diff options
| author | Alon Bar-Lev <alon.barlev@gmail.com> | 2015-06-21 20:42:12 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-06-24 21:47:29 +0200 |
| commit | 435deb84c9c27d22be04e6a598e874e0bd55ff5b (patch) | |
| tree | cf7562223e3481d66b45b34a7c058e07d6389592 | |
| parent | 503c0cb80bcc8d6194cb414e889c40f59161d81d (diff) | |
| download | gnutls-435deb84c9c27d22be04e6a598e874e0bd55ff5b.tar.gz | |
tests: tab indent + minor style changes
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
51 files changed, 2137 insertions, 2092 deletions
diff --git a/tests/cert-tests/aki b/tests/cert-tests/aki index 5f130cc0eb..6d71a280a4 100755 --- a/tests/cert-tests/aki +++ b/tests/cert-tests/aki @@ -25,17 +25,17 @@ set -e srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/aki-cert.pem" \ - |grep -v "Algorithm Security Level" > tmp-aki.pem + |grep -v "Algorithm Security Level" > tmp-aki.pem rc=$? if test "${rc}" != "0"; then - echo "info failed" - exit ${rc} + echo "info failed" + exit ${rc} fi @@ -44,7 +44,7 @@ rc=$? # We're done. if test "${rc}" != "0"; then - exit ${rc} + exit ${rc} fi rm -f tmp-aki.pem diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool index ce02ec809f..4df4a5d39e 100755 --- a/tests/cert-tests/certtool +++ b/tests/cert-tests/certtool @@ -23,58 +23,58 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi #check whether "funny" spaces can be interpreted id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/funny-spacing.pem" --hash sha1` rc=$? -if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then - echo "Key-ID1 doesn't match the expected: ${id}" - exit 1 +if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then + echo "Key-ID1 doesn't match the expected: ${id}" + exit 1 fi id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/funny-spacing.pem"` rc=$? -if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then - echo "Default key-ID1 doesn't match the expected; did the defaults change? ID: ${id}" - exit 1 +if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then + echo "Default key-ID1 doesn't match the expected; did the defaults change? ID: ${id}" + exit 1 fi id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha1` rc=$? -if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then - echo "Key-ID2 doesn't match the expected: ${id}" - exit 1 +if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then + echo "Key-ID2 doesn't match the expected: ${id}" + exit 1 fi id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha256` rc=$? -if test "${id}" != "118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d";then - echo "Key-ID3 doesn't match the expected: ${id}" - exit 1 +if test "${id}" != "118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d"; then + echo "Key-ID3 doesn't match the expected: ${id}" + exit 1 fi #fingerprint id=`${VALGRIND} "${CERTTOOL}" --fingerprint --infile "${srcdir}/funny-spacing.pem"` rc=$? -if test "${id}" != "8f735c5ddefd723f59b6a3bb2ac0522470c0182f";then - echo "Fingerprint doesn't match the expected: 3" - exit 1 +if test "${id}" != "8f735c5ddefd723f59b6a3bb2ac0522470c0182f"; then + echo "Fingerprint doesn't match the expected: 3" + exit 1 fi id=`${VALGRIND} "${CERTTOOL}" --fingerprint --hash sha256 --infile "${srcdir}/funny-spacing.pem"` rc=$? -if test "${id}" != "fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f";then - echo "Fingerprint doesn't match the expected: 4" - exit 1 +if test "${id}" != "fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f"; then + echo "Fingerprint doesn't match the expected: 4" + exit 1 fi export TZ="UTC" @@ -83,17 +83,17 @@ export TZ="UTC" TSTAMP=`datefudge "2006-09-23" date -u +%s || true` if test "$TSTAMP" != "1158969600"; then echo $TSTAMP - echo "You need datefudge to run this test" - exit 77 + echo "You need datefudge to run this test" + exit 77 fi cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify-chain rc=$? -if test "${rc}" != "0";then - echo "There was an issue verifying the chain" - exit 1 +if test "${rc}" != "0"; then + echo "There was an issue verifying the chain" + exit 1 fi diff --git a/tests/cert-tests/crq b/tests/cert-tests/crq index cc2bbfe1c1..50b78c85c7 100755 --- a/tests/cert-tests/crq +++ b/tests/cert-tests/crq @@ -25,8 +25,8 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" fi OUTFILE=out.tmp @@ -35,14 +35,14 @@ rc=$? # We're done. if test "${rc}" != "0"; then - echo "Invalid crq decoding failed" - exit ${rc} + echo "Invalid crq decoding failed" + exit ${rc} fi grep "error: get_key_id" "${OUTFILE}" >/dev/null 2>&1 if test "$?" != "0"; then - echo "crq decoding didn't fail as expected" - exit 1 + echo "crq decoding didn't fail as expected" + exit 1 fi rm -f "${OUTFILE}" diff --git a/tests/cert-tests/dane b/tests/cert-tests/dane index e019ef7307..f2aa341f2f 100755 --- a/tests/cert-tests/dane +++ b/tests/cert-tests/dane @@ -37,7 +37,7 @@ rm -f tmp-dane.rr # We're done. if test "${rc}" != "0"; then - exit ${rc} + exit ${rc} fi exit 0 diff --git a/tests/cert-tests/email b/tests/cert-tests/email index e12ee6ba00..8efe18edd1 100755 --- a/tests/cert-tests/email +++ b/tests/cert-tests/email @@ -23,72 +23,72 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF=$"{DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email test@example.com rc=$? if test "${rc}" != "1"; then - echo "email test 1 failed" - exit 1 + echo "email test 1 failed" + exit 1 fi ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email invalid@example.com rc=$? if test "${rc}" != "1"; then - echo "email test 2 failed" - exit 1 + echo "email test 2 failed" + exit 1 fi ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email test@example.com rc=$? if test "${rc}" != "0"; then - echo "email test 3 failed" - exit 1 + echo "email test 3 failed" + exit 1 fi ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email invalid@example.com rc=$? if test "${rc}" != "1"; then - echo "email test 4 failed" - exit 1 + echo "email test 4 failed" + exit 1 fi ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email invalid@example.com rc=$? if test "${rc}" != "1"; then - echo "email test 5 failed" - exit 1 + echo "email test 5 failed" + exit 1 fi ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email test@cola.com rc=$? if test "${rc}" != "1"; then - echo "email test 6 failed" - exit 1 + echo "email test 6 failed" + exit 1 fi ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email test@example.com rc=$? if test "${rc}" != "0"; then - echo "email test 7 failed" - exit 1 + echo "email test 7 failed" + exit 1 fi ${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email invalid@example.com rc=$? if test "${rc}" != "1"; then - echo "email test 8 failed" - exit 1 + echo "email test 8 failed" + exit 1 fi diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig index 72d72ecdd7..dacdc61683 100755 --- a/tests/cert-tests/invalid-sig +++ b/tests/cert-tests/invalid-sig @@ -25,8 +25,8 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi #check whether a different PKCS #1 signature than the advertized in certificate is tolerated @@ -35,8 +35,8 @@ rc=$? # We're done. if test "${rc}" = "0"; then - echo "Verification of invalid signature (1) failed" - exit ${rc} + echo "Verification of invalid signature (1) failed" + exit ${rc} fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -45,8 +45,8 @@ rc=$? # We're done. if test "${rc}" = "0"; then - echo "Verification of invalid signature (2) failed" - exit ${rc} + echo "Verification of invalid signature (2) failed" + exit ${rc} fi #check whether a different tbsCertificate than the outer signature algorithm is tolerated @@ -55,8 +55,8 @@ rc=$? # We're done. if test "${rc}" = "0"; then - echo "Verification of invalid signature (3) failed" - exit ${rc} + echo "Verification of invalid signature (3) failed" + exit ${rc} fi exit 0 diff --git a/tests/cert-tests/pathlen b/tests/cert-tests/pathlen index 710282dc7c..d940fe8c14 100755 --- a/tests/cert-tests/pathlen +++ b/tests/cert-tests/pathlen @@ -25,26 +25,26 @@ set -e srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/ca-no-pathlen.pem" \ - |grep -v "Algorithm Security Level" > new-ca-no-pathlen.pem + |grep -v "Algorithm Security Level" > new-ca-no-pathlen.pem rc=$? if test "${rc}" != "0"; then - echo "info 1 failed" - exit ${rc} + echo "info 1 failed" + exit ${rc} fi ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/no-ca-or-pathlen.pem" \ - |grep -v "Algorithm Security Level" > new-no-ca-or-pathlen.pem + |grep -v "Algorithm Security Level" > new-no-ca-or-pathlen.pem rc=$? if test "${rc}" != "0"; then - echo "info 2 failed" - exit ${rc} + echo "info 2 failed" + exit ${rc} fi ${DIFF} "${srcdir}/ca-no-pathlen.pem" new-ca-no-pathlen.pem @@ -55,7 +55,7 @@ rc2=$? # We're done. if test "${rc1}" != "0"; then - exit ${rc1} + exit ${rc1} fi rm -f new-ca-no-pathlen.pem new-no-ca-or-pathlen.pem diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding index 8913acb33e..a5f612cc77 100755 --- a/tests/cert-tests/pem-decoding +++ b/tests/cert-tests/pem-decoding @@ -25,8 +25,8 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi #check whether "funny" spaces can be interpreted @@ -35,8 +35,8 @@ rc=$? # We're done. if test "${rc}" != "0"; then - echo "Funny-spacing cert decoding failed 1" - exit ${rc} + echo "Funny-spacing cert decoding failed 1" + exit ${rc} fi #check whether a BMPString attribute can be properly decoded @@ -44,8 +44,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/bmpstring.pem" rc=$? if test "${rc}" != "0"; then - echo "BMPString cert decoding failed 1" - exit ${rc} + echo "BMPString cert decoding failed 1" + exit ${rc} fi #Note that --strip-trailing-cr is used for the test @@ -54,8 +54,8 @@ ${DIFF} "${srcdir}/bmpstring.pem" tmp-pem.pem || ${DIFF} --strip-trailing-cr "${ rc=$? if test "${rc}" != "0"; then - echo "BMPString cert decoding failed 2" - exit ${rc} + echo "BMPString cert decoding failed 2" + exit ${rc} fi #check whether complex-cert is decoded as expected @@ -63,8 +63,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/complex-cert.pe rc=$? if test "${rc}" != "0"; then - echo "Complex cert decoding failed 1" - exit ${rc} + echo "Complex cert decoding failed 1" + exit ${rc} fi cat "${srcdir}/complex-cert.pem" |grep -v "Not After:" >tmp1 @@ -73,8 +73,8 @@ ${DIFF} tmp1 tmp2 || ${DIFF} --strip-trailing-cr tmp1 tmp2 rc=$? if test "${rc}" != "0"; then - echo "Complex cert decoding failed 2" - exit ${rc} + echo "Complex cert decoding failed 2" + exit ${rc} fi #check whether the cert with many othernames is decoded as expected @@ -82,8 +82,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/xmpp-othername. rc=$? if test "${rc}" != "0"; then - echo "XMPP cert decoding failed 1" - exit ${rc} + echo "XMPP cert decoding failed 1" + exit ${rc} fi cat "${srcdir}/xmpp-othername.pem" |grep -v "Not After:" >tmp1 @@ -92,8 +92,8 @@ ${DIFF} tmp1 tmp2 || ${DIFF} --strip-trailing-cr tmp1 tmp2 rc=$? if test "${rc}" != "0"; then - echo "XMPP cert decoding failed 2" - exit ${rc} + echo "XMPP cert decoding failed 2" + exit ${rc} fi rm -f tmp-pem.pem tmp1 tmp2 diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index c3938cb672..d4b754b5c3 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -23,54 +23,54 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" fi OUTFILE=out-pkcs7.tmp OUTFILE2=out2-pkcs7.tmp -for FILE in single-ca.p7b full.p7b;do +for FILE in single-ca.p7b full.p7b; do ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/${FILE}"|grep -v "Signing time" >"${OUTFILE}" rc=$? # We're done. if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 decoding failed" - exit ${rc} + echo "${FILE}: PKCS7 decoding failed" + exit ${rc} fi ${DIFF} "${OUTFILE}" "${srcdir}/${FILE}.out" >/dev/null if test "$?" != "0"; then - echo "${FILE}: PKCS7 decoding didn't produce the correct file" - exit 1 + echo "${FILE}: PKCS7 decoding didn't produce the correct file" + exit 1 fi done # check signatures -for FILE in full.p7b;do +for FILE in full.p7b; do ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}" rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 verification failed" - exit ${rc} + echo "${FILE}: PKCS7 verification failed" + exit ${rc} fi ${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}" rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 verification failed with key purpose" - exit ${rc} + echo "${FILE}: PKCS7 verification failed with key purpose" + exit ${rc} fi ${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.3 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}" rc=$? if test "${rc}" = "0"; then - echo "${FILE}: PKCS7 verification succeeded with wrong key purpose" - exit 2 + echo "${FILE}: PKCS7 verification succeeded with wrong key purpose" + exit 2 fi done @@ -82,16 +82,16 @@ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/. rc=$? if test "${rc}" = "0"; then - echo "${FILE}: PKCS7 verification succeeded without providing detached data" - exit 2 + echo "${FILE}: PKCS7 verification succeeded without providing detached data" + exit 2 fi ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-data "${srcdir}/pkcs7-detached.txt" --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 verification failed" - exit ${rc} + echo "${FILE}: PKCS7 verification failed" + exit ${rc} fi # Test cert combination @@ -102,14 +102,14 @@ ${VALGRIND} "${CERTTOOL}" --p7-generate --load-certificate "${OUTFILE2}" >"${OUT rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct generation failed" - exit ${rc} + echo "${FILE}: PKCS7 struct generation failed" + exit ${rc} fi ${DIFF} "${OUTFILE}" "${srcdir}/p7-combined.out" >/dev/null if test "$?" != "0"; then - echo "${FILE}: PKCS7 generation didn't produce the correct file" - exit 1 + echo "${FILE}: PKCS7 generation didn't produce the correct file" + exit 1 fi # Test signing @@ -118,8 +118,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${srcdir}/../../doc/credent rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct signing failed" - exit ${rc} + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} fi FILE="signing-verify" @@ -127,8 +127,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct signing failed verification" - exit ${rc} + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} fi @@ -137,8 +137,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-detached-sign --load-privkey "${srcdir}/../../do rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct signing-detached failed" - exit ${rc} + echo "${FILE}: PKCS7 struct signing-detached failed" + exit ${rc} fi FILE="signing-detached-verify" @@ -146,8 +146,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct signing-detached failed verification" - exit ${rc} + echo "${FILE}: PKCS7 struct signing-detached failed verification" + exit ${rc} fi # Test signing with broken algorithms @@ -156,8 +156,8 @@ ${VALGRIND} "${CERTTOOL}" --hash md5 --p7-sign --load-privkey "${srcdir}/../../ rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct signing-broken failed" - exit ${rc} + echo "${FILE}: PKCS7 struct signing-broken failed" + exit ${rc} fi FILE="signing-verify-broken" @@ -165,8 +165,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr rc=$? if test "${rc}" = "0"; then - echo "${FILE}: PKCS7 struct verification succeeded with broken algo" - exit 1 + echo "${FILE}: PKCS7 struct verification succeeded with broken algo" + exit 1 fi FILE="signing-time" @@ -174,14 +174,14 @@ ${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey "${srcdir rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct signing with time failed" - exit ${rc} + echo "${FILE}: PKCS7 struct signing with time failed" + exit ${rc} fi ${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1 if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct signing with time failed. No time was found." - exit ${rc} + echo "${FILE}: PKCS7 struct signing with time failed. No time was found." + exit ${rc} fi FILE="signing-time-verify" @@ -189,8 +189,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr rc=$? if test "${rc}" != "0"; then - echo "${FILE}: PKCS7 struct signing with time failed verification" - exit ${rc} + echo "${FILE}: PKCS7 struct signing with time failed verification" + exit ${rc} fi rm -f "${OUTFILE}" diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test index c92440e420..3903492d56 100755 --- a/tests/cert-tests/template-test +++ b/tests/cert-tests/template-test @@ -29,9 +29,9 @@ export TZ="UTC" # Check for datefudge TSTAMP=`datefudge "2006-09-23" date -u +%s || true` if test "$TSTAMP" != "1158969600"; then - echo $TSTAMP - echo "You need datefudge to run this test" - exit 77 + echo $TSTAMP + echo "You need datefudge to run this test" + exit 77 fi # Note that in rare cases this test may fail because the @@ -41,24 +41,23 @@ fi rc=1 counter=1 -while [ "${rc}" != "0" -a $counter -le 3 ] -do - datefudge "2007-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-test.