TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/master / . / tests / opt-testcases / sample.sh
blob: ff847cc64558d1799162be63186b44a856c5d0fc [file] [log] [blame]
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]1# Test that SSL sample programs can interoperate with each other
2# and with OpenSSL and GnuTLS.
Gilles Peskine478f6062024-09-04 16:04:42 +0200[diff] [blame]3
4# Copyright The Mbed TLS Contributors
5# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
7: ${PROGRAMS_DIR:=../programs/ssl}
Gilles Peskinee6b82502024-09-04 16:06:10 +0200[diff] [blame]8
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]9run_test "Sample: ssl_client1, ssl_server2" \
10 -P 4433 \
11 "$PROGRAMS_DIR/ssl_server2" \
12 "$PROGRAMS_DIR/ssl_client1" \
13 0 \
14 -s "[1-9][0-9]* bytes read" \
15 -s "[1-9][0-9]* bytes written" \
16 -c "[1-9][0-9]* bytes read" \
17 -c "[1-9][0-9]* bytes written" \
18 -S "error" \
19 -C "error"
20
Gilles Peskinee6b82502024-09-04 16:06:10 +0200[diff] [blame]21requires_protocol_version tls12
22run_test "Sample: ssl_client1, openssl server, TLS 1.2" \
23 -P 4433 \
24 "$O_SRV -tls1_2" \
25 "$PROGRAMS_DIR/ssl_client1" \
26 0 \
Gilles Peskine8d64fe12024-09-04 23:33:36 +0200[diff] [blame]27 -c "Protocol.*TLSv1.2" \
Gilles Peskinee6b82502024-09-04 16:06:10 +0200[diff] [blame]28 -S "ERROR" \
29 -C "error"
30
31requires_protocol_version tls12
32run_test "Sample: ssl_client1, gnutls server, TLS 1.2" \
33 -P 4433 \
34 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
35 "$PROGRAMS_DIR/ssl_client1" \
36 0 \
37 -s "Version: TLS1.2" \
38 -c "<TD>Protocol version:</TD><TD>TLS1.2</TD>" \
39 -S "Error" \
40 -C "error"
41
42requires_protocol_version tls13
Gilles Peskine6117a0c2024-09-04 23:32:42 +0200[diff] [blame]43requires_openssl_tls1_3
Gilles Peskinee6b82502024-09-04 16:06:10 +0200[diff] [blame]44run_test "Sample: ssl_client1, openssl server, TLS 1.3" \
45 -P 4433 \
Gilles Peskine6117a0c2024-09-04 23:32:42 +0200[diff] [blame]46 "$O_NEXT_SRV -tls1_3" \
Gilles Peskinee6b82502024-09-04 16:06:10 +0200[diff] [blame]47 "$PROGRAMS_DIR/ssl_client1" \
48 0 \
49 -c "New, TLSv1.3, Cipher is" \
50 -S "ERROR" \
51 -C "error"
52
53requires_protocol_version tls13
Gilles Peskine33aa2022024-09-05 13:05:49 +0200[diff] [blame]54requires_gnutls_tls1_3
Gilles Peskinee6b82502024-09-04 16:06:10 +0200[diff] [blame]55run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \
56 -P 4433 \
Gilles Peskine33aa2022024-09-05 13:05:49 +0200[diff] [blame]57 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" \
Gilles Peskinee6b82502024-09-04 16:06:10 +0200[diff] [blame]58 "$PROGRAMS_DIR/ssl_client1" \
59 0 \
60 -s "Version: TLS1.3" \
61 -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
62 -S "Error" \
63 -C "error"
Gilles Peskinef8b373e2024-09-04 16:07:56 +0200[diff] [blame]64
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]65# The server complains of extra data after it closes the connection
66# because the client keeps sending data, so the server receives
67# more application data when it expects a new handshake. We consider
68# the test a success if both sides have sent and received application
69# data, no matter what happens afterwards.
