diff options
| author | Andreas Metzler <ametzler@bebt.de> | 2023-03-05 14:17:31 +0100 |
|---|---|---|
| committer | Andreas Metzler <ametzler@bebt.de> | 2023-04-04 17:56:05 +0200 |
| commit | 850e41e7dfd0bb513d95822a2385533e0d213bf8 (patch) | |
| tree | cb4b8b108182a385d6429c44a4366ac05db593ba | |
| parent | 71fc2905803a6cbd62c42ad611740a96bf018f48 (diff) | |
| download | gnutls-850e41e7dfd0bb513d95822a2385533e0d213bf8.tar.gz | |
Also use gnutls_timewrapper non-frozen time
also switch timeout/wrapper order
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
33 files changed, 87 insertions, 87 deletions
diff --git a/tests/cert-reencoding.sh b/tests/cert-reencoding.sh index fd8bc42a5f..804fe5652a 100755 --- a/tests/cert-reencoding.sh +++ b/tests/cert-reencoding.sh @@ -243,7 +243,7 @@ TESTDATE="2018-03-01 00:00:00" # Start OpenSSL TLS server # launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${OPENSSL}" s_server -cert ${SERVER_CERT_FILE} -key ${SERVER_KEY_FILE} \ -CAfile ${CA_FILE} -port ${PORT} -Verify 1 -verify_return_error -www SERVER_PID="${!}" diff --git a/tests/cert-tests/cert-critical.sh b/tests/cert-tests/cert-critical.sh index 5564146a2c..d65a8e9ee2 100755 --- a/tests/cert-tests/cert-critical.sh +++ b/tests/cert-tests/cert-critical.sh @@ -37,7 +37,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge "2017-2-28" \ +gnutls_timewrapper_standalone "2017-2-28" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-root.pem rc=$? @@ -46,7 +46,7 @@ if test "${rc}" != "1"; then exit 1 fi -datefudge "2017-2-28" \ +gnutls_timewrapper_standalone "2017-2-28" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-endcert.pem rc=$? @@ -55,7 +55,7 @@ if test "${rc}" != "1"; then exit 1 fi -datefudge "2017-2-28" \ +gnutls_timewrapper_standalone "2017-2-28" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-intermediate.pem rc=$? diff --git a/tests/cert-tests/certtool-eddsa.sh b/tests/cert-tests/certtool-eddsa.sh index ea5cc7f5db..be0c8e5d8d 100755 --- a/tests/cert-tests/certtool-eddsa.sh +++ b/tests/cert-tests/certtool-eddsa.sh @@ -126,7 +126,7 @@ rm -f "${KEYFILE}" skip_if_no_datefudge # Test certificate chain using Ed25519 -datefudge "2017-7-6" \ +gnutls_timewrapper_standalone "2017-7-6" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-eddsa.pem if test $? != 0; then diff --git a/tests/cert-tests/certtool-rsa-pss.sh b/tests/cert-tests/certtool-rsa-pss.sh index 1a1aa4e65b..8dccc4e257 100755 --- a/tests/cert-tests/certtool-rsa-pss.sh +++ b/tests/cert-tests/certtool-rsa-pss.sh @@ -211,7 +211,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge "2012-11-22" \ +gnutls_timewrapper_standalone "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-rsa-pss.pem" --infile "${srcdir}/data/cert-rsa-pss.pem" rc=$? diff --git a/tests/cert-tests/certtool.sh b/tests/cert-tests/certtool.sh index 11b8b8f636..3ec820fad7 100755 --- a/tests/cert-tests/certtool.sh +++ b/tests/cert-tests/certtool.sh @@ -173,7 +173,7 @@ export TZ="UTC" skip_if_no_datefudge -cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \ +cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|gnutls_timewrapper_standalone "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify-chain rc=$? diff --git a/tests/cert-tests/krb5-test.sh b/tests/cert-tests/krb5-test.sh index 7e06fd6e6c..401b910d83 100755 --- a/tests/cert-tests/krb5-test.sh +++ b/tests/cert-tests/krb5-test.sh @@ -41,7 +41,7 @@ if ! test -z "${VALGRIND}"; then fi # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ diff --git a/tests/cert-tests/othername-test.sh b/tests/cert-tests/othername-test.sh index 2c365361a6..e8780e77ef 100755 --- a/tests/cert-tests/othername-test.sh +++ b/tests/cert-tests/othername-test.sh @@ -35,7 +35,7 @@ export TZ="UTC" skip_if_no_datefudge # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ diff --git a/tests/cert-tests/pkcs1-pad.sh b/tests/cert-tests/pkcs1-pad.sh index 03db104b8d..f7df8eaaef 100755 --- a/tests/cert-tests/pkcs1-pad.sh +++ b/tests/cert-tests/pkcs1-pad.sh @@ -42,8 +42,8 @@ TMPFILE2=pkcs1-pad-2.