[gnutls-devel] [PATCH 2/2] tests: tab indent + minor style changes
Alon Bar-Lev
alon.barlev at gmail.com
Sun Jun 21 19:43:35 CEST 2015
Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>
---
tests/cert-tests/aki | 12 +-
tests/cert-tests/certtool | 50 +-
tests/cert-tests/crq | 12 +-
tests/cert-tests/dane | 2 +-
tests/cert-tests/email | 36 +-
tests/cert-tests/invalid-sig | 16 +-
tests/cert-tests/pathlen | 18 +-
tests/cert-tests/pem-decoding | 32 +-
tests/cert-tests/pkcs7 | 80 +--
tests/cert-tests/template-test | 254 ++++---
tests/dsa/testdsa | 48 +-
tests/dtls/dtls | 4 +-
tests/dtls/dtls-nb | 4 +-
tests/ecdsa/ecdsa | 64 +-
tests/key-tests/key-id | 8 +-
tests/key-tests/pkcs8 | 54 +-
tests/nist-pkits/gnutls_test_entry | 26 +-
tests/nist-pkits/pkits_crl | 12 +-
tests/nist-pkits/pkits_crt | 12 +-
tests/nist-pkits/pkits_pkcs12 | 12 +-
tests/nist-pkits/pkits_smime | 24 +-
tests/nist-pkits/pkits_test | 4 +-
tests/openpgp-certs/testcerts | 25 +-
tests/openpgp-certs/testselfsigs | 20 +-
tests/pkcs1-padding/pkcs1-pad | 28 +-
tests/pkcs12-decode/pkcs12 | 68 +-
tests/pkcs8-decode/pkcs8 | 66 +-
tests/rfc2253-escape-test | 14 +-
tests/rsa-md5-collision/rsa-md5-collision | 12 +-
tests/sha2/sha2 | 76 +--
tests/sha2/sha2-dsa | 58 +-
tests/slow/override-ciphers | 34 +-
tests/slow/test-ciphers | 52 +-
tests/suite/certs/create-chain.sh | 128 ++--
tests/suite/chain | 66 +-
tests/suite/crl-test | 12 +-
tests/suite/eagain | 12 +-
tests/suite/invalid-cert | 6 +-
tests/suite/testcompat-main-openssl | 1027 +++++++++++++++--------------
tests/suite/testcompat-main-polarssl | 662 ++++++++++---------
tests/suite/testcompat-openssl | 16 +-
tests/suite/testcompat-polarssl | 10 +-
tests/suite/testdane | 52 +-
tests/suite/testpkcs11 | 616 ++++++++---------
tests/suite/testpkcs11.pkcs15 | 40 +-
tests/suite/testpkcs11.sc-hsm | 48 +-
tests/suite/testpkcs11.softhsm | 86 +--
tests/suite/testrandom | 83 ++-
tests/suite/testrng | 88 +--
tests/suite/testsrn | 30 +-
tests/userid/userid | 10 +-
51 files changed, 2137 insertions(+), 2092 deletions(-)
diff --git a/tests/cert-tests/aki b/tests/cert-tests/aki
index 5f130cc..6d71a28 100755
--- a/tests/cert-tests/aki
+++ b/tests/cert-tests/aki
@@ -25,17 +25,17 @@ set -e
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/aki-cert.pem" \
- |grep -v "Algorithm Security Level" > tmp-aki.pem
+ |grep -v "Algorithm Security Level" > tmp-aki.pem
rc=$?
if test "${rc}" != "0"; then
- echo "info failed"
- exit ${rc}
+ echo "info failed"
+ exit ${rc}
fi
@@ -44,7 +44,7 @@ rc=$?
# We're done.
if test "${rc}" != "0"; then
- exit ${rc}
+ exit ${rc}
fi
rm -f tmp-aki.pem
diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool
index ce02ec8..4df4a5d 100755
--- a/tests/cert-tests/certtool
+++ b/tests/cert-tests/certtool
@@ -23,58 +23,58 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
#check whether "funny" spaces can be interpreted
id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/funny-spacing.pem" --hash sha1`
rc=$?
-if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then
- echo "Key-ID1 doesn't match the expected: ${id}"
- exit 1
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+ echo "Key-ID1 doesn't match the expected: ${id}"
+ exit 1
fi
id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/funny-spacing.pem"`
rc=$?
-if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then
- echo "Default key-ID1 doesn't match the expected; did the defaults change? ID: ${id}"
- exit 1
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+ echo "Default key-ID1 doesn't match the expected; did the defaults change? ID: ${id}"
+ exit 1
fi
id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha1`
rc=$?
-if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3";then
- echo "Key-ID2 doesn't match the expected: ${id}"
- exit 1
+if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then
+ echo "Key-ID2 doesn't match the expected: ${id}"
+ exit 1
fi
id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha256`
rc=$?
-if test "${id}" != "118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d";then
- echo "Key-ID3 doesn't match the expected: ${id}"
- exit 1
+if test "${id}" != "118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d"; then
+ echo "Key-ID3 doesn't match the expected: ${id}"
+ exit 1
fi
#fingerprint
id=`${VALGRIND} "${CERTTOOL}" --fingerprint --infile "${srcdir}/funny-spacing.pem"`
rc=$?
-if test "${id}" != "8f735c5ddefd723f59b6a3bb2ac0522470c0182f";then
- echo "Fingerprint doesn't match the expected: 3"
- exit 1
+if test "${id}" != "8f735c5ddefd723f59b6a3bb2ac0522470c0182f"; then
+ echo "Fingerprint doesn't match the expected: 3"
+ exit 1
fi
id=`${VALGRIND} "${CERTTOOL}" --fingerprint --hash sha256 --infile "${srcdir}/funny-spacing.pem"`
rc=$?
-if test "${id}" != "fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f";then
- echo "Fingerprint doesn't match the expected: 4"
- exit 1
+if test "${id}" != "fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f"; then
+ echo "Fingerprint doesn't match the expected: 4"
+ exit 1
fi
export TZ="UTC"
@@ -83,17 +83,17 @@ export TZ="UTC"
TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
if test "$TSTAMP" != "1158969600"; then
echo $TSTAMP
- echo "You need datefudge to run this test"
- exit 77
+ echo "You need datefudge to run this test"
+ exit 77
fi
cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \
${VALGRIND} "${CERTTOOL}" --verify-chain
rc=$?
-if test "${rc}" != "0";then
- echo "There was an issue verifying the chain"
- exit 1
+if test "${rc}" != "0"; then
+ echo "There was an issue verifying the chain"
+ exit 1
fi
diff --git a/tests/cert-tests/crq b/tests/cert-tests/crq
index cc2bbfe..50b78c8 100755
--- a/tests/cert-tests/crq
+++ b/tests/cert-tests/crq
@@ -25,8 +25,8 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
fi
OUTFILE=out.tmp
@@ -35,14 +35,14 @@ rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Invalid crq decoding failed"
- exit ${rc}
+ echo "Invalid crq decoding failed"
+ exit ${rc}
fi
grep "error: get_key_id" "${OUTFILE}" >/dev/null 2>&1
if test "$?" != "0"; then
- echo "crq decoding didn't fail as expected"
- exit 1
+ echo "crq decoding didn't fail as expected"
+ exit 1
fi
rm -f "${OUTFILE}"
diff --git a/tests/cert-tests/dane b/tests/cert-tests/dane
index e019ef7..f2aa341 100755
--- a/tests/cert-tests/dane
+++ b/tests/cert-tests/dane
@@ -37,7 +37,7 @@ rm -f tmp-dane.rr
# We're done.
if test "${rc}" != "0"; then
- exit ${rc}
+ exit ${rc}
fi
exit 0
diff --git a/tests/cert-tests/email b/tests/cert-tests/email
index e12ee6b..8efe18e 100755
--- a/tests/cert-tests/email
+++ b/tests/cert-tests/email
@@ -23,72 +23,72 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF=$"{DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email test at example.com
rc=$?
if test "${rc}" != "1"; then
- echo "email test 1 failed"
- exit 1
+ echo "email test 1 failed"
+ exit 1
fi
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email invalid at example.com
rc=$?
if test "${rc}" != "1"; then
- echo "email test 2 failed"
- exit 1
+ echo "email test 2 failed"
+ exit 1
fi
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email test at example.com
rc=$?
if test "${rc}" != "0"; then
- echo "email test 3 failed"
- exit 1
+ echo "email test 3 failed"
+ exit 1
fi
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email invalid at example.com
rc=$?
if test "${rc}" != "1"; then
- echo "email test 4 failed"
- exit 1
+ echo "email test 4 failed"
+ exit 1
fi
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email invalid at example.com
rc=$?
if test "${rc}" != "1"; then
- echo "email test 5 failed"
- exit 1
+ echo "email test 5 failed"
+ exit 1
fi
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email test at cola.com
rc=$?
if test "${rc}" != "1"; then
- echo "email test 6 failed"
- exit 1
+ echo "email test 6 failed"
+ exit 1
fi
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email test at example.com
rc=$?
if test "${rc}" != "0"; then
- echo "email test 7 failed"
- exit 1
+ echo "email test 7 failed"
+ exit 1
fi
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email invalid at example.com
rc=$?
if test "${rc}" != "1"; then
- echo "email test 8 failed"
- exit 1
+ echo "email test 8 failed"
+ exit 1
fi
diff --git a/tests/cert-tests/invalid-sig b/tests/cert-tests/invalid-sig
index 72d72ec..dacdc61 100755
--- a/tests/cert-tests/invalid-sig
+++ b/tests/cert-tests/invalid-sig
@@ -25,8 +25,8 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
#check whether a different PKCS #1 signature than the advertized in certificate is tolerated
@@ -35,8 +35,8 @@ rc=$?
# We're done.
if test "${rc}" = "0"; then
- echo "Verification of invalid signature (1) failed"
- exit ${rc}
+ echo "Verification of invalid signature (1) failed"
+ exit ${rc}
fi
#check whether a different tbsCertificate than the outer signature algorithm is tolerated
@@ -45,8 +45,8 @@ rc=$?
# We're done.
if test "${rc}" = "0"; then
- echo "Verification of invalid signature (2) failed"
- exit ${rc}
+ echo "Verification of invalid signature (2) failed"
+ exit ${rc}
fi
#check whether a different tbsCertificate than the outer signature algorithm is tolerated
@@ -55,8 +55,8 @@ rc=$?
