diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-09-01 19:06:09 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-09-01 19:08:39 +0200 |
commit | d178911375a37f9ed087c624c5bc601c3f655cc6 (patch) | |
tree | e8509b61506897ed3c6396eadfbe8c1c2a3fc72b | |
parent | 24e2962598dac4d0c80b4dfe844969775f237eab (diff) | |
download | gnutls-d178911375a37f9ed087c624c5bc601c3f655cc6.tar.gz |
Added server mode tests for the various EC curves.
-rwxr-xr-x | tests/suite/testcompat-main | 81 |
1 files changed, 75 insertions, 6 deletions
diff --git a/tests/suite/testcompat-main b/tests/suite/testcompat-main index 06de7b7f6b..1b1f5e6592 100755 --- a/tests/suite/testcompat-main +++ b/tests/suite/testcompat-main @@ -59,6 +59,9 @@ CA_ECC_CERT=$srcdir/../certs/ca-cert-ecc.pem ECC224_CERT=$srcdir/../certs/cert-ecc.pem ECC224_KEY=$srcdir/../certs/ecc.pem +ECC256_CERT=$srcdir/../certs/cert-ecc256.pem +ECC256_KEY=$srcdir/../certs/ecc256.pem + ECC521_CERT=$srcdir/../certs/cert-ecc521.pem ECC521_KEY=$srcdir/../certs/ecc521.pem @@ -374,12 +377,45 @@ $OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $C kill $PID wait -echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC_CERT --x509keyfile $ECC_KEY --x509cafile $CA_ECC_CERT & PID=$! +echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! wait_server $PID #-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC_CERT -key $ECC_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ +$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ fail $PID "Failed" kill $PID @@ -418,12 +454,45 @@ $OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key kill $PID wait -echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite" -launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC_CERT --x509keyfile $ECC_KEY --x509cafile $CA_ECC_CERT & PID=$! +echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$! wait_server $PID #-cipher ECDHE-ECDSA-AES128-SHA -$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC_CERT -key $ECC_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ +$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ fail $PID "Failed" kill $PID |