diff options
Diffstat (limited to 'tests/system-override-tls.sh')
-rwxr-xr-x | tests/system-override-tls.sh | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/tests/system-override-tls.sh b/tests/system-override-tls.sh index a0ad3d0e4d..b4623d9927 100755 --- a/tests/system-override-tls.sh +++ b/tests/system-override-tls.sh @@ -53,11 +53,11 @@ wait_server ${PID} #successful case, test whether the ciphers we disable below work echo "Sanity testing" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage1: expected connection to succeed (1)" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage1: expected connection to succeed (2)" @@ -76,43 +76,43 @@ export GNUTLS_SYSTEM_PRIORITY_FILE echo "Testing TLS1.3" echo " * sanity" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage2: expected connection to succeed (1)" echo " * fallback to good options" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage2: expected connection to succeed (2)" echo " * disabled cipher" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null && #>/dev/null && fail ${PID} "stage2: expected connection to fail (1)" echo " * disabled group" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage2: expected connection to fail (2)" echo "Testing TLS1.2" echo " * sanity" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage3: expected connection to succeed (1)" echo " * fallback to good options" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:+AES-256-GCM:-MAC-ALL:+SHA1:+AEAD --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage3: expected connection to succeed (2)" echo " * disabled cipher" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage3: expected connection to fail (1)" echo " * disabled MAC" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage3: expected connection to fail (2)" |