# We're done.
if test "${rc}" = "0"; then
- echo "Verification of invalid signature (3) failed"
- exit ${rc}
+ echo "Verification of invalid signature (3) failed"
+ exit ${rc}
fi
exit 0
diff --git a/tests/cert-tests/pathlen b/tests/cert-tests/pathlen
index 710282d..d940fe8 100755
--- a/tests/cert-tests/pathlen
+++ b/tests/cert-tests/pathlen
@@ -25,26 +25,26 @@ set -e
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/ca-no-pathlen.pem" \
- |grep -v "Algorithm Security Level" > new-ca-no-pathlen.pem
+ |grep -v "Algorithm Security Level" > new-ca-no-pathlen.pem
rc=$?
if test "${rc}" != "0"; then
- echo "info 1 failed"
- exit ${rc}
+ echo "info 1 failed"
+ exit ${rc}
fi
${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/no-ca-or-pathlen.pem" \
- |grep -v "Algorithm Security Level" > new-no-ca-or-pathlen.pem
+ |grep -v "Algorithm Security Level" > new-no-ca-or-pathlen.pem
rc=$?
if test "${rc}" != "0"; then
- echo "info 2 failed"
- exit ${rc}
+ echo "info 2 failed"
+ exit ${rc}
fi
${DIFF} "${srcdir}/ca-no-pathlen.pem" new-ca-no-pathlen.pem
@@ -55,7 +55,7 @@ rc2=$?
# We're done.
if test "${rc1}" != "0"; then
- exit ${rc1}
+ exit ${rc1}
fi
rm -f new-ca-no-pathlen.pem new-no-ca-or-pathlen.pem
diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding
index 8913acb..a5f612c 100755
--- a/tests/cert-tests/pem-decoding
+++ b/tests/cert-tests/pem-decoding
@@ -25,8 +25,8 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
#check whether "funny" spaces can be interpreted
@@ -35,8 +35,8 @@ rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Funny-spacing cert decoding failed 1"
- exit ${rc}
+ echo "Funny-spacing cert decoding failed 1"
+ exit ${rc}
fi
#check whether a BMPString attribute can be properly decoded
@@ -44,8 +44,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/bmpstring.pem"
rc=$?
if test "${rc}" != "0"; then
- echo "BMPString cert decoding failed 1"
- exit ${rc}
+ echo "BMPString cert decoding failed 1"
+ exit ${rc}
fi
#Note that --strip-trailing-cr is used for the test
@@ -54,8 +54,8 @@ ${DIFF} "${srcdir}/bmpstring.pem" tmp-pem.pem || ${DIFF} --strip-trailing-cr "${
rc=$?
if test "${rc}" != "0"; then
- echo "BMPString cert decoding failed 2"
- exit ${rc}
+ echo "BMPString cert decoding failed 2"
+ exit ${rc}
fi
#check whether complex-cert is decoded as expected
@@ -63,8 +63,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/complex-cert.pe
rc=$?
if test "${rc}" != "0"; then
- echo "Complex cert decoding failed 1"
- exit ${rc}
+ echo "Complex cert decoding failed 1"
+ exit ${rc}
fi
cat "${srcdir}/complex-cert.pem" |grep -v "Not After:" >tmp1
@@ -73,8 +73,8 @@ ${DIFF} tmp1 tmp2 || ${DIFF} --strip-trailing-cr tmp1 tmp2
rc=$?
if test "${rc}" != "0"; then
- echo "Complex cert decoding failed 2"
- exit ${rc}
+ echo "Complex cert decoding failed 2"
+ exit ${rc}
fi
#check whether the cert with many othernames is decoded as expected
@@ -82,8 +82,8 @@ ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/xmpp-othername.
rc=$?
if test "${rc}" != "0"; then
- echo "XMPP cert decoding failed 1"
- exit ${rc}
+ echo "XMPP cert decoding failed 1"
+ exit ${rc}
fi
cat "${srcdir}/xmpp-othername.pem" |grep -v "Not After:" >tmp1
@@ -92,8 +92,8 @@ ${DIFF} tmp1 tmp2 || ${DIFF} --strip-trailing-cr tmp1 tmp2
rc=$?
if test "${rc}" != "0"; then
- echo "XMPP cert decoding failed 2"
- exit ${rc}
+ echo "XMPP cert decoding failed 2"
+ exit ${rc}
fi
rm -f tmp-pem.pem tmp1 tmp2
diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7
index c3938cb..d4b754b 100755
--- a/tests/cert-tests/pkcs7
+++ b/tests/cert-tests/pkcs7
@@ -23,54 +23,54 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
fi
OUTFILE=out-pkcs7.tmp
OUTFILE2=out2-pkcs7.tmp
-for FILE in single-ca.p7b full.p7b;do
+for FILE in single-ca.p7b full.p7b; do
${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/${FILE}"|grep -v "Signing time" >"${OUTFILE}"
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 decoding failed"
- exit ${rc}
+ echo "${FILE}: PKCS7 decoding failed"
+ exit ${rc}
fi
${DIFF} "${OUTFILE}" "${srcdir}/${FILE}.out" >/dev/null
if test "$?" != "0"; then
- echo "${FILE}: PKCS7 decoding didn't produce the correct file"
- exit 1
+ echo "${FILE}: PKCS7 decoding didn't produce the correct file"
+ exit 1
fi
done
# check signatures
-for FILE in full.p7b;do
+for FILE in full.p7b; do
${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 verification failed"
- exit ${rc}
+ echo "${FILE}: PKCS7 verification failed"
+ exit ${rc}
fi
${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}"
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 verification failed with key purpose"
- exit ${rc}
+ echo "${FILE}: PKCS7 verification failed with key purpose"
+ exit ${rc}
fi
${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.3 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}" >"${OUTFILE}"
rc=$?
if test "${rc}" = "0"; then
- echo "${FILE}: PKCS7 verification succeeded with wrong key purpose"
- exit 2
+ echo "${FILE}: PKCS7 verification succeeded with wrong key purpose"
+ exit 2
fi
done
@@ -82,16 +82,16 @@ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/.
rc=$?
if test "${rc}" = "0"; then
- echo "${FILE}: PKCS7 verification succeeded without providing detached data"
- exit 2
+ echo "${FILE}: PKCS7 verification succeeded without providing detached data"
+ exit 2
fi
${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-data "${srcdir}/pkcs7-detached.txt" --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/${FILE}"
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 verification failed"
- exit ${rc}
+ echo "${FILE}: PKCS7 verification failed"
+ exit ${rc}
fi
# Test cert combination
@@ -102,14 +102,14 @@ ${VALGRIND} "${CERTTOOL}" --p7-generate --load-certificate "${OUTFILE2}" >"${OUT
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct generation failed"
- exit ${rc}
+ echo "${FILE}: PKCS7 struct generation failed"
+ exit ${rc}
fi
${DIFF} "${OUTFILE}" "${srcdir}/p7-combined.out" >/dev/null
if test "$?" != "0"; then
- echo "${FILE}: PKCS7 generation didn't produce the correct file"
- exit 1
+ echo "${FILE}: PKCS7 generation didn't produce the correct file"
+ exit 1
fi
# Test signing
@@ -118,8 +118,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${srcdir}/../../doc/credent
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct signing failed"
- exit ${rc}
+ echo "${FILE}: PKCS7 struct signing failed"
+ exit ${rc}
fi
FILE="signing-verify"
@@ -127,8 +127,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct signing failed verification"
- exit ${rc}
+ echo "${FILE}: PKCS7 struct signing failed verification"
+ exit ${rc}
fi
@@ -137,8 +137,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-detached-sign --load-privkey "${srcdir}/../../do
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct signing-detached failed"
- exit ${rc}
+ echo "${FILE}: PKCS7 struct signing-detached failed"
+ exit ${rc}
fi
FILE="signing-detached-verify"
@@ -146,8 +146,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct signing-detached failed verification"
- exit ${rc}
+ echo "${FILE}: PKCS7 struct signing-detached failed verification"
+ exit ${rc}
fi
# Test signing with broken algorithms
@@ -156,8 +156,8 @@ ${VALGRIND} "${CERTTOOL}" --hash md5 --p7-sign --load-privkey "${srcdir}/../../
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct signing-broken failed"
- exit ${rc}
+ echo "${FILE}: PKCS7 struct signing-broken failed"
+ exit ${rc}
fi
FILE="signing-verify-broken"
@@ -165,8 +165,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr
rc=$?
if test "${rc}" = "0"; then
- echo "${FILE}: PKCS7 struct verification succeeded with broken algo"
- exit 1
+ echo "${FILE}: PKCS7 struct verification succeeded with broken algo"
+ exit 1
fi
FILE="signing-time"
@@ -174,14 +174,14 @@ ${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey "${srcdir
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct signing with time failed"
- exit ${rc}
+ echo "${FILE}: PKCS7 struct signing with time failed"
+ exit ${rc}
fi
${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct signing with time failed. No time was found."
- exit ${rc}
+ echo "${FILE}: PKCS7 struct signing with time failed. No time was found."
+ exit ${rc}
fi
FILE="signing-time-verify"
@@ -189,8 +189,8 @@ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/cr
rc=$?
if test "${rc}" != "0"; then
- echo "${FILE}: PKCS7 struct signing with time failed verification"
- exit ${rc}
+ echo "${FILE}: PKCS7 struct signing with time failed verification"
+ exit ${rc}
fi
rm -f "${OUTFILE}"
diff --git a/tests/cert-tests/template-test b/tests/cert-tests/template-test
index c92440e..3903492 100755
--- a/tests/cert-tests/template-test
+++ b/tests/cert-tests/template-test
@@ -29,9 +29,9 @@ export TZ="UTC"
# Check for datefudge
TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
if test "$TSTAMP" != "1158969600"; then
- echo $TSTAMP
- echo "You need datefudge to run this test"
- exit 77
+ echo $TSTAMP
+ echo "You need datefudge to run this test"
+ exit 77
fi
# Note that in rare cases this test may fail because the
@@ -41,24 +41,23 @@ fi
rc=1
counter=1
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
- datefudge "2007-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-test.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
-
- ${DIFF} "${srcdir}/template-test.pem" tmp-tt.pem >/dev/null 2>&1
- rc=$?
- test ${rc} != 0 && sleep 3
- counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+ datefudge "2007-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-test.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
+
+ ${DIFF} "${srcdir}/template-test.pem" tmp-tt.pem >/dev/null 2>&1
+ rc=$?
