18:21:02 +0100 | [diff] [blame] | 256 | # | 
|  | 257 | # MAIN | 
|  | 258 | # | 
|  | 259 |  | 
| Manuel Pégourié-Gonnard | 913030c | 2014-03-28 10:12:38 +0100 | [diff] [blame] | 260 | get_options "$@" | 
|  | 261 |  | 
| Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 262 | # sanity checks, avoid an avalanche of errors | 
|  | 263 | if [ ! -x "$P_SRV" ]; then | 
|  | 264 | echo "Command '$P_SRV' is not an executable file" | 
|  | 265 | exit 1 | 
|  | 266 | fi | 
|  | 267 | if [ ! -x "$P_CLI" ]; then | 
|  | 268 | echo "Command '$P_CLI' is not an executable file" | 
|  | 269 | exit 1 | 
|  | 270 | fi | 
| Manuel Pégourié-Gonnard | 74faf3c | 2014-03-13 18:47:44 +0100 | [diff] [blame] | 271 | if which $OPENSSL_CMD >/dev/null 2>&1; then :; else | 
|  | 272 | echo "Command '$OPENSSL_CMD' not found" | 
| Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 273 | exit 1 | 
|  | 274 | fi | 
|  | 275 |  | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 276 | killall -q openssl ssl_server ssl_server2 | 
| Manuel Pégourié-Gonnard | a9062e9 | 2014-02-25 16:21:22 +0100 | [diff] [blame] | 277 | trap cleanup INT TERM HUP | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 278 |  | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 279 | # Test for SSLv2 ClientHello | 
|  | 280 |  | 
|  | 281 | run_test    "SSLv2 ClientHello #0 (reference)" \ | 
|  | 282 | "$P_SRV debug_level=3" \ | 
| Manuel Pégourié-Gonnard | a3d808e | 2014-02-26 16:33:03 +0100 | [diff] [blame] | 283 | "$O_CLI -no_ssl2" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 284 | 0 \ | 
|  | 285 | -S "parse client hello v2" \ | 
|  | 286 | -S "ssl_handshake returned" | 
|  | 287 |  | 
|  | 288 | # Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello | 
|  | 289 | run_test    "SSLv2 ClientHello #1 (actual test)" \ | 
|  | 290 | "$P_SRV debug_level=3" \ | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 291 | "$O_CLI -cipher 'DES-CBC-MD5:ALL'" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 292 | 0 \ | 
|  | 293 | -s "parse client hello v2" \ | 
|  | 294 | -S "ssl_handshake returned" | 
|  | 295 |  | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 296 | # Tests for Truncated HMAC extension | 
|  | 297 |  | 
|  | 298 | run_test    "Truncated HMAC #0" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 299 | "$P_SRV debug_level=5" \ | 
|  | 300 | "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 301 | 0 \ | 
|  | 302 | -s "dumping 'computed mac' (20 bytes)" | 
|  | 303 |  | 
|  | 304 | run_test    "Truncated HMAC #1" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 305 | "$P_SRV debug_level=5" \ | 
|  | 306 | "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ | 
| Manuel Pégourié-Gonnard | eaadc50 | 2014-02-20 11:01:30 +0100 | [diff] [blame] | 307 | 0 \ | 
| Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 308 | -s "dumping 'computed mac' (10 bytes)" | 
|  | 309 |  | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 310 | # Tests for Session Tickets | 
|  | 311 |  | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 312 | run_test    "Session resume using tickets #1 (basic)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 313 | "$P_SRV debug_level=4 tickets=1" \ | 
|  | 314 | "$P_CLI debug_level=4 tickets=1 reconnect=1" \ | 
| Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 315 | 0 \ | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 316 | -c "client hello, adding session ticket extension" \ | 
|  | 317 | -s "found session ticket extension" \ | 
|  | 318 | -s "server hello, adding session ticket extension" \ | 
|  | 319 | -c "found session_ticket extension" \ | 
|  | 320 | -c "parse new session ticket" \ | 
| Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 321 | -S "session successfully restored from cache" \ | 
|  | 322 | -s "session successfully restored from ticket" \ | 
|  | 323 | -s "a session has been resumed" \ | 
|  | 324 | -c "a session has been resumed" | 
|  | 325 |  | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 326 | run_test    "Session resume using tickets #2 (cache disabled)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 327 | "$P_SRV debug_level=4 tickets=1 cache_max=0" \ | 
|  | 328 | "$P_CLI debug_level=4 tickets=1 reconnect=1" \ | 
| Manuel Pégourié-Gonnard | dbe1ee1 | 2014-02-21 09:18:13 +0100 | [diff] [blame] | 329 | 0 \ | 
|  | 330 | -c "client hello, adding session ticket extension" \ | 
|  | 331 | -s "found session ticket extension" \ | 
|  | 332 | -s "server hello, adding session ticket extension" \ | 
|  | 333 | -c "found session_ticket extension" \ | 
|  | 334 | -c "parse new session ticket" \ | 
|  | 335 | -S "session successfully restored from cache" \ | 
