From 444c729e71f10a494edbb32ed31dbab796de0165 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Wed, 26 Sep 2018 23:34:16 +0300 Subject: tlsfuzzer: use random port for tls-fuzzer-cert test Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing usage of random port for server. Signed-off-by: Dmitry Eremin-Solenikov --- tests/suite/tls-fuzzer/gnutls-cert.json | 23 ++++++++++++++++------- tests/suite/tls-fuzzer/tls-fuzzer-cert.sh | 7 +------ 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json index 781ac2db54..fe2b39f2c2 100644 --- a/tests/suite/tls-fuzzer/gnutls-cert.json +++ b/tests/suite/tls-fuzzer/gnutls-cert.json @@ -6,41 +6,50 @@ "--priority=@PRIORITY@", "--port=@PORT@"], "environment": {"PYTHONPATH" : "."}, + "server_hostname": "localhost", + "server_port": @PORT@, "tests" : [ {"name": "test-rsa-sigs-on-certificate-verify.py", "arguments" : ["-k", "tests/clientX509Key.pem", - "-c", "tests/clientX509Cert.pem"] + "-c", "tests/clientX509Cert.pem", + "-p", "@PORT@"] }, {"name" : "test-certificate-verify.py", "arguments" : ["-k", "tests/clientX509Key.pem", - "-c", "tests/clientX509Cert.pem"] + "-c", "tests/clientX509Cert.pem", + "-p", "@PORT@"] }, {"name" : "test-certificate-verify-malformed.py", "arguments" : ["-k", "tests/clientX509Key.pem", - "-c", "tests/clientX509Cert.pem"] + "-c", "tests/clientX509Cert.pem", + "-p", "@PORT@"] }, {"name" : "test-certificate-verify-malformed-sig.py", "arguments" : ["-k", "tests/clientX509Key.pem", - "-c", "tests/clientX509Cert.pem"] + "-c", "tests/clientX509Cert.pem", + "-p", "@PORT@"] }, {"name" : "test-certificate-request.py", "comment" : "tlsfuzzer doesn't like our set of algorithms", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", - "-e", "check sigalgs in cert request"] + "-e", "check sigalgs in cert request", + "-p", "@PORT@"] }, {"name" : "test-rsa-pss-sigs-on-certificate-verify.py", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", "-e", "check CertificateRequest sigalgs", - "-n", "100"] + "-n", "100", + "-p", "@PORT@"] }, {"name": "test-certificate-malformed.py", "comment" : "tlsfuzzer doesn't like the alerts we send", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", "-e", "fuzz empty certificate - overall 7, certs 4, cert 1", - "-e", "fuzz empty certificate - overall 8, certs 5, cert 2"] + "-e", "fuzz empty certificate - overall 8, certs 5, cert 2", + "-p", "@PORT@"] } ] } diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh index 30cfe25c38..761363b7a2 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh @@ -27,11 +27,7 @@ TMPFILE=tls-fuzzer-cert.$$.tmp . "${srcdir}/../scripts/common.sh" -# We hard-code the port because of limitations in tlsfuzzer -#eval "${GETPORT}" -PORT=4433 - -$LOCKFILE +eval "${GETPORT}" pushd tls-fuzzer @@ -68,5 +64,4 @@ rm -f ${TMPFILE} popd popd -$UNLOCKFILE exit $retval -- cgit v1.2.1 From 10364924876ff3cdcdfc685846020beba54681d8 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Wed, 26 Sep 2018 23:34:16 +0300 Subject: tlsfuzzer: use random port for tls-fuzzer-nocert test Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing usage of random port for server. Signed-off-by: Dmitry Eremin-Solenikov --- tests/suite/tls-fuzzer/gnutls-nocert.json | 202 +++++++++++++++++++--------- tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh | 7 +- 2 files changed, 136 insertions(+), 73 deletions(-) diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index 2dc7673ad0..f059f3d7fa 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -8,10 +8,14 @@ "--noticket", "--priority=@PRIORITY@", "--disable-client-cert", "--port=@PORT@"], + "server_hostname": "localhost", + "server_port": @PORT@, "tests" : [ - {"name" : "test-fuzzed-plaintext.py"}, + {"name" : "test-fuzzed-plaintext.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-large-hello.py", "arguments" : [ + "-p", "@PORT@", "two ext, #80 61384 bytes", "two ext, #80 12276 bytes", "ciphers even 8199", @@ -25,15 +29,19 @@ "fragmented, padding ext 0 bytes", "fragmented, padding ext 65354 bytes", "fragmented, padding ext 16213 bytes"]}, - {"name" : "test-ecdsa-sig-flexibility.py"}, + {"name" : "test-ecdsa-sig-flexibility.