diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-04-11 21:55:34 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-04-11 21:55:34 +0200 |
| commit | d2568a57b69140d654c5c86660d9cbc246862aba (patch) | |
| tree | 875d348499b97b83c0f040b5bf4c2175a6261ed2 /tests | |
| parent | b7cd6d7b233e142b1df336e3d1294361f9e71d8c (diff) | |
| download | gnutls-d2568a57b69140d654c5c86660d9cbc246862aba.tar.gz | |
Added TLS 1.2 interop tests.
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/suite/testcompat-main | 106 |
1 files changed, 90 insertions, 16 deletions
diff --git a/tests/suite/testcompat-main b/tests/suite/testcompat-main index 34c5c83e91..e1ffb94437 100755 --- a/tests/suite/testcompat-main +++ b/tests/suite/testcompat-main @@ -39,8 +39,12 @@ $SERV version|grep -e 1\.0 >/dev/null 2>&1 SV=$? if test $SV != 0;then echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests" + exit 77 fi +$SERV version|grep -e 1\.0\.1 >/dev/null 2>&1 +SV2=$? + DSA_CERT=$srcdir/../dsa/cert.dsa.1024.pem DSA_KEY=$srcdir/../dsa/dsa.1024.pem @@ -115,15 +119,11 @@ echo "Checking TLS 1.0 with DHE-RSA..." $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ fail $PID "Failed" -if test $SV = 0;then - # Test TLS 1.0 with DHE-RSA ciphersuite echo "Checking TLS 1.0 with ECDHE-RSA..." $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ fail $PID "Failed" -fi - # Test TLS 1.0 with DHE-DSS ciphersuite echo "Checking TLS 1.0 with DHE-DSS..." $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ @@ -132,8 +132,6 @@ $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL kill $PID wait -if test $SV = 0;then - #-cipher ECDHE-ECDSA-AES128-SHA launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC_KEY -cert $ECC_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT & PID=$! @@ -147,13 +145,49 @@ $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL kill $PID wait -fi +if test $SV2 = 0;then +# Tests requiring openssl 1.0.1 - TLS 1.2 +#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA +launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & +PID=$! +wait_server $PID -launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & +echo "Checking TLS 1.2 with RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ + fail $PID "Failed" + +echo "Checking TLS 1.2 with DHE-RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ + fail $PID "Failed" + +echo "Checking TLS 1.2 with ECDHE-RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ + fail $PID "Failed" + +echo "Checking TLS 1.2 with DHE-DSS..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ + fail $PID "Failed" + +kill $PID +wait + +#-cipher ECDHE-ECDSA-AES128-SHA +launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC_KEY -cert $ECC_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT & PID=$! wait_server $PID -if test $SV = 0;then +echo "Checking TLS 1.2 with ECDHE-ECDSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL" --insecure --x509certfile $ECC_CERT --x509keyfile $ECC_KEY </dev/null >/dev/null || \ + fail $PID "Failed" + +kill $PID +wait + +fi #SV2 + +launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & +PID=$! +wait_server $PID # Test DTLS 1.0 with RSA ciphersuite echo "Checking DTLS 1.0 with RSA..." @@ -184,8 +218,6 @@ echo "Checking DTLS 1.0 with DHE-DSS..." $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \ fail $PID "Failed" -fi - kill $PID wait @@ -274,8 +306,6 @@ $OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $C kill $PID wait -if test $SV = 0;then - echo "Check TLS 1.0 with ECDHE-RSA ciphersuite" launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! wait_server $PID @@ -298,6 +328,53 @@ $OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC_CERT -key $E kill $PID wait +if test $SV2 = 0;then + +echo "Check TLS 1.2 with DHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with DHE-DSS ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! +wait_server $PID + +$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-RSA-AES128-SHA +$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + +echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC_CERT --x509keyfile $ECC_KEY --x509cafile $CA_ECC_CERT & PID=$! +wait_server $PID + +#-cipher ECDHE-ECDSA-AES128-SHA +$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC_CERT -key $ECC_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \ + fail $PID "Failed" + +kill $PID +wait + + +fi #SV2 + # DTLS echo "Check DTLS 1.0 with RSA ciphersuite" launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! @@ -329,7 +406,4 @@ $CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY kill $PID wait -fi - - exit 0 |