$$.tmp EXPECT1=2002 -datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1 -datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1 out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` @@ -65,8 +65,8 @@ echo "PKCS1-PAD1 OK" EXPECT2=2002 -datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1 -datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1 out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` @@ -88,7 +88,7 @@ echo "PKCS1-PAD2 OK" # by Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann. -datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1 out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` diff --git a/tests/cert-tests/rsa-pss-pad.sh b/tests/cert-tests/rsa-pss-pad.sh index 06a1db54e6..298de392a3 100755 --- a/tests/cert-tests/rsa-pss-pad.sh +++ b/tests/cert-tests/rsa-pss-pad.sh @@ -35,7 +35,7 @@ export TZ="UTC" skip_if_no_datefudge # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) # Test PSS signatures on certificate diff --git a/tests/cert-tests/sha3-test.sh b/tests/cert-tests/sha3-test.sh index 0e76d9ce16..6fd4b0307c 100755 --- a/tests/cert-tests/sha3-test.sh +++ b/tests/cert-tests/sha3-test.sh @@ -35,7 +35,7 @@ export TZ="UTC" skip_if_no_datefudge # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) # Test SHA3 signatures diff --git a/tests/cert-tests/template-test.sh b/tests/cert-tests/template-test.sh index 26efce4571..1dda7aefd7 100755 --- a/tests/cert-tests/template-test.sh +++ b/tests/cert-tests/template-test.sh @@ -38,7 +38,7 @@ skip_if_no_datefudge echo "Running test for ${ac_cv_sizeof_time_t}-byte time_t" # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 3c3e2214e5..d4b7700857 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -71,7 +71,7 @@ launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1" --x PID=$! wait_server ${PID} -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} @@ -118,7 +118,7 @@ launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x PID=$! wait_server ${PID} -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} @@ -160,7 +160,7 @@ launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-RSA PID=$! wait_server ${PID} -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} @@ -186,7 +186,7 @@ tls-disabled-cipher = CAMELLIA-256-CBC _EOF_ GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" \ -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} @@ -209,7 +209,7 @@ if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != 1 ; then PID=$! wait_server ${PID} - timeout 1800 datefudge "2017-08-9" \ + gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} diff --git a/tests/gnutls-cli-invalid-crl.sh b/tests/gnutls-cli-invalid-crl.sh index 32e72630f7..5d42148139 100755 --- a/tests/gnutls-cli-invalid-crl.sh +++ b/tests/gnutls-cli-invalid-crl.sh @@ -168,7 +168,7 @@ launch_server --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} PID=$! wait_server ${PID} -datefudge "2018-9-19" \ +gnutls_timewrapper_standalone "2018-9-19" \ ${VALGRIND} "${CLI}" -p "${PORT}" localhost --x509crlfile ${CRLFILE} --x509cafile ${CAFILE} >${TMPFILE} 2>&1 </dev/null && \ fail ${PID} "1. handshake should have failed!" diff --git a/tests/gnutls-cli-self-signed.sh b/tests/gnutls-cli-self-signed.sh index 8fd7ea9e47..30ba64e25e 100755 --- a/tests/gnutls-cli-self-signed.sh +++ b/tests/gnutls-cli-self-signed.sh @@ -123,7 +123,7 @@ launch_server --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} PID=$! wait_server ${PID} -datefudge "2018-1-1" \ +gnutls_timewrapper_standalone "2018-1-1" \ ${VALGRIND} "${CLI}" -p "${PORT}" localhost >${TMPFILE} 2>&1 </dev/null && \ fail ${PID} "1. handshake should have failed!" diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh index 0b6204084d..29c1158785 100755 --- a/tests/ocsp-tests/ocsp-must-staple-connection.sh +++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh @@ -129,7 +129,7 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE} # SO_REUSEADDR usage. PORT=${OCSP_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ -port "${OCSP_PORT}" \ -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ @@ -145,7 +145,7 @@ echo "=== Verifying OCSP server is up ===" t=0 while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do # Run a test request to make sure the server works - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ ${VALGRIND} "${OCSPTOOL}" --ask \ --load-cert "${SERVER_CERT_FILE}" \ --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" \ @@ -170,7 +170,7 @@ echo "=== Test 1: Server with valid certificate - no staple ===" PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -202,7 +202,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -237,7 +237,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -273,7 +273,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -331,7 +331,7 @@ fi echo "=== Test 5.1: Server with valid certificate - expired staple (ignoring errors) ===" launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -375,7 +375,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -410,7 +410,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -445,7 +445,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_NO_EXT_FILE}" \ @@ -478,7 +478,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ diff --git a/tests/ocsp-tests/ocsp-test.sh b/tests/ocsp-tests/ocsp-test.sh index 0da118bf25..127bcb3afb 100755 --- a/tests/ocsp-tests/ocsp-test.sh +++ b/tests/ocsp-tests/ocsp-test.sh @@ -34,7 +34,7 @@ export TZ="UTC" skip_if_no_datefudge # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ diff --git a/tests/ocsp-tests/ocsp-tls-connection.sh b/tests/ocsp-tests/ocsp-tls-connection.sh index 3ff7620894..e59c25f60c 100755 --- a/tests/ocsp-tests/ocsp-tls-connection.sh +++ b/tests/ocsp-tests/ocsp-tls-connection.sh @@ -111,7 +111,7 @@ echo "=== Bringing OCSP server up ===" # SO_REUSEADDR usage. PORT=${OCSP_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${OPENSSL}" ocsp -index "${srcdir}/ocsp-tests/certs/ocsp_index.txt" -text \ -port "${OCSP_PORT}" \ -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ @@ -127,7 +127,7 @@ echo "=== Verifying OCSP server is up ===" t=0 while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do # Run a test request to make sure the server works - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ ${VALGRIND} "${OCSPTOOL}" --ask \ --load-cert "${SERVER_CERT_FILE}" \ --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" @@ -149,7 +149,7 @@ echo "=== Test 1: Server with valid certificate ===" PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -194,7 +194,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_bad.key" \ --x509certfile="${SERVER_CERT_FILE}" \ diff --git a/tests/server-multi-keys.sh b/tests/server-multi-keys.sh index e76aaa95c5..43b2cf360a 100755 --- a/tests/server-multi-keys.sh +++ b/tests/server-multi-keys.sh @@ -64,15 +64,15 @@ launch_server --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA" --x509keyfile $ PID=$! wait_server ${PID} -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA" </dev/null || \ fail ${PID} "1. handshake with RSA should have succeeded!" -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-ECDSA" </dev/null || \ fail ${PID} "2. handshake with ECC should have succeeded!" -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-SHA256" --save-cert ${TMPFILE} </dev/null || \ fail ${PID} "3. handshake with RSA should have succeeded!" @@ -81,13 +81,13 @@ if test $? != 0;then fail ${PID} "3. the certificate used by server was not the expected" fi -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA:+SIGN-RSA-SHA256:+SIGN-RSA-PSS-RSAE-SHA256" --save-cert ${TMPFILE} </dev/null || \ fail ${PID} "4. handshake with RSA should