+ test ${rc} != 0 && sleep 3
+ counter=`expr $counter + 1`
done
# We're done.
if test "${rc}" != "0"; then
- echo "Test 1 failed"
- exit ${rc}
+ echo "Test 1 failed"
+ exit ${rc}
fi
rm -f tmp-tt.pem
@@ -66,24 +65,23 @@ rm -f tmp-tt.pem
rc=1
counter=1
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
- datefudge "2007-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-utf8.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
-
- ${DIFF} "${srcdir}/template-utf8.pem" tmp-tt.pem >/dev/null 2>&1
- rc=$?
- test ${rc} != 0 && sleep 3
- counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+ datefudge "2007-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-utf8.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
+
+ ${DIFF} "${srcdir}/template-utf8.pem" tmp-tt.pem >/dev/null 2>&1
+ rc=$?
+ test ${rc} != 0 && sleep 3
+ counter=`expr $counter + 1`
done
# We're done.
if test "${rc}" != "0"; then
- echo "Test 2 (UTF8) failed"
- exit ${rc}
+ echo "Test 2 (UTF8) failed"
+ exit ${rc}
fi
rm -f tmp-tt.pem
@@ -91,38 +89,37 @@ rm -f tmp-tt.pem
rc=1
counter=1
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
- datefudge "2007-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-dn.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
-
- ${DIFF} "${srcdir}/template-dn.pem" tmp-tt.pem >/dev/null 2>&1
- rc=$?
- test ${rc} != 0 && sleep 3
- counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+ datefudge "2007-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-dn.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
+
+ ${DIFF} "${srcdir}/template-dn.pem" tmp-tt.pem >/dev/null 2>&1
+ rc=$?
+ test ${rc} != 0 && sleep 3
+ counter=`expr $counter + 1`
done
# We're done.
if test "${rc}" != "0"; then
- echo "Test 3 (DN) failed"
- exit ${rc}
+ echo "Test 3 (DN) failed"
+ exit ${rc}
fi
rm -f tmp-tt.pem
datefudge "2007-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-dn-err.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-dn-err.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
rc=$?
if test "${rc}" = "0"; then
- echo "Test 3 (DN-err) failed"
- exit ${rc}
+ echo "Test 3 (DN-err) failed"
+ exit ${rc}
fi
rm -f tmp-tt.pem
@@ -130,24 +127,23 @@ rm -f tmp-tt.pem
rc=1
counter=1
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
- datefudge "2007-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-overflow.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
-
- ${DIFF} "${srcdir}/template-overflow.pem" tmp-tt.pem >/dev/null 2>&1
- rc=$?
- test ${rc} != 0 && sleep 3
- counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+ datefudge "2007-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-overflow.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
+
+ ${DIFF} "${srcdir}/template-overflow.pem" tmp-tt.pem >/dev/null 2>&1
+ rc=$?
+ test ${rc} != 0 && sleep 3
+ counter=`expr $counter + 1`
done
# We're done.
if test "${rc}" != "0"; then
- echo "Test 4 (overflow1) failed"
- exit ${rc}
+ echo "Test 4 (overflow1) failed"
+ exit ${rc}
fi
rm -f tmp-tt.pem
@@ -158,24 +154,23 @@ if echo __SIZEOF_POINTER__ | cpp -E - - | grep '^8$' >/dev/null; then
rc=1
counter=1
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
- datefudge "2007-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-overflow2.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
-
- ${DIFF} "${srcdir}/template-overflow2.pem" tmp-tt.pem >/dev/null 2>&1
- rc=$?
- test ${rc} != 0 && sleep 3
- counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+ datefudge "2007-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-overflow2.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
+
+ ${DIFF} "${srcdir}/template-overflow2.pem" tmp-tt.pem >/dev/null 2>&1
+ rc=$?
+ test ${rc} != 0 && sleep 3
+ counter=`expr $counter + 1`
done
# We're done.
if test "${rc}" != "0"; then
- echo "Test 5 (overflow2) failed"
- exit ${rc}
+ echo "Test 5 (overflow2) failed"
+ exit ${rc}
fi
rm -f tmp-tt.pem
@@ -184,24 +179,23 @@ fi
rc=1
counter=1
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
- datefudge "2007-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-date.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
-
- ${DIFF} "${srcdir}/template-date.pem" tmp-tt.pem >/dev/null 2>&1
- rc=$?
- test ${rc} != 0 && sleep 3
- counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+ datefudge "2007-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-date.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
+
+ ${DIFF} "${srcdir}/template-date.pem" tmp-tt.pem >/dev/null 2>&1
+ rc=$?
+ test ${rc} != 0 && sleep 3
+ counter=`expr $counter + 1`
done
# We're done.
if test "${rc}" != "0"; then
- echo "Test 6 (explicit dates) failed"
- exit ${rc}
+ echo "Test 6 (explicit dates) failed"
+ exit ${rc}
fi
rm -f tmp-tt.pem
@@ -211,53 +205,51 @@ rm -f tmp-tt.pem
rc=1
counter=1
-while [ "${rc}" != "0" -a $counter -le 3 ]
-do
- datefudge "2007-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-nc.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
-
- ${DIFF} "${srcdir}/template-nc.pem" tmp-tt.pem >/dev/null 2>&1
- rc=$?
- test ${rc} != 0 && sleep 3
- counter=`expr $counter + 1`
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+ datefudge "2007-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-nc.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
+
+ ${DIFF} "${srcdir}/template-nc.pem" tmp-tt.pem >/dev/null 2>&1
+ rc=$?
+ test ${rc} != 0 && sleep 3
+ counter=`expr $counter + 1`
done
# We're done.
if test "${rc}" != "0"; then
- echo "Test 7 (name constraints) failed"
- exit ${rc}
+ echo "Test 7 (name constraints) failed"
+ exit ${rc}
fi
rm -f tmp-tt.pem
# Test the GeneralizedTime support
-if test "$(getconf LONG_BIT)" = "64";then
- # we should test that on systems which have 64-bit time_t.
- rc=1
- counter=1
-
- while [ "${rc}" != "0" -a $counter -le 3 ]
- do
- datefudge "2051-04-22" \
- "${CERTTOOL}" --generate-self-signed \
- --load-privkey "${srcdir}/template-test.key" \
- --template "${srcdir}/template-generalized.tmpl" \
- --outfile tmp-tt.pem 2>/dev/null
-
- ${DIFF} "${srcdir}/template-generalized.pem" tmp-tt.pem >/dev/null 2>&1
- rc=$?
- test ${rc} != 0 && sleep 3
- counter=`expr $counter + 1`
- done
-
- # We're done.
- if test "${rc}" != "0"; then
- echo "Test 8 (generalizedTime) failed"
- exit ${rc}
- fi
+if test "$(getconf LONG_BIT)" = "64"; then
+ # we should test that on systems which have 64-bit time_t.
+ rc=1
+ counter=1
+
+ while [ "${rc}" != "0" -a $counter -le 3 ]; do
+ datefudge "2051-04-22" \
+ "${CERTTOOL}" --generate-self-signed \
+ --load-privkey "${srcdir}/template-test.key" \
+ --template "${srcdir}/template-generalized.tmpl" \
+ --outfile tmp-tt.pem 2>/dev/null
+
+ ${DIFF} "${srcdir}/template-generalized.pem" tmp-tt.pem >/dev/null 2>&1
+ rc=$?
+ test ${rc} != 0 && sleep 3
+ counter=`expr $counter + 1`
+ done
+
+ # We're done.
+ if test "${rc}" != "0"; then
+ echo "Test 8 (generalizedTime) failed"
+ exit ${rc}
+ fi
fi
rm -f tmp-tt.pem
diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa
index 0334e63..456182f 100755
--- a/tests/dsa/testdsa
+++ b/tests/dsa/testdsa
@@ -26,8 +26,8 @@ CLI="${CLI:-../../src/gnutls-cli}"
DEBUG=""
unset RETCODE
-if test "${WINDIR}" != "";then
- exit 77
+if test "${WINDIR}" != ""; then
+ exit 77
fi
. "${srcdir}/../scripts/common.sh"
@@ -40,30 +40,31 @@ echo "Checking various DSA key sizes (port ${PORT})"
echo "Checking DSA-1024 with TLS 1.0"
-launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 &
+PID=$!
wait_server "${PID}"
PRIO="--priority NORMAL:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA384:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1"
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
- fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+ fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0"
#try with client key of 1024 bits (should succeed)
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" </dev/null >/dev/null || \
- fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+ fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0"
#try with client key of 2048 bits (should fail)
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" </dev/null >/dev/null 2>&1 && \
- fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
+ fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"
#try with client key of 3072 bits (should fail)
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" </dev/null >/dev/null 2>&1 && \
- fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
+ fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
kill "${PID}"
wait
@@ -72,30 +73,30 @@ wait
echo "Checking DSA-1024 with TLS 1.2"
-launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" >/dev/null 2>&1 &
+PID=$!
wait_server "${PID}"
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
- fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+ fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2"
#try with client key of 1024 bits (should succeed)
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.1024.pem" --x509keyfile "${srcdir}/dsa.1024.pem" </dev/null >/dev/null || \
- fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+ fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2"
#try with client key of 2048 bits (should succeed)
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" </dev/null >/dev/null || \
- fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
+ fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"
#try with client key of 3072 bits (should succeed)
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" </dev/null >/dev/null || \
- fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
-
+ fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
kill "${PID}"
wait
@@ -104,11 +105,12 @@ wait
#echo "Checking DSA-2048 with TLS 1.0"
-#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 & PID=$!
+#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 &
+#PID=$!
#wait_server "${PID}"
#"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
-# fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
+# fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
#kill "${PID}"
#wait
@@ -117,11 +119,12 @@ wait
echo "Checking DSA-2048 with TLS 1.2"
-launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.2048.pem" --x509keyfile "${srcdir}/dsa.2048.pem" >/dev/null 2>&1 &
+PID=$!
wait_server "${PID}"
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
- fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!"
+ fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!"
kill "${PID}"
wait
@@ -130,11 +133,12 @@ wait
#echo "Checking DSA-3072 with TLS 1.0"
-#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 & PID=$!
+#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 &
+#PID=$!
#wait_server "${PID}"
#
#"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
-# fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
+# fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
#
#kill "${PID}"
#wait
@@ -143,14 +147,14 @@ wait
echo "Checking DSA-3072 with TLS 1.2"
-launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/cert.dsa.3072.pem" --x509keyfile "${srcdir}/dsa.3072.pem" >/dev/null 2>&1 &
+PID=$!
wait_server "${PID}"
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
- fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!"
+ fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!"
kill "${PID}"
wait
exit 0
-
diff --git a/tests/dtls/dtls b/tests/dtls/dtls
index 1a80573..ea1f3be 100755
--- a/tests/dtls/dtls
+++ b/tests/dtls/dtls
@@ -22,8 +22,8 @@
set -e
-if test "${WINDIR}" != "";then
- exit 77
+if test "${WINDIR}" != ""; then
+ exit 77
fi
./dtls-stress -full -shello 01234 -sfinished 01 -cfinished 01234 CCertificate CKeyExchange CCertificateVerify CChangeCipherSpec CFinished -d 6
diff --git a/tests/dtls/dtls-nb b/tests/dtls/dtls-nb
index 7ba2f33..87c2d0d 100755
--- a/tests/dtls/dtls-nb
+++ b/tests/dtls/dtls-nb
@@ -22,8 +22,8 @@
set -e
-if test "${WINDIR}" != "";then
- exit 77
+if test "${WINDIR}" != ""; then
+ exit 77
fi
./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
diff --git a/tests/ecdsa/ecdsa b/tests/ecdsa/ecdsa
index 507f622..e5b48b9 100755
--- a/tests/ecdsa/ecdsa
+++ b/tests/ecdsa/ecdsa
@@ -26,66 +26,66 @@ srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
echo ca > template
-echo cn = "ECDSA SHA 256 CA" >> template
+echo "cn = ECDSA SHA 256 CA" >> template
"${CERTTOOL}" --generate-privkey --ecc > key-ca-ecdsa.pem 2>/dev/null
"${CERTTOOL}" -d 2 --generate-self-signed --template template \
- --load-privkey key-ca-ecdsa.pem \
- --outfile new-ca-ecdsa.pem \
- --hash sha256 >out 2>&1
+ --load-privkey key-ca-ecdsa.pem \
+ --outfile new-ca-ecdsa.pem \
+ --hash sha256 >out 2>&1
-if [ $? != 0 ];then
- cat out
- exit 1
+if [ $? != 0 ]; then
+ cat out
+ exit 1
fi
echo ca > template
"${CERTTOOL}" --generate-privkey --ecc > key-subca-ecdsa.pem 2>/dev/null
-echo cn = "ECDSA SHA 224 Mid CA" >> template
+echo "cn = ECDSA SHA 224 Mid CA" >> template
"${CERTTOOL}" -d 2 --generate-certificate --template template \
- --load-ca-privkey key-ca-ecdsa.pem \
- --load-ca-certificate new-ca-ecdsa.pem \
- --load-privkey key-subca-ecdsa.pem \
- --outfile new-subca-ecdsa.pem \
- --hash sha224 >out 2>&1
-
-if [ $? != 0 ];then
- cat out
- exit 1
+ --load-ca-privkey key-ca-ecdsa.pem \
+ --load-ca-certificate new-ca-ecdsa.pem \
+ --load-privkey key-subca-ecdsa.pem \
+ --outfile new-subca-ecdsa.pem \
+ --hash sha224 >out 2>&1
+
+if [ $? != 0 ]; then
+ cat out
+ exit 1
fi
-echo cn = "End-user" > template
+echo "cn = End-user" > template
"${CERTTOOL}" --generate-privkey --ecc > key-ecdsa.pem 2>/dev/null
"${CERTTOOL}" -d 2 --generate-certificate --template template \
- --load-ca-privkey key-subca-ecdsa.pem \
- --load-ca-certificate new-subca-ecdsa.pem \
- --load-privkey key-ecdsa.pem \
- --outfile new-user.pem >out 2>&1
-
-if [ $? != 0 ];then
- cat out
- exit 1
+ --load-ca-privkey key-subca-ecdsa.pem \
+ --load-ca-certificate new-subca-ecdsa.pem \
+ --load-privkey key-ecdsa.pem \
+ --outfile new-user.pem >out 2>&1
+
+if [ $? != 0 ]; then
+ cat out
+ exit 1
fi
cat new-user.pem new-subca-ecdsa.pem new-ca-ecdsa.pem > out
"${CERTTOOL}" --verify-chain <out > verify
-if [ $? != 0 ];then
- cat verify
- exit 1
+if [ $? != 0 ]; then
+ cat verify
+ exit 1
fi
rm -f verify new-user.pem new-ca-ecdsa.pem new-subca-ecdsa.pem template out
rm -f key-subca-ecdsa.pem key-ca-ecdsa.pem key-ecdsa.pem
"${CERTTOOL}" -k < "${srcdir}/bad-key.pem" | grep "validation failed" >/dev/null 2>&1
-if [ $? != 0 ];then
- echo "certtool didn't detect a bad ECDSA key."
- exit 1
+if [ $? != 0 ]; then
+ echo "certtool didn't detect a bad ECDSA key."
+ exit 1
fi
exit 0
diff --git a/tests/key-tests/key-id b/tests/key-tests/key-id
index c671319..2ef0f3e 100755
--- a/tests/key-tests/key-id
+++ b/tests/key-tests/key-id
@@ -36,14 +36,14 @@ echo "serial = 0" > tmpl
# --outfile user-no-keyid.pem 2> /dev/null
eval "${CERTTOOL}" ${PARAMS} --load-ca-certificate "${srcdir}/ca-weird-keyid.pem" \
- --outfile user-weird-keyid.pem 2> /dev/null
+ --outfile user-weird-keyid.pem 2> /dev/null
if "${CERTTOOL}" -i < user-weird-keyid.pem \
- | grep '7a2c7a6097460603cbfb28e8e219df18deeb4e0d' > /dev/null; then
+ | grep '7a2c7a6097460603cbfb28e8e219df18deeb4e0d' > /dev/null; then
:
else
- echo "Could not find CA SKI in user certificate."
- exit 1;
+ echo "Could not find CA SKI in user certificate."
+ exit 1;
fi
rm -f tmpl user-gnutls-keyid.pem user-no-keyid.pem user-weird-keyid.pem
diff --git a/tests/key-tests/pkcs8 b/tests/key-tests/pkcs8
index 3173bfa..d166469 100755
--- a/tests/key-tests/pkcs8
+++ b/tests/key-tests/pkcs8
@@ -24,86 +24,86 @@ GREP="${GREP:-grep}"
# check keys with password
"${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/key-ca.pem" --password "1234" \
- --outfile tmp-key-ca.p8 2>/dev/null
+ --outfile tmp-key-ca.p8 2>/dev/null
${GREP} "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in converting key to PKCS #8 with password"
- exit ${rc}
+ echo "Error in converting key to PKCS #8 with password"
+ exit ${rc}
fi
"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --password "1234" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading PKCS #8 key with password"
- exit ${rc}
+ echo "Error in reading PKCS #8 key with password"
+ exit ${rc}
fi
"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-1234.p8" --password "1234" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading saved PKCS #8 key with password"
- exit ${rc}
+ echo "Error in reading saved PKCS #8 key with password"
+ exit ${rc}
fi
#keys encrypted with empty password
"${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/key-ca.pem" --password "" \
- --outfile tmp-key-ca.p8 2>/dev/null
+ --outfile tmp-key-ca.p8 2>/dev/null
${GREP} "BEGIN PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in converting key to PKCS #8 with empty password"
- exit ${rc}
+ echo "Error in converting key to PKCS #8 with empty password"
+ exit ${rc}
fi
"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --password "" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading PKCS #8 key with empty password"
- exit ${rc}
+ echo "Error in reading PKCS #8 key with empty password"
+ exit ${rc}
fi
"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-empty.p8" --password "" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading saved PKCS #8 key with empty password"
- exit ${rc}
+ echo "Error in reading saved PKCS #8 key with empty password"
+ exit ${rc}
fi
#keys encrypted with null password
"${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/key-ca.pem" --null-password \
- --outfile tmp-key-ca.p8 2>/dev/null
+ --outfile tmp-key-ca.p8 2>/dev/null
${GREP} "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in converting key to PKCS #8 with null password"
- exit ${rc}
+ echo "Error in converting key to PKCS #8 with null password"
+ exit ${rc}
fi
"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca.pem" --null-password >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading PKCS #8 key with null password"
- exit ${rc}
+ echo "Error in reading PKCS #8 key with null password"
+ exit ${rc}
fi
"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ca-null.p8" --null-password >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading saved PKCS #8 key with null password"
- exit ${rc}
+ echo "Error in reading saved PKCS #8 key with null password"
+ exit ${rc}
fi
# Tests for PKCS #8 ECC keys
@@ -112,24 +112,24 @@ fi
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading saved ECC key"
- exit ${rc}
+ echo "Error in reading saved ECC key"
+ exit ${rc}
fi
"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/key-ecc.p8" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading saved PKCS #8 ECC key"
- exit ${rc}
+ echo "Error in reading saved PKCS #8 ECC key"
+ exit ${rc}
fi
"${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/openssl-key-ecc.p8" >/dev/null 2>&1
rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "Error in reading saved openssl PKCS #8 ECC key"
- exit ${rc}
+ echo "Error in reading saved openssl PKCS #8 ECC key"
+ exit ${rc}
fi
rm -f tmp-key-ca.p8
diff --git a/tests/nist-pkits/gnutls_test_entry b/tests/nist-pkits/gnutls_test_entry
index 87c435e..a35d026 100755
--- a/tests/nist-pkits/gnutls_test_entry
+++ b/tests/nist-pkits/gnutls_test_entry
@@ -10,19 +10,19 @@ certtool -e < chain.pem > output.txt
rm -f chain.pem
if grep 'Verification output:' output.txt > /dev/null; then
- if grep 'Verification output' output.txt | grep -v 'Verification output: Verified.' > /dev/null; then
- if test "${RESULT}" = "0"; then
- echo "<font color=red>Unexpected reject</font>"
- else
- echo "<font color=green>Reject</font>"
- fi
- else
- if test "${RESULT}" = "1"; then
- echo "<font color=red>Unexpected success</font>"
- else
- echo "<font color=green>Success</font>"
- fi
- fi
+ if grep 'Verification output' output.txt | grep -v 'Verification output: Verified.' > /dev/null; then
+ if test "${RESULT}" = "0"; then
+ echo "<font color=red>Unexpected reject</font>"
+ else
+ echo "<font color=green>Reject</font>"
+ fi
+ else
+ if test "${RESULT}" = "1"; then
+ echo "<font color=red>Unexpected success</font>"
+ else
+ echo "<font color=green>Success</font>"
+ fi
+ fi
fi
rm -f output.txt
diff --git a/tests/nist-pkits/pkits_crl b/tests/nist-pkits/pkits_crl
index 1473587..6c3e92d 100755
--- a/tests/nist-pkits/pkits_crl
+++ b/tests/nist-pkits/pkits_crl
@@ -25,12 +25,12 @@ test -d crls || unzip "${srcdir}/PKITS_data.zip"
ret=0
for crl in "${srcdir}/crls"/*; do
- "${CERTTOOL}" --crl-info --inder --infile "${crl}" > out 2>&1
- rc=$?