|  | 336 | -s "session successfully restored from ticket" \ | 
|  | 337 | -s "a session has been resumed" \ | 
|  | 338 | -c "a session has been resumed" | 
|  | 339 |  | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 340 | run_test    "Session resume using tickets #3 (timeout)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 341 | "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \ | 
|  | 342 | "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \ | 
| Manuel Pégourié-Gonnard | dbe1ee1 | 2014-02-21 09:18:13 +0100 | [diff] [blame] | 343 | 0 \ | 
|  | 344 | -c "client hello, adding session ticket extension" \ | 
|  | 345 | -s "found session ticket extension" \ | 
|  | 346 | -s "server hello, adding session ticket extension" \ | 
|  | 347 | -c "found session_ticket extension" \ | 
|  | 348 | -c "parse new session ticket" \ | 
|  | 349 | -S "session successfully restored from cache" \ | 
|  | 350 | -S "session successfully restored from ticket" \ | 
|  | 351 | -S "a session has been resumed" \ | 
|  | 352 | -C "a session has been resumed" | 
|  | 353 |  | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 354 | run_test    "Session resume using tickets #4 (openssl server)" \ | 
| Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 355 | "$O_SRV" \ | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 356 | "$P_CLI debug_level=4 tickets=1 reconnect=1" \ | 
|  | 357 | 0 \ | 
|  | 358 | -c "client hello, adding session ticket extension" \ | 
|  | 359 | -c "found session_ticket extension" \ | 
|  | 360 | -c "parse new session ticket" \ | 
|  | 361 | -c "a session has been resumed" | 
|  | 362 |  | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 363 | run_test    "Session resume using tickets #5 (openssl client)" \ | 
| Manuel Pégourié-Gonnard | fccd325 | 2014-02-25 17:14:15 +0100 | [diff] [blame] | 364 | "$P_SRV debug_level=4 tickets=1" \ | 
|  | 365 | "($O_CLI -sess_out sess; $O_CLI -sess_in sess; rm -f sess)" \ | 
|  | 366 | 0 \ | 
|  | 367 | -s "found session ticket extension" \ | 
|  | 368 | -s "server hello, adding session ticket extension" \ | 
|  | 369 | -S "session successfully restored from cache" \ | 
|  | 370 | -s "session successfully restored from ticket" \ | 
|  | 371 | -s "a session has been resumed" | 
|  | 372 |  | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 373 | # Tests for Session Resume based on session-ID and cache | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 374 |  | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 375 | run_test    "Session resume using cache #1 (tickets enabled on client)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 376 | "$P_SRV debug_level=4 tickets=0" \ | 
|  | 377 | "$P_CLI debug_level=4 tickets=1 reconnect=1" \ | 
| Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 378 | 0 \ | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 379 | -c "client hello, adding session ticket extension" \ | 
|  | 380 | -s "found session ticket extension" \ | 
|  | 381 | -S "server hello, adding session ticket extension" \ | 
|  | 382 | -C "found session_ticket extension" \ | 
|  | 383 | -C "parse new session ticket" \ | 
| Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 384 | -s "session successfully restored from cache" \ | 
|  | 385 | -S "session successfully restored from ticket" \ | 
|  | 386 | -s "a session has been resumed" \ | 
|  | 387 | -c "a session has been resumed" | 
|  | 388 |  | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 389 | run_test    "Session resume using cache #2 (tickets enabled on server)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 390 | "$P_SRV debug_level=4 tickets=1" \ | 
|  | 391 | "$P_CLI debug_level=4 tickets=0 reconnect=1" \ | 
| Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 392 | 0 \ | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 393 | -C "client hello, adding session ticket extension" \ | 
|  | 394 | -S "found session ticket extension" \ | 
|  | 395 | -S "server hello, adding session ticket extension" \ | 
|  | 396 | -C "found session_ticket extension" \ | 
|  | 397 | -C "parse new session ticket" \ | 
| Manuel Pégourié-Gonnard | f7c5201 | 2014-02-20 11:43:46 +0100 | [diff] [blame] | 398 | -s "session successfully restored from cache" \ | 
|  | 399 | -S "session successfully restored from ticket" \ | 
|  | 400 | -s "a session has been resumed" \ | 
|  | 401 | -c "a session has been resumed" | 
| Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 402 |  | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 403 | run_test    "Session resume using cache #3 (cache_max=0)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 404 | "$P_SRV debug_level=4 tickets=0 cache_max=0" \ | 
