diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-03-23 19:44:52 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-03-23 19:44:52 +0100 |
| commit | 23028c44cbb18a8e0cf0e41014f913f179c8fada (patch) | |
| tree | 3890a273ae895c45c3772c1dadb99039e2b8fb7c /tests | |
| parent | 276d69961600f4de7206ec56575c4cd79b792c15 (diff) | |
| download | gnutls-23028c44cbb18a8e0cf0e41014f913f179c8fada.tar.gz | |
Added DSA tests for client certificates as well.
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/dsa/testdsa | 62 |
1 files changed, 50 insertions, 12 deletions
diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa index 94ad95eeab..bbd0802e46 100755 --- a/tests/dsa/testdsa +++ b/tests/dsa/testdsa @@ -24,6 +24,7 @@ srcdir="${srcdir:-.}" SERV="${SERV:-../../src/gnutls-serv} -q" CLI="${CLI:-../../src/gnutls-cli}" PORT="${PORT:-5559}" +DEBUG="" unset RETCODE fail() { @@ -37,14 +38,32 @@ echo "Checking various DSA key sizes" echo "Checking DSA-1024 with TLS 1.0" -$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 & +$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 & # give the server a chance to initialize sleep 2 -$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ fail "Failed connection to a server with DSA 1024 key and TLS 1.0!" +echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0" + +#try with client key of 1024 bits (should succeed) +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null >/dev/null || \ + fail "Failed connection to a server with DSA 1024 key and TLS 1.0!" + +echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0" + +#try with client key of 2048 bits (should fail) +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null 2>&1 && \ + fail "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!" + +echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0" + +#try with client key of 3072 bits (should fail) +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null 2>&1 && \ + fail "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!" + kill %1 wait @@ -52,14 +71,33 @@ wait echo "Checking DSA-1024 with TLS 1.2" -$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 & +$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 & # give the server a chance to initialize sleep 2 -$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ fail "Failed connection to a server with DSA 1024 key and TLS 1.2!" +echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2" + +#try with client key of 1024 bits (should succeed) +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null >/dev/null || \ + fail "Failed connection to a server with DSA 1024 key and TLS 1.2!" + +echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2" + +#try with client key of 2048 bits (should succeed) +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null || \ + fail "Failed connection to a server with a client DSA 2048 key and TLS 1.2!" + +echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2" + +#try with client key of 3072 bits (should succeed) +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null || \ + fail "Failed connection to a server with a client DSA 3072 key and TLS 1.2!" + + kill %1 wait @@ -67,12 +105,12 @@ wait echo "Checking DSA-2048 with TLS 1.0" -$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & +$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & # give the server a chance to initialize sleep 2 -$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!" kill %1 @@ -82,12 +120,12 @@ wait echo "Checking DSA-2048 with TLS 1.2" -$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & +$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & # give the server a chance to initialize sleep 2 -$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ fail "Failed connection to a server with DSA 2048 key and TLS 1.2!" kill %1 @@ -97,12 +135,12 @@ wait echo "Checking DSA-3072 with TLS 1.0" -$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & +$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & # give the server a chance to initialize sleep 2 -$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!" kill %1 @@ -112,12 +150,12 @@ wait echo "Checking DSA-3072 with TLS 1.2" -$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & +$SERV $DEBUG -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & # give the server a chance to initialize sleep 2 -$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ +$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ fail "Failed connection to a server with DSA 3072 key and TLS 1.2!" kill %1 |