70run_test "Sample: dtls_client, ssl_server2" \
71 -P 4433 \
72 "$PROGRAMS_DIR/ssl_server2 dtls=1 server_addr=localhost" \
73 "$PROGRAMS_DIR/dtls_client" \
74 0 \
75 -s "[1-9][0-9]* bytes read" \
76 -s "[1-9][0-9]* bytes written" \
77 -c "[1-9][0-9]* bytes read" \
78 -c "[1-9][0-9]* bytes written" \
79 -C "error"
80
Gilles Peskinee6fd7d52024-09-13 18:15:13 +0200[diff] [blame]81# The dtls_client program connects to localhost. This test case fails on
82# systems where the name "localhost" resolves to an IPv6 address, but
83# the IPv6 connection is not possible. Possible reasons include:
84# * OpenSSL is too old (IPv6 support was added in 1.1.0).
85# * OpenSSL was built without IPv6 support.
86# * A firewall blocks IPv6.
87#
88# To facilitate working with this test case, have it run with $OPENSSL_NEXT
89# which is at least 1.1.1a. At the time it was introduced, this test case
90# passed with OpenSSL 1.0.2g on an environment where IPv6 is disabled.
Gilles Peskinef8b373e2024-09-04 16:07:56 +0200[diff] [blame]91requires_protocol_version dtls12
92run_test "Sample: dtls_client, openssl server, DTLS 1.2" \
93 -P 4433 \
Gilles Peskinee6fd7d52024-09-13 18:15:13 +0200[diff] [blame]94 "$O_NEXT_SRV -dtls1_2" \
Gilles Peskinef8b373e2024-09-04 16:07:56 +0200[diff] [blame]95 "$PROGRAMS_DIR/dtls_client" \
96 0 \
97 -s "Echo this" \
Gilles Peskinef8b373e2024-09-04 16:07:56 +0200[diff] [blame]98 -c "Echo this" \
99 -c "[1-9][0-9]* bytes written" \
100 -c "[1-9][0-9]* bytes read" \
101 -S "ERROR" \
102 -C "error"
103
104requires_protocol_version dtls12
105run_test "Sample: dtls_client, gnutls server, DTLS 1.2" \
106 -P 4433 \
107 "$G_SRV -u --echo --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
108 "$PROGRAMS_DIR/dtls_client" \
109 0 \
110 -s "Server listening" \
111 -s "[1-9][0-9]* bytes command:" \
112 -c "Echo this" \
113 -c "[1-9][0-9]* bytes written" \
114 -c "[1-9][0-9]* bytes read" \
115 -S "Error" \
116 -C "error"
Gilles Peskine37c37492024-09-04 16:30:32 +0200[diff] [blame]117
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]118run_test "Sample: ssl_server, ssl_client2" \
119 -P 4433 \
120 "$PROGRAMS_DIR/ssl_server" \
121 "$PROGRAMS_DIR/ssl_client2" \
122 0 \
123 -s "[1-9][0-9]* bytes read" \
124 -s "[1-9][0-9]* bytes written" \
125 -c "[1-9][0-9]* bytes read" \
126 -c "[1-9][0-9]* bytes written" \
127 -S "error" \
128 -C "error"
129
130run_test "Sample: ssl_client1 with ssl_server" \
131 -P 4433 \
132 "$PROGRAMS_DIR/ssl_server" \
133 "$PROGRAMS_DIR/ssl_client1" \
134 0 \
135 -s "[1-9][0-9]* bytes read" \
136 -s "[1-9][0-9]* bytes written" \
137 -c "[1-9][0-9]* bytes read" \
138 -c "[1-9][0-9]* bytes written" \
139 -S "error" \
140 -C "error"
141
Gilles Peskine37c37492024-09-04 16:30:32 +0200[diff] [blame]142requires_protocol_version tls12
143run_test "Sample: ssl_server, openssl client, TLS 1.2" \
144 -P 4433 \
145 "$PROGRAMS_DIR/ssl_server" \
146 "$O_CLI -tls1_2" \
147 0 \
148 -s "Successful connection using: TLS-" \
Gilles Peskine8d64fe12024-09-04 23:33:36 +0200[diff] [blame]149 -c "Protocol.*TLSv1.2" \