|  | 405 | "$P_CLI debug_level=4 tickets=0 reconnect=1" \ | 
| Manuel Pégourié-Gonnard | 4c88345 | 2014-02-20 21:32:41 +0100 | [diff] [blame] | 406 | 0 \ | 
|  | 407 | -S "session successfully restored from cache" \ | 
|  | 408 | -S "session successfully restored from ticket" \ | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 409 | -S "a session has been resumed" \ | 
|  | 410 | -C "a session has been resumed" | 
| Manuel Pégourié-Gonnard | 4c88345 | 2014-02-20 21:32:41 +0100 | [diff] [blame] | 411 |  | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 412 | run_test    "Session resume using cache #4 (cache_max=1)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 413 | "$P_SRV debug_level=4 tickets=0 cache_max=1" \ | 
|  | 414 | "$P_CLI debug_level=4 tickets=0 reconnect=1" \ | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 415 | 0 \ | 
|  | 416 | -s "session successfully restored from cache" \ | 
|  | 417 | -S "session successfully restored from ticket" \ | 
|  | 418 | -s "a session has been resumed" \ | 
|  | 419 | -c "a session has been resumed" | 
|  | 420 |  | 
|  | 421 | run_test    "Session resume using cache #5 (timemout > delay)" \ | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 422 | "$P_SRV debug_level=4 tickets=0" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 423 | "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=0" \ | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 424 | 0 \ | 
|  | 425 | -s "session successfully restored from cache" \ | 
|  | 426 | -S "session successfully restored from ticket" \ | 
|  | 427 | -s "a session has been resumed" \ | 
|  | 428 | -c "a session has been resumed" | 
|  | 429 |  | 
|  | 430 | run_test    "Session resume using cache #6 (timeout < delay)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 431 | "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \ | 
|  | 432 | "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \ | 
| Manuel Pégourié-Gonnard | c55a5b7 | 2014-02-20 22:50:56 +0100 | [diff] [blame] | 433 | 0 \ | 
|  | 434 | -S "session successfully restored from cache" \ | 
|  | 435 | -S "session successfully restored from ticket" \ | 
|  | 436 | -S "a session has been resumed" \ | 
|  | 437 | -C "a session has been resumed" | 
|  | 438 |  | 
|  | 439 | run_test    "Session resume using cache #7 (no timeout)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 440 | "$P_SRV debug_level=4 tickets=0 cache_timeout=0" \ | 
|  | 441 | "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \ | 
| Manuel Pégourié-Gonnard | 4c88345 | 2014-02-20 21:32:41 +0100 | [diff] [blame] | 442 | 0 \ | 
|  | 443 | -s "session successfully restored from cache" \ | 
|  | 444 | -S "session successfully restored from ticket" \ | 
|  | 445 | -s "a session has been resumed" \ | 
|  | 446 | -c "a session has been resumed" | 
|  | 447 |  | 
| Manuel Pégourié-Gonnard | db735f6 | 2014-02-25 17:57:59 +0100 | [diff] [blame] | 448 | run_test    "Session resume using cache #8 (openssl client)" \ | 
|  | 449 | "$P_SRV debug_level=4 tickets=0" \ | 
|  | 450 | "($O_CLI -sess_out sess; $O_CLI -sess_in sess; rm -f sess)" \ | 
|  | 451 | 0 \ | 
|  | 452 | -s "found session ticket extension" \ | 
|  | 453 | -S "server hello, adding session ticket extension" \ | 
|  | 454 | -s "session successfully restored from cache" \ | 
|  | 455 | -S "session successfully restored from ticket" \ | 
|  | 456 | -s "a session has been resumed" | 
|  | 457 |  | 
|  | 458 | run_test    "Session resume using cache #9 (openssl server)" \ | 
| Manuel Pégourié-Gonnard | f7a2690 | 2014-02-27 12:25:54 +0100 | [diff] [blame] | 459 | "$O_SRV" \ | 
| Manuel Pégourié-Gonnard | db735f6 | 2014-02-25 17:57:59 +0100 | [diff] [blame] | 460 | "$P_CLI debug_level=4 tickets=0 reconnect=1" \ | 
|  | 461 | 0 \ | 
|  | 462 | -C "found session_ticket extension" \ | 
|  | 463 | -C "parse new session ticket" \ | 
|  | 464 | -c "a session has been resumed" | 
|  | 465 |  | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 466 | # Tests for Max Fragment Length extension | 
|  | 467 |  | 
| Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 468 | run_test    "Max fragment length #1" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 469 | "$P_SRV debug_level=4" \ | 
|  | 470 | "$P_CLI debug_level=4" \ | 
| Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 471 | 0 \ | 
|  | 472 | -C "client hello, adding max_fragment_length extension" \ | 
|  | 473 | -S "found max fragment length extension" \ | 
|  | 474 | -S "server hello, max_fragment_length extension" \ | 
|  | 475 | -C "found max_fragment_length extension" | 
|  | 476 |  | 
