diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-13 06:40:08 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-13 07:08:08 +0200 |
commit | b2511acfc8b7b3b0c686b7fdfc1c993066f1fca1 (patch) | |
tree | 1c2555970ecf16c7bc6392ce86cc6db6f74afa46 | |
parent | 6f6574f745a011ad5819d6100ecadab0bea5aa51 (diff) | |
download | gnutls-b2511acfc8b7b3b0c686b7fdfc1c993066f1fca1.tar.gz |
tests: added unit test of gnutls-cli-debug
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rwxr-xr-x | tests/gnutls-cli-debug.sh | 71 |
1 files changed, 66 insertions, 5 deletions
diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 6afab643cf..4cdc6ba7e1 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Copyright (C) 2017 Red Hat, Inc. # @@ -23,6 +23,7 @@ srcdir="${srcdir:-.}" SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" DCLI="${DCLI:-../src/gnutls-cli-debug${EXEEXT}}" +OUTFILE=cli-debug.$$.tmp unset RETCODE if ! test -x "${SERV}"; then @@ -48,7 +49,6 @@ SERV="${SERV} -q" check_for_datefudge -echo "Checking whether server can utilize multiple keys" KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem @@ -59,16 +59,77 @@ CERT3=${srcdir}/../doc/credentials/x509/cert-rsa-pss.pem CAFILE=${srcdir}/../doc/credentials/x509/ca.pem TMPFILE=outcert.$$.tmp +# TLS1.1 and TLS1.2 test +echo "Checking output of gnutls-cli-debug for TLS1.1 and TLS1.2 server" + +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 +PID=$! +wait_server ${PID} + +timeout 1800 datefudge "2017-08-9" \ +"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" + +kill ${PID} +wait + + +declare -a arr=("whether we need to disable TLS 1.2... no" "for TLS 1.0 (RFC2246) support... no" + "for TLS 1.1 (RFC4346) support... yes" "for TLS 1.2 (RFC5246) support... yes" + "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" "for safe renegotiation (RFC5746) support... yes" + "for encrypt-then-MAC (RFC7366) support... yes" "for ext master secret (RFC7627) support... yes" + "for RFC7919 Diffie-Hellman support... yes" "for curve SECP256r1 (RFC4492)... yes" + "for AES-GCM cipher (RFC5288) support... yes" "for CHACHA20-POLY1305 cipher (RFC7905) support... yes" + "for SHA1 MAC support... yes" "for MD5 MAC support... no" "for ARCFOUR 128 cipher (RFC2246) support... no") + +for txt in "${arr[@]}" +do + echo " - Checking ${OUTFILE} for \"${txt}\"" + grep "$txt" $OUTFILE >/dev/null + if test $? != 0;then + echo "failed" + exit 1 + fi +done + +rm -f ${OUTFILE} + +# TLS1.3 and TLS1.2 test +echo "" +echo "Checking output of gnutls-cli-debug for TLS1.3 and TLS1.2 server" + eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ - --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} +launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 PID=$! wait_server ${PID} timeout 1800 datefudge "2017-08-9" \ -"${DCLI}" -p "${PORT}" localhost || fail ${PID} "gnutls-cli-debug run should have succeeded!" +"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} wait +declare -a arr=("whether we need to disable TLS 1.2... no" "for TLS 1.0 (RFC2246) support... no" + "for TLS 1.1 (RFC4346) support... no" "for TLS 1.2 (RFC5246) support... yes" + "for TLS 1.3 (draft-ietf-tls-tls13-28) support... yes" + "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" "for safe renegotiation (RFC5746) support... yes" + "for encrypt-then-MAC (RFC7366) support... yes" "for ext master secret (RFC7627) support... yes" + "for RFC7919 Diffie-Hellman support... yes" "for curve SECP256r1 (RFC4492)... yes" + "for AES-GCM cipher (RFC5288) support... yes" "for CHACHA20-POLY1305 cipher (RFC7905) support... yes" + "for SHA1 MAC support... yes" "for MD5 MAC support... no" "for ARCFOUR 128 cipher (RFC2246) support... no") + +for txt in "${arr[@]}" +do + echo " - Checking ${OUTFILE} for \"${txt}\"" + grep "$txt" $OUTFILE >/dev/null + if test $? != 0;then + echo "failed" + exit 1 + fi +done + +rm -f ${OUTFILE} + exit 0 |