- if test ${rc} != 0; then
- echo "CRL FATAL ${crl}"
- ret=1
- fi
+ "${CERTTOOL}" --crl-info --inder --infile "${crl}" > out 2>&1
+ rc=$?
+ if test ${rc} != 0; then
+ echo "CRL FATAL ${crl}"
+ ret=1
+ fi
done
rm -f out
diff --git a/tests/nist-pkits/pkits_crt b/tests/nist-pkits/pkits_crt
index 5e22ca2..92b69bd 100755
--- a/tests/nist-pkits/pkits_crt
+++ b/tests/nist-pkits/pkits_crt
@@ -25,12 +25,12 @@ test -d certs || unzip "${srcdir}/PKITS_data.zip"
ret=0
for crt in "${srcdir}/certs"/*; do
- "${CERTTOOL}" --certificate-info --inder --infile "${crt}" > out 2>&1
- rc=$?
- if test ${rc} != 0; then
- echo "Certificate FATAL ${crt}"
- ret=1
- fi
+ "${CERTTOOL}" --certificate-info --inder --infile "${crt}" > out 2>&1
+ rc=$?
+ if test ${rc} != 0; then
+ echo "Certificate FATAL ${crt}"
+ ret=1
+ fi
done
rm -f out
diff --git a/tests/nist-pkits/pkits_pkcs12 b/tests/nist-pkits/pkits_pkcs12
index 24ba7e6..0b34cb9 100755
--- a/tests/nist-pkits/pkits_pkcs12
+++ b/tests/nist-pkits/pkits_pkcs12
@@ -25,12 +25,12 @@ test -d pkcs12 || unzip "${srcdir}/PKITS_data.zip"
ret=0
for p12 in "${srcdir}/pkcs12"/*; do
- "${CERTTOOL}" --p12-info --inder --password password --infile "${p12}" > out 2>&1
- rc=$?
- if test ${rc} != 0; then
- echo "PKCS12 FATAL $p12"
- ret=1
- fi
+ "${CERTTOOL}" --p12-info --inder --password password --infile "${p12}" > out 2>&1
+ rc=$?
+ if test ${rc} != 0; then
+ echo "PKCS12 FATAL $p12"
+ ret=1
+ fi
done
rm -f out
diff --git a/tests/nist-pkits/pkits_smime b/tests/nist-pkits/pkits_smime
index a9b15aa..62da9c9 100755
--- a/tests/nist-pkits/pkits_smime
+++ b/tests/nist-pkits/pkits_smime
@@ -25,18 +25,18 @@ test -d smime || unzip "${srcdir}/PKITS_data.zip"
ret=0
for msg in "${srcdir}/smime"/*; do
- "${CERTTOOL}" --smime-to-p7 --infile "${msg}" > out 2>&1
- rc=$?
- if test ${rc} != 0; then
- echo "S/MIME FATAL $msg"
- ret=1
- fi
- "${CERTTOOL}" --p7-info --infile out > out2 2>&1
- rc=$?
- if test ${rc} != 0; then
- echo "PKCS#7 FATAL $msg"
- ret=1
- fi
+ "${CERTTOOL}" --smime-to-p7 --infile "${msg}" > out 2>&1
+ rc=$?
+ if test ${rc} != 0; then
+ echo "S/MIME FATAL $msg"
+ ret=1
+ fi
+ "${CERTTOOL}" --p7-info --infile out > out2 2>&1
+ rc=$?
+ if test ${rc} != 0; then
+ echo "PKCS#7 FATAL $msg"
+ ret=1
+ fi
done
rm -f out out2
diff --git a/tests/nist-pkits/pkits_test b/tests/nist-pkits/pkits_test
index 55653a3..49feecb 100755
--- a/tests/nist-pkits/pkits_test
+++ b/tests/nist-pkits/pkits_test
@@ -7,8 +7,8 @@ srcdir="${srcdir:-.}"
test -d certs || unzip "${srcdir}/PKITS_data.zip"
if ! test -d pkits_test_list_generator; then
- tar xfz "${srcdir}/pkits_test_list_generator.tgz"
- patch -p 0 < pkits_test_list_generator.patch
+ tar xfz "${srcdir}/pkits_test_list_generator.tgz"
+ patch -p 0 < pkits_test_list_generator.patch
fi
make -C pkits_test_list_generator/src
diff --git a/tests/openpgp-certs/testcerts b/tests/openpgp-certs/testcerts
index c8d25d1..9ac5f53 100755
--- a/tests/openpgp-certs/testcerts
+++ b/tests/openpgp-certs/testcerts
@@ -25,8 +25,8 @@ SERV="${SERV:-../../src/gnutls-serv} -q"
CLI="${CLI:-../../src/gnutls-cli}"
DEBUG=""
-if test "${WINDIR}" != "";then
- exit 77
+if test "${WINDIR}" != ""; then
+ exit 77
fi
. "${srcdir}/../scripts/common.sh"
@@ -35,7 +35,8 @@ PORT="${PORT:-$RPORT}"
echo "Checking OpenPGP certificate verification"
-launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-127.0.0.1-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-127.0.0.1-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 &
+PID=$!
wait_server ${PID}
# give the server a chance to initialize
@@ -47,22 +48,23 @@ wait_server ${PID}
# fail "Connection to verified IP address should have succeeded! (error code $?)" $?
"${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.2 --priority NORMAL:+CTYPE-OPENPGP --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
- fail ${PID} "Connection to unrecognized IP address should have failed!"
+ fail ${PID} "Connection to unrecognized IP address should have failed!"
"${CLI}" ${DEBUG} -p "${PORT}" localhost --priority NORMAL:+CTYPE-OPENPGP --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
- fail ${PID} "Connection to unverified (but present) 'localhost' should have failed!"
+ fail ${PID} "Connection to unverified (but present) 'localhost' should have failed!"
kill ${PID}
wait
-launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-localhost-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-localhost-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 &
+PID=$!
wait_server ${PID}
echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
- fail ${PID} "Connection to unverified IP address should have failed! (error code $?)" $?
+ fail ${PID} "Connection to unverified IP address should have failed! (error code $?)" $?
"${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.2 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
- fail ${PID} "Connection to unrecognized IP address should have failed!"
+ fail ${PID} "Connection to unrecognized IP address should have failed!"
#see reason above
#"${CLI}" -p "${PORT}" localhost --pgpkeyring ca-public.gpg </dev/null >/dev/null || \
@@ -71,15 +73,16 @@ echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1
kill ${PID}
wait
-launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-all-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 & PID=$!
+launch_server $$ --priority NORMAL:+CTYPE-OPENPGP --pgpcertfile "${srcdir}/srv-public-all-signed.gpg" --pgpkeyfile "${srcdir}/srv-secret.gpg" >/dev/null 2>&1 &
+PID=$!
wait_server ${PID}
# give the server a chance to initialize
echo | "${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.1 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null || \
- fail ${PID} "Connection to signed PGP certificate should have succeeded! (error code $?)" $?
+ fail ${PID} "Connection to signed PGP certificate should have succeeded! (error code $?)" $?
"${CLI}" ${DEBUG} --priority NORMAL:+CTYPE-OPENPGP -p "${PORT}" 127.0.0.2 --pgpkeyring "${srcdir}/ca-public.gpg" </dev/null >/dev/null 2>&1 && \
- fail ${PID} "Connection to unrecognized IP address should have failed!"
+ fail ${PID} "Connection to unrecognized IP address should have failed!"
kill ${PID}
wait
diff --git a/tests/openpgp-certs/testselfsigs b/tests/openpgp-certs/testselfsigs
index 2910b29..2100c11 100755
--- a/tests/openpgp-certs/testselfsigs
+++ b/tests/openpgp-certs/testselfsigs
@@ -28,26 +28,26 @@ CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
unset RETCODE || true
fail() {
- echo "Failure: $1" >&2
- RETCODE=${RETCODE:-${2:-1}}
+ echo "Failure: $1" >&2
+ RETCODE=${RETCODE:-${2:-1}}
}
echo "Checking OpenPGP certificate self verification"
("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice.pub" \
- | grep "^Self Signature verification: ok" > /dev/null) || \
- fail "Self sig Verification should have succeeded!"
+ | grep "^Self Signature verification: ok" > /dev/null) || \
+ fail "Self sig Verification should have succeeded!"
("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-badsig18.pub" \
- | grep "^Self Signature verification: failed" > /dev/null) || \
- fail "Self sig Verification should have failed!"
+ | grep "^Self Signature verification: failed" > /dev/null) || \
+ fail "Self sig Verification should have failed!"
("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-irrelevantsig.pub" \
- | grep "^Self Signature verification: failed" >/dev/null) || \
- fail "Self sig Verification should have failed!"
+ | grep "^Self Signature verification: failed" >/dev/null) || \
+ fail "Self sig Verification should have failed!"
("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/selfsigs/alice-mallory-nosig18.pub" \
- | grep "^Self Signature verification: failed" >/dev/null) || \
- fail "Self sig Verification should have failed!"