|  | 477 | run_test    "Max fragment length #2" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 478 | "$P_SRV debug_level=4" \ | 
|  | 479 | "$P_CLI debug_level=4 max_frag_len=4096" \ | 
| Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 480 | 0 \ | 
|  | 481 | -c "client hello, adding max_fragment_length extension" \ | 
|  | 482 | -s "found max fragment length extension" \ | 
|  | 483 | -s "server hello, max_fragment_length extension" \ | 
|  | 484 | -c "found max_fragment_length extension" | 
|  | 485 |  | 
|  | 486 | run_test    "Max fragment length #3" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 487 | "$P_SRV debug_level=4 max_frag_len=4096" \ | 
|  | 488 | "$P_CLI debug_level=4" \ | 
| Manuel Pégourié-Gonnard | de14378 | 2014-02-20 14:50:42 +0100 | [diff] [blame] | 489 | 0 \ | 
|  | 490 | -C "client hello, adding max_fragment_length extension" \ | 
|  | 491 | -S "found max fragment length extension" \ | 
|  | 492 | -S "server hello, max_fragment_length extension" \ | 
|  | 493 | -C "found max_fragment_length extension" | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 494 |  | 
|  | 495 | # Tests for renegotiation | 
|  | 496 |  | 
|  | 497 | run_test    "Renegotiation #0 (none)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 498 | "$P_SRV debug_level=4" \ | 
|  | 499 | "$P_CLI debug_level=4" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 500 | 0 \ | 
|  | 501 | -C "client hello, adding renegotiation extension" \ | 
|  | 502 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ | 
|  | 503 | -S "found renegotiation extension" \ | 
|  | 504 | -s "server hello, secure renegotiation extension" \ | 
|  | 505 | -c "found renegotiation extension" \ | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 506 | -C "=> renegotiate" \ | 
|  | 507 | -S "=> renegotiate" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 508 | -S "write hello request" | 
|  | 509 |  | 
|  | 510 | run_test    "Renegotiation #1 (enabled, client-initiated)" \ | 
| Manuel Pégourié-Gonnard | 00d538f | 2014-03-31 10:44:40 +0200 | [diff] [blame] | 511 | "$P_SRV debug_level=4 renegotiation=1" \ | 
|  | 512 | "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 513 | 0 \ | 
|  | 514 | -c "client hello, adding renegotiation extension" \ | 
|  | 515 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ | 
|  | 516 | -s "found renegotiation extension" \ | 
|  | 517 | -s "server hello, secure renegotiation extension" \ | 
|  | 518 | -c "found renegotiation extension" \ | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 519 | -c "=> renegotiate" \ | 
|  | 520 | -s "=> renegotiate" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 521 | -S "write hello request" | 
|  | 522 |  | 
|  | 523 | run_test    "Renegotiation #2 (enabled, server-initiated)" \ | 
| Manuel Pégourié-Gonnard | 00d538f | 2014-03-31 10:44:40 +0200 | [diff] [blame] | 524 | "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \ | 
|  | 525 | "$P_CLI debug_level=4 renegotiation=1" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 526 | 0 \ | 
|  | 527 | -c "client hello, adding renegotiation extension" \ | 
|  | 528 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ | 
|  | 529 | -s "found renegotiation extension" \ | 
|  | 530 | -s "server hello, secure renegotiation extension" \ | 
|  | 531 | -c "found renegotiation extension" \ | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 532 | -c "=> renegotiate" \ | 
|  | 533 | -s "=> renegotiate" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 534 | -s "write hello request" | 
|  | 535 |  | 
|  | 536 | run_test    "Renegotiation #3 (enabled, double)" \ | 
| Manuel Pégourié-Gonnard | 00d538f | 2014-03-31 10:44:40 +0200 | [diff] [blame] | 537 | "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \ | 
|  | 538 | "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 539 | 0 \ | 
|  | 540 | -c "client hello, adding renegotiation extension" \ | 
|  | 541 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ | 
|  | 542 | -s "found renegotiation extension" \ | 
|  | 543 | -s "server hello, secure renegotiation extension" \ | 
|  | 544 | -c "found renegotiation extension" \ | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 545 | -c "=> renegotiate" \ | 
|  | 546 | -s "=> renegotiate" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 547 | -s "write hello request" | 
|  | 548 |  | 
|  | 549 | run_test    "Renegotiation #4 (client-initiated, server-rejected)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 550 | "$P_SRV debug_level=4 renegotiation=0" \ | 
| Manuel Pégourié-Gonnard | 00d538f | 2014-03-31 10:44:40 +0200 | [diff] [blame] | 551 | "$P_CLI debug_level=4 renegotiation=1 renegotiate=1" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 552 | 1 \ | 