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null - - ${DIFF} "${srcdir}/template-test.pem" tmp-tt.pem >/dev/null 2>&1 - rc=$? - test ${rc} != 0 && sleep 3 - counter=`expr $counter + 1` +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-test.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-test.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` done # We're done. if test "${rc}" != "0"; then - echo "Test 1 failed" - exit ${rc} + echo "Test 1 failed" + exit ${rc} fi rm -f tmp-tt.pem @@ -66,24 +65,23 @@ rm -f tmp-tt.pem rc=1 counter=1 -while [ "${rc}" != "0" -a $counter -le 3 ] -do - datefudge "2007-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-utf8.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null - - ${DIFF} "${srcdir}/template-utf8.pem" tmp-tt.pem >/dev/null 2>&1 - rc=$? - test ${rc} != 0 && sleep 3 - counter=`expr $counter + 1` +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-utf8.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-utf8.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` done # We're done. if test "${rc}" != "0"; then - echo "Test 2 (UTF8) failed" - exit ${rc} + echo "Test 2 (UTF8) failed" + exit ${rc} fi rm -f tmp-tt.pem @@ -91,38 +89,37 @@ rm -f tmp-tt.pem rc=1 counter=1 -while [ "${rc}" != "0" -a $counter -le 3 ] -do - datefudge "2007-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-dn.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null - - ${DIFF} "${srcdir}/template-dn.pem" tmp-tt.pem >/dev/null 2>&1 - rc=$? - test ${rc} != 0 && sleep 3 - counter=`expr $counter + 1` +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-dn.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-dn.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` done # We're done. if test "${rc}" != "0"; then - echo "Test 3 (DN) failed" - exit ${rc} + echo "Test 3 (DN) failed" + exit ${rc} fi rm -f tmp-tt.pem datefudge "2007-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-dn-err.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-dn-err.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null rc=$? if test "${rc}" = "0"; then - echo "Test 3 (DN-err) failed" - exit ${rc} + echo "Test 3 (DN-err) failed" + exit ${rc} fi rm -f tmp-tt.pem @@ -130,24 +127,23 @@ rm -f tmp-tt.pem rc=1 counter=1 -while [ "${rc}" != "0" -a $counter -le 3 ] -do - datefudge "2007-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-overflow.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null - - ${DIFF} "${srcdir}/template-overflow.pem" tmp-tt.pem >/dev/null 2>&1 - rc=$? - test ${rc} != 0 && sleep 3 - counter=`expr $counter + 1` +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-overflow.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-overflow.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` done # We're done. if test "${rc}" != "0"; then - echo "Test 4 (overflow1) failed" - exit ${rc} + echo "Test 4 (overflow1) failed" + exit ${rc} fi rm -f tmp-tt.pem @@ -158,24 +154,23 @@ if echo __SIZEOF_POINTER__ | cpp -E - - | grep '^8$' >/dev/null; then rc=1 counter=1 -while [ "${rc}" != "0" -a $counter -le 3 ] -do - datefudge "2007-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-overflow2.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null - - ${DIFF} "${srcdir}/template-overflow2.pem" tmp-tt.pem >/dev/null 2>&1 - rc=$? - test ${rc} != 0 && sleep 3 - counter=`expr $counter + 1` +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-overflow2.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-overflow2.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` done # We're done. if test "${rc}" != "0"; then - echo "Test 5 (overflow2) failed" - exit ${rc} + echo "Test 5 (overflow2) failed" + exit ${rc} fi rm -f tmp-tt.pem @@ -184,24 +179,23 @@ fi rc=1 counter=1 -while [ "${rc}" != "0" -a $counter -le 3 ] -do - datefudge "2007-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-date.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null - - ${DIFF} "${srcdir}/template-date.pem" tmp-tt.pem >/dev/null 2>&1 - rc=$? - test ${rc} != 0 && sleep 3 - counter=`expr $counter + 1` +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-date.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-date.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` done # We're done. if test "${rc}" != "0"; then - echo "Test 6 (explicit dates) failed" - exit ${rc} + echo "Test 6 (explicit dates) failed" + exit ${rc} fi rm -f tmp-tt.pem @@ -211,53 +205,51 @@ rm -f tmp-tt.pem rc=1 counter=1 -while [ "${rc}" != "0" -a $counter -le 3 ] -do - datefudge "2007-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-nc.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null - - ${DIFF} "${srcdir}/template-nc.pem" tmp-tt.pem >/dev/null 2>&1 - rc=$? - test ${rc} != 0 && sleep 3 - counter=`expr $counter + 1` +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-nc.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-nc.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` done # We're done. if test "${rc}" != "0"; then - echo "Test 7 (name constraints) failed" - exit ${rc} + echo "Test 7 (name constraints) failed" + exit ${rc} fi rm -f tmp-tt.pem # Test the GeneralizedTime support -if test "$(getconf LONG_BIT)" = "64";then - # we should test that on systems which have 64-bit time_t. - rc=1 - counter=1 - - while [ "${rc}" != "0" -a $counter -le 3 ] - do - datefudge "2051-04-22" \ - "${CERTTOOL}" --generate-self-signed \ - --load-privkey "${srcdir}/template-test.key" \ - --template "${srcdir}/template-generalized.tmpl" \ - --outfile tmp-tt.pem 2>/dev/null - - ${DIFF} "${srcdir}/template-generalized.pem" tmp-tt.pem >/dev/null 2>&1 - rc=$? - test ${rc} != 0 && sleep 3 - counter=`expr $counter + 1` - done - - # We're done. - if test "${rc}" != "0"; then - echo "Test 8 (generalizedTime) failed" - exit ${rc} - fi +if test "$(getconf LONG_BIT)" = "64"; then + # we should test that on systems which have 64-bit time_t. + rc=1 + counter=1 + + while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2051-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-generalized.tmpl" \ + --outfile tmp-tt.pem 2>/dev/null + + ${DIFF} "${srcdir}/template-generalized.pem" tmp-tt.pem >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` + done + + # We're done. + if test "${rc}" != "0"; then + echo "Test 8 (generalizedTime) failed" + exit ${rc} + fi fi rm -f tmp-tt.pem diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa index 0334e638cd..456182f20a 100755 --- a/tests/dsa/testdsa +++ b/tests/dsa/testdsa @@ -26,8 +26,8 @@ CLI="${CLI:-../../src/gnutls-cli}" DEBUG="" unset RETCODE -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi . "${srcdir}/../scripts/common.sh" @@ -40,30 +40,31 @@ echo "Checking various DSA key sizes (port ${PORT})" echo "Checking DSA-1024 with TLS 1.0" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 & PID=$! +launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 & +PID=$! wait_server "${PID}" PRIO="--priority NORMAL:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA384:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \ - fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!" + fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!" echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0" #try with client key of 1024 bits (should succeed) "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" </dev/null >/dev/null || \ - fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!" + fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!" echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0" #try with client key of 2048 bits (should fail) "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" </dev/null >/dev/null 2>&1 && \ - fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!" + fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!" echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0" #try with client key of 3072 bits (should fail) "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" </dev/null >/dev/null 2>&1 && \ - fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!" + fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!" kill "${PID}" wait @@ -72,30 +73,30 @@ wait echo "Checking DSA-1024 with TLS 1.2" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 & PID=$! +launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 & +PID=$! wait_server "${PID}" "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \ - fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!" + fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!" echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2" #try with client key of 1024 bits (should succeed) "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" </dev/null >/dev/null || \ - fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!" + fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!" echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2" #try with client key of 2048 bits (should succeed) "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" </dev/null >/dev/null || \ - fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!" + fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!" echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2" #try with client key of 3072 bits (should succeed) "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" </dev/null >/dev/null || \ - fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!" - + fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!" kill "${PID}" wait @@ -104,11 +105,12 @@ wait #echo "Checking DSA-2048 with TLS 1.0" -#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 & PID=$! +#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 & +#PID=$! #wait_server "${PID}" #"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ -# fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!" +# fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!" #kill "${PID}" #wait @@ -117,11 +119,12 @@ wait echo "Checking DSA-2048 with TLS 1.2" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 & PID=$! +launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 & +PID=$! wait_server "${PID}" "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \ - fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!" + fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!" kill "${PID}" wait @@ -130,11 +133,12 @@ wait #echo "Checking DSA-3072 with TLS 1.0" -#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 & PID=$! +#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 & +#PID=$! #wait_server "${PID}" # #"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ -# fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!" +# fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!" # #kill "${PID}" #wait @@ -143,14 +147,14 @@ wait echo "Checking DSA-3072 with TLS 1.2" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 & PID=$! +launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 & +PID=$! wait_server "${PID}" "${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \ - fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!" + fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!" kill "${PID}" wait exit 0 - diff --git a/tests/dtls/dtls b/tests/dtls/dtls index 1a80573024..ea1f3be595 100755 --- a/tests/dtls/dtls +++ b/tests/dtls/dtls @@ -22,8 +22,8 @@ set -e -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi ./dtls-stress -full -shello 01234 -sfinished 01 -cfinished 01234 CCertificate CKeyExchange CCertificateVerify CChangeCipherSpec CFinished -d 6 diff --git a/tests/dtls/dtls-nb b/tests/dtls/dtls-nb index 7ba2f335aa..87c2d0de7a 100755 --- a/tests/dtls/dtls-nb +++ b/tests/dtls/dtls-nb @@ -22,8 +22,8 @@ set -e -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished diff --git a/tests/ecdsa/ecdsa b/tests/ecdsa/ecdsa index 507f62248c..e5b48b91fa 100755 --- a/tests/ecdsa/ecdsa +++ b/tests/ecdsa/ecdsa @@ -26,66 +26,66 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" echo ca > template -echo cn = "ECDSA SHA 256 CA" >> template +echo "cn = ECDSA SHA 256 CA" >> template "${CERTTOOL}" --generate-privkey --ecc > key-ca-ecdsa.pem 2>/dev/null "${CERTTOOL}" -d 2 --generate-self-signed --template template \ - --load-privkey key-ca-ecdsa.pem \ - --outfile new-ca-ecdsa.pem \ - --hash sha256 >out 2>&1 + --load-privkey key-ca-ecdsa.pem \ + --outfile new-ca-ecdsa.pem \ + --hash sha256 >out 2>&1 -if [ $? != 0 ];then - cat out - exit 1 +if [ $? != 0 ]; then + cat out + exit 1 fi echo ca > template "${CERTTOOL}" --generate-privkey --ecc > key-subca-ecdsa.pem 2>/dev/null -echo cn = "ECDSA SHA 224 Mid CA" >> template +echo "cn = ECDSA SHA 224 Mid CA" >> template "${CERTTOOL}" -d 2 --generate-certificate --template template \ - --load-ca-privkey key-ca-ecdsa.pem \ - --load-ca-certificate new-ca-ecdsa.pem \ - --load-privkey key-subca-ecdsa.pem \ - --outfile new-subca-ecdsa.pem \ - --hash sha224 >out 2>&1 - -if [ $? != 0 ];then - cat out - exit 1 + --load-ca-privkey key-ca-ecdsa.pem \ + --load-ca-certificate new-ca-ecdsa.pem \ + --load-privkey key-subca-ecdsa.pem \ + --outfile new-subca-ecdsa.pem \ + --hash sha224 >out 2>&1 + +if [ $? != 0 ]; then + cat out + exit 1 fi -echo cn = "End-user" > template +echo "cn = End-user" > template "${CERTTOOL}" --generate-privkey --ecc > key-ecdsa.pem 2>/dev/null "${CERTTOOL}" -d 2 --generate-certificate --template template \ - --load-ca-privkey key-subca-ecdsa.pem \ - --load-ca-certificate new-subca-ecdsa.pem \ - --load-privkey key-ecdsa.pem \ - --outfile new-user.pem >out 2>&1 - -if [ $? != 0 ];then - cat out - exit 1 + --load-ca-privkey key-subca-ecdsa.pem \ + --load-ca-certificate new-subca-ecdsa.pem \ + --load-privkey key-ecdsa.pem \ + --outfile new-user.pem >out 2>&1 + +if [ $? != 0 ]; then + cat out + exit 1 fi cat new-user.pem new-subca-ecdsa.pem new-ca-ecdsa.pem > out "${CERTTOOL}" --verify-chain <out > verify -if [ $? != 0 ];then - cat verify - exit 1 +if [ $? != 0 ]; then + cat verify + exit 1 fi rm -f verify new-user.pem new-ca-ecdsa.pem new-subca-ecdsa.pem template out rm -f key-subca-ecdsa.pem key-ca-ecdsa.pem key-ecdsa.pem "${CERTTOOL}" -k < "${srcdir}/bad-key.pem" | grep "validation failed" >/dev/null 2>&1 -if [ $? != 0 ];then - echo "certtool didn't detect a bad ECDSA key." - exit 1 +if [ $? != 0 ]; then + echo "certtool didn't detect a bad ECDSA key." + exit 1 fi exit 0 diff --git a/tests/key-tests/key-id b/tests/key-tests/key-id index c671319551..2ef0f3e190 100755 --- a/tests/key-tests/key-id +++ b/tests/key-tests/key-id @@ -36,14 +36,14 @@ echo "serial = 0" > tmpl # --outfile user-no-keyid.pem 2> /dev/null eval "${CERTTOOL}" ${PARAMS} --load-ca-certificate "${srcdir}/ca-weird-keyid.pem" \ - --outfile user-weird-keyid.pem 2> /dev/null + --outfile user-weird-keyid.pem 2> /dev/null if "${CERTTOOL}" -i < user-weird-keyid.pem \ - | grep '7a2c7a6097460603cbfb28e8e219df18deeb4e0d' > /dev/null; then + | grep '7a2c7a6097460603cbfb28e8e219df18deeb4e0d' > /dev/null; then : else - echo "Could not find CA SKI in user certificate." - exit 1; + echo "Could not find CA SKI in user certificate." + exit 1; fi rm -f tmpl user-gnutls-keyid.pem user-no-keyid.pem user-weird-keyid.pem diff --git a/tests/key-tests/pkcs8 b/tests/key-tests/pkcs8 index 3173bfaf65..d166469da2 100755 --- a/tests/key-tests/pkcs8 +++ b/tests/key-tests/pkcs8 @@ -24,86 +24,86 @@ GREP="${GREP:-grep}" # check keys with password "${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/key-ca.pem" --password "1234" \ - --outfile tmp-key-ca.p8 2>/dev/null + --outfile tmp-key-ca.p8 2>/dev/null ${GREP} "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in converting key to PKCS #8 with password" - exit ${rc} + echo "Error in converting key to PKCS #8 with password" + exit ${rc} fi "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --password "1234" >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading PKCS #8 key with password" - exit ${rc} + echo "Error in reading PKCS #8 key with password" + exit ${rc} fi "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-1234.p8" --password "1234" >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading saved PKCS #8 key with password" - exit ${rc} + echo "Error in reading saved PKCS #8 key with password" + exit ${rc} fi #keys encrypted with empty password "${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/key-ca.pem" --password "" \ - --outfile tmp-key-ca.p8 2>/dev/null + --outfile tmp-key-ca.p8 2>/dev/null ${GREP} "BEGIN PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in converting key to PKCS #8 with empty password" - exit ${rc} + echo "Error in converting key to PKCS #8 with empty password" + exit ${rc} fi "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --password "" >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading PKCS #8 key with empty password" - exit ${rc} + echo "Error in reading PKCS #8 key with empty password" + exit ${rc} fi "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-empty.p8" --password "" >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading saved PKCS #8 key with empty password" - exit ${rc} + echo "Error in reading saved PKCS #8 key with empty password" + exit ${rc} fi #keys encrypted with null password "${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/key-ca.pem" --null-password \ - --outfile tmp-key-ca.p8 2>/dev/null + --outfile tmp-key-ca.p8 2>/dev/null ${GREP} "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in converting key to PKCS #8 with null password" - exit ${rc} + echo "Error in converting key to PKCS #8 with null password" + exit ${rc} fi "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --null-password >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading PKCS #8 key with null password" - exit ${rc} + echo "Error in reading PKCS #8 key with null password" + exit ${rc} fi "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-null.p8" --null-password >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading saved PKCS #8 key with null password" - exit ${rc} + echo "Error in reading saved PKCS #8 key with null password" + exit ${rc} fi # Tests for PKCS #8 ECC keys @@ -112,24 +112,24 @@ fi rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading saved ECC key" - exit ${rc} + echo "Error in reading saved ECC key" + exit ${rc} fi "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ecc.p8" >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading saved PKCS #8 ECC key" - exit ${rc} + echo "Error in reading saved PKCS #8 ECC key" + exit ${rc} fi "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/openssl-key-ecc.p8" >/dev/null 2>&1 rc=$? # We're done. if test "${rc}" != "0"; then - echo "Error in reading saved openssl PKCS #8 ECC key" - exit ${rc} + echo "Error in reading saved openssl PKCS #8 ECC key" + exit ${rc} fi rm -f tmp-key-ca.p8 diff --git a/tests/nist-pkits/gnutls_test_entry b/tests/nist-pkits/gnutls_test_entry index 87c435ebd0..a35d02643b 100755 --- a/tests/nist-pkits/gnutls_test_entry +++ b/tests/nist-pkits/gnutls_test_entry @@ -10,19 +10,19 @@ certtool -e < chain.pem > output.txt rm -f chain.pem if grep 'Verification output:' output.txt > /dev/null; then - if grep 'Verification output' output.txt | grep -v 'Verification output: Verified.' > /dev/null; then - if test "${RESULT}" = "0"; then - echo "<font color=red>Unexpected reject</font>" - else - echo "<font color=green>Reject</font>" - fi - else - if test "${RESULT}" = "1"; then - echo "<font color=red>Unexpected success</font>" - else - echo "<font color=green>Success</font>" - fi - fi + if grep 'Verification output' output.txt | grep -v 'Verification output: Verified.' > /dev/null; then + if test "${RESULT}" = "0"; then + echo "<font color=red>Unexpected reject</font>" + else + echo "<font color=green>Reject</font>" + fi + else + if test "${RESULT}" = "1"; then + echo "<font color=red>Unexpected success</font>" + else + echo "<font color=green>Success</font>" + fi + fi fi rm -f output.txt diff --git a/tests/nist-pkits/pkits_crl b/tests/nist-pkits/pkits_crl index 14735874e0..6c3e92d606 100755 --- a/tests/nist-pkits/pkits_crl +++ b/tests/nist-pkits/pkits_crl @@ -25,12 +25,12 @@ test -d crls || unzip "${srcdir}/PKITS_data.zip" ret=0 for crl in "${srcdir}/crls"/*; do - "${CERTTOOL}" --crl-info --inder --infile "${crl}" > out 2>&1 - rc=$? - if test ${rc} != 0; then - echo "CRL FATAL ${crl}" - ret=1 - fi + "${CERTTOOL}" --crl-info --inder --infile "${crl}" > out 2>&1 + rc=$? + if test ${rc} != 0; then + echo "CRL FATAL ${crl}" + ret=1 + fi done rm -f out diff --git a/tests/nist-pkits/pkits_crt b/tests/nist-pkits/pkits_crt index 5e22ca23d4..92b69bd855 100755 --- a/tests/nist-pkits/pkits_crt +++ b/tests/nist-pkits/pkits_crt @@ -25,12 +25,12 @@ test -d certs || unzip "${srcdir}/PKITS_data.zip" ret=0 for crt in "${srcdir}/certs"/*; do - "${CERTTOOL}" --certificate-info --inder --infile "${crt}" > out 2>&1 - rc=$? - if test ${rc} != 0; then - echo "Certificate FATAL ${crt}" - ret=1 - fi + "${CERTTOOL}" --certificate-info --inder --infile "${crt}" > out 2>&1 + rc=$? + if test ${rc} != 0; then + echo "Certificate FATAL ${crt}" + ret=1 + fi done rm -f out diff --git a/tests/nist-pkits/pkits_pkcs12 b/tests/nist-pkits/pkits_pkcs12 index 24ba7e6390..0b34cb9a6f 100755 --- a/tests/nist-pkits/pkits_pkcs12 +++ b/tests/nist-pkits/pkits_pkcs12 @@ -25,12 +25,12 @@ test -d pkcs12 || unzip "${srcdir}/PKITS_data.zip" ret=0 for p12 in "${srcdir}/pkcs12"/*; do - "${CERTTOOL}" --p12-info --inder --password password --infile "${p12}" > out 2>&1 - rc=$? - if test ${rc} != 0; then - echo "PKCS12 FATAL $p12" - ret=1 - fi + "${CERTTOOL}" --p12-info --inder --password password --infile "${p12}" > out 2>&1 + rc=$? + if test ${rc} != 0; then + echo "PKCS12 FATAL $p12" + ret=1 + fi done rm -f out diff --git a/tests/nist-pkits/pkits_smime b/tests/nist-pkits/pkits_smime index a9b15aad4a..62da9c95b4 100755 --- a/tests/nist-pkits/pkits_smime +++ b/tests/nist-pkits/pkits_smime @@ -25,18 +25,18 @@ test -d smime || unzip "${srcdir}/PKITS_data.zip" ret=0 for msg in "${srcdir}/smime"/*; do - "${CERTTOOL}" --smime-to-p7 --infile "${msg}" > out 2>&1 - rc=$? - if test ${rc} != 0; then - echo "S/MIME FATAL $msg" - ret=1 - fi - "${CERTTOOL}" --p7-info --infile out > out2 2>&1 - rc=$? - if test ${rc} != 0; then - echo "PKCS#7 FATAL $msg" - ret=1 - fi + "${CERTTOOL}" --smime-to-p7 --infile "${msg}" > out 2>&1 + rc=$? + if test ${rc} != 0; then + echo "S/MIME FATAL $msg" + ret=1 + fi + "${CERTTOOL}" --p7-info --infile out > out2 2>&1 + rc=$? + if test ${rc} != 0; then + echo "PKCS#7 FATAL $msg" + ret=1 + fi done rm -f out out2 diff --git a/tests/nist-pkits/pkits_test b/tests/nist-pkits/pkits_test index 55653a3826..49feecb951 100755 --- a/tests/nist-pkits/pkits_test +++ b/tests/nist-pkits/pkits_test @@ -7,8 +7,8 @@ srcdir="${srcdir:-.}" test -d certs || unzip "${srcdir}/PKITS_data.zip" if ! test -d pkits_test_list_generator; then - tar xfz "${srcdir}/pkits_test_list_generator.tgz" - patch -p 0 < pkits_test_list_generator.patch + tar xfz "${srcdir}/pkits_test_list_generator.tgz" + patch -p 0 < pkits_test_list_generator.patch fi make -C pkits_test_list_generator/src diff --git a/tests/openpgp-certs/testcerts b/tests/openpgp-certs/testcerts index c8d25d1fbf..9ac5f5381d 100755 --- a/tests/openpgp-certs/testcerts +++ b/tests/openpgp-certs/testcerts @@ -25,8 +25,8 @@ SERV="${SERV:-../../src/gnutls-serv} -q" CLI="${CLI:-../../src/gnutls-cli}" DEBUG="" -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi . "${srcdir}/../scripts/common.sh" @@ -35,7 +35,8 @@ PORT="${PORT:-$RPORT}" echo "Checking OpenPGP certificate verification" -launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-127.0.0.1-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$! +launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-127.0.0.1-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & +PID=$! wait_server ${PID} # give the server a chance to initialize @@ -47,22 +48,23 @@ wait_server ${PID} # fail "Connection to verified IP address should have succeeded! (error code $?)" $? "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.2 --priority NORMAL:+CTYPE-OPENPGP --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \ - fail ${PID} "Connection to unrecognized IP address should have failed!" + fail ${PID} "Connection to unrecognized IP address should have failed!" "${CLI}" ${DEBUG} -p "${PORT}" localhost --priority NORMAL:+CTYPE-OPENPGP --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \ - fail ${PID} "Connection to unverified (but present) 'localhost' should have failed!" + fail ${PID} "Connection to unverified (but present) 'localhost' should have failed!" kill ${PID} wait -launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-localhost-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$! +launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-localhost-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & +PID=$! wait_server ${PID} echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \ - fail ${PID} "Connection to unverified IP address should have failed! (error code $?)" $? + fail ${PID} "Connection to unverified IP address should have failed! (error code $?)" $? "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.2 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \ - fail ${PID} "Connection to unrecognized IP address should have failed!" + fail ${PID} "Connection to unrecognized IP address should have failed!" #see reason above #"${CLI}" -p "${PORT}" localhost --pgpkeyring ca-public.gpg </dev/null >/dev/null || \ @@ -71,15 +73,16 @@ echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1 kill ${PID} wait -launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-all-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$! +launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-all-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & +PID=$! wait_server ${PID} # give the server a chance to initialize echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null || \ - fail ${PID} "Connection to signed PGP certificate should have succeeded! (error code $?)" $? + fail ${PID} "Connection to signed PGP certificate should have succeeded! (error code $?)" $? "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.2 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \ - fail ${PID} "Connection to unrecognized IP address should have failed!" + fail ${PID} "Connection to unrecognized IP address should have failed!" kill ${PID} wait diff --git a/tests/openpgp-certs/testselfsigs b/tests/openpgp-certs/testselfsigs index 2910b2984f..2100c11fc1 100755 --- a/tests/openpgp-certs/testselfsigs +++ b/tests/openpgp-certs/testselfsigs @@ -28,26 +28,26 @@ CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" unset RETCODE || true fail() { - echo "Failure: $1" >&2 - RETCODE=${RETCODE:-${2:-1}} + echo "Failure: $1" >&2 + RETCODE=${RETCODE:-${2:-1}} } echo "Checking OpenPGP certificate self verification" ("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice.pub" \ - | grep "^Self Signature verification: ok" > /dev/null) || \ - fail "Self sig Verification should have succeeded!" + | grep "^Self Signature verification: ok" > /dev/null) || \ + fail "Self sig Verification should have succeeded!" ("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-badsig18.pub" \ - | grep "^Self Signature verification: failed" > /dev/null) || \ - fail "Self sig Verification should have failed!" + | grep "^Self Signature verification: failed" > /dev/null) || \ + fail "Self sig Verification should have failed!" ("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-irrelevantsig.pub" \ - | grep "^Self Signature verification: failed" >/dev/null) || \ - fail "Self sig Verification should have failed!" + | grep "^Self Signature verification: failed" >/dev/null) || \ + fail "Self sig Verification should have failed!" ("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-nosig18.pub" \ - | grep "^Self Signature verification: failed" >/dev/null) || \ - fail "Self sig Verification should have failed!" + | grep "^Self Signature verification: failed" >/dev/null) || \ + fail "Self sig Verification should have failed!" exit ${RETCODE:-0} diff --git a/tests/pkcs1-padding/pkcs1-pad b/tests/pkcs1-padding/pkcs1-pad index 8d0861a6c6..8b71126d42 100755 --- a/tests/pkcs1-padding/pkcs1-pad +++ b/tests/pkcs1-padding/pkcs1-pad @@ -31,8 +31,8 @@ export TZ="UTC" # Check for datefudge TSTAMP=`datefudge "2006-09-23" date -u +%s || true` if test "${TSTAMP}" != "1158969600"; then - echo "You need datefudge to run this test" - exit 77 + echo "You need datefudge to run this test" + exit 77 fi # Test 