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-ocsp-stapling.py", - "arguments" : ["--no-status"] }, + "arguments" : ["-p", "@PORT@", + "--no-status"] }, {"name" : "test-encrypt-then-mac-renegotiation.py", "comment" : "we are not strict in EtM required behavior in renegotiation", - "arguments" : ["-e", "Encrypt-then-MAC renegotiation crash"]}, + "arguments" : ["-p", "@PORT@", + "-e", "Encrypt-then-MAC renegotiation crash"]}, {"name" : "test-x25519.py", "comment" : "x448 is not supported", - "arguments" : ["-e", "all zero x448 key share", + "arguments" : ["-p", "@PORT@", + "-e", "all zero x448 key share", "-e", "empty x448 key share", "-e", "sanity - negotiate x448", "-e", "too big x448 key share", @@ -41,113 +49,173 @@ "-e", "x448 key share of \"1\"" ]}, {"name" : "test-cve-2016-7054.py", - "arguments" : ["-e", "sanity"]}, - {"name" : "test-cve-2016-6309.py"}, + "arguments" : ["-p", "@PORT@", + "-e", "sanity"]}, + {"name" : "test-cve-2016-6309.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-invalid-server-name-extension.py", "comment" : "we don't parse past the first valid name, and we don't validate input received", - "arguments" : ["-e", "SNI name with UTF-8", + "arguments" : ["-p", "@PORT@", + "-e", "SNI name with UTF-8", "-e", "multiple host_names in SNI, RFC 6066 compliance", "-e", "incorrect SNI"]}, {"name" : "test-invalid-server-name-extension-resumption.py", "comment" : "we don't follow the RFC precisely on SNI resumption, we cache the SNI and ignore the extensions", - "arguments" : ["-e", "Sanity check, bad SNI", + "arguments" : ["-p", "@PORT@", + "-e", "Sanity check, bad SNI", "-e", "session resume with different SNI", "-e", "session resume with malformed SNI"]}, - {"name" : "test-chacha20.py"}, - {"name" : "test-aes-gcm-nonces.py" }, - {"name" : "test-atypical-padding.py" }, + {"name" : "test-chacha20.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-aes-gcm-nonces.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-atypical-padding.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-bleichenbacher-workaround.py", - "arguments" : ["-n", "20"] + "arguments" : ["-p", "@PORT@", + "-n", "20"] }, - {"name" : "test-clienthello-md5.py"}, + {"name" : "test-clienthello-md5.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-client-compatibility.py", - "arguments" : ["-e", "18: IE 6 on XP", + "arguments" : ["-p", "@PORT@", + "-e", "18: IE 6 on XP", "-e", "52: YandexBot 3.0 on unknown", "-e", "100: IE 6 on XP"]}, - {"name" : "test-conversation.py"}, + {"name" : "test-conversation.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-client-hello-max-size.py", "comment" : "FIXME: we fail with: Handshake buffer length is 131400 (max: 131072)", - "arguments" : ["-e", "max client hello"]}, - {"name" : "test-atypical-padding.py" }, + "arguments" : ["-p", "@PORT@", + "-e", "max client hello"]}, + {"name" : "test-atypical-padding.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-ffdhe-negotiation.py" , "comment" : ["we don't prefer DHE over RSA if RSA is preferred by peer"], - "arguments" : ["-e", "Check if DHE preferred"]}, - {"name" : "test-cve-2016-2107.py"}, - {"name" : "test-dhe-rsa-key-exchange.py"}, + "arguments" : ["-p", "@PORT@", + "-e", "Check if DHE preferred"]}, + {"name" : "test-cve-2016-2107.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-dhe-rsa-key-exchange.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-dhe-rsa-key-exchange-signatures.py", "comment" : "gnutls no longer allows sha224", - "arguments" : ["-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature", + "arguments" : ["-p", "@PORT@", + "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature", "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature", "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature", "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 sha224 signature", "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature"] }, - {"name" : "test-dhe-rsa-key-exchange-with-bad-messages.py"}, - {"name" : "test-early-application-data.py"}, - {"name" : "test-ecdhe-rsa-key-exchange.py"}, - {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py"}, - {"name" : "test-empty-extensions.py"}, - {"name" : "test-export-ciphers-rejected.py"}, - {"name" : "test-extensions.py"}, + {"name" : "test-dhe-rsa-key-exchange-with-bad-messages.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-early-application-data.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-ecdhe-rsa-key-exchange.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-empty-extensions.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-export-ciphers-rejected.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-extensions.