|  | 553 | -c "client hello, adding renegotiation extension" \ | 
|  | 554 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ | 
|  | 555 | -S "found renegotiation extension" \ | 
|  | 556 | -s "server hello, secure renegotiation extension" \ | 
|  | 557 | -c "found renegotiation extension" \ | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 558 | -c "=> renegotiate" \ | 
|  | 559 | -S "=> renegotiate" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 560 | -S "write hello request" | 
|  | 561 |  | 
|  | 562 | run_test    "Renegotiation #5 (server-initiated, client-rejected)" \ | 
| Manuel Pégourié-Gonnard | 00d538f | 2014-03-31 10:44:40 +0200 | [diff] [blame] | 563 | "$P_SRV debug_level=4 renegotiation=1 renegotiate=1" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 564 | "$P_CLI debug_level=4 renegotiation=0" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 565 | 0 \ | 
|  | 566 | -C "client hello, adding renegotiation extension" \ | 
|  | 567 | -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ | 
|  | 568 | -S "found renegotiation extension" \ | 
|  | 569 | -s "server hello, secure renegotiation extension" \ | 
|  | 570 | -c "found renegotiation extension" \ | 
| Manuel Pégourié-Gonnard | c73339f | 2014-02-26 16:35:27 +0100 | [diff] [blame] | 571 | -C "=> renegotiate" \ | 
|  | 572 | -S "=> renegotiate" \ | 
| Manuel Pégourié-Gonnard | 780d671 | 2014-02-20 17:19:59 +0100 | [diff] [blame] | 573 | -s "write hello request" \ | 
|  | 574 | -s "SSL - An unexpected message was received from our peer" \ | 
|  | 575 | -s "failed" | 
| Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 576 |  | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 577 | # Tests for auth_mode | 
|  | 578 |  | 
|  | 579 | run_test    "Authentication #1 (server badcert, client required)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 580 | "$P_SRV crt_file=data_files/server5-badsign.crt \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 581 | key_file=data_files/server5.key" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 582 | "$P_CLI debug_level=2 auth_mode=required" \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 583 | 1 \ | 
|  | 584 | -c "x509_verify_cert() returned" \ | 
|  | 585 | -c "! self-signed or not signed by a trusted CA" \ | 
|  | 586 | -c "! ssl_handshake returned" \ | 
|  | 587 | -c "X509 - Certificate verification failed" | 
|  | 588 |  | 
|  | 589 | run_test    "Authentication #2 (server badcert, client optional)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 590 | "$P_SRV crt_file=data_files/server5-badsign.crt \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 591 | key_file=data_files/server5.key" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 592 | "$P_CLI debug_level=2 auth_mode=optional" \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 593 | 0 \ | 
|  | 594 | -c "x509_verify_cert() returned" \ | 
|  | 595 | -c "! self-signed or not signed by a trusted CA" \ | 
|  | 596 | -C "! ssl_handshake returned" \ | 
|  | 597 | -C "X509 - Certificate verification failed" | 
|  | 598 |  | 
|  | 599 | run_test    "Authentication #3 (server badcert, client none)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 600 | "$P_SRV crt_file=data_files/server5-badsign.crt \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 601 | key_file=data_files/server5.key" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 602 | "$P_CLI debug_level=2 auth_mode=none" \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 603 | 0 \ | 
|  | 604 | -C "x509_verify_cert() returned" \ | 
|  | 605 | -C "! self-signed or not signed by a trusted CA" \ | 
|  | 606 | -C "! ssl_handshake returned" \ | 
|  | 607 | -C "X509 - Certificate verification failed" | 
|  | 608 |  | 
|  | 609 | run_test    "Authentication #4 (client badcert, server required)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 610 | "$P_SRV debug_level=4 auth_mode=required" \ | 
|  | 611 | "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 612 | key_file=data_files/server5.key" \ | 
|  | 613 | 1 \ | 
|  | 614 | -S "skip write certificate request" \ | 
|  | 615 | -C "skip parse certificate request" \ | 
|  | 616 | -c "got a certificate request" \ | 
|  | 617 | -C "skip write certificate" \ | 
|  | 618 | -C "skip write certificate verify" \ | 
|  | 619 | -S "skip parse certificate verify" \ | 
|  | 620 | -s "x509_verify_cert() returned" \ | 
|  | 621 | -S "! self-signed or not signed by a trusted CA" \ | 
|  | 622 | -s "! ssl_handshake returned" \ | 
|  | 623 | -c "! ssl_handshake returned" \ | 
|  | 624 | -s "X509 - Certificate verification failed" | 
|  | 625 |  | 