Gilles Peskine37c37492024-09-04 16:30:32 +0200[diff] [blame]150 -S "error" \
151 -C "ERROR"
152
153requires_protocol_version tls12
154run_test "Sample: ssl_server, gnutls client, TLS 1.2" \
155 -P 4433 \
156 "$PROGRAMS_DIR/ssl_server" \
157 "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
158 0 \
159 -s "Successful connection using: TLS-" \
160 -c "Description:.*TLS1.2" \
161 -S "error" \
162 -C "ERROR"
163
164requires_protocol_version tls13
Gilles Peskine6117a0c2024-09-04 23:32:42 +0200[diff] [blame]165requires_openssl_tls1_3
Gilles Peskine37c37492024-09-04 16:30:32 +0200[diff] [blame]166run_test "Sample: ssl_server, openssl client, TLS 1.3" \
167 -P 4433 \
168 "$PROGRAMS_DIR/ssl_server" \
Gilles Peskine6117a0c2024-09-04 23:32:42 +0200[diff] [blame]169 "$O_NEXT_CLI -tls1_3" \
Gilles Peskine37c37492024-09-04 16:30:32 +0200[diff] [blame]170 0 \
171 -s "Successful connection using: TLS1-3-" \
172 -c "New, TLSv1.3, Cipher is" \
173 -S "error" \
174 -C "ERROR"
175
176requires_protocol_version tls13
Gilles Peskine33aa2022024-09-05 13:05:49 +0200[diff] [blame]177requires_gnutls_tls1_3
Gilles Peskine37c37492024-09-04 16:30:32 +0200[diff] [blame]178run_test "Sample: ssl_server, gnutls client, TLS 1.3" \
179 -P 4433 \
180 "$PROGRAMS_DIR/ssl_server" \
Gilles Peskine33aa2022024-09-05 13:05:49 +0200[diff] [blame]181 "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
Gilles Peskine37c37492024-09-04 16:30:32 +0200[diff] [blame]182 0 \
183 -s "Successful connection using: TLS1-3-" \
184 -c "Description:.*TLS1.3" \
185 -S "error" \
186 -C "ERROR"
Gilles Peskinefab60992024-09-04 16:31:06 +0200[diff] [blame]187
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]188run_test "Sample: ssl_fork_server, ssl_client2" \
189 -P 4433 \
190 "$PROGRAMS_DIR/ssl_fork_server" \
191 "$PROGRAMS_DIR/ssl_client2" \
192 0 \
193 -s "[1-9][0-9]* bytes read" \
194 -s "[1-9][0-9]* bytes written" \
195 -c "[1-9][0-9]* bytes read" \
196 -c "[1-9][0-9]* bytes written" \
197 -S "error" \
198 -C "error"
199
200run_test "Sample: ssl_client1 with ssl_fork_server" \
201 -P 4433 \
202 "$PROGRAMS_DIR/ssl_fork_server" \
203 "$PROGRAMS_DIR/ssl_client1" \
204 0 \
205 -s "[1-9][0-9]* bytes read" \
206 -s "[1-9][0-9]* bytes written" \
207 -c "[1-9][0-9]* bytes read" \
208 -c "[1-9][0-9]* bytes written" \
209 -S "error" \
210 -C "error"
211
Gilles Peskinefab60992024-09-04 16:31:06 +0200[diff] [blame]212requires_protocol_version tls12
Gilles Peskine2a0af352024-09-04 17:47:14 +0200[diff] [blame]213run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \
214 -P 4433 \
215 "$PROGRAMS_DIR/ssl_fork_server" \
216 "$O_CLI -tls1_2" \
217 0 \
218 -s "Successful connection using: TLS-" \
Gilles Peskine8d64fe12024-09-04 23:33:36 +0200[diff] [blame]219 -c "Protocol.*TLSv1.2" \
Gilles Peskine2a0af352024-09-04 17:47:14 +0200[diff] [blame]220 -S "error" \
221 -C "ERROR"
222
223requires_protocol_version tls12
224run_test "Sample: ssl_fork_server, gnutls client, TLS 1.2" \
225 -P 4433 \