1, PKCS#1 pad digestAlgorithm.parameters @@ -48,10 +48,10 @@ out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "` out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "` if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT1}"; then - echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}" - echo "expected ${EXPECT1}" - echo "PKCS1-PAD1 FAIL" - exit 1 + echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}" + echo "expected ${EXPECT1}" + echo "PKCS1-PAD1 FAIL" + exit 1 fi rm -f out1 out2 @@ -71,10 +71,10 @@ out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "` out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "` if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT2}"; then - echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}" - echo "expected ${EXPECT2}" - echo "PKCS1-PAD2 FAIL" - exit 1 + echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}" + echo "expected ${EXPECT2}" + echo "PKCS1-PAD2 FAIL" + exit 1 fi rm -f out1 out2 @@ -93,10 +93,10 @@ out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "` out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "` if test "${out1oks}${out1fails}" != "${EXPECT3}"; then - echo "out1 oks ${out1oks} fails ${out1fails}" - echo "expected ${EXPECT3}" - echo "PKCS1-PAD3 FAIL" - exit 1 + echo "out1 oks ${out1oks} fails ${out1fails}" + echo "expected ${EXPECT3}" + echo "PKCS1-PAD3 FAIL" + exit 1 fi rm -f out1 diff --git a/tests/pkcs12-decode/pkcs12 b/tests/pkcs12-decode/pkcs12 index 0408ad169a..64a360738f 100755 --- a/tests/pkcs12-decode/pkcs12 +++ b/tests/pkcs12-decode/pkcs12 @@ -27,101 +27,101 @@ CERTTOOL="${CERTTOOL:-${top_builddir}/src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" DEBUG="" -if test "x$1" != "x";then - DEBUG="1" +if test "x$1" != "x"; then + DEBUG="1" fi ret=0 for p12 in 'client.p12 foobar' noclient.p12 unclient.p12 pkcs12_2certs.p12; do - set -- ${p12} - file="$1" - passwd="$2" - if test "x$DEBUG" != "x";then - "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ - --infile "${srcdir}/${file}" - else - "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ - --infile "${srcdir}/${file}" >/dev/null 2>&1 - fi - rc=$? - if test ${rc} != 0; then - echo "NEON PKCS12 FATAL ${p12}" - ret=1 - fi + set -- ${p12} + file="$1" + passwd="$2" + if test "x$DEBUG" != "x"; then + "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/${file}" + else + "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/${file}" >/dev/null 2>&1 + fi + rc=$? + if test ${rc} != 0; then + echo "NEON PKCS12 FATAL ${p12}" + ret=1 + fi done file=test-null.p12 "${CERTTOOL}" --p12-info --inder --null-password --infile "${srcdir}/${file}" >/dev/null 2>&1 rc=$? if test ${rc} != 0; then - echo "PKCS12 FATAL ${file}" - ret=1 + echo "PKCS12 FATAL ${file}" + ret=1 fi file=sha256.p12 "${CERTTOOL}" --p12-info --inder --password 1234 --infile "${srcdir}/${file}" >/dev/null 2>&1 rc=$? if test ${rc} != 0; then - echo "PKCS12 FATAL ${file}" - ret=1 + echo "PKCS12 FATAL ${file}" + ret=1 fi # test whether we can encode a certificate and a key "${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile out.p12 >/dev/null 2>&1 rc=$? if test ${rc} != 0; then - echo "PKCS12 FATAL encoding" - ret=1 + echo "PKCS12 FATAL encoding" + ret=1 fi "${CERTTOOL}" --p12-info --inder --password 1234 --infile out.p12 >out.pem 2>/dev/null rc=$? if test ${rc} != 0; then - echo "PKCS12 FATAL decrypting/decoding" - ret=1 + echo "PKCS12 FATAL decrypting/decoding" + ret=1 fi grep "BEGIN ENCRYPTED PRIVATE KEY" out.pem >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then - exit ${rc} + exit ${rc} fi grep "BEGIN CERTIFICATE" out.pem >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then - exit ${rc} + exit ${rc} fi # test whether we can encode a certificate, a key and a CA "${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile out.p12 >/dev/null 2>&1 rc=$? if test ${rc} != 0; then - echo "PKCS12 FATAL encoding 2" - exit 1 + echo "PKCS12 FATAL encoding 2" + exit 1 fi "${CERTTOOL}" --p12-info --inder --password 123456 --infile out.p12 >out.pem 2>/dev/null rc=$? if test ${rc} != 0; then - echo "PKCS12 FATAL decrypting/decoding 2" - exit 1 + echo "PKCS12 FATAL decrypting/decoding 2" + exit 1 fi grep "BEGIN ENCRYPTED PRIVATE KEY" out.pem >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then - exit ${rc} + exit ${rc} fi count=`grep -c "BEGIN CERTIFICATE" out.pem` if test "$count" != "2"; then - echo "Only one certificate was included" - exit 1 + echo "Only one certificate was included" + exit 1 fi rm -f out.pem out.p12 diff --git a/tests/pkcs8-decode/pkcs8 b/tests/pkcs8-decode/pkcs8 index 756d0ac7f8..a305014d14 100755 --- a/tests/pkcs8-decode/pkcs8 +++ b/tests/pkcs8-decode/pkcs8 @@ -24,48 +24,48 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi ret=0 for p8 in 'encpkcs8.pem foobar' unencpkcs8.pem 'enc2pkcs8.pem baz'; do - set -- ${p8} - file="$1" - passwd="$2" - ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \ - --infile "${srcdir}/${file}" | tee out >/dev/null - rc=$? - if test ${rc} != 0; then - cat out - echo "PKCS8 FATAL ${p8}" - ret=1 - else - echo "PKCS8 OK ${p8}" - fi + set -- ${p8} + file="$1" + passwd="$2" + ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \ + --infile "${srcdir}/${file}" | tee out >/dev/null + rc=$? + if test ${rc} != 0; then + cat out + echo "PKCS8 FATAL ${p8}" + ret=1 + else + echo "PKCS8 OK ${p8}" + fi done rm -f out for p8 in openssl-aes128.p8 openssl-aes256.p8 openssl-3des.p8; do - set -- ${p8} - file="$1" - passwd="$2" - ${VALGRIND} "${CERTTOOL}" --p8-info --password "1234" \ - --infile "${srcdir}/${file}" | tee out >/dev/null - rc=$? - if test ${rc} != 0; then - cat out - echo "PKCS8 FATAL ${p8}" - ret=1 - fi + set -- ${p8} + file="$1" + passwd="$2" + ${VALGRIND} "${CERTTOOL}" --p8-info --password "1234" \ + --infile "${srcdir}/${file}" | tee out >/dev/null + rc=$? + if test ${rc} != 0; then + cat out + echo "PKCS8 FATAL ${p8}" + ret=1 + fi - ${DIFF} "${srcdir}/${p8}.txt" out - rc=$? - if test ${rc} != 0; then - cat out - echo "PKCS8 FATAL TXT ${p8}" - ret=1 - fi + ${DIFF} "${srcdir}/${p8}.txt" out + rc=$? + if test ${rc} != 0; then + cat out + echo "PKCS8 FATAL TXT ${p8}" + ret=1 + fi done rm -f out diff --git a/tests/rfc2253-escape-test b/tests/rfc2253-escape-test index 75061391b5..2ce8c3cfa4 100755 --- a/tests/rfc2253-escape-test +++ b/tests/rfc2253-escape-test @@ -23,13 +23,13 @@ set -e CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" fi if cat<<EOF \ - | ${VALGRIND} "${CERTTOOL}" --certificate-info \ - | grep 'Issuer: O=RFC 2253 escape test,OU=Plus \\+ Comma \\,' > /dev/null + | ${VALGRIND} "${CERTTOOL}" --certificate-info \ + | grep 'Issuer: O=RFC 2253 escape test,OU=Plus \\+ Comma \\,' > /dev/null -----BEGIN CERTIFICATE----- MIICETCCAXygAwIBAgIESnlIMTALBgkqhkiG9w0BAQUwODEdMBsGA1UEChMUUkZD IDIyNTMgZXNjYXBlIHRlc3QxFzAVBgNVBAsTDlBsdXMgKyBDb21tYSAsMB4XDTA5 @@ -46,10 +46,10 @@ iptEYYo= -----END CERTIFICATE----- EOF then - : + : else - echo "RFC 2253 escaping not working?" - exit 1 + echo "RFC 2253 escaping not working?" + exit 1 fi exit 0 diff --git a/tests/rsa-md5-collision/rsa-md5-collision b/tests/rsa-md5-collision/rsa-md5-collision index 888bbed708..d6c1d2db5e 100755 --- a/tests/rsa-md5-collision/rsa-md5-collision +++ b/tests/rsa-md5-collision/rsa-md5-collision @@ -26,22 +26,22 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" "${CERTTOOL}" --inder --certificate-info \ - --infile "${srcdir}/MD5CollisionCA.cer" > ca.pem + --infile "${srcdir}/MD5CollisionCA.cer" > ca.pem "${CERTTOOL}" --inder --certificate-info \ - --infile "${srcdir}/TargetCollidingCertificate1.cer" > client1.pem + --infile "${srcdir}/TargetCollidingCertificate1.cer" > client1.pem "${CERTTOOL}" --inder --certificate-info \ - --infile "${srcdir}/TargetCollidingCertificate2.cer" > client2.pem + --infile "${srcdir}/TargetCollidingCertificate2.cer" > client2.pem cat client1.pem ca.pem > chain1.pem cat client2.pem ca.pem > chain2.pem "${CERTTOOL}" --verify-chain < chain1.pem | \ - grep 'Not verified.' | grep 'insecure algorithm' >/dev/null + grep 'Not verified.' | grep 'insecure algorithm' >/dev/null "${CERTTOOL}" --verify-chain < chain2.pem | \ - grep 'Not verified.' | grep 'insecure algorithm' >/dev/null + grep 'Not verified.' | grep 'insecure algorithm' >/dev/null rm -f ca.pem client1.pem client2.pem \ - chain1.pem chain2.pem \ + chain1.pem chain2.pem # We're done. exit 0 diff --git a/tests/sha2/sha2 b/tests/sha2/sha2 index 02b17785bc..8b77ea4502 100755 --- a/tests/sha2/sha2 +++ b/tests/sha2/sha2 @@ -26,67 +26,67 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" echo ca > template-sha2 -echo cn = "SHA 512 CA" >> template-sha2 +echo "cn = SHA 512 CA" >> template-sha2 "${CERTTOOL}" -d 2 --generate-self-signed --template template-sha2 \ - --load-privkey "${srcdir}/key-ca.pem" \ - --outfile new-ca.pem \ - --hash sha512 >out 2>&1 + --load-privkey "${srcdir}/key-ca.pem" \ + --outfile new-ca.pem \ + --hash sha512 >out 2>&1 -if [ $? != 0 ];then - cat out - exit 1 +if [ $? != 0 ]; then + cat out + exit 1 fi echo ca > template-sha2 -echo cn = "SHA 384 sub-CA" >> template-sha2 +echo "cn = SHA 384 sub-CA" >> template-sha2 "${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \ - --load-ca-privkey "${srcdir}/key-ca.pem" \ - --load-ca-certificate new-ca.pem \ - --load-privkey "${srcdir}/key-subca.pem" \ - --outfile new-subca.pem \ - --hash sha384 >out 2>&1 - -if [ $? != 0 ];then - cat out - exit 1 + --load-ca-privkey "${srcdir}/key-ca.pem" \ + --load-ca-certificate new-ca.pem \ + --load-privkey "${srcdir}/key-subca.pem" \ + --outfile new-subca.pem \ + --hash sha384 >out 2>&1 + +if [ $? != 0 ]; then + cat out + exit 1 fi echo ca > template-sha2 -echo cn = "SHA 256 sub-sub-CA" >> template-sha2 +echo "cn = SHA 256 sub-sub-CA" >> template-sha2 "${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \ - --load-ca-privkey "${srcdir}/key-subca.pem" \ - --load-ca-certificate new-subca.pem \ - --load-privkey "${srcdir}/key-subsubca.pem" \ - --outfile new-subsubca.pem \ - --hash sha256 >out 2>&1 - -if [ $? != 0 ];then - cat out - exit 1 + --load-ca-privkey "${srcdir}/key-subca.pem" \ + --load-ca-certificate new-subca.pem \ + --load-privkey "${srcdir}/key-subsubca.pem" \ + --outfile new-subsubca.pem \ + --hash sha256 >out 2>&1 + +if [ $? != 0 ]; then + cat out + exit 1 fi -echo cn = "End-user" > template-sha2 +echo "cn = End-user" > template-sha2 "${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \ - --load-ca-privkey "${srcdir}/key-subsubca.pem" \ - --load-ca-certificate new-subsubca.pem \ - --load-privkey "${srcdir}/key-user.pem" \ - --outfile new-user.pem >out 2>&1 - -if [ $? != 0 ];then - cat out - exit 1 + --load-ca-privkey "${srcdir}/key-subsubca.pem" \ + --load-ca-certificate new-subsubca.pem \ + --load-privkey "${srcdir}/key-user.pem" \ + --outfile new-user.pem >out 2>&1 + +if [ $? != 0 ]; then + cat out + exit 1 fi num=`cat new-user.pem new-subsubca.pem new-subca.pem new-ca.pem | "${CERTTOOL}" --verify-chain | tee verify-sha2 | grep -c Verified` #cat verify if test "${num}" != "4"; then - echo Verification failure - exit 1 + echo Verification failure + exit 1 fi rm -f verify-sha2 new-user.pem new-subsubca.pem new-subca.pem new-ca.pem template-sha2 out diff --git a/tests/sha2/sha2-dsa b/tests/sha2/sha2-dsa index 623c621d9e..b2b673f297 100755 --- a/tests/sha2/sha2-dsa +++ b/tests/sha2/sha2-dsa @@ -26,52 +26,52 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" echo ca > template-dsa -echo cn = "SHA 256 CA" >> template-dsa +echo "cn = SHA 256 CA" >> template-dsa "${CERTTOOL}" -d 2 --generate-self-signed --template template-dsa \ - --load-privkey "${srcdir}/key-ca-dsa.pem" \ - --outfile new-ca-dsa.pem \ - --hash sha256 >out-dsa 2>&1 + --load-privkey "${srcdir}/key-ca-dsa.pem" \ + --outfile new-ca-dsa.pem \ + --hash sha256 >out-dsa 2>&1 -if [ $? != 0 ];then - cat out-dsa - exit 1 +if [ $? != 0 ]; then + cat out-dsa + exit 1 fi echo ca > template-dsa -echo cn = "SHA 224 Mid CA" >> template-dsa +echo "cn = SHA 224 Mid CA" >> template-dsa "${CERTTOOL}" -d 2 --generate-certificate --template template-dsa \ - --load-ca-privkey "${srcdir}/key-ca-dsa.pem" \ - --load-ca-certificate new-ca-dsa.pem \ - --load-privkey "${srcdir}/key-subca-dsa.pem" \ - --outfile new-subca-dsa.pem \ - --hash sha224 >out-dsa 2>&1 - -if [ $? != 0 ];then - cat out-dsa - exit 1 + --load-ca-privkey "${srcdir}/key-ca-dsa.pem" \ + --load-ca-certificate new-ca-dsa.pem \ + --load-privkey "${srcdir}/key-subca-dsa.pem" \ + --outfile new-subca-dsa.pem \ + --hash sha224 >out-dsa 2>&1 + +if [ $? != 0 ]; then + cat out-dsa + exit 1 fi -echo cn = "End-user" > template-dsa +echo "cn = End-user" > template-dsa "${CERTTOOL}" -d 2 --generate-certificate --template template-dsa \ - --load-ca-privkey "${srcdir}/key-subca-dsa.pem" \ - --load-ca-certificate new-subca-dsa.pem \ - --load-privkey "${srcdir}/key-dsa.pem" \ - --outfile new-user-dsa.pem >out-dsa 2>&1 - -if [ $? != 0 ];then - cat out-dsa - exit 1 + --load-ca-privkey "${srcdir}/key-subca-dsa.pem" \ + --load-ca-certificate new-subca-dsa.pem \ + --load-privkey "${srcdir}/key-dsa.pem" \ + --outfile new-user-dsa.pem >out-dsa 2>&1 + +if [ $? != 0 ]; then + cat out-dsa + exit 1 fi cat new-user-dsa.pem new-subca-dsa.pem new-ca-dsa.pem > out-dsa "${CERTTOOL}" --verify-chain <out-dsa > verify-dsa -if [ $? != 0 ];then - cat verify-dsa - exit 1 +if [ $? != 0 ]; then + cat verify-dsa + exit 1 fi rm -f verify-dsa new-user-dsa.pem new-ca-dsa.pem new-subca-dsa.pem template-dsa out-dsa diff --git a/tests/slow/override-ciphers b/tests/slow/override-ciphers index aa1e7ad21d..83a282a56e 100755 --- a/tests/slow/override-ciphers +++ b/tests/slow/override-ciphers @@ -21,38 +21,38 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. unset RETCODE -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi GNUTLS_NO_EXPLICIT_INIT=1 ${VALGRIND} ./cipher-override -if test $? != 0;then - echo "overriden cipher tests failed" - exit 1 +if test $? != 0; then + echo "overriden cipher tests failed" + exit 1 fi ${VALGRIND} ./cipher-override -if test $? != 0;then - echo "overriden cipher tests 2 failed" - exit 1 +if test $? != 0; then + echo "overriden cipher tests 2 failed" + exit 1 fi ${VALGRIND} ./cipher-override2 -if test $? != 0;then - echo "overriden cipher tests 3 failed" - exit 1 +if test $? != 0; then + echo "overriden cipher tests 3 failed" + exit 1 fi GNUTLS_NO_EXPLICIT_INIT=1 ${VALGRIND} ./mac-override -if test $? != 0;then - echo "overriden mac tests failed" - exit 1 +if test $? != 0; then + echo "overriden mac tests failed" + exit 1 fi ${VALGRIND} ./mac-override -if test $? != 0;then - echo "overriden mac tests 2 failed" - exit 1 +if test $? != 0; then + echo "overriden mac tests 2 failed" + exit 1 fi exit 0 diff --git a/tests/slow/test-ciphers b/tests/slow/test-ciphers index 0b66bb1f6f..fc21a8becf 100755 --- a/tests/slow/test-ciphers +++ b/tests/slow/test-ciphers @@ -21,56 +21,56 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. unset RETCODE -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi ./cipher-test -if test $? != 0;then - echo "default cipher tests failed" - exit 1 +if test $? != 0; then + echo "default