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-extended-master-secret-extension.py", "comment" : "gnutls does not allow switching from EMS to no EMS, and w/ECDHE test is incomplete", - "arguments" : ["-e", "renegotiate without EMS in session with EMS", + "arguments" : ["-p", "@PORT@", + "-e", "renegotiate without EMS in session with EMS", "-e", "EMS with session resume without extension"]}, {"name" : "test-fallback-scsv.py", - "arguments" : ["--tls-1.3"]}, - {"name" : "test-fuzzed-ciphertext.py"}, - {"name" : "test-fuzzed-finished.py"}, - {"name" : "test-fuzzed-MAC.py"}, - {"name" : "test-fuzzed-padding.py"}, - {"name" : "test-hello-request-by-client.py"}, + "arguments" : ["-p", "@PORT@", + "--tls-1.3"]}, + {"name" : "test-fuzzed-ciphertext.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-fuzzed-finished.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-fuzzed-MAC.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-fuzzed-padding.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-hello-request-by-client.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py", "comment" : "gnutls doesn't support interleaved data with handshake", "exp_pass" : false}, {"name" : "test-interleaved-application-data-in-renegotiation.py", "comment" : "gnutls doesn't support interleaved data with handshake", "exp_pass" : false}, - {"name" : "test-invalid-cipher-suites.py"}, - {"name" : "test-invalid-client-hello.py"}, - {"name" : "test-invalid-client-hello-w-record-overflow.py"}, - {"name" : "test-invalid-compression-methods.py"}, - {"name" : "test-invalid-content-type.py"}, - {"name" : "test-invalid-rsa-key-exchange-messages.py"}, - {"name" : "test-invalid-session-id.py"}, - {"name" : "test-invalid-version.py"}, - {"name" : "test-large-number-of-extensions.py"}, - {"name" : "test-message-duplication.py"}, - {"name" : "test-message-skipping.py"}, + {"name" : "test-invalid-cipher-suites.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-invalid-client-hello.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-invalid-client-hello-w-record-overflow.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-invalid-compression-methods.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-invalid-content-type.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-invalid-rsa-key-exchange-messages.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-invalid-session-id.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-invalid-version.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-large-number-of-extensions.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-message-duplication.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-message-skipping.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-ocsp-stapling.py", "comment" : "test requires OCSP setup", - "exp_pass" : false}, + "exp_pass" : false, + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-openssl-3712.py", "comment" : "gnutls doesn't support interleaved data with handshake", - "exp_pass" : false}, + "exp_pass" : false, + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-record-layer-fragmentation.py", "comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.", - "arguments" : ["-e", "non fragmented, over fragmentation limit: 65535 fragment - 16332B extension", + "arguments" : ["-p", "@PORT@", + "-e", "non fragmented, over fragmentation limit: 65535 fragment - 16332B extension", "-e", "small, maximum fragmentation: 1 fragment - 20B extension", "-e", "medium, maximum fragmentation: 1 fragment - 1024B extension"]}, - {"name" : "test-sessionID-resumption.py"}, - {"name" : "test-sig-algs.py" - }, + {"name" : "test-sessionID-resumption.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-sig-algs.py", + "arguments" : ["-p", "@PORT@"] }, {"name" : "test-signature-algorithms.py", "comment" : "gnutls doesn't tolerate that much", - "arguments" : ["-e", "tolerance max (32764) number of methods"] + "arguments" : ["-p", "@PORT@", + "-e", "tolerance max (32764) number of methods"] }, - {"name" : "test-sslv2-connection.py"}, - {"name" : "test-sslv2-force-cipher-3des.py"}, - {"name" : "test-sslv2-force-cipher-non3des.py"}, - {"name" : "test-sslv2-force-cipher.py"}, - {"name" : "test-sslv2-force-export-cipher.py"}, - {"name" : "test-sslv2hello-protocol.py"}, - {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py"}, - {"name" : "test-truncating-of-client-hello.py" }, - {"name" : "test-truncating-of-finished.py"}, - {"name" : "test-truncating-of-kRSA-client-key-exchange.py"}, - {"name" : "test-unsupported-curve-fallback.py"}, - {"name" : "test-version-numbers.py"}, - {"name" : "test-zero-length-data.py"} + {"name" : "test-sslv2-connection.