226 "$PROGRAMS_DIR/ssl_fork_server" \
227 "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
228 0 \
229 -s "Successful connection using: TLS-" \
230 -c "Description:.*TLS1.2" \
231 -S "error" \
232 -C "ERROR"
233
234requires_protocol_version tls13
Gilles Peskine6117a0c2024-09-04 23:32:42 +0200[diff] [blame]235requires_openssl_tls1_3
Gilles Peskine2a0af352024-09-04 17:47:14 +0200[diff] [blame]236run_test "Sample: ssl_fork_server, openssl client, TLS 1.3" \
237 -P 4433 \
238 "$PROGRAMS_DIR/ssl_fork_server" \
Gilles Peskine6117a0c2024-09-04 23:32:42 +0200[diff] [blame]239 "$O_NEXT_CLI -tls1_3" \
Gilles Peskine2a0af352024-09-04 17:47:14 +0200[diff] [blame]240 0 \
241 -s "Successful connection using: TLS1-3-" \
242 -c "New, TLSv1.3, Cipher is" \
243 -S "error" \
244 -C "ERROR"
245
246requires_protocol_version tls13
Gilles Peskine33aa2022024-09-05 13:05:49 +0200[diff] [blame]247requires_gnutls_tls1_3
Gilles Peskine2a0af352024-09-04 17:47:14 +0200[diff] [blame]248run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \
249 -P 4433 \
250 "$PROGRAMS_DIR/ssl_fork_server" \
Gilles Peskine33aa2022024-09-05 13:05:49 +0200[diff] [blame]251 "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
Gilles Peskine2a0af352024-09-04 17:47:14 +0200[diff] [blame]252 0 \
253 -s "Successful connection using: TLS1-3-" \
254 -c "Description:.*TLS1.3" \
255 -S "error" \
256 -C "ERROR"
257
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]258run_test "Sample: ssl_pthread_server, ssl_client2" \
259 -P 4433 \
260 "$PROGRAMS_DIR/ssl_pthread_server" \
261 "$PROGRAMS_DIR/ssl_client2" \
262 0 \
263 -s "[1-9][0-9]* bytes read" \
264 -s "[1-9][0-9]* bytes written" \
265 -c "[1-9][0-9]* bytes read" \
266 -c "[1-9][0-9]* bytes written" \
267 -S "error" \
268 -C "error"
269
270run_test "Sample: ssl_client1 with ssl_pthread_server" \
271 -P 4433 \
272 "$PROGRAMS_DIR/ssl_pthread_server" \
273 "$PROGRAMS_DIR/ssl_client1" \
274 0 \
275 -s "[1-9][0-9]* bytes read" \
276 -s "[1-9][0-9]* bytes written" \
277 -c "[1-9][0-9]* bytes read" \
278 -c "[1-9][0-9]* bytes written" \
279 -S "error" \
280 -C "error"
281
Gilles Peskine2a0af352024-09-04 17:47:14 +0200[diff] [blame]282requires_protocol_version tls12
Gilles Peskinefab60992024-09-04 16:31:06 +0200[diff] [blame]283run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
284 -P 4433 \
285 "$PROGRAMS_DIR/ssl_pthread_server" \
286 "$O_CLI -tls1_2" \
287 0 \
288 -s "Successful connection using: TLS-" \
Gilles Peskine8d64fe12024-09-04 23:33:36 +0200[diff] [blame]289 -c "Protocol.*TLSv1.2" \
Gilles Peskinefab60992024-09-04 16:31:06 +0200[diff] [blame]290 -S "error" \
291 -C "ERROR"
292
293requires_protocol_version tls12
294run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.2" \
295 -P 4433 \
296 "$PROGRAMS_DIR/ssl_pthread_server" \
297 "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
298 0 \
299 -s "Successful connection using: TLS-" \
300 -c "Description:.*TLS1.2" \
301 -S "error" \
302 -C "ERROR"
303
304requires_protocol_version tls13