|  | 626 | run_test    "Authentication #5 (client badcert, server optional)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 627 | "$P_SRV debug_level=4 auth_mode=optional" \ | 
|  | 628 | "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 629 | key_file=data_files/server5.key" \ | 
|  | 630 | 0 \ | 
|  | 631 | -S "skip write certificate request" \ | 
|  | 632 | -C "skip parse certificate request" \ | 
|  | 633 | -c "got a certificate request" \ | 
|  | 634 | -C "skip write certificate" \ | 
|  | 635 | -C "skip write certificate verify" \ | 
|  | 636 | -S "skip parse certificate verify" \ | 
|  | 637 | -s "x509_verify_cert() returned" \ | 
|  | 638 | -s "! self-signed or not signed by a trusted CA" \ | 
|  | 639 | -S "! ssl_handshake returned" \ | 
|  | 640 | -C "! ssl_handshake returned" \ | 
|  | 641 | -S "X509 - Certificate verification failed" | 
|  | 642 |  | 
|  | 643 | run_test    "Authentication #6 (client badcert, server none)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 644 | "$P_SRV debug_level=4 auth_mode=none" \ | 
|  | 645 | "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \ | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 646 | key_file=data_files/server5.key" \ | 
|  | 647 | 0 \ | 
|  | 648 | -s "skip write certificate request" \ | 
|  | 649 | -C "skip parse certificate request" \ | 
|  | 650 | -c "got no certificate request" \ | 
|  | 651 | -c "skip write certificate" \ | 
|  | 652 | -c "skip write certificate verify" \ | 
|  | 653 | -s "skip parse certificate verify" \ | 
|  | 654 | -S "x509_verify_cert() returned" \ | 
|  | 655 | -S "! self-signed or not signed by a trusted CA" \ | 
|  | 656 | -S "! ssl_handshake returned" \ | 
|  | 657 | -C "! ssl_handshake returned" \ | 
|  | 658 | -S "X509 - Certificate verification failed" | 
|  | 659 |  | 
| Manuel Pégourié-Gonnard | de515cc | 2014-02-27 14:58:26 +0100 | [diff] [blame] | 660 | run_test    "Authentication #7 (client no cert, server optional)" \ | 
|  | 661 | "$P_SRV debug_level=4 auth_mode=optional" \ | 
|  | 662 | "$P_CLI debug_level=4 crt_file=none key_file=none" \ | 
|  | 663 | 0 \ | 
|  | 664 | -S "skip write certificate request" \ | 
|  | 665 | -C "skip parse certificate request" \ | 
|  | 666 | -c "got a certificate request" \ | 
|  | 667 | -C "skip write certificate$" \ | 
|  | 668 | -C "got no certificate to send" \ | 
|  | 669 | -S "SSLv3 client has no certificate" \ | 
|  | 670 | -c "skip write certificate verify" \ | 
|  | 671 | -s "skip parse certificate verify" \ | 
|  | 672 | -s "! no client certificate sent" \ | 
|  | 673 | -S "! ssl_handshake returned" \ | 
|  | 674 | -C "! ssl_handshake returned" \ | 
|  | 675 | -S "X509 - Certificate verification failed" | 
|  | 676 |  | 
|  | 677 | run_test    "Authentication #8 (openssl client no cert, server optional)" \ | 
|  | 678 | "$P_SRV debug_level=4 auth_mode=optional" \ | 
|  | 679 | "$O_CLI" \ | 
|  | 680 | 0 \ | 
|  | 681 | -S "skip write certificate request" \ | 
|  | 682 | -s "skip parse certificate verify" \ | 
|  | 683 | -s "! no client certificate sent" \ | 
|  | 684 | -S "! ssl_handshake returned" \ | 
|  | 685 | -S "X509 - Certificate verification failed" | 
|  | 686 |  | 
|  | 687 | run_test    "Authentication #9 (client no cert, openssl server optional)" \ | 
|  | 688 | "$O_SRV -verify 10" \ | 
|  | 689 | "$P_CLI debug_level=4 crt_file=none key_file=none" \ | 
|  | 690 | 0 \ | 
|  | 691 | -C "skip parse certificate request" \ | 
|  | 692 | -c "got a certificate request" \ | 
|  | 693 | -C "skip write certificate$" \ | 
|  | 694 | -c "skip write certificate verify" \ | 
|  | 695 | -C "! ssl_handshake returned" | 
|  | 696 |  | 
|  | 697 | run_test    "Authentication #10 (client no cert, ssl3)" \ | 
|  | 698 | "$P_SRV debug_level=4 auth_mode=optional force_version=ssl3" \ | 
|  | 699 | "$P_CLI debug_level=4 crt_file=none key_file=none" \ | 
|  | 700 | 0 \ | 
|  | 701 | -S "skip write certificate request" \ | 
|  | 702 | -C "skip parse certificate request" \ | 
|  | 703 | -c "got a certificate request" \ | 
|  | 704 | -C "skip write certificate$" \ | 
|  | 705 | -c "skip write certificate verify" \ | 
|  | 706 | -c "got no certificate to send" \ | 
|  | 707 | -s "SSLv3 client has no certificate" \ | 
|  | 708 | -s "skip parse certificate verify" \ | 
|  | 709 | -s "! no client certificate sent" \ | 
|  | 710 | -S "! ssl_handshake returned" \ | 
|  | 711 | -C "! ssl_handshake returned" \ | 
|  | 712 | -S "X509 - Certificate verification failed" | 
|  | 713 |  | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 714 | # tests for SNI | 
|  | 715 |  | 