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-sslv2-force-cipher-3des.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-sslv2-force-cipher-non3des.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-sslv2-force-cipher.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-sslv2-force-export-cipher.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-sslv2hello-protocol.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-truncating-of-client-hello.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-truncating-of-finished.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-truncating-of-kRSA-client-key-exchange.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-unsupported-curve-fallback.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-version-numbers.py", + "arguments" : ["-p", "@PORT@"] }, + {"name" : "test-zero-length-data.py", + "arguments" : ["-p", "@PORT@"] } ] } ] diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh index f577f71249..c1175e0e74 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh @@ -27,11 +27,7 @@ TMPFILE=tls-fuzzer.$$.tmp . "${srcdir}/../scripts/common.sh" -# We hard-code the port because of limitations in tlsfuzzer -#eval "${GETPORT}" -PORT=4433 - -$LOCKFILE +eval "${GETPORT}" pushd tls-fuzzer @@ -69,5 +65,4 @@ rm -f ${TMPFILE} popd popd -$UNLOCKFILE exit $retval -- cgit v1.2.1 From f16277c2f996cd722a1b9048f11e9ae54401e453 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Thu, 27 Sep 2018 00:35:20 +0300 Subject: tlsfuzzer: move common code to separate file Move common code to tls-fuzzer-common.sh to ease further adjustments. Signed-off-by: Dmitry Eremin-Solenikov --- tests/suite/Makefile.am | 2 +- tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh | 40 ++-------------- tests/suite/tls-fuzzer/tls-fuzzer-cert.sh | 40 ++-------------- tests/suite/tls-fuzzer/tls-fuzzer-common.sh | 56 +++++++++++++++++++++++ tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh | 40 ++-------------- tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh | 40 ++-------------- tests/suite/tls-fuzzer/tls-fuzzer-psk.sh | 39 ++-------------- 7 files changed, 72 insertions(+), 185 deletions(-) create mode 100755 tests/suite/tls-fuzzer/tls-fuzzer-common.sh diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index 9778538000..f43fe90eee 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -86,7 +86,7 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c \ EXTRA_DIST += testcompat-main-polarssl testcompat-main-openssl \ - testcompat-common params.dh + testcompat-common params.dh tls-fuzzer/tls-fuzzer-common.sh scripts_to_test = chain.sh \ testrng.sh testcompat-polarssl.sh testcompat-openssl.sh \ diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh index 80ebfc57b1..07ab0fa7f0 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh @@ -19,49 +19,15 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -SERV="../../../../src/gnutls-serv${EXEEXT}" -CLI="../../../../src/gnutls-cli${EXEEXT}" - -OUTFILE=tls-fuzzer.debug.log -TMPFILE=tls-fuzzer.$$.tmp - -. "${srcdir}/../scripts/common.sh" - -eval "${GETPORT}" - -pushd tls-fuzzer - -if ! test -d tlsfuzzer;then - exit 77 -fi - -rm -f "$OUTFILE" - -pushd tlsfuzzer -test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa -test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null - -wait_for_free_port $PORT - -retval=0 +tls_fuzzer_prepare() { PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0" ${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1 if test $? != 0;then PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0" fi -TLS_PY=./tlslite-ng/scripts/tls.py -#TLS_PY=$(which tls.py) - sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-alpn.json >${TMPFILE} +} -PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV} -retval=$? - -rm -f ${TMPFILE} - -popd -popd - -exit $retval +. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh index 761363b7a2..054343fc28 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-cert.sh @@ -19,49 +19,15 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -SERV="../../../../src/gnutls-serv${EXEEXT}" -CLI="../../../../src/gnutls-cli${EXEEXT}" - -OUTFILE=tls-fuzzer-cert.debug.log -TMPFILE=tls-fuzzer-cert.