Gilles Peskine6117a0c2024-09-04 23:32:42 +0200[diff] [blame]305requires_openssl_tls1_3
Gilles Peskinefab60992024-09-04 16:31:06 +0200[diff] [blame]306run_test "Sample: ssl_pthread_server, openssl client, TLS 1.3" \
307 -P 4433 \
308 "$PROGRAMS_DIR/ssl_pthread_server" \
Gilles Peskine6117a0c2024-09-04 23:32:42 +0200[diff] [blame]309 "$O_NEXT_CLI -tls1_3" \
Gilles Peskinefab60992024-09-04 16:31:06 +0200[diff] [blame]310 0 \
311 -s "Successful connection using: TLS1-3-" \
312 -c "New, TLSv1.3, Cipher is" \
313 -S "error" \
314 -C "ERROR"
315
316requires_protocol_version tls13
Gilles Peskine33aa2022024-09-05 13:05:49 +0200[diff] [blame]317requires_gnutls_tls1_3
Gilles Peskinefab60992024-09-04 16:31:06 +0200[diff] [blame]318run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
319 -P 4433 \
320 "$PROGRAMS_DIR/ssl_pthread_server" \
Gilles Peskine33aa2022024-09-05 13:05:49 +0200[diff] [blame]321 "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
Gilles Peskinefab60992024-09-04 16:31:06 +0200[diff] [blame]322 0 \
323 -s "Successful connection using: TLS1-3-" \
324 -c "Description:.*TLS1.3" \
325 -S "error" \
326 -C "ERROR"
Gilles Peskine9d104e92024-09-04 16:51:50 +0200[diff] [blame]327
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]328run_test "Sample: dtls_client with dtls_server" \
329 -P 4433 \
330 "$PROGRAMS_DIR/dtls_server" \
331 "$PROGRAMS_DIR/dtls_client" \
332 0 \
333 -s "[1-9][0-9]* bytes read" \
334 -s "[1-9][0-9]* bytes written" \
335 -c "[1-9][0-9]* bytes read" \
336 -c "[1-9][0-9]* bytes written" \
Gilles Peskine6f8ff552024-10-01 12:48:42 +0200[diff] [blame]337 -S "error" \
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]338 -C "error"
339
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]340run_test "Sample: ssl_client2, dtls_server" \
341 -P 4433 \
342 "$PROGRAMS_DIR/dtls_server" \
343 "$PROGRAMS_DIR/ssl_client2 dtls=1" \
344 0 \
345 -s "[1-9][0-9]* bytes read" \
346 -s "[1-9][0-9]* bytes written" \
347 -c "[1-9][0-9]* bytes read" \
348 -c "[1-9][0-9]* bytes written" \
Gilles Peskine6f8ff552024-10-01 12:48:42 +0200[diff] [blame]349 -S "error" \
Gilles Peskineca730a72024-09-10 00:03:18 +0200[diff] [blame]350 -C "error"
351
Gilles Peskine9d104e92024-09-04 16:51:50 +0200[diff] [blame]352requires_protocol_version dtls12
353run_test "Sample: dtls_server, openssl client, DTLS 1.2" \
354 -P 4433 \
355 "$PROGRAMS_DIR/dtls_server" \
356 "$O_CLI -dtls1_2" \
357 0 \
358 -s "[1-9][0-9]* bytes read" \
359 -s "[1-9][0-9]* bytes written" \
Gilles Peskine8d64fe12024-09-04 23:33:36 +0200[diff] [blame]360 -c "Protocol.*TLSv1.2" \
Gilles Peskine9d104e92024-09-04 16:51:50 +0200[diff] [blame]361 -S "error" \
362 -C "ERROR"
363
364requires_protocol_version dtls12
365run_test "Sample: dtls_server, gnutls client, DTLS 1.2" \
366 -P 4433 \
367 "$PROGRAMS_DIR/dtls_server" \
368 "$G_CLI -u --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
369 0 \
370 -s "[1-9][0-9]* bytes read" \
371 -s "[1-9][0-9]* bytes written" \
372 -c "Description:.*DTLS1.2" \
373 -S "error" \
374 -C "ERROR"