cipher tests failed" + exit 1 fi GNUTLS_CPUID_OVERRIDE=0x1 ./cipher-test -if test $? != 0;then - echo "included cipher tests failed" - exit 1 +if test $? != 0; then + echo "included cipher tests failed" + exit 1 fi GNUTLS_CPUID_OVERRIDE=0x2 ./cipher-test -if test $? != 0;then - echo "AESNI cipher tests failed" - exit 1 +if test $? != 0; then + echo "AESNI cipher tests failed" + exit 1 fi GNUTLS_CPUID_OVERRIDE=0x4 ./cipher-test -if test $? != 0;then - echo "SSSE3 cipher tests failed" - exit 1 +if test $? != 0; then + echo "SSSE3 cipher tests failed" + exit 1 fi GNUTLS_CPUID_OVERRIDE=0x8 ./cipher-test -if test $? != 0;then - echo "PCLMUL cipher tests failed" - exit 1 +if test $? != 0; then + echo "PCLMUL cipher tests failed" + exit 1 fi GNUTLS_CPUID_OVERRIDE=0x100000 ./cipher-test -if test $? != 0;then - echo "padlock cipher tests failed" - exit 1 +if test $? != 0; then + echo "padlock cipher tests failed" + exit 1 fi GNUTLS_CPUID_OVERRIDE=0x200000 ./cipher-test -if test $? != 0;then - echo "padlock PHE cipher tests failed" - exit 1 +if test $? != 0; then + echo "padlock PHE cipher tests failed" + exit 1 fi GNUTLS_CPUID_OVERRIDE=0x400000 ./cipher-test -if test $? != 0;then - echo "padlock PHE SHA512 cipher tests failed" - exit 1 +if test $? != 0; then + echo "padlock PHE SHA512 cipher tests failed" + exit 1 fi exit 0 diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh index 53f6087f37..9ae68a1d4d 100755 --- a/tests/suite/certs/create-chain.sh +++ b/tests/suite/certs/create-chain.sh @@ -6,9 +6,9 @@ TEMPLATE=tmpl NUM="$1" -if test "${NUM}" = "";then - echo "usage: $0 number" - exit 1 +if test "${NUM}" = ""; then + echo "usage: $0 number" + exit 1 fi LAST=`expr ${NUM} - 1` @@ -18,75 +18,73 @@ mkdir -p "${OUTPUT}" counter=0 while test ${counter} -lt ${NUM}; do - if test ${counter} = ${LAST};then - name="server-${counter}" - else - name="CA-${counter}" - fi - serial="${counter}" + if test ${counter} = ${LAST}; then + name="server-${counter}" + else + name="CA-${counter}" + fi + serial="${counter}" - - "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null - if test ${counter} = 0;then - # ROOT CA - echo "cn = ${name}" >"${TEMPLATE}" - echo "serial = ${serial}" >>"${TEMPLATE}" - echo "ca" >>"${TEMPLATE}" - echo "expiration_days = -1" >>"${TEMPLATE}" - echo "cert_signing_key" >>"${TEMPLATE}" - echo "ocsp_signing_key" >>"${TEMPLATE}" - echo "crl_signing_key" >>"${TEMPLATE}" - "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \ - "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null + "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null + if test ${counter} = 0; then + # ROOT CA + echo "cn = ${name}" >"${TEMPLATE}" + echo "serial = ${serial}" >>"${TEMPLATE}" + echo "ca" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "cert_signing_key" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + echo "crl_signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \ + "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null - echo "serial = ${serial}" >"${TEMPLATE}" - echo "expiration_days = -1" >>"${TEMPLATE}" - "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \ - "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null - else - if test ${counter} = ${LAST};then - # END certificate - echo "cn = ${name}" >"${TEMPLATE}" - echo "dns_name = localhost" >>"${TEMPLATE}" - echo "expiration_days = -1" >>"${TEMPLATE}" - echo "signing_key" >>"${TEMPLATE}" - echo "encryption_key" >>"${TEMPLATE}" - echo "ocsp_signing_key" >>"${TEMPLATE}" - "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ - --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ - --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ - --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null - else - # intermediate CA - echo "cn = ${name}" >"${TEMPLATE}" - echo "serial = ${serial}" >>"${TEMPLATE}" - echo "ca" >>"${TEMPLATE}" - echo "expiration_days = -1" >>"${TEMPLATE}" - echo "ocsp_signing_key" >>"${TEMPLATE}" - echo "cert_signing_key" >>"${TEMPLATE}" - echo "signing_key" >>"${TEMPLATE}" - "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ - --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ - --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ - --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null - fi - fi + echo "serial = ${serial}" >"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \ + "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null + else + if test ${counter} = ${LAST}; then + # END certificate + echo "cn = ${name}" >"${TEMPLATE}" + echo "dns_name = localhost" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "signing_key" >>"${TEMPLATE}" + echo "encryption_key" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ + --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ + --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ + --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null + else + # intermediate CA + echo "cn = ${name}" >"${TEMPLATE}" + echo "serial = ${serial}" >>"${TEMPLATE}" + echo "ca" >>"${TEMPLATE}" + echo "expiration_days = -1" >>"${TEMPLATE}" + echo "ocsp_signing_key" >>"${TEMPLATE}" + echo "cert_signing_key" >>"${TEMPLATE}" + echo "signing_key" >>"${TEMPLATE}" + "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \ + --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \ + --load-ca-privkey "${OUTPUT}/${prev_name}.key" \ + --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null + fi + fi - counter=`expr ${counter} + 1` - prev_name=${name} + counter=`expr ${counter} + 1` + prev_name=${name} done counter=`expr ${NUM} - 1` while test ${counter} -ge 0; do - if test ${counter} = ${LAST};then - name="server-${counter}" - else - name="CA-${counter}" - fi + if test ${counter} = ${LAST}; then + name="server-${counter}" + else + name="CA-${counter}" + fi - cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain" - - counter=`expr ${counter} - 1` -done + cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain" + counter=`expr ${counter} - 1` +done diff --git a/tests/suite/chain b/tests/suite/chain index 4f00320f07..f67ad163da 100755 --- a/tests/suite/chain +++ b/tests/suite/chain @@ -34,39 +34,39 @@ RET=0 i=1 while test -d X509tests/test${i}; do - find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 2>/dev/null - find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null - if test "${i}" -gt 1; then - find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null - fi - find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null - "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1 - rc=$? - if test $rc != 0 && test $rc != 1; then - echo "Chain ${i} FATAL failure." - RET=1 - else - if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then - echo "Chain ${i} verification was skipped due to known bug." - elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then - if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then - echo "Chain ${i} verification failure UNEXPECTED." - RET=1 - else - echo "Chain ${i} verification success as expected." - fi - elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then - if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then - echo "Chain ${i} verification failure as expected." - else - echo "Chain ${i} verification success UNEXPECTED. " - RET=1 - fi - else - echo "Chain ${i} unclassified." - fi - fi - i=`expr ${i} + 1` + find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 2>/dev/null + find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + if test "${i}" -gt 1; then + find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + fi + find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null + "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1 + rc=$? + if test $rc != 0 && test $rc != 1; then + echo "Chain ${i} FATAL failure." + RET=1 + else + if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then + echo "Chain ${i} verification was skipped due to known bug." + elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then + if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then + echo "Chain ${i} verification failure UNEXPECTED." + RET=1 + else + echo "Chain ${i} verification success as expected." + fi + elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then + if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then + echo "Chain ${i} verification failure as expected." + else + echo "Chain ${i} verification success UNEXPECTED. " + RET=1 + fi + else + echo "Chain ${i} unclassified." + fi + fi + i=`expr ${i} + 1` done rm -f out diff --git a/tests/suite/crl-test b/tests/suite/crl-test index 228f74ef29..3a03c81e07 100755 --- a/tests/suite/crl-test +++ b/tests/suite/crl-test @@ -23,8 +23,8 @@ srcdir="${srcdir:-.}" DIFF="${DIFF:-diff}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi rm -f tmp-long.pem @@ -33,16 +33,16 @@ rc=$? # We're done. if test "${rc}" != "0"; then - echo "CRL decoding failed 1!" - exit ${rc} + echo "CRL decoding failed 1!" + exit ${rc} fi ${DIFF} "${srcdir}/crl/long.pem tmp-long.pem" || ${DIFF} --strip-trailing-cr "${srcdir}/crl/long.pem" tmp-long.pem rc=$? if test "${rc}" != "0"; then - echo "CRL decoding failed 2!" - exit ${rc} + echo "CRL decoding failed 2!" + exit ${rc} fi rm -f tmp-long.pem diff --git a/tests/suite/eagain b/tests/suite/eagain index d05bab9cb7..42bb991bdd 100755 --- a/tests/suite/eagain +++ b/tests/suite/eagain @@ -26,18 +26,18 @@ PORT="${PORT:-5445}" $SERV -p "${PORT}" --echo --priority "NORMAL:+ANON-DH" --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 & -pid=$! +PID=$! sleep 2 ./eagain-cli -if [ $? != 0 ];then - exit 1 +if [ $? != 0 ]; then + exit 1 fi -if [ "$pid" != "" ];then - kill $pid - wait +if [ "${PID}" != "" ]; then + kill ${PID} + wait fi exit 0 diff --git a/tests/suite/invalid-cert b/tests/suite/invalid-cert index a9e1f5ebef..00bf1e4e3b 100755 --- a/tests/suite/invalid-cert +++ b/tests/suite/invalid-cert @@ -22,8 +22,8 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi ${VALGRIND} "${CERTTOOL}" --certificate-info --inder --infile "${srcdir}/invalid-cert.der" 2>/dev/null @@ -31,7 +31,7 @@ rc=$? # We're done. if test "${rc}" != "1"; then - exit ${rc} + exit ${rc} fi exit 0 diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl index bac6026f6f..c463895e35 100755 --- a/tests/suite/testcompat-main-openssl +++ b/tests/suite/testcompat-main-openssl @@ -11,9 +11,9 @@ # Redistribution and use in source and binary forms, with or without modification, # are permitted provided that the following conditions are met: # -# 1. Redistributions of source code must retain the above copyright notice, this +# 1. Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright notice, +# 2. Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation and/or # other materials provided with the distribution. # 3. Neither the name of the copyright holder nor the names of its contributors may @@ -23,7 +23,7 @@ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT -# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN @@ -33,13 +33,13 @@ srcdir="${srcdir:-.}" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" unset RETCODE -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -if test "${WINDIR}" != "";then - exit 77 -fi +if test "${WINDIR}" != ""; then + exit 77 +fi . "${srcdir}/../scripts/common.sh" @@ -48,16 +48,16 @@ PORT="${PORT:-${RPORT}}" SERV=openssl OPENSSL_CLI="openssl" -if test -f /etc/debian_version;then - DEBIAN=1 +if test -f /etc/debian_version; then + DEBIAN=1 fi echo "Compatibility checks using "`${SERV} version` ${SERV} version|grep -e 1\.0 >/dev/null 2>&1 SV=$? -if test ${SV} != 0;then - echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests" - exit 77 +if test ${SV} != 0; then + echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests" + exit 77 fi ${SERV} version|grep -e 1\.0\.1 >/dev/null 2>&1 @@ -69,283 +69,283 @@ echo "#################################################" echo "# Client mode tests (gnutls cli-openssl server) #" echo "#################################################" -for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" -do - if ! test -z "${ADD}";then - echo "" - echo "** Modifier: ${ADD}" - fi - - if test "${DEBIAN}" != 1;then - - # It seems debian disabled SSL 3.0 completely on openssl - - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test SSL 3.0 with RSA ciphersuite - echo "Checking SSL 3.0 with RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test SSL 3.0 with DHE-RSA ciphersuite - echo "Checking SSL 3.0 with DHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test SSL 3.0 with DHE-DSS ciphersuite - echo "Checking SSL 3.0 with DHE-DSS..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 & - PID=$! - wait_server ${PID} - - echo "Checking SSL 3.0 with RSA-RC4-MD5..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - if test "${FIPS}" != 1;then - #-cipher RSA-NULL - launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with RSA-NULL ciphersuite - echo "Checking TLS 1.0 with RSA-NULL..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with RSA ciphersuite - echo "Checking TLS 1.0 with RSA and 3DES-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.0 with RSA and AES-128-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.0 with RSA and AES-256-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test TLS 1.0 with DHE-RSA ciphersuite - echo "Checking TLS 1.0 with DHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test TLS 1.0 with DHE-RSA ciphersuite - echo "Checking TLS 1.0 with ECDHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - # Test TLS 1.0 with DHE-DSS ciphersuite - echo "Checking TLS 1.0 with DHE-DSS..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test "${FIPS}" != 1;then - - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with ECDHE-ECDSA ciphersuite - echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with ECDHE-ECDSA ciphersuite - echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test "${FIPS}" != 1;then - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - # Test TLS 1.0 with ECDHE-ECDSA ciphersuite - echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - #-cipher PSK - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.0 with PSK..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test ${SV2} = 0;then - # Tests requiring openssl 1.0.1 - TLS 1.2 - #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with RSA and AES-128-GCM..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.2 with RSA and AES-256-GCM..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.2 with DHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.2 with ECDHE-RSA..." - "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - echo "Checking TLS 1.2 with DHE-DSS..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test "${FIPS}" != 1;then - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)" - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)" - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test "${FIPS}" != 1;then - #-cipher ECDHE-ECDSA-AES128-SHA - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)" - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi #FIPS - fi #SV2 - - #-cipher PSK - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & - PID=$! - wait_server ${PID} - - echo "Checking TLS 1.2 with PSK..