$$.tmp - -. "${srcdir}/../scripts/common.sh" - -eval "${GETPORT}" - -pushd tls-fuzzer - -if ! test -d tlsfuzzer;then - exit 77 -fi - -rm -f "$OUTFILE" - -pushd tlsfuzzer -test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa -test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null - -wait_for_free_port $PORT - -retval=0 +tls_fuzzer_prepare() { PRIORITY="NORMAL:+ARCFOUR-128:%VERIFY_ALLOW_SIGN_WITH_SHA1:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0" ${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1 if test $? != 0;then PRIORITY="NORMAL:+ARCFOUR-128:%VERIFY_ALLOW_SIGN_WITH_SHA1:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0" fi -TLS_PY=./tlslite-ng/scripts/tls.py -#TLS_PY=$(which tls.py) - sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-cert.json >${TMPFILE} +} -PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV} -retval=$? - -rm -f ${TMPFILE} - -popd -popd - -exit $retval +. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-common.sh b/tests/suite/tls-fuzzer/tls-fuzzer-common.sh new file mode 100755 index 0000000000..cb44656220 --- /dev/null +++ b/tests/suite/tls-fuzzer/tls-fuzzer-common.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +# Copyright (C) 2016-2018 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +SERV="../../../../src/gnutls-serv${EXEEXT}" +CLI="../../../../src/gnutls-cli${EXEEXT}" + +TMPFILE=tls-fuzzer.$$.tmp +PSKFILE=tls-fuzzer.psk.$$.tmp + +. "${srcdir}/../scripts/common.sh" + +eval "${GETPORT}" + +pushd tls-fuzzer + +if ! test -d tlsfuzzer;then + exit 77 +fi + +pushd tlsfuzzer +test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa +test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null + +wait_for_free_port $PORT + +retval=0 + +tls_fuzzer_prepare + +PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV} +retval=$? + +rm -f ${TMPFILE} +[ -f "${PSKFILE}" ] && rm -f ${PSKFILE} + +popd +popd + +exit $retval diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh index f5d94dd692..aab37db5e2 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-tls13.sh @@ -19,47 +19,13 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -SERV="../../../../src/gnutls-serv${EXEEXT}" -CLI="../../../../src/gnutls-cli${EXEEXT}" - -OUTFILE=tls-fuzzer.debug.log -TMPFILE=tls-fuzzer.$$.tmp - -. "${srcdir}/../scripts/common.sh" - -eval "${GETPORT}" - -pushd tls-fuzzer - -if ! test -d tlsfuzzer;then - exit 77 -fi - -rm -f "$OUTFILE" - -pushd tlsfuzzer -test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa -test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null - -wait_for_free_port $PORT - -retval=0 +tls_fuzzer_prepare() { PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1" -TLS_PY=./tlslite-ng/scripts/tls.py -#TLS_PY=$(which tls.py) - sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert-tls13.json >${TMPFILE} sed -i 's/(127, 28)/(3, 4)/g' ./tlslite/constants.py +} -PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV} -retval=$? - -rm -f ${TMPFILE} - -popd -popd - -exit $retval +. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh index c1175e0e74..77a1d050cd 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh @@ -19,32 +19,8 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -SERV="../../../../src/gnutls-serv${EXEEXT}" -CLI="../../../../src/gnutls-cli${EXEEXT}" - -OUTFILE=tls-fuzzer.debug.log -TMPFILE=tls-fuzzer.$$.tmp - -. "${srcdir}/../scripts/common.sh" - -eval "${GETPORT}" - -pushd tls-fuzzer - -if ! test -d tlsfuzzer;then - exit 77 -fi - -rm -f "$OUTFILE" - -pushd tlsfuzzer -test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa -test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null - -wait_for_free_port $PORT - -retval=0 +tls_fuzzer_prepare() { VERSIONS="-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0" PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:${VERSIONS}:+SHA256" ${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1 @@ -52,17 +28,7 @@ if test $? != 0;then PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:${VERSIONS}:+SHA256" fi -TLS_PY=./tlslite-ng/scripts/tls.py -#TLS_PY=$(which tls.py) - sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert.json >${TMPFILE} +} -PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV} -retval=$? - -rm -f ${TMPFILE} - -popd -popd - -exit $retval +. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh" diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh b/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh index 096e5ed1f2..cc2e6df0d4 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh @@ -19,33 +19,8 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -SERV="../../../../src/gnutls-serv${EXEEXT}" -CLI="../../../../src/gnutls-cli${EXEEXT}" - -OUTFILE=tls-fuzzer.debug.log -TMPFILE=tls-fuzzer.$$.tmp -PSKFILE=tls-fuzzer.psk.$$.tmp - -. "${srcdir}/../scripts/common.sh" - -eval "${GETPORT}" - -pushd tls-fuzzer - -if ! test -d tlsfuzzer;then - exit 77 -fi - -rm -f "$OUTFILE" - -pushd tlsfuzzer -test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa -test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null - -wait_for_free_port $PORT - -retval=0 +tls_fuzzer_prepare() { PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:-KX-ALL:+DHE-PSK:+ECDHE-PSK:+PSK" PSKKEY=8a7759b3f26983c453e448060bde8981 @@ -56,14 +31,6 @@ sed -e "s|@SERVER@|$SERV|g" -e "s/@PSKKEY@/$PSKKEY/g" -e "s/@PSKID@/$PSKID/g" -e cat >${PSKFILE} <<_EOF_ ${PSKID}:${PSKKEY} _EOF_ +} -PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV} -retval=$? - -rm -f ${TMPFILE} -rm -f ${PSKFILE} - -popd -popd - -exit $retval +. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh" -- cgit v1.2.1 From 9165a7394a728d6b3353c6e9b99d0c35c2e79b01 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Mon, 24 Sep 2018 16:07:19 +0300 Subject: tlsfuzzer: add missing script Makefile.am refers tls-fuzzer-nocert-ssl3.sh script, which is missing in the source tree. Add it back. Signed-off-by: Dmitry Eremin-Solenikov --- tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh | 29 ++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100755 tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh new file mode 100755 index 0000000000..37efc16241 --- /dev/null +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert-ssl3.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Copyright (C) 2016-2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" + +tls_fuzzer_prepare() { +PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:-VERS-ALL:+VERS-SSL3.0" + +sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-nocert-ssl3.json >${TMPFILE} +} + +. "${srcdir}/tls-fuzzer/tls-fuzzer-common.sh" -- cgit v1.2.1 From 4eb09b0b1d6d1e6bd747668577cd2c7c367abb2f Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 25 Sep 2018 17:00:14 +0300 Subject: .gitlab-ci.yml: reenable full test suite in SSL-3.0/SHA-1 case Reenable full test suite run in SSL-3.0/SHA-1 CI test case to let us catch issues in legacy code. Signed-off-by: Dmitry Eremin-Solenikov --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5c8a297ead..79fc484bd3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -119,7 +119,7 @@ SSL-3.0.Fedora.x86_64: script: - ./bootstrap - mkdir -p build && cd build && - dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --enable-sha1-support --enable-ssl3-support --disable-ssl2-support --disable-full-test-suite --enable-seccomp-tests --disable-doc --disable-guile && + dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --enable-sha1-support --enable-ssl3-support --disable-ssl2-support --enable-seccomp-tests --disable-doc --disable-guile && make -j$(nproc) && make check -j$(nproc) - cd .. tags: -- cgit v1.2.1 From d5a3e18f146917428e284c7c346426696844af6e Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Thu, 27 Sep 2018 00:42:21 +0300 Subject: tlsfuzzer: support running from separate build dir Adapt tls-fuzzer-common.sh script to be able to run tests in case srcdir != builddir. Signed-off-by: Dmitry Eremin-Solenikov --- tests/suite/tls-fuzzer/tls-fuzzer-common.sh | 17 ++++++++--------- tests/suite/tls-fuzzer/tls-fuzzer-psk.sh | 2 +- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-common.sh b/tests/suite/tls-fuzzer/tls-fuzzer-common.sh index cb44656220..111fd44970 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-common.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-common.sh @@ -18,23 +18,23 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -SERV="../../../../src/gnutls-serv${EXEEXT}" -CLI="../../../../src/gnutls-cli${EXEEXT}" +builddir=`pwd` +CLI="${builddir}/../../src/gnutls-cli${EXEEXT}" +SERV="${builddir}/../../src/gnutls-serv${EXEEXT}" -TMPFILE=tls-fuzzer.$$.tmp -PSKFILE=tls-fuzzer.psk.$$.tmp +TMPFILE="${builddir}/tls-fuzzer.$$.tmp" +PSKFILE="${builddir}/tls-fuzzer.psk.