+ | grep "^Self Signature verification: failed" >/dev/null) || \
+ fail "Self sig Verification should have failed!"
exit ${RETCODE:-0}
diff --git a/tests/pkcs1-padding/pkcs1-pad b/tests/pkcs1-padding/pkcs1-pad
index 8d0861a..8b71126 100755
--- a/tests/pkcs1-padding/pkcs1-pad
+++ b/tests/pkcs1-padding/pkcs1-pad
@@ -31,8 +31,8 @@ export TZ="UTC"
# Check for datefudge
TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
if test "${TSTAMP}" != "1158969600"; then
- echo "You need datefudge to run this test"
- exit 77
+ echo "You need datefudge to run this test"
+ exit 77
fi
# Test 1, PKCS#1 pad digestAlgorithm.parameters
@@ -48,10 +48,10 @@ out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "`
if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT1}"; then
- echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}"
- echo "expected ${EXPECT1}"
- echo "PKCS1-PAD1 FAIL"
- exit 1
+ echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}"
+ echo "expected ${EXPECT1}"
+ echo "PKCS1-PAD1 FAIL"
+ exit 1
fi
rm -f out1 out2
@@ -71,10 +71,10 @@ out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "`
if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT2}"; then
- echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}"
- echo "expected ${EXPECT2}"
- echo "PKCS1-PAD2 FAIL"
- exit 1
+ echo "out1 oks ${out1oks} fails ${out1fails} out2 oks ${out2oks} fails ${out2fails}"
+ echo "expected ${EXPECT2}"
+ echo "PKCS1-PAD2 FAIL"
+ exit 1
fi
rm -f out1 out2
@@ -93,10 +93,10 @@ out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "`
out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
if test "${out1oks}${out1fails}" != "${EXPECT3}"; then
- echo "out1 oks ${out1oks} fails ${out1fails}"
- echo "expected ${EXPECT3}"
- echo "PKCS1-PAD3 FAIL"
- exit 1
+ echo "out1 oks ${out1oks} fails ${out1fails}"
+ echo "expected ${EXPECT3}"
+ echo "PKCS1-PAD3 FAIL"
+ exit 1
fi
rm -f out1
diff --git a/tests/pkcs12-decode/pkcs12 b/tests/pkcs12-decode/pkcs12
index 0408ad1..64a3607 100755
--- a/tests/pkcs12-decode/pkcs12
+++ b/tests/pkcs12-decode/pkcs12
@@ -27,101 +27,101 @@ CERTTOOL="${CERTTOOL:-${top_builddir}/src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
DEBUG=""
-if test "x$1" != "x";then
- DEBUG="1"
+if test "x$1" != "x"; then
+ DEBUG="1"
fi
ret=0
for p12 in 'client.p12 foobar' noclient.p12 unclient.p12 pkcs12_2certs.p12; do
- set -- ${p12}
- file="$1"
- passwd="$2"
- if test "x$DEBUG" != "x";then
- "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
- --infile "${srcdir}/${file}"
- else
- "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
- --infile "${srcdir}/${file}" >/dev/null 2>&1
- fi
- rc=$?
- if test ${rc} != 0; then
- echo "NEON PKCS12 FATAL ${p12}"
- ret=1
- fi
+ set -- ${p12}
+ file="$1"
+ passwd="$2"
+ if test "x$DEBUG" != "x"; then
+ "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
+ --infile "${srcdir}/${file}"
+ else
+ "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
+ --infile "${srcdir}/${file}" >/dev/null 2>&1
+ fi
+ rc=$?
+ if test ${rc} != 0; then
+ echo "NEON PKCS12 FATAL ${p12}"
+ ret=1
+ fi
done
file=test-null.p12
"${CERTTOOL}" --p12-info --inder --null-password --infile "${srcdir}/${file}" >/dev/null 2>&1
rc=$?
if test ${rc} != 0; then
- echo "PKCS12 FATAL ${file}"
- ret=1
+ echo "PKCS12 FATAL ${file}"
+ ret=1
fi
file=sha256.p12
"${CERTTOOL}" --p12-info --inder --password 1234 --infile "${srcdir}/${file}" >/dev/null 2>&1
rc=$?
if test ${rc} != 0; then
- echo "PKCS12 FATAL ${file}"
- ret=1
+ echo "PKCS12 FATAL ${file}"
+ ret=1
fi
# test whether we can encode a certificate and a key
"${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile out.p12 >/dev/null 2>&1
rc=$?
if test ${rc} != 0; then
- echo "PKCS12 FATAL encoding"
- ret=1
+ echo "PKCS12 FATAL encoding"
+ ret=1
fi
"${CERTTOOL}" --p12-info --inder --password 1234 --infile out.p12 >out.pem 2>/dev/null
rc=$?
if test ${rc} != 0; then
- echo "PKCS12 FATAL decrypting/decoding"
- ret=1
+ echo "PKCS12 FATAL decrypting/decoding"
+ ret=1
fi
grep "BEGIN ENCRYPTED PRIVATE KEY" out.pem >/dev/null 2>&1
rc=$?
if test "${rc}" != "0"; then
- exit ${rc}
+ exit ${rc}
fi
grep "BEGIN CERTIFICATE" out.pem >/dev/null 2>&1
rc=$?
if test "${rc}" != "0"; then
- exit ${rc}
+ exit ${rc}
fi
# test whether we can encode a certificate, a key and a CA
"${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile out.p12 >/dev/null 2>&1
rc=$?
if test ${rc} != 0; then
- echo "PKCS12 FATAL encoding 2"
- exit 1
+ echo "PKCS12 FATAL encoding 2"
+ exit 1
fi
"${CERTTOOL}" --p12-info --inder --password 123456 --infile out.p12 >out.pem 2>/dev/null
rc=$?
if test ${rc} != 0; then
- echo "PKCS12 FATAL decrypting/decoding 2"
- exit 1
+ echo "PKCS12 FATAL decrypting/decoding 2"
+ exit 1
fi
grep "BEGIN ENCRYPTED PRIVATE KEY" out.pem >/dev/null 2>&1
rc=$?
if test "${rc}" != "0"; then
- exit ${rc}
+ exit ${rc}
fi
count=`grep -c "BEGIN CERTIFICATE" out.pem`
if test "$count" != "2"; then
- echo "Only one certificate was included"
- exit 1
+ echo "Only one certificate was included"
+ exit 1
fi
rm -f out.pem out.p12
diff --git a/tests/pkcs8-decode/pkcs8 b/tests/pkcs8-decode/pkcs8
index 756d0ac..a305014 100755
--- a/tests/pkcs8-decode/pkcs8
+++ b/tests/pkcs8-decode/pkcs8
@@ -24,48 +24,48 @@ srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
ret=0
for p8 in 'encpkcs8.pem foobar' unencpkcs8.pem 'enc2pkcs8.pem baz'; do
- set -- ${p8}
- file="$1"
- passwd="$2"
- ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \
- --infile "${srcdir}/${file}" | tee out >/dev/null
- rc=$?
- if test ${rc} != 0; then
- cat out
- echo "PKCS8 FATAL ${p8}"
- ret=1
- else
- echo "PKCS8 OK ${p8}"
- fi
+ set -- ${p8}
+ file="$1"
+ passwd="$2"
+ ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \
+ --infile "${srcdir}/${file}" | tee out >/dev/null
+ rc=$?
+ if test ${rc} != 0; then
+ cat out
+ echo "PKCS8 FATAL ${p8}"
+ ret=1
+ else
+ echo "PKCS8 OK ${p8}"
+ fi
done
rm -f out
for p8 in openssl-aes128.p8 openssl-aes256.p8 openssl-3des.p8; do
- set -- ${p8}
- file="$1"
- passwd="$2"
- ${VALGRIND} "${CERTTOOL}" --p8-info --password "1234" \
- --infile "${srcdir}/${file}" | tee out >/dev/null
- rc=$?
- if test ${rc} != 0; then
- cat out
- echo "PKCS8 FATAL ${p8}"
- ret=1
- fi
+ set -- ${p8}
+ file="$1"
+ passwd="$2"
+ ${VALGRIND} "${CERTTOOL}" --p8-info --password "1234" \
+ --infile "${srcdir}/${file}" | tee out >/dev/null
+ rc=$?
+ if test ${rc} != 0; then
+ cat out
+ echo "PKCS8 FATAL ${p8}"
+ ret=1
+ fi
- ${DIFF} "${srcdir}/${p8}.txt" out
- rc=$?
- if test ${rc} != 0; then
- cat out
- echo "PKCS8 FATAL TXT ${p8}"
- ret=1
- fi
+ ${DIFF} "${srcdir}/${p8}.txt" out
+ rc=$?
+ if test ${rc} != 0; then
+ cat out
+ echo "PKCS8 FATAL TXT ${p8}"
+ ret=1
+ fi
done
rm -f out
diff --git a/tests/rfc2253-escape-test b/tests/rfc2253-escape-test
index 7506139..2ce8c3c 100755
--- a/tests/rfc2253-escape-test
+++ b/tests/rfc2253-escape-test
@@ -23,13 +23,13 @@
set -e
CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
fi
if cat<<EOF \
- | ${VALGRIND} "${CERTTOOL}" --certificate-info \
- | grep 'Issuer: O=RFC 2253 escape test,OU=Plus \\+ Comma \\,' > /dev/null
+ | ${VALGRIND} "${CERTTOOL}" --certificate-info \
+ | grep 'Issuer: O=RFC 2253 escape test,OU=Plus \\+ Comma \\,' > /dev/null
-----BEGIN CERTIFICATE-----
MIICETCCAXygAwIBAgIESnlIMTALBgkqhkiG9w0BAQUwODEdMBsGA1UEChMUUkZD
IDIyNTMgZXNjYXBlIHRlc3QxFzAVBgNVBAsTDlBsdXMgKyBDb21tYSAsMB4XDTA5
@@ -46,10 +46,10 @@ iptEYYo=
-----END CERTIFICATE-----
EOF
then
- :
+ :
else
- echo "RFC 2253 escaping not working?"
- exit 1
+ echo "RFC 2253 escaping not working?"