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & PID=$! - wait_server ${PID} - - # Test DTLS 1.0 with RSA ciphersuite - echo "Checking DTLS 1.0 with RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test DTLS 1.0 with DHE-RSA ciphersuite - echo "Checking DTLS 1.0 with DHE-RSA..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & - PID=$! - wait_server ${PID} - - # Test DTLS 1.0 with DHE-DSS ciphersuite - echo "Checking DTLS 1.0 with DHE-DSS..." - ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ - fail ${PID} "Failed" +for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" + if ! test -z "${ADD}"; then + echo "" + echo "** Modifier: ${ADD}" + fi + + if test "${DEBIAN}" != 1; then + + # It seems debian disabled SSL 3.0 completely on openssl - kill ${PID} - wait + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test SSL 3.0 with RSA ciphersuite + echo "Checking SSL 3.0 with RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test SSL 3.0 with DHE-RSA ciphersuite + echo "Checking SSL 3.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test SSL 3.0 with DHE-DSS ciphersuite + echo "Checking SSL 3.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 & + PID=$! + wait_server ${PID} + + echo "Checking SSL 3.0 with RSA-RC4-MD5..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + if test "${FIPS}" != 1; then + #-cipher RSA-NULL + launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with RSA-NULL ciphersuite + echo "Checking TLS 1.0 with RSA-NULL..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with RSA ciphersuite + echo "Checking TLS 1.0 with RSA and 3DES-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and AES-128-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and AES-256-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-RSA ciphersuite + echo "Checking TLS 1.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-RSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + # Test TLS 1.0 with DHE-DSS ciphersuite + echo "Checking TLS 1.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + # Test TLS 1.0 with ECDHE-ECDSA ciphersuite + echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher PSK + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.0 with PSK..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test ${SV2} = 0; then + # Tests requiring openssl 1.0.1 - TLS 1.2 + #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with RSA and AES-128-GCM..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with RSA and AES-256-GCM..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with ECDHE-RSA..." + "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + echo "Checking TLS 1.2 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + #-cipher ECDHE-ECDSA-AES128-SHA + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)" + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi #FIPS + fi #SV2 + + #-cipher PSK + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db & + PID=$! + wait_server ${PID} + + echo "Checking TLS 1.2 with PSK..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with RSA ciphersuite + echo "Checking DTLS 1.0 with RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with DHE-RSA ciphersuite + echo "Checking DTLS 1.0 with DHE-RSA..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + # Test DTLS 1.0 with DHE-DSS ciphersuite + echo "Checking DTLS 1.0 with DHE-DSS..." + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \ + fail ${PID} "Failed" + + kill ${PID} + wait done echo "Client mode tests were successfully completed" @@ -357,296 +357,319 @@ SERV="../../src/gnutls-serv${EXEEXT} -q" # Note that openssl s_client does not return error code on failure -for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" -do - if ! test -z "${ADD}";then - echo "" - echo "** Modifier: ${ADD}" - fi - - if test "${DEBIAN}" != 1;then - - echo "Check SSL 3.0 with RSA ciphersuite" - launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" - - echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" - - kill ${PID} - wait +for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"; do + if ! test -z "${ADD}"; then + echo "" + echo "** Modifier: ${ADD}" + fi - echo "Check SSL 3.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + if test "${DEBIAN}" != 1; then - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check SSL 3.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check SSL 3.0 with DHE-DSS ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + kill ${PID} + wait + echo "Check SSL 3.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - kill ${PID} - wait - fi + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - #TLS 1.0 + kill ${PID} + wait - # This test was disabled because it doesn't work as expected with openssl 1.0.0d - #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - #wait_server ${PID} - # - #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - # fail ${PID} "Failed" - # - #kill ${PID} - #wait + echo "Check SSL 3.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - if test "${FIPS}" != 1;then - echo "Check TLS 1.0 with RSA-NULL ciphersuite" - launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" - kill ${PID} - wait - fi + kill ${PID} + wait + fi - echo "Check TLS 1.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + #TLS 1.0 - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + # This test was disabled because it doesn't work as expected with openssl 1.0.0d + #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + #PID=$! + #wait_server ${PID} + # + #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait - kill ${PID} - wait + if test "${FIPS}" != 1; then + echo "Check TLS 1.0 with RSA-NULL ciphersuite" + launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with DHE-DSS ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + kill ${PID} + wait + fi - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-RSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - if test "${FIPS}" != 1;then - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait - fi + #-cipher ECDHE-RSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + if test "${FIPS}" != 1; then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait + fi - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - if test "${FIPS}" != 1;then - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait - fi + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test "${FIPS}" != 1; then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi - echo "Check TLS 1.0 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.0 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - #-cipher PSK-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ - fail ${PID} "Failed" + #-cipher PSK-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - if test ${SV2} = 0;then + if test ${SV2} = 0; then - echo "Check TLS 1.2 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check TLS 1.2 with DHE-DSS ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-RSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-RSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - if test "${FIPS}" != 1;then - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + if test "${FIPS}" != 1; then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait - fi + kill ${PID} + wait + fi - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - if test "${FIPS}" != 1;then - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} + if test "${FIPS}" != 1; then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher ECDHE-ECDSA-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait - fi + kill ${PID} + wait + fi - echo "Check TLS 1.2 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.2 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - #-cipher PSK-AES128-SHA - ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ - fail ${PID} "Failed" + #-cipher PSK-AES128-SHA + ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - fi #SV2 + fi #SV2 - # DTLS - echo "Check DTLS 1.0 with RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + # DTLS + echo "Check DTLS 1.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check DTLS 1.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check DTLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check DTLS 1.0 with DHE-DSS ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + echo "Check DTLS 1.0 with DHE-DSS ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ - fail ${PID} "Failed" + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait done exit 0 diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl index 74261b0802..bf49918cac 100755 --- a/tests/suite/testcompat-main-polarssl +++ b/tests/suite/testcompat-main-polarssl @@ -34,44 +34,44 @@ srcdir="${srcdir:-.}" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" LOGFILE=polarssl.log unset RETCODE -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi . "${srcdir}/../scripts/common.sh" PORT="${PORT:-${RPORT}}" TXT=`"${CLI}" --priority NORMAL --list|grep SECP224` -if test -z "${TXT}";then - ALL_CURVES=0 +if test -z "${TXT}"; then + ALL_CURVES=0 else - ALL_CURVES=1 + ALL_CURVES=1 fi echo "Compatibility checks using polarssl" for POLARSSL_CLI in \ - /usr/bin/polarssl_ssl_client2 \ - /usr/bin/mbedtls_ssl_client2 \ - /usr/libexec/mbedtls/ssl_client2 \ - ""; do - test -x "${POLARSSL_CLI}" && break + /usr/bin/polarssl_ssl_client2 \ + /usr/bin/mbedtls_ssl_client2 \ + /usr/libexec/mbedtls/ssl_client2 \ + ""; do + test -x "${POLARSSL_CLI}" && break done -if test -z "${POLARSSL_CLI}";then - echo "PolarSSL is required for this test to run" - exit 77 +if test -z "${POLARSSL_CLI}"; then + echo "PolarSSL is required for this test to run" + exit 77 fi "${POLARSSL_CLI}" >/dev/null 2>&1 -if test $? = 0;then - echo "PolarSSL 1.3.x is required for the tests to run" - exit 77 +if test $? = 0; then + echo "PolarSSL 1.3.x is required for the tests to run" + exit 77 fi @@ -85,330 +85,358 @@ SERV="../../src/gnutls-serv${EXEEXT} -q" rm -f "${LOGFILE}" -for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" -do - if ! test -z "${ADD}";then - echo "" - echo "** Modifier: ${ADD}" - fi +for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION" + if ! test -z "${ADD}"; then + echo "" + echo "** Modifier: ${ADD}" + fi - # SSL 3.0 is disabled in debian's polarssl - if test 0 = 1;then - echo "Check SSL 3.0 with RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + # SSL 3.0 is disabled in debian's polarssl + if test 0 = 1; then + echo "Check SSL 3.0 with RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait + + echo "Check SSL 3.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - echo "Check SSL 3.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + kill ${PID} + wait - kill ${PID} - wait + # No DSS for polarssl + #echo "Check SSL 3.0 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + #PID=$! + #wait_server ${PID} + + #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait + fi + + #TLS 1.0 + + echo "Check TLS 1.0 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} - # No DSS for polarssl - #echo "Check SSL 3.0 with DHE-DSS ciphersuite" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - #wait_server ${PID} + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - # fail ${PID} "Failed" - # - #kill ${PID} - #wait - fi + kill ${PID} + wait + + #echo "Check TLS 1.0 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + #PID=$! + #wait_server ${PID} + + #"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" + + #kill ${PID} + #wait + + echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-RSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.0 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - #TLS 1.0 + kill ${PID} + wait + + echo "Check TLS 1.0 with DHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - echo "Check TLS 1.0 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + kill ${PID} + wait + + echo "Check TLS 1.0 with ECDHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - #echo "Check TLS 1.0 with DHE-DSS ciphersuite" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - #wait_server ${PID} + kill ${PID} + wait - #"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - # fail ${PID} "Failed" + echo "Check TLS 1.0 with RSA-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - #kill ${PID} - #wait + #-cipher RSA-PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait - #-cipher ECDHE-RSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + if test ${ALL_CURVES} = 1; then + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + kill ${PID} + wait + fi - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - kill ${PID} - wait + kill ${PID} + wait - echo "Check TLS 1.0 with DHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite" + launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & + PID=$! + wait_server ${PID} + + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + #echo "Check TLS 1.2 with DHE-DSS ciphersuite" + #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & + #PID=$! + #wait_server ${PID} + # + #"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + # fail ${PID} "Failed" + # + #kill ${PID} + #wait + + echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-RSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + if test ${ALL_CURVES} = 1; then + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + fi + + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher ECDHE-ECDSA-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with DHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with ECDHE-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} + + #-cipher PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" + + kill ${PID} + wait + + echo "Check TLS 1.2 with RSA-PSK ciphersuite" + launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & + PID=$! + wait_server ${PID} - kill ${PID} - wait + #-cipher RSA-PSK-AES128-SHA + "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ + fail ${PID} "Failed" - echo "Check TLS 1.0 with ECDHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.0 with RSA-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher RSA-PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test ${ALL_CURVES} = 1;then - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite" - launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$! - wait_server ${PID} - - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - #echo "Check TLS 1.2 with DHE-DSS ciphersuite" - #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$! - #wait_server ${PID} - # - #"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - # fail ${PID} "Failed" - # - #kill ${PID} - #wait - - echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-RSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - if test ${ALL_CURVES} = 1;then - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - fi - - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$! - wait_server ${PID} - - #-cipher ECDHE-ECDSA-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with DHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with ECDHE-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait - - echo "Check TLS 1.2 with RSA-PSK ciphersuite" - launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$! - wait_server ${PID} - - #-cipher RSA-PSK-AES128-SHA - "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \ - fail ${PID} "Failed" - - kill ${PID} - wait + kill ${PID} + wait done rm -f "${LOGFILE}" diff --git a/tests/suite/testcompat-openssl b/tests/suite/testcompat-openssl index 42b695d8e5..d7f9cc0e02 100755 --- a/tests/suite/testcompat-openssl +++ b/tests/suite/testcompat-openssl @@ -32,16 +32,16 @@ srcdir="${srcdir:-.