|  | 716 | run_test    "SNI #0 (no SNI callback)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 717 | "$P_SRV debug_level=4 server_addr=127.0.0.1 \ | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 718 | crt_file=data_files/server5.crt key_file=data_files/server5.key" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 719 | "$P_CLI debug_level=0 server_addr=127.0.0.1 \ | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 720 | server_name=localhost" \ | 
|  | 721 | 0 \ | 
|  | 722 | -S "parse ServerName extension" \ | 
|  | 723 | -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ | 
|  | 724 | -c "subject name *: C=NL, O=PolarSSL, CN=localhost" | 
|  | 725 |  | 
|  | 726 | run_test    "SNI #1 (matching cert 1)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 727 | "$P_SRV debug_level=4 server_addr=127.0.0.1 \ | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 728 | crt_file=data_files/server5.crt key_file=data_files/server5.key \ | 
| Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 729 | sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 730 | "$P_CLI debug_level=0 server_addr=127.0.0.1 \ | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 731 | server_name=localhost" \ | 
|  | 732 | 0 \ | 
|  | 733 | -s "parse ServerName extension" \ | 
|  | 734 | -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ | 
|  | 735 | -c "subject name *: C=NL, O=PolarSSL, CN=localhost" | 
|  | 736 |  | 
|  | 737 | run_test    "SNI #2 (matching cert 2)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 738 | "$P_SRV debug_level=4 server_addr=127.0.0.1 \ | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 739 | crt_file=data_files/server5.crt key_file=data_files/server5.key \ | 
| Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 740 | sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 741 | "$P_CLI debug_level=0 server_addr=127.0.0.1 \ | 
| Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 742 | server_name=polarssl.example" \ | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 743 | 0 \ | 
|  | 744 | -s "parse ServerName extension" \ | 
|  | 745 | -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ | 
| Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 746 | -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 747 |  | 
|  | 748 | run_test    "SNI #3 (no matching cert)" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 749 | "$P_SRV debug_level=4 server_addr=127.0.0.1 \ | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 750 | crt_file=data_files/server5.crt key_file=data_files/server5.key \ | 
| Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 751 | sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \ | 
| Manuel Pégourié-Gonnard | c1da664 | 2014-02-25 14:18:30 +0100 | [diff] [blame] | 752 | "$P_CLI debug_level=0 server_addr=127.0.0.1 \ | 
| Manuel Pégourié-Gonnard | 76b8ab7 | 2014-03-26 09:31:35 +0100 | [diff] [blame] | 753 | server_name=nonesuch.example" \ | 
| Manuel Pégourié-Gonnard | 96ea2f2 | 2014-02-25 12:26:29 +0100 | [diff] [blame] | 754 | 1 \ | 
|  | 755 | -s "parse ServerName extension" \ | 
|  | 756 | -s "ssl_sni_wrapper() returned" \ | 
|  | 757 | -s "ssl_handshake returned" \ | 
|  | 758 | -c "ssl_handshake returned" \ | 
|  | 759 | -c "SSL - A fatal alert message was received from our peer" | 
|  | 760 |  | 
| Manuel Pégourié-Gonnard | 0b6609b | 2014-02-26 14:45:12 +0100 | [diff] [blame] | 761 | # Tests for non-blocking I/O: exercise a variety of handshake flows | 
|  | 762 |  | 
|  | 763 | run_test    "Non-blocking I/O #1 (basic handshake)" \ | 
|  | 764 | "$P_SRV nbio=2 tickets=0 auth_mode=none" \ | 
|  | 765 | "$P_CLI nbio=2 tickets=0" \ | 
|  | 766 | 0 \ | 
|  | 767 | -S "ssl_handshake returned" \ | 
|  | 768 | -C "ssl_handshake returned" \ | 
|  | 769 | -c "Read from server: .* bytes read" | 
|  | 770 |  | 
|  | 771 | run_test    "Non-blocking I/O #2 (client auth)" \ | 
|  | 772 | "$P_SRV nbio=2 tickets=0 auth_mode=required" \ | 
|  | 773 | "$P_CLI nbio=2 tickets=0" \ | 
|  | 774 | 0 \ | 
|  | 775 | -S "ssl_handshake returned" \ | 
|  | 776 | -C "ssl_handshake returned" \ | 
|  | 777 | -c "Read from server: .* bytes read" | 
|  | 778 |  | 
|  | 779 | run_test    "Non-blocking I/O #3 (ticket)" \ | 
|  | 780 | "$P_SRV nbio=2 tickets=1 auth_mode=none" \ | 
|  | 781 | "$P_CLI nbio=2 tickets=1" \ | 
|  | 782 | 0 \ | 
|  | 783 | -S "ssl_handshake returned" \ | 
|  | 784 | -C "ssl_handshake returned" \ | 
|  | 785 | -c "Read from server: .* bytes read" | 
|  | 786 |  | 
|  | 787 | run_test    "Non-blocking I/O #4 (ticket + client auth)" \ | 
|  | 788 | "$P_SRV nbio=2 tickets=1 auth_mode=required" \ | 
|  | 789 | "$P_CLI nbio=2 tickets=1" \ | 
|  | 790 | 0 \ | 
|  | 791 | -S "ssl_handshake returned" \ | 
|  | 792 | -C "ssl_handshake returned" \ | 
|  | 793 | -c "Read from server: .* bytes read" | 