have succeeded!" # check whether the server used the RSA-PSS certificate when we asked for RSA-PSS signature -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256" --save-cert ${TMPFILE} </dev/null || \ fail ${PID} "4. handshake with RSA-PSS and SHA256 should have succeeded!" diff --git a/tests/server-weak-keys.sh b/tests/server-weak-keys.sh index 7ae7890eec..2eef393eb7 100755 --- a/tests/server-weak-keys.sh +++ b/tests/server-weak-keys.sh @@ -57,11 +57,11 @@ launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${ PID=$! wait_server ${PID} -timeout 1800 datefudge "2019-12-20" \ +gnutls_timewrapper_standalone "2019-12-20" timeout 1800 \ "${CLI}" -d 4 -p "${PORT}" localhost --x509cafile ${CERT1} --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 </dev/null && \ fail ${PID} "1. handshake with RSA should have failed!" -timeout 1800 datefudge "2019-12-20" \ +gnutls_timewrapper_standalone "2019-12-20" timeout 1800 \ "${CLI}" -d 4 -p "${PORT}" localhost --x509cafile ${CERT1} --priority NORMAL </dev/null && \ fail ${PID} "2. handshake with RSA should have failed!" diff --git a/tests/suite/testcompat-openssl-cli-compat.sh b/tests/suite/testcompat-openssl-cli-compat.sh index f3513acb55..4c42a58110 100755 --- a/tests/suite/testcompat-openssl-cli-compat.sh +++ b/tests/suite/testcompat-openssl-cli-compat.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-cli-common.sh" ":%COMPAT" ret=$? diff --git a/tests/suite/testcompat-openssl-cli-no-etm.sh b/tests/suite/testcompat-openssl-cli-no-etm.sh index aa941d7092..78bb2b4eb1 100755 --- a/tests/suite/testcompat-openssl-cli-no-etm.sh +++ b/tests/suite/testcompat-openssl-cli-no-etm.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-cli-common.sh" ":%NO_ETM" ret=$? diff --git a/tests/suite/testcompat-openssl-cli.sh b/tests/suite/testcompat-openssl-cli.sh index 3e1b67018e..d0c6324ada 100755 --- a/tests/suite/testcompat-openssl-cli.sh +++ b/tests/suite/testcompat-openssl-cli.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-cli-common.sh" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-compat.sh b/tests/suite/testcompat-openssl-serv-compat.sh index 79a2b458e5..abeed2caed 100755 --- a/tests/suite/testcompat-openssl-serv-compat.sh +++ b/tests/suite/testcompat-openssl-serv-compat.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%COMPAT" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-no-etm.sh b/tests/suite/testcompat-openssl-serv-no-etm.sh index 68c540f67f..9b79afcf6f 100755 --- a/tests/suite/testcompat-openssl-serv-no-etm.sh +++ b/tests/suite/testcompat-openssl-serv-no-etm.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_ETM" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh b/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh index 4e71716c54..fee57369d2 100755 --- a/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh +++ b/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%DISABLE_SAFE_RENEGOTIATION" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-no-tickets.sh b/tests/suite/testcompat-openssl-serv-no-tickets.sh index 137b697b20..eab663c7d8 100755 --- a/tests/suite/testcompat-openssl-serv-no-tickets.sh +++ b/tests/suite/testcompat-openssl-serv-no-tickets.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_TICKETS" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh b/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh index dd866af888..e58e20b49d 100755 --- a/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh +++ b/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%SAFE_RENEGOTIATION" ret=$? diff --git a/tests/suite/testcompat-openssl-serv.sh b/tests/suite/testcompat-openssl-serv.sh index 788e2abea2..454a1b3f75 100755 --- a/tests/suite/testcompat-openssl-serv.sh +++ b/tests/suite/testcompat-openssl-serv.