+ exit 1
fi
exit 0
diff --git a/tests/rsa-md5-collision/rsa-md5-collision b/tests/rsa-md5-collision/rsa-md5-collision
index 888bbed..d6c1d2d 100755
--- a/tests/rsa-md5-collision/rsa-md5-collision
+++ b/tests/rsa-md5-collision/rsa-md5-collision
@@ -26,22 +26,22 @@ srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
"${CERTTOOL}" --inder --certificate-info \
- --infile "${srcdir}/MD5CollisionCA.cer" > ca.pem
+ --infile "${srcdir}/MD5CollisionCA.cer" > ca.pem
"${CERTTOOL}" --inder --certificate-info \
- --infile "${srcdir}/TargetCollidingCertificate1.cer" > client1.pem
+ --infile "${srcdir}/TargetCollidingCertificate1.cer" > client1.pem
"${CERTTOOL}" --inder --certificate-info \
- --infile "${srcdir}/TargetCollidingCertificate2.cer" > client2.pem
+ --infile "${srcdir}/TargetCollidingCertificate2.cer" > client2.pem
cat client1.pem ca.pem > chain1.pem
cat client2.pem ca.pem > chain2.pem
"${CERTTOOL}" --verify-chain < chain1.pem | \
- grep 'Not verified.' | grep 'insecure algorithm' >/dev/null
+ grep 'Not verified.' | grep 'insecure algorithm' >/dev/null
"${CERTTOOL}" --verify-chain < chain2.pem | \
- grep 'Not verified.' | grep 'insecure algorithm' >/dev/null
+ grep 'Not verified.' | grep 'insecure algorithm' >/dev/null
rm -f ca.pem client1.pem client2.pem \
- chain1.pem chain2.pem \
+ chain1.pem chain2.pem
# We're done.
exit 0
diff --git a/tests/sha2/sha2 b/tests/sha2/sha2
index 02b1778..8b77ea4 100755
--- a/tests/sha2/sha2
+++ b/tests/sha2/sha2
@@ -26,67 +26,67 @@ srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
echo ca > template-sha2
-echo cn = "SHA 512 CA" >> template-sha2
+echo "cn = SHA 512 CA" >> template-sha2
"${CERTTOOL}" -d 2 --generate-self-signed --template template-sha2 \
- --load-privkey "${srcdir}/key-ca.pem" \
- --outfile new-ca.pem \
- --hash sha512 >out 2>&1
+ --load-privkey "${srcdir}/key-ca.pem" \
+ --outfile new-ca.pem \
+ --hash sha512 >out 2>&1
-if [ $? != 0 ];then
- cat out
- exit 1
+if [ $? != 0 ]; then
+ cat out
+ exit 1
fi
echo ca > template-sha2
-echo cn = "SHA 384 sub-CA" >> template-sha2
+echo "cn = SHA 384 sub-CA" >> template-sha2
"${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \
- --load-ca-privkey "${srcdir}/key-ca.pem" \
- --load-ca-certificate new-ca.pem \
- --load-privkey "${srcdir}/key-subca.pem" \
- --outfile new-subca.pem \
- --hash sha384 >out 2>&1
-
-if [ $? != 0 ];then
- cat out
- exit 1
+ --load-ca-privkey "${srcdir}/key-ca.pem" \
+ --load-ca-certificate new-ca.pem \
+ --load-privkey "${srcdir}/key-subca.pem" \
+ --outfile new-subca.pem \
+ --hash sha384 >out 2>&1
+
+if [ $? != 0 ]; then
+ cat out
+ exit 1
fi
echo ca > template-sha2
-echo cn = "SHA 256 sub-sub-CA" >> template-sha2
+echo "cn = SHA 256 sub-sub-CA" >> template-sha2
"${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \
- --load-ca-privkey "${srcdir}/key-subca.pem" \
- --load-ca-certificate new-subca.pem \
- --load-privkey "${srcdir}/key-subsubca.pem" \
- --outfile new-subsubca.pem \
- --hash sha256 >out 2>&1
-
-if [ $? != 0 ];then
- cat out
- exit 1
+ --load-ca-privkey "${srcdir}/key-subca.pem" \
+ --load-ca-certificate new-subca.pem \
+ --load-privkey "${srcdir}/key-subsubca.pem" \
+ --outfile new-subsubca.pem \
+ --hash sha256 >out 2>&1
+
+if [ $? != 0 ]; then
+ cat out
+ exit 1
fi
-echo cn = "End-user" > template-sha2
+echo "cn = End-user" > template-sha2
"${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \
- --load-ca-privkey "${srcdir}/key-subsubca.pem" \
- --load-ca-certificate new-subsubca.pem \
- --load-privkey "${srcdir}/key-user.pem" \
- --outfile new-user.pem >out 2>&1
-
-if [ $? != 0 ];then
- cat out
- exit 1
+ --load-ca-privkey "${srcdir}/key-subsubca.pem" \
+ --load-ca-certificate new-subsubca.pem \
+ --load-privkey "${srcdir}/key-user.pem" \
+ --outfile new-user.pem >out 2>&1
+
+if [ $? != 0 ]; then
+ cat out
+ exit 1
fi
num=`cat new-user.pem new-subsubca.pem new-subca.pem new-ca.pem | "${CERTTOOL}" --verify-chain | tee verify-sha2 | grep -c Verified`
#cat verify
if test "${num}" != "4"; then
- echo Verification failure
- exit 1
+ echo Verification failure
+ exit 1
fi
rm -f verify-sha2 new-user.pem new-subsubca.pem new-subca.pem new-ca.pem template-sha2 out
diff --git a/tests/sha2/sha2-dsa b/tests/sha2/sha2-dsa
index 623c621..b2b673f 100755
--- a/tests/sha2/sha2-dsa
+++ b/tests/sha2/sha2-dsa
@@ -26,52 +26,52 @@ srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
echo ca > template-dsa
-echo cn = "SHA 256 CA" >> template-dsa
+echo "cn = SHA 256 CA" >> template-dsa
"${CERTTOOL}" -d 2 --generate-self-signed --template template-dsa \
- --load-privkey "${srcdir}/key-ca-dsa.pem" \
- --outfile new-ca-dsa.pem \
- --hash sha256 >out-dsa 2>&1
+ --load-privkey "${srcdir}/key-ca-dsa.pem" \
+ --outfile new-ca-dsa.pem \
+ --hash sha256 >out-dsa 2>&1
-if [ $? != 0 ];then
- cat out-dsa
- exit 1
+if [ $? != 0 ]; then
+ cat out-dsa
+ exit 1
fi
echo ca > template-dsa
-echo cn = "SHA 224 Mid CA" >> template-dsa
+echo "cn = SHA 224 Mid CA" >> template-dsa
"${CERTTOOL}" -d 2 --generate-certificate --template template-dsa \
- --load-ca-privkey "${srcdir}/key-ca-dsa.pem" \
- --load-ca-certificate new-ca-dsa.pem \
- --load-privkey "${srcdir}/key-subca-dsa.pem" \
- --outfile new-subca-dsa.pem \
- --hash sha224 >out-dsa 2>&1
-
-if [ $? != 0 ];then
- cat out-dsa
- exit 1
+ --load-ca-privkey "${srcdir}/key-ca-dsa.pem" \
+ --load-ca-certificate new-ca-dsa.pem \
+ --load-privkey "${srcdir}/key-subca-dsa.pem" \
+ --outfile new-subca-dsa.pem \
+ --hash sha224 >out-dsa 2>&1
+
+if [ $? != 0 ]; then
+ cat out-dsa
+ exit 1
fi
-echo cn = "End-user" > template-dsa
+echo "cn = End-user" > template-dsa
"${CERTTOOL}" -d 2 --generate-certificate --template template-dsa \
- --load-ca-privkey "${srcdir}/key-subca-dsa.pem" \
- --load-ca-certificate new-subca-dsa.pem \
- --load-privkey "${srcdir}/key-dsa.pem" \
- --outfile new-user-dsa.pem >out-dsa 2>&1
-
-if [ $? != 0 ];then
- cat out-dsa
- exit 1
+ --load-ca-privkey "${srcdir}/key-subca-dsa.pem" \
+ --load-ca-certificate new-subca-dsa.pem \
+ --load-privkey "${srcdir}/key-dsa.pem" \
+ --outfile new-user-dsa.pem >out-dsa 2>&1
+
+if [ $? != 0 ]; then
+ cat out-dsa
+ exit 1
fi
cat new-user-dsa.pem new-subca-dsa.pem new-ca-dsa.pem > out-dsa
"${CERTTOOL}" --verify-chain <out-dsa > verify-dsa
-if [ $? != 0 ];then
- cat verify-dsa
- exit 1
+if [ $? != 0 ]; then
+ cat verify-dsa
+ exit 1
fi
rm -f verify-dsa new-user-dsa.pem new-ca-dsa.pem new-subca-dsa.pem template-dsa out-dsa
diff --git a/tests/slow/override-ciphers b/tests/slow/override-ciphers
index aa1e7ad..83a282a 100755
--- a/tests/slow/override-ciphers
+++ b/tests/slow/override-ciphers
@@ -21,38 +21,38 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
unset RETCODE
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
GNUTLS_NO_EXPLICIT_INIT=1 ${VALGRIND} ./cipher-override
-if test $? != 0;then
- echo "overriden cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "overriden cipher tests failed"
+ exit 1
fi
${VALGRIND} ./cipher-override
-if test $? != 0;then
- echo "overriden cipher tests 2 failed"
- exit 1
+if test $? != 0; then
+ echo "overriden cipher tests 2 failed"
+ exit 1
fi
${VALGRIND} ./cipher-override2
-if test $? != 0;then
- echo "overriden cipher tests 3 failed"
- exit 1
+if test $? != 0; then
+ echo "overriden cipher tests 3 failed"
+ exit 1
fi
GNUTLS_NO_EXPLICIT_INIT=1 ${VALGRIND} ./mac-override
-if test $? != 0;then
- echo "overriden mac tests failed"
- exit 1
+if test $? != 0; then
+ echo "overriden mac tests failed"
+ exit 1
fi
${VALGRIND} ./mac-override
-if test $? != 0;then
- echo "overriden mac tests 2 failed"
- exit 1
+if test $? != 0; then
+ echo "overriden mac tests 2 failed"
+ exit 1
fi
exit 0
diff --git a/tests/slow/test-ciphers b/tests/slow/test-ciphers
index 0b66bb1..fc21a8b 100755
--- a/tests/slow/test-ciphers
+++ b/tests/slow/test-ciphers
@@ -21,56 +21,56 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
unset RETCODE
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
./cipher-test
-if test $? != 0;then
- echo "default cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "default cipher tests failed"
+ exit 1
fi
GNUTLS_CPUID_OVERRIDE=0x1 ./cipher-test
-if test $? != 0;then
- echo "included cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "included cipher tests failed"
+ exit 1
fi
GNUTLS_CPUID_OVERRIDE=0x2 ./cipher-test
-if test $? != 0;then
- echo "AESNI cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "AESNI cipher tests failed"
+ exit 1
fi
GNUTLS_CPUID_OVERRIDE=0x4 ./cipher-test
-if test $? != 0;then
- echo "SSSE3 cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "SSSE3 cipher tests failed"
+ exit 1
fi
GNUTLS_CPUID_OVERRIDE=0x8 ./cipher-test
-if test $? != 0;then
- echo "PCLMUL cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "PCLMUL cipher tests failed"
+ exit 1
fi
GNUTLS_CPUID_OVERRIDE=0x100000 ./cipher-test
-if test $? != 0;then
- echo "padlock cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "padlock cipher tests failed"
+ exit 1
fi
GNUTLS_CPUID_OVERRIDE=0x200000 ./cipher-test
-if test $? != 0;then
- echo "padlock PHE cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "padlock PHE cipher tests failed"
+ exit 1
fi
GNUTLS_CPUID_OVERRIDE=0x400000 ./cipher-test
-if test $? != 0;then
- echo "padlock PHE SHA512 cipher tests failed"
- exit 1
+if test $? != 0; then
+ echo "padlock PHE SHA512 cipher tests failed"
+ exit 1
fi
exit 0
diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh
index 53f6087..9ae68a1 100755