|  | 794 |  | 
|  | 795 | run_test    "Non-blocking I/O #5 (ticket + client auth + resume)" \ | 
|  | 796 | "$P_SRV nbio=2 tickets=1 auth_mode=required" \ | 
|  | 797 | "$P_CLI nbio=2 tickets=1 reconnect=1" \ | 
|  | 798 | 0 \ | 
|  | 799 | -S "ssl_handshake returned" \ | 
|  | 800 | -C "ssl_handshake returned" \ | 
|  | 801 | -c "Read from server: .* bytes read" | 
|  | 802 |  | 
|  | 803 | run_test    "Non-blocking I/O #6 (ticket + resume)" \ | 
|  | 804 | "$P_SRV nbio=2 tickets=1 auth_mode=none" \ | 
|  | 805 | "$P_CLI nbio=2 tickets=1 reconnect=1" \ | 
|  | 806 | 0 \ | 
|  | 807 | -S "ssl_handshake returned" \ | 
|  | 808 | -C "ssl_handshake returned" \ | 
|  | 809 | -c "Read from server: .* bytes read" | 
|  | 810 |  | 
|  | 811 | run_test    "Non-blocking I/O #7 (session-id resume)" \ | 
|  | 812 | "$P_SRV nbio=2 tickets=0 auth_mode=none" \ | 
|  | 813 | "$P_CLI nbio=2 tickets=0 reconnect=1" \ | 
|  | 814 | 0 \ | 
|  | 815 | -S "ssl_handshake returned" \ | 
|  | 816 | -C "ssl_handshake returned" \ | 
|  | 817 | -c "Read from server: .* bytes read" | 
|  | 818 |  | 
| Manuel Pégourié-Gonnard | a3d808e | 2014-02-26 16:33:03 +0100 | [diff] [blame] | 819 | run_test    "Version check #1 (all -> 1.2)" \ | 
|  | 820 | "$P_SRV" \ | 
|  | 821 | "$P_CLI" \ | 
|  | 822 | 0 \ | 
|  | 823 | -S "ssl_handshake returned" \ | 
|  | 824 | -C "ssl_handshake returned" \ | 
|  | 825 | -s "Protocol is TLSv1.2" \ | 
|  | 826 | -c "Protocol is TLSv1.2" | 
|  | 827 |  | 
|  | 828 | run_test    "Version check #2 (cli max 1.1 -> 1.1)" \ | 
|  | 829 | "$P_SRV" \ | 
|  | 830 | "$P_CLI max_version=tls1_1" \ | 
|  | 831 | 0 \ | 
|  | 832 | -S "ssl_handshake returned" \ | 
|  | 833 | -C "ssl_handshake returned" \ | 
|  | 834 | -s "Protocol is TLSv1.1" \ | 
|  | 835 | -c "Protocol is TLSv1.1" | 
|  | 836 |  | 
|  | 837 | run_test    "Version check #3 (srv max 1.1 -> 1.1)" \ | 
|  | 838 | "$P_SRV max_version=tls1_1" \ | 
|  | 839 | "$P_CLI" \ | 
|  | 840 | 0 \ | 
|  | 841 | -S "ssl_handshake returned" \ | 
|  | 842 | -C "ssl_handshake returned" \ | 
|  | 843 | -s "Protocol is TLSv1.1" \ | 
|  | 844 | -c "Protocol is TLSv1.1" | 
|  | 845 |  | 
|  | 846 | run_test    "Version check #4 (cli+srv max 1.1 -> 1.1)" \ | 
|  | 847 | "$P_SRV max_version=tls1_1" \ | 
|  | 848 | "$P_CLI max_version=tls1_1" \ | 
|  | 849 | 0 \ | 
|  | 850 | -S "ssl_handshake returned" \ | 
|  | 851 | -C "ssl_handshake returned" \ | 
|  | 852 | -s "Protocol is TLSv1.1" \ | 
|  | 853 | -c "Protocol is TLSv1.1" | 
|  | 854 |  | 
|  | 855 | run_test    "Version check #5 (cli max 1.1, srv min 1.1 -> 1.1)" \ | 
|  | 856 | "$P_SRV min_version=tls1_1" \ | 
|  | 857 | "$P_CLI max_version=tls1_1" \ | 
|  | 858 | 0 \ | 
|  | 859 | -S "ssl_handshake returned" \ | 
|  | 860 | -C "ssl_handshake returned" \ | 
|  | 861 | -s "Protocol is TLSv1.1" \ | 
|  | 862 | -c "Protocol is TLSv1.1" | 
|  | 863 |  | 
|  | 864 | run_test    "Version check #6 (cli min 1.1, srv max 1.1 -> 1.1)" \ | 
|  | 865 | "$P_SRV max_version=tls1_1" \ | 
|  | 866 | "$P_CLI min_version=tls1_1" \ | 
|  | 867 | 0 \ | 
|  | 868 | -S "ssl_handshake returned" \ | 
|  | 869 | -C "ssl_handshake returned" \ | 
|  | 870 | -s "Protocol is TLSv1.1" \ | 
|  | 871 | -c "Protocol is TLSv1.1" | 
|  | 872 |  | 
|  | 873 | run_test    "Version check #7 (cli min 1.2, srv max 1.1 -> fail)" \ | 
|  | 874 | "$P_SRV max_version=tls1_1" \ | 
|  | 875 | "$P_CLI min_version=tls1_2" \ | 
|  | 876 | 1 \ | 
|  | 877 | -s "ssl_handshake returned" \ | 
|  | 878 | -c "ssl_handshake returned" \ | 
|  | 879 | -c "SSL - Handshake protocol not within min/max boundaries" | 
|  | 880 |  | 
|  | 881 | run_test    "Version check #8 (srv min 1.2, cli max 1.1 -> fail)" \ | 
|  | 882 | "$P_SRV min_version=tls1_2" \ | 
|  | 883 | "$P_CLI max_version=tls1_1" \ | 
|  | 884 | 1 \ | 
|  | 885 | -s "ssl_handshake returned" \ | 
|  | 886 | -c "ssl_handshake returned" \ | 
|  | 887 | -s "SSL - Handshake protocol not within min/max boundaries" | 
|  | 888 |  | 
| Manuel Pégourié-Gonnard | 8520dac | 2014-02-21 12:12:23 +0100 | [diff] [blame] | 889 | # Final report | 
|  | 890 |  | 
| Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 891 | echo "------------------------------------------------------------------------" | 
|  | 892 |  | 
|  | 893 | if [ $FAILS = 0 ]; then | 
|  | 894 | echo -n "PASSED" | 
|  | 895 | else | 
|  | 896 | echo -n "FAILED" | 
|  | 897 | fi | 
|  | 898 | PASSES=`echo $TESTS - $FAILS | bc` | 
| Manuel Pégourié-Gonnard | 4145b89 | 2014-02-24 13:20:14 +0100 | [diff] [blame] | 899 | echo " ($PASSES / $TESTS tests)" | 
| Manuel Pégourié-Gonnard | 33a752e | 2014-02-21 09:47:37 +0100 | [diff] [blame] | 900 |  | 
|  | 901 | exit $FAILS |