}" -if ! test -x /usr/bin/openssl;then - echo "You need openssl to run this test" - exit 77 +if ! test -x /usr/bin/openssl; then + echo "You need openssl to run this test" + exit 77 fi /usr/bin/openssl version|grep fips >/dev/null 2>&1 -if test $? = 0;then - export FIPS=1 +if test $? = 0; then + export FIPS=1 else - export FIPS=0 + export FIPS=0 fi export TZ="UTC" @@ -49,8 +49,8 @@ export TZ="UTC" # Check for datefudge TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null` if test "${TSTAMP}" != "1158969600"; then - echo "You need datefudge to run this test" - exit 77 + echo "You need datefudge to run this test" + exit 77 fi datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl" diff --git a/tests/suite/testcompat-polarssl b/tests/suite/testcompat-polarssl index 41dd59f710..c4dfb361e0 100755 --- a/tests/suite/testcompat-polarssl +++ b/tests/suite/testcompat-polarssl @@ -37,14 +37,14 @@ export TZ="UTC" # Check for datefudge TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null` if test "${TSTAMP}" != "1158969600"; then - echo "You need datefudge to run this test" - exit 77 + echo "You need datefudge to run this test" + exit 77 fi cat /proc/cpuinfo|grep "model name"|grep "VIA Esther" >/dev/null 2>&1 -if test $? = 0;then - echo "PolarSSL is broken on VIA processors" - exit 77 +if test $? = 0; then + echo "PolarSSL is broken on VIA processors" + exit 77 fi datefudge "2012-09-2" "${srcdir}/testcompat-main-polarssl" diff --git a/tests/suite/testdane b/tests/suite/testdane index 2ec50dc186..12d3ce19e7 100755 --- a/tests/suite/testdane +++ b/tests/suite/testdane @@ -24,8 +24,8 @@ unset RETCODE # Unfortunately it is extremely fragile and fails 99% of the # time. -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi . "${srcdir}/../scripts/common.sh" @@ -37,30 +37,30 @@ echo "*** Testing good HTTPS hosts ***" # www.vulcano.cl dane.nox.su HOSTS="good.dane.verisignlabs.com www.freebsd.org www.kumari.net torproject.org fedoraproject.org" HOSTS="${HOSTS} nohats.ca" -for host in ${HOSTS};do - echo -n "${host}: " +for host in ${HOSTS}; do + echo -n "${host}: " - "${DANETOOL}" --check "${host}" >/dev/null 2>&1 - if [ $? != 0 ];then - echo "Error checking ${host}" - exit 1 - fi - echo "ok" + "${DANETOOL}" --check "${host}" >/dev/null 2>&1 + if [ $? != 0 ]; then + echo "Error checking ${host}" + exit 1 + fi + echo "ok" done echo "" echo "*** Testing good SMTP hosts ***" #HOSTS="dougbarton.us nlnetlabs.nl" HOSTS="nlnetlabs.nl" -for host in ${HOSTS};do - echo -n "${host}: " +for host in ${HOSTS}; do + echo -n "${host}: " - "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1 - if [ $? != 0 ];then - echo "Error checking ${host}" - exit 1 - fi - echo "ok" + "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1 + if [ $? != 0 ]; then + echo "Error checking ${host}" + exit 1 + fi + echo "ok" done echo "" @@ -69,14 +69,14 @@ echo "*** Testing bad HTTPS hosts ***" # used to work: dane-broken.rd.nic.fr HOSTS="bad-hash.dane.verisignlabs.com bad-params.dane.verisignlabs.com" HOSTS="${HOSTS} bad-sig.dane.verisignlabs.com" -for host in ${HOSTS};do - echo -n "${host}: " - "${DANETOOL}" --check "${host}" >/dev/null 2>&1 - if [ $? = 0 ];then - echo "Checking ${host} should have failed" - exit 1 - fi - echo "ok" +for host in ${HOSTS}; do + echo -n "${host}: " + "${DANETOOL}" --check "${host}" >/dev/null 2>&1 + if [ $? = 0 ]; then + echo "Checking ${host} should have failed" + exit 1 + fi + echo "ok" done diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11 index b301cc3dd0..53ae752041 100755 --- a/tests/suite/testpkcs11 +++ b/tests/suite/testpkcs11 @@ -26,15 +26,15 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" RETCODE=0 -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no" fi TMPFILE="testpkcs11.debug" CERTTOOL_PARAM="--stdout-info" -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi P11TOOL="${VALGRIND} ${P11TOOL} --batch" @@ -46,11 +46,11 @@ PORT="${PORT:-${RPORT}}" rm -f "${TMPFILE}" exit_error () { - echo "Check ${TMPFILE} for additional debugging information" - echo "" - echo "" - tail "${TMPFILE}" - exit 1 + echo "Check ${TMPFILE} for additional debugging information" + echo "" + echo "" + tail "${TMPFILE}" + exit 1 } # $1: token @@ -58,18 +58,18 @@ exit_error () { # $3: filename # ${srcdir}/pkcs11-certs/client.key write_privkey () { - export GNUTLS_PIN="$2" - filename="$3" - token="$1" - - echo -n "* Writing a client private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing a client private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } @@ -77,18 +77,18 @@ write_privkey () { # $2: PIN # $3: filename write_serv_privkey () { - export GNUTLS_PIN="$2" - filename="$3" - token="$1" - - echo -n "* Writing the server private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } @@ -96,18 +96,18 @@ write_serv_privkey () { # $2: PIN # $3: filename write_serv_cert () { - export GNUTLS_PIN="$2" - filename="$3" - token="$1" - - echo -n "* Writing the server certificate... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } @@ -115,48 +115,48 @@ write_serv_cert () { # $2: PIN # $3: bits generate_rsa_privkey () { - export GNUTLS_PIN="$2" - token="$1" - bits="$3" - - echo -n "* Generating RSA private key ("${bits}")... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit 1 - fi + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating RSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi } # $1: token # $2: PIN # $3: bits generate_temp_rsa_privkey () { - export GNUTLS_PIN="$2" - token="$1" - bits="$3" - - echo -n "* Generating RSA private key ("${bits}")... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 - if test $? = 0;then - RETCODE=0 - echo ok - else - echo failed - RETCODE=1 - fi - -# if test ${RETCODE} = 0;then + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating RSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0; then + RETCODE=0 + echo ok + else + echo failed + RETCODE=1 + fi + +# if test ${RETCODE} = 0; then # echo -n "* Testing private key flags... " # ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-keys "${token};object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>"${TMPFILE}" -# if test $? != 0;then +# if test $? != 0; then # echo failed # exit_error # fi # # grep CKA_WRAP tmp-client-2.pub >>"${TMPFILE}" 2>&1 -# if test $? != 0;then +# if test $? != 0; then # echo "failed (no CKA_WRAP)" # exit_error # else @@ -168,116 +168,116 @@ generate_temp_rsa_privkey () { # $1: token # $2: PIN delete_temp_privkey () { - export GNUTLS_PIN="$2" - token="$1" - type="$3" + export GNUTLS_PIN="$2" + token="$1" + type="$3" - test "${RETCODE}" = "0" || return + test "${RETCODE}" = "0" || return - echo -n "* Deleting private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1 + echo -n "* Deleting private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - RETCODE=1 - return - fi + if test $? != 0; then + echo failed + RETCODE=1 + return + fi - RETCODE=0 - echo ok + RETCODE=0 + echo ok } # $1: token # $2: PIN # $3: bits export_pubkey_of_privkey () { - export GNUTLS_PIN="$2" - token="$1" - bits="$3" - - echo -n "* Exporting public key of generated private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - exit 1 - fi - - ${DIFF} tmp-client.pub tmp-client-2.pub - if test $? != 0;then - echo keys differ - exit 1 - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Exporting public key of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo failed + exit 1 + fi + + ${DIFF} tmp-client.pub tmp-client-2.pub + if test $? != 0; then + echo keys differ + exit 1 + fi + + echo ok } # $1: token # $2: PIN change_id_of_privkey () { - export GNUTLS_PIN="$2" - token="$1" - - echo -n "* Change the CKA_ID of generated private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "ID didn't change" - exit_error - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Change the CKA_ID of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "ID didn't change" + exit_error + fi + + echo ok } # $1: token # $2: PIN change_label_of_privkey () { - export GNUTLS_PIN="$2" - token="$1" - - echo -n "* Change the CKA_LABEL of generated private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "label didn't change" - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo failed - exit_error - fi - - echo ok + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Change the CKA_LABEL of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "label didn't change" + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + echo ok } # $1: token # $2: PIN # $3: bits generate_temp_ecc_privkey () { - export GNUTLS_PIN="$2" - token="$1" - bits="$3" - - echo -n "* Generating ECC private key (${bits})... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 - if test $? = 0;then - RETCODE=0 - echo ok - else - echo failed - RETCODE=1 - fi + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating ECC private key (${bits})... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1 + if test $? = 0; then + RETCODE=0 + echo ok + else + echo failed + RETCODE=1 + fi } # $1: token @@ -288,109 +288,109 @@ generate_temp_ecc_privkey () { # Tests writing a certificate which corresponds to the given key, # as well as the CA certificate, and tries to export them. write_certificate_test () { - export GNUTLS_PIN="$2" - token="$1" - cakey="$3" - cacert="$4" - pubkey="$5" - - echo -n "* Generating client certificate... " - "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ - --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ - --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1 - - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Writing client certificate... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Checking whether ID was correctly set... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "ID was not set on copy" - exit_error - fi - echo ok - - echo -n "* Writing certificate of client's CA... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 - ret=$? - if test ${ret} != 0;then - ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 - ret=$? - fi - - if test ${ret} = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Testing certificate flags... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}" - if test $? != 0;then - echo failed - exit_error - fi - - grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "failed (no CKA_TRUSTED)" - #exit_error - fi - - grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1 - if test $? != 0;then - echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)" - #exit_error - fi - - echo ok - - - echo -n "* Trying to obtain back the cert... " - ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1 - ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt" - if test $? != 0;then - echo "failed. Exported certificate differs (crt1.tmp)!" - exit_error - fi - rm -f crt1.tmp - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Trying to obtain the full chain... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1 - - cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp - ${DIFF} crt1.tmp crt2.tmp - if test $? != 0;then - echo "failed. Exported certificate chain differs!" - exit_error - fi - rm -f crt1.tmp crt2.tmp - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + export GNUTLS_PIN="$2" + token="$1" + cakey="$3" + cacert="$4" + pubkey="$5" + + echo -n "* Generating client certificate... " + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ + --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1 + + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Writing client certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Checking whether ID was correctly set... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "ID was not set on copy" + exit_error + fi + echo ok + + echo -n "* Writing certificate of client's CA... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 + ret=$? + if test ${ret} != 0; then + ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1 + ret=$? + fi + + if test ${ret} = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Testing certificate flags... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}" + if test $? != 0; then + echo failed + exit_error + fi + + grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "failed (no CKA_TRUSTED)" + #exit_error + fi + + grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1 + if test $? != 0; then + echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)" + #exit_error + fi + + echo ok + + + echo -n "* Trying to obtain back the cert... " + ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1 + ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt" + if test $? != 0; then + echo "failed. Exported certificate differs (crt1.tmp)!" + exit_error + fi + rm -f crt1.tmp + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Trying to obtain the full chain... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1 + + cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp + ${DIFF} crt1.tmp crt2.tmp + if test $? != 0; then + echo "failed. Exported certificate chain differs!" + exit_error + fi + rm -f crt1.tmp crt2.tmp + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } @@ -402,39 +402,39 @@ write_certificate_test () { # # Tests using a certificate and key pair using gnutls-serv and gnutls-cli. use_certificate_test () { - export GNUTLS_PIN="$2" - token="$1" - certfile="$3" - keyfile="$4" - cafile="$5" - txt="$6" - - echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " - # start server - launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ - --x509keyfile="$keyfile" --x509cafile="${cafile}" \ - --require-client-cert >>"${TMPFILE}" 2>&1 & - - PID=$! - wait_server ${PID} - - # connect to server using SC - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \ - fail ${PID} "Connection should have failed!" - - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ - --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ - fail ${PID} "Connection (with files) should have succeeded!" - - ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ - --x509keyfile="${token};object=gnutls-client;object-type=private" \ - --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ - fail ${PID} "Connection (with SC) should have succeeded!" - - kill ${PID} - wait - - echo ok + export GNUTLS_PIN="$2" + token="$1" + certfile="$3" + keyfile="$4" + cafile="$5" + txt="$6" + + echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " + # start server + launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" \ + --require-client-cert >>"${TMPFILE}" 2>&1 & + + PID=$! + wait_server ${PID} + + # connect to server using SC + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \ + fail ${PID} "Connection should have failed!" + + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ + fail ${PID} "Connection (with files) should have succeeded!" + + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ + --x509keyfile="${token};object=gnutls-client;object-type=private" \ + --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \ + fail ${PID} "Connection (with SC) should have succeeded!" + + kill ${PID} + wait + + echo ok } @@ -445,15 +445,15 @@ echo "Testing PKCS11 support" type="$1" -if test -z "${type}";then - echo "usage: $0: [pkcs15|softhsm|sc-hsm]" - if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then - echo "assuming 'softhsm'" - echo "" - type=softhsm - else - exit 1 - fi +if test -z "${type}"; then + echo "usage: $0: [pkcs15|softhsm|sc-hsm]" + if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util"; then + echo "assuming 'softhsm'" + echo "" + type=softhsm + else + exit 1 + fi fi @@ -468,9 +468,9 @@ init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}" TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` echo "* Token: ${TOKEN}" -if test "x${TOKEN}" = x;then - echo "Could not find generated token" - exit_error +if test "x${TOKEN}" = x; then + echo "Could not find generated token" + exit_error fi #write a given privkey @@ -499,8 +499,8 @@ use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert;objec use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/pkcs11-certs/ca.crt" "abbrv URLs" -if test ${RETCODE} = 0;then - echo "* All smart cards tests succeeded" +if test ${RETCODE} = 0; then + echo "* All smart cards tests succeeded" fi rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub "${TMPFILE}" diff --git a/tests/suite/testpkcs11.pkcs15 b/tests/suite/testpkcs11.pkcs15 index 59c535e72f..565282a312 100644 --- a/tests/suite/testpkcs11.pkcs15 +++ b/tests/suite/testpkcs11.pkcs15 @@ -20,26 +20,26 @@ init_card () { - PIN="$1" - PUK="$2" + PIN="$1" + PUK="$2" - echo -n "* Erasing smart card... " - pkcs15-init -E >"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - cat "${TMPFILE}" - exit_error - fi + echo -n "* Erasing smart card... " + pkcs15-init -E >"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + cat "${TMPFILE}" + exit_error + fi - echo -n "* Initializing smart card... " - pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - cat "${TMPFILE}" - exit_error - fi + echo -n "* Initializing smart card... " + pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + cat "${TMPFILE}" + exit_error + fi } diff --git a/tests/suite/testpkcs11.sc-hsm b/tests/suite/testpkcs11.sc-hsm index 26ce485c7d..f3eab685fb 100644 --- a/tests/suite/testpkcs11.sc-hsm +++ b/tests/suite/testpkcs11.sc-hsm @@ -20,31 +20,31 @@ init_card () { - PIN="$1" - PUK=3537363231383830 - export GNUTLS_SO_PIN="${PUK}" + PIN="$1" + PUK=3537363231383830 + export GNUTLS_SO_PIN="${PUK}" - echo -n "* Erasing smart card... " - sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + echo -n "* Erasing smart card... " + sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi - echo -n "* Initializing smart card... " - TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` - if test -z "${TOKEN}";then - echo "Could not find initialized card" - exit_error - fi + echo -n "* Initializing smart card... " + TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` + if test -z "${TOKEN}"; then + echo "Could not find initialized card" + exit_error + fi - ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm index b444e62b05..70badf14c2 100755 --- a/tests/suite/testpkcs11.softhsm +++ b/tests/suite/testpkcs11.softhsm @@ -18,57 +18,57 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -if test -f /usr/lib64/pkcs11/libsofthsm2.so;then - ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so" +if test -f /usr/lib64/pkcs11/libsofthsm2.so; then + ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so" else - if test -f /usr/lib/softhsm/libsofthsm.so;then - ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" - else - ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so" - fi + if test -f /usr/lib/softhsm/libsofthsm.so; then + ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" + else + ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so" + fi fi init_card () { - PIN="$1" - PUK="$2" + PIN="$1" + PUK="$2" - if test -x "/usr/bin/softhsm2-util";then - export SOFTHSM2_CONF="softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1 - if test $? = 0;then - echo "softhsm2-util 2.0.0b1 is broken" - exit 77 - fi - fi + if test -x "/usr/bin/softhsm2-util"; then + export SOFTHSM2_CONF="softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/bin/softhsm2-util" + ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1 + if test $? = 0; then + echo "softhsm2-util 2.0.0b1 is broken" + exit 77 + fi + fi - if test -x "/usr/bin/softhsm";then - export SOFTHSM_CONF="softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - fi + if test -x "/usr/bin/softhsm"; then + export SOFTHSM_CONF="softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/bin/softhsm" + fi - if test -z "${SOFTHSM_TOOL}";then - echo "Could not find softhsm(2) tool" - exit 77 - fi + if test -z "${SOFTHSM_TOOL}"; then + echo "Could not find softhsm(2) tool" + exit 77 + fi - if test -z "${SOFTHSM_CONF}";then - rm -rf ./softhsm-testpkcs11.db - mkdir -p ./softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" - else - rm -rf ./softhsm-testpkcs11.db - echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" - fi + if test -z "${SOFTHSM_CONF}"; then + rm -rf ./softhsm-testpkcs11.db + mkdir -p ./softhsm-testpkcs11.db + echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" + echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" + else + rm -rf ./softhsm-testpkcs11.db + echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" + fi - echo -n "* Initializing smart card... " - ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi + echo -n "* Initializing smart card... " + ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi } diff --git a/tests/suite/testrandom b/tests/suite/testrandom index 894b2e9df3..79b90d32c0 100755 --- a/tests/suite/testrandom +++ b/tests/suite/testrandom @@ -22,8 +22,8 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -if ! test -z "${VALGRIND}";then - VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi counter=0 @@ -32,56 +32,53 @@ file=test.out counter=0 echo "Testing verification with randomly generated certificates..." -while [ ${counter} -lt 400 ] -do - "${srcdir}/x509random.pl" > "${file}" - ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1 - if test $? != 0;then - continue - fi - - cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem" - - ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1 - ret=$? - if [ ${ret} != 1 ];then - echo "Succeeded verification with ${file}-chain.pem!" - exit 1 - fi - rm -f "${file}.pem" "${file}-chain.pem" - - counter=`expr ${counter} + 1` +while [ ${counter} -lt 400 ]; do + "${srcdir}/x509random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1 + if test $? != 0; then + continue + fi + + cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem" + + ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1 + ret=$? + if [ ${ret} != 1 ]; then + echo "Succeeded verification with ${file}-chain.pem!" + exit 1 + fi + rm -f "${file}.pem" "${file}-chain.pem" + + counter=`expr ${counter} + 1` done echo "Testing with randomly generated certificates..." -while [ ${counter} -lt 200 ] -do - "${srcdir}/x509random.pl" > "${file}" - ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null - ret=$? - if [ ${ret} != 0 -a ${ret} != 1 ];then - echo "Unknown exit code with ${file}" - exit 1 - fi - - counter=`expr ${counter} + 1` +while [ ${counter} -lt 200 ]; do + "${srcdir}/x509random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null + ret=$? + if [ ${ret} != 0 -a ${ret} != 1 ]; then + echo "Unknown exit code with ${file}" + exit 1 + fi + + counter=`expr ${counter} + 1` done counter=0 echo "Testing with random ASN.1 data..." -while [ ${counter} -lt 200 ] -do - "${srcdir}/asn1random.pl" > "${file}" - ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null - ret=$? - if [ ${ret} != 0 -a ${ret} != 1 ];then - echo "Unknown exit code with ${file}" - exit 1 - fi - - counter=`expr ${counter} + 1` +while [ ${counter} -lt 200 ]; do + "${srcdir}/asn1random.pl" > "${file}" + ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null + ret=$? + if [ ${ret} != 0 -a ${ret} != 1 ]; then + echo "Unknown exit code with ${file}" + exit 1 + fi + + counter=`expr ${counter} + 1` done rm -f "${file}" diff --git a/tests/suite/testrng b/tests/suite/testrng index 16fb4d5010..c45c9300eb 100755 --- a/tests/suite/testrng +++ b/tests/suite/testrng @@ -20,22 +20,22 @@ srcdir="${srcdir:-.}" -if ! test -x "/usr/bin/dieharder";then - exit 77 +if ! test -x "/usr/bin/dieharder"; then + exit 77 fi VERSION=`dieharder -l|grep version|cut -d ' ' -f 6` -if test "$1" = "full";then - OPTIONS="-a" +if test "$1" = "full"; then + OPTIONS="-a" else - if test "${VERSION}" = "2.28.1";then - OPTIONS="-d 5" - OPTIONS2="-d 10" - else - OPTIONS="-d 202" - OPTIONS2="-d 10" - fi + if test "${VERSION}" = "2.28.1"; then + OPTIONS="-d 5" + OPTIONS2="-d 10" + else + OPTIONS="-d 202" + OPTIONS2="-d 10" + fi fi OUTFILE=rng.log @@ -51,9 +51,9 @@ rm -f "${RNGFILE2}" RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1` -if test -z "${RINPUTNO}";then - echo "Cannot determine dieharder option for raw file input, assuming 201" - RINPUTNO=201 +if test -z "${RINPUTNO}"; then + echo "Cannot determine dieharder option for raw file input, assuming 201" + RINPUTNO=201 fi echo "" @@ -64,31 +64,31 @@ echo "Testing nonce PRNG" cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1 ret=$? -if test ${ret} = 0;then - echo "numbers are repeated in nonce!" - exit 1 +if test ${ret} = 0; then + echo "numbers are repeated in nonce!" + exit 1 fi ./rng nonce 100000000 "${RNGFILE}" dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 -if ! test -z "${OPTIONS2}";then - dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}"; then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" = "0";then - echo "test failed for nonce" - exit 1 +if test "${ret}" = "0"; then + echo "test failed for nonce" + exit 1 fi grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0"; then + echo "could not run dieharder test?" + exit 1 fi cat "${OUTFILE}" @@ -101,32 +101,32 @@ echo "Testing key PRNG" cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1 ret=$? -if test ${ret} = 0;then - echo "numbers are repeated in nonce!" - exit 1 +if test ${ret} = 0; then + echo "numbers are repeated in nonce!" + exit 1 fi ./rng key 100000000 "${RNGFILE}" dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 -if ! test -z "${OPTIONS2}";then - dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}"; then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" = "0";then - echo "test failed for key" - exit 1 +if test "${ret}" = "0"; then + echo "test failed for key" + exit 1 fi grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0"; then + echo "could not run dieharder test?" + exit 1 fi cat "${OUTFILE}" @@ -136,23 +136,23 @@ echo "Testing /dev/zero PRNG" dd if=/dev/zero of="${RNGFILE}" bs=4 count=10000000 >/dev/null 2>&1 dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1 -if ! test -z "${OPTIONS2}";then - dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 +if ! test -z "${OPTIONS2}"; then + dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1 fi grep PASSED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" = "0";then - echo "test succeeded for /dev/zero!!!" - exit 1 +if test "${ret}" = "0"; then + echo "test succeeded for /dev/zero!!!" + exit 1 fi grep FAILED "${OUTFILE}" >/dev/null 2>&1 ret=$? -if test "${ret}" != "0";then - echo "could not run dieharder test?" - exit 1 +if test "${ret}" != "0"; then + echo "could not run dieharder test?" + exit 1 fi cat "${OUTFILE}" diff --git a/tests/suite/testsrn b/tests/suite/testsrn index 783ed9dbbf..3ea2c1506e 100755 --- a/tests/suite/testsrn +++ b/tests/suite/testsrn @@ -25,8 +25,8 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" unset RETCODE -if test "${WINDIR}" != "";then - exit 77 +if test "${WINDIR}" != ""; then + exit 77 fi . "${srcdir}/../scripts/common.sh" @@ -40,19 +40,19 @@ PID=$! wait_server ${PID} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "0. Renegotiation should have succeeded!" + fail ${PID} "0. Renegotiation should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "1. Safe rehandshake should have succeeded!" + fail ${PID} "1. Safe rehandshake should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "2. Unsafe rehandshake should have succeeded!" + fail ${PID} "2. Unsafe rehandshake should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "3. Unsafe negotiation should have succeeded!" + fail ${PID} "3. Unsafe negotiation should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail ${PID} "4. Unsafe renegotiation should have failed!" + fail ${PID} "4. Unsafe renegotiation should have failed!" kill ${PID} @@ -63,16 +63,16 @@ PID=$! wait_server ${PID} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "5. Safe rehandshake should have succeeded!" + fail ${PID} "5. Safe rehandshake should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "6. Unsafe rehandshake should have succeeded!" + fail ${PID} "6. Unsafe rehandshake should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail ${PID} "7. Unsafe negotiation should have failed!" + fail ${PID} "7. Unsafe negotiation should have failed!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail ${PID} "8. Unsafe renegotiation should have failed!" + fail ${PID} "8. Unsafe renegotiation should have failed!" kill ${PID} wait @@ -82,16 +82,16 @@ PID=$! wait_server ${PID} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \ - fail ${PID} "9. Initial connection should have failed!" + fail ${PID} "9. Initial connection should have failed!" "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "10. Unsafe connection should have succeeded!" + fail ${PID} "10. Unsafe connection should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "11. Unsafe negotiation should have succeeded!" + fail ${PID} "11. Unsafe negotiation should have succeeded!" "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \ - fail ${PID} "12. Unsafe renegotiation should have succeeded!" + fail ${PID} "12. Unsafe renegotiation should have succeeded!" kill ${PID} wait diff --git a/tests/userid/userid b/tests/userid/userid index fbf97e7d28..b1c93fcf3a 100755 --- a/tests/userid/userid +++ b/tests/userid/userid @@ -23,12 +23,12 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -$CERTTOOL --certificate-info --infile "${srcdir}/userid.pem" >out 2>&1 +"${CERTTOOL}" --certificate-info --infile "${srcdir}/userid.pem" >out 2>&1 RET=$? -if [ ${RET} != 0 ];then - echo "Error in userid:" - cat out - exit 1 +if [ ${RET} != 0 ]; then + echo "Error in userid:" + cat out + exit 1 fi rm -f out |