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ret=$? diff --git a/tests/suite/testcompat-polarssl-serv-compat.sh b/tests/suite/testcompat-polarssl-serv-compat.sh index 841c3c61ce..aee90db4ce 100755 --- a/tests/suite/testcompat-polarssl-serv-compat.sh +++ b/tests/suite/testcompat-polarssl-serv-compat.sh @@ -39,7 +39,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge @@ -50,7 +50,7 @@ if test $? = 0; then exit 77 fi -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-polarssl-serv-common.sh" ":%COMPAT" ret=$? diff --git a/tests/suite/testcompat-polarssl-serv-no-etm.sh b/tests/suite/testcompat-polarssl-serv-no-etm.sh index d64dbaad28..8212a88a11 100755 --- a/tests/suite/testcompat-polarssl-serv-no-etm.sh +++ b/tests/suite/testcompat-polarssl-serv-no-etm.sh @@ -39,7 +39,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge @@ -50,7 +50,7 @@ if test $? = 0; then exit 77 fi -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-polarssl-serv-common.sh" ":%NO_ETM" ret=$? diff --git a/tests/suite/testcompat-polarssl-serv.sh b/tests/suite/testcompat-polarssl-serv.sh index f4ed2ba6d1..f9af51c11a 100755 --- a/tests/suite/testcompat-polarssl-serv.sh +++ b/tests/suite/testcompat-polarssl-serv.sh @@ -39,7 +39,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge @@ -50,7 +50,7 @@ if test $? = 0; then exit 77 fi -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-polarssl-serv-common.sh" ret=$? diff --git a/tests/system-override-profiles.sh b/tests/system-override-profiles.sh index 1b03bdb598..409057d97c 100755 --- a/tests/system-override-profiles.sh +++ b/tests/system-override-profiles.sh @@ -62,17 +62,17 @@ _EOF_ export GNUTLS_DEBUG_LEVEL=3 unset GNUTLS_SYSTEM_PRIORITY_FILE -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || fail "expected connection to succeed (1)" export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || fail "expected connection to succeed (2)" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || fail "expected connection to succeed (3)" @@ -85,17 +85,17 @@ _EOF_ unset GNUTLS_SYSTEM_PRIORITY_FILE -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || fail "expected connection to succeed (1)" export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null && fail "expected connection to fail (1)" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null && fail "expected connection to fail (2)" diff --git a/tests/system-override-tls.sh b/tests/system-override-tls.sh index a0ad3d0e4d..b4623d9927 100755 --- a/tests/system-override-tls.sh +++ b/tests/system-override-tls.sh @@ -53,11 +53,11 @@ wait_server ${PID} #successful case, test whether the ciphers we disable below work echo "Sanity testing" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage1: expected connection to succeed (1)" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage1: expected connection to succeed (2)" @@ -76,43 +76,43 @@ export GNUTLS_SYSTEM_PRIORITY_FILE echo "Testing TLS1.3" echo " * sanity" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage2: expected connection to succeed (1)" echo " * fallback to good options" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage2: expected connection to succeed (2)" echo " * disabled cipher" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null && #>/dev/null && fail ${PID} "stage2: expected connection to fail (1)" echo " * disabled group" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage2: expected connection to fail (2)" echo "Testing TLS1.2" echo " * sanity" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage3: expected connection to succeed (1)" echo " * fallback to good options" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:+AES-256-GCM:-MAC-ALL:+SHA1:+AEAD --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage3: expected connection to succeed (2)" echo " * disabled cipher" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage3: expected connection to fail (1)" echo " * disabled MAC" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage3: expected connection to fail (2)" |