$$.tmp" . "${srcdir}/../scripts/common.sh" eval "${GETPORT}" -pushd tls-fuzzer - -if ! test -d tlsfuzzer;then +if ! test -d "${srcdir}/tls-fuzzer/tlsfuzzer" ; then exit 77 fi -pushd tlsfuzzer +pushd "${srcdir}/tls-fuzzer/tlsfuzzer" + test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null @@ -50,7 +50,6 @@ retval=$? rm -f ${TMPFILE} [ -f "${PSKFILE}" ] && rm -f ${PSKFILE} -popd popd exit $retval diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh b/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh index cc2e6df0d4..aeefae9a5e 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-psk.sh @@ -26,7 +26,7 @@ PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:-KX-ALL:+DHE-P PSKKEY=8a7759b3f26983c453e448060bde8981 PSKID=test -sed -e "s|@SERVER@|$SERV|g" -e "s/@PSKKEY@/$PSKKEY/g" -e "s/@PSKID@/$PSKID/g" -e "s/@PSKFILE@/$PSKFILE/g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-psk.json >${TMPFILE} +sed -e "s|@SERVER@|$SERV|g" -e "s/@PSKKEY@/$PSKKEY/g" -e "s/@PSKID@/$PSKID/g" -e "s^@PSKFILE@^$PSKFILE^g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-psk.json >${TMPFILE} cat >${PSKFILE} <<_EOF_ ${PSKID}:${PSKKEY} -- cgit v1.2.1 From 8ec89fc6320cdfc7a9d7551d9834cb4d0492884c Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Thu, 27 Sep 2018 01:05:09 +0300 Subject: tlsfuzzer: disable SSL3.0 in export-ciphers-rejected test These tests will fail with SSL3.0-enabled gnutls-serv unless --ssl3 option was passed. We will run these tests anyway from gnutls-nocert-ssl3.json, so disable them here. Signed-off-by: Dmitry Eremin-Solenikov --- tests/suite/tls-fuzzer/gnutls-nocert.json | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index f059f3d7fa..6ddb6ebbe0 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -118,7 +118,27 @@ {"name" : "test-empty-extensions.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-export-ciphers-rejected.py", - "arguments" : ["-p", "@PORT@"] }, + "comment" : "disable SSL3.0 here, will be tested separately", + "arguments" : ["-p", "@PORT@", + "-e", "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3", + "-e", "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 with AES_128 in SSLv3", + "-e", "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3", + "-e", "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3", + "-e", "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA with AES_128 in SSLv3", + "-e", "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA with AES_128 in SSLv3", + "-e", "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3", + "-e", "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3", + "-e", "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 with AES_128 in SSLv3", + "-e", "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA with AES_128 in SSLv3", + "-e", "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 with AES_128 in SSLv3", + "-e", "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA with AES_128 in SSLv3", + "-e", "TLS_KRB5_EXPORT_WITH_RC4_40_MD5 with AES_128 in SSLv3", + "-e", "TLS_KRB5_EXPORT_WITH_RC4_40_SHA with AES_128 in SSLv3", + "-e", "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA with AES_128 in SSLv3", + "-e", "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA with AES_128 in SSLv3", + "-e", "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA with AES_128 in SSLv3", + "-e", "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 with AES_128 in SSLv3", + "-e", "TLS_RSA_EXPORT_WITH_RC4_40_MD5 with AES_128 in SSLv3"] }, {"name" : "test-extensions.py", "arguments" : ["-p", "@PORT@"] }, {"name" : "test-extended-master-secret-extension.py", -- cgit v1.2.1 From c6b5e2917bcf32c3568682dc5d9d1bc338a7d900 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Thu, 27 Sep 2018 11:02:33 +0300 Subject: .gitlab-ci.yml: reenable SSLv2 hello support for SSL-3.0.Fedora.x86_64 Reenable SSLv2 hello support to let several SSL-3.0 tls-fuzzer tests pass. Signed-off-by: Dmitry Eremin-Solenikov --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 79fc484bd3..e9d23727e1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -119,7 +119,7 @@ SSL-3.0.Fedora.x86_64: script: - ./bootstrap - mkdir -p build && cd build && - dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --enable-sha1-support --enable-ssl3-support --disable-ssl2-support --enable-seccomp-tests --disable-doc --disable-guile && + dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --enable-sha1-support --enable-ssl3-support --enable-seccomp-tests --disable-doc --disable-guile && make -j$(nproc) && make check -j$(nproc) - cd .. tags: -- cgit v1.2.1