--- a/tests/suite/certs/create-chain.sh
+++ b/tests/suite/certs/create-chain.sh
@@ -6,9 +6,9 @@ TEMPLATE=tmpl
NUM="$1"
-if test "${NUM}" = "";then
- echo "usage: $0 number"
- exit 1
+if test "${NUM}" = ""; then
+ echo "usage: $0 number"
+ exit 1
fi
LAST=`expr ${NUM} - 1`
@@ -18,75 +18,73 @@ mkdir -p "${OUTPUT}"
counter=0
while test ${counter} -lt ${NUM}; do
- if test ${counter} = ${LAST};then
- name="server-${counter}"
- else
- name="CA-${counter}"
- fi
- serial="${counter}"
+ if test ${counter} = ${LAST}; then
+ name="server-${counter}"
+ else
+ name="CA-${counter}"
+ fi
+ serial="${counter}"
-
- "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null
- if test ${counter} = 0;then
- # ROOT CA
- echo "cn = ${name}" >"${TEMPLATE}"
- echo "serial = ${serial}" >>"${TEMPLATE}"
- echo "ca" >>"${TEMPLATE}"
- echo "expiration_days = -1" >>"${TEMPLATE}"
- echo "cert_signing_key" >>"${TEMPLATE}"
- echo "ocsp_signing_key" >>"${TEMPLATE}"
- echo "crl_signing_key" >>"${TEMPLATE}"
- "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \
- "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+ "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null
+ if test ${counter} = 0; then
+ # ROOT CA
+ echo "cn = ${name}" >"${TEMPLATE}"
+ echo "serial = ${serial}" >>"${TEMPLATE}"
+ echo "ca" >>"${TEMPLATE}"
+ echo "expiration_days = -1" >>"${TEMPLATE}"
+ echo "cert_signing_key" >>"${TEMPLATE}"
+ echo "ocsp_signing_key" >>"${TEMPLATE}"
+ echo "crl_signing_key" >>"${TEMPLATE}"
+ "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \
+ "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
- echo "serial = ${serial}" >"${TEMPLATE}"
- echo "expiration_days = -1" >>"${TEMPLATE}"
- "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \
- "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null
- else
- if test ${counter} = ${LAST};then
- # END certificate
- echo "cn = ${name}" >"${TEMPLATE}"
- echo "dns_name = localhost" >>"${TEMPLATE}"
- echo "expiration_days = -1" >>"${TEMPLATE}"
- echo "signing_key" >>"${TEMPLATE}"
- echo "encryption_key" >>"${TEMPLATE}"
- echo "ocsp_signing_key" >>"${TEMPLATE}"
- "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
- --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
- --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
- --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
- else
- # intermediate CA
- echo "cn = ${name}" >"${TEMPLATE}"
- echo "serial = ${serial}" >>"${TEMPLATE}"
- echo "ca" >>"${TEMPLATE}"
- echo "expiration_days = -1" >>"${TEMPLATE}"
- echo "ocsp_signing_key" >>"${TEMPLATE}"
- echo "cert_signing_key" >>"${TEMPLATE}"
- echo "signing_key" >>"${TEMPLATE}"
- "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
- --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
- --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
- --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
- fi
- fi
+ echo "serial = ${serial}" >"${TEMPLATE}"
+ echo "expiration_days = -1" >>"${TEMPLATE}"
+ "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \
+ "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null
+ else
+ if test ${counter} = ${LAST}; then
+ # END certificate
+ echo "cn = ${name}" >"${TEMPLATE}"
+ echo "dns_name = localhost" >>"${TEMPLATE}"
+ echo "expiration_days = -1" >>"${TEMPLATE}"
+ echo "signing_key" >>"${TEMPLATE}"
+ echo "encryption_key" >>"${TEMPLATE}"
+ echo "ocsp_signing_key" >>"${TEMPLATE}"
+ "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
+ --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
+ --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
+ --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+ else
+ # intermediate CA
+ echo "cn = ${name}" >"${TEMPLATE}"
+ echo "serial = ${serial}" >>"${TEMPLATE}"
+ echo "ca" >>"${TEMPLATE}"
+ echo "expiration_days = -1" >>"${TEMPLATE}"
+ echo "ocsp_signing_key" >>"${TEMPLATE}"
+ echo "cert_signing_key" >>"${TEMPLATE}"
+ echo "signing_key" >>"${TEMPLATE}"
+ "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
+ --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
+ --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
+ --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+ fi
+ fi
- counter=`expr ${counter} + 1`
- prev_name=${name}
+ counter=`expr ${counter} + 1`
+ prev_name=${name}
done
counter=`expr ${NUM} - 1`
while test ${counter} -ge 0; do
- if test ${counter} = ${LAST};then
- name="server-${counter}"
- else
- name="CA-${counter}"
- fi
+ if test ${counter} = ${LAST}; then
+ name="server-${counter}"
+ else
+ name="CA-${counter}"
+ fi
- cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain"
-
- counter=`expr ${counter} - 1`
-done
+ cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain"
+ counter=`expr ${counter} - 1`
+done
diff --git a/tests/suite/chain b/tests/suite/chain
index 4f00320..f67ad16 100755
--- a/tests/suite/chain
+++ b/tests/suite/chain
@@ -34,39 +34,39 @@ RET=0
i=1
while test -d X509tests/test${i}; do
- find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 2>/dev/null
- find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
- if test "${i}" -gt 1; then
- find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
- fi
- find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
- "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1
- rc=$?
- if test $rc != 0 && test $rc != 1; then
- echo "Chain ${i} FATAL failure."
- RET=1
- else
- if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then
- echo "Chain ${i} verification was skipped due to known bug."
- elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then
- if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
- echo "Chain ${i} verification failure UNEXPECTED."
- RET=1
- else
- echo "Chain ${i} verification success as expected."
- fi
- elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then
- if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
- echo "Chain ${i} verification failure as expected."
- else
- echo "Chain ${i} verification success UNEXPECTED. "
- RET=1
- fi
- else
- echo "Chain ${i} unclassified."
- fi
- fi
- i=`expr ${i} + 1`
+ find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 2>/dev/null
+ find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+ if test "${i}" -gt 1; then
+ find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+ fi
+ find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+ "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1
+ rc=$?
+ if test $rc != 0 && test $rc != 1; then
+ echo "Chain ${i} FATAL failure."
+ RET=1
+ else
+ if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then
+ echo "Chain ${i} verification was skipped due to known bug."
+ elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then
+ if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+ echo "Chain ${i} verification failure UNEXPECTED."
+ RET=1
+ else
+ echo "Chain ${i} verification success as expected."
+ fi
+ elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then
+ if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+ echo "Chain ${i} verification failure as expected."
+ else
+ echo "Chain ${i} verification success UNEXPECTED. "
+ RET=1
+ fi
+ else
+ echo "Chain ${i} unclassified."
+ fi
+ fi
+ i=`expr ${i} + 1`
done
rm -f out
diff --git a/tests/suite/crl-test b/tests/suite/crl-test
index 228f74e..3a03c81 100755
--- a/tests/suite/crl-test
+++ b/tests/suite/crl-test
@@ -23,8 +23,8 @@
srcdir="${srcdir:-.}"
DIFF="${DIFF:-diff}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
rm -f tmp-long.pem
@@ -33,16 +33,16 @@ rc=$?
# We're done.
if test "${rc}" != "0"; then
- echo "CRL decoding failed 1!"
- exit ${rc}
+ echo "CRL decoding failed 1!"
+ exit ${rc}
fi
${DIFF} "${srcdir}/crl/long.pem tmp-long.pem" || ${DIFF} --strip-trailing-cr "${srcdir}/crl/long.pem" tmp-long.pem
rc=$?
if test "${rc}" != "0"; then
- echo "CRL decoding failed 2!"
- exit ${rc}
+ echo "CRL decoding failed 2!"
+ exit ${rc}
fi
rm -f tmp-long.pem
diff --git a/tests/suite/eagain b/tests/suite/eagain
index d05bab9..42bb991 100755
--- a/tests/suite/eagain
+++ b/tests/suite/eagain
@@ -26,18 +26,18 @@ PORT="${PORT:-5445}"
$SERV -p "${PORT}" --echo --priority "NORMAL:+ANON-DH" --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
-pid=$!
+PID=$!
sleep 2
./eagain-cli
-if [ $? != 0 ];then
- exit 1
+if [ $? != 0 ]; then
+ exit 1
fi
-if [ "$pid" != "" ];then
- kill $pid
- wait
+if [ "${PID}" != "" ]; then
+ kill ${PID}
+ wait
fi
exit 0
diff --git a/tests/suite/invalid-cert b/tests/suite/invalid-cert
index a9e1f5e..00bf1e4 100755
--- a/tests/suite/invalid-cert
+++ b/tests/suite/invalid-cert
@@ -22,8 +22,8 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
${VALGRIND} "${CERTTOOL}" --certificate-info --inder --infile "${srcdir}/invalid-cert.der" 2>/dev/null
@@ -31,7 +31,7 @@ rc=$?
# We're done.
if test "${rc}" != "1"; then
- exit ${rc}
+ exit ${rc}
fi
exit 0
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
index bac6026..c463895 100755
--- a/tests/suite/testcompat-main-openssl
+++ b/tests/suite/testcompat-main-openssl
@@ -11,9 +11,9 @@
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
-# 1. Redistributions of source code must retain the above copyright notice, this
+# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice,
+# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation and/or
# other materials provided with the distribution.
# 3. Neither the name of the copyright holder nor the names of its contributors may
@@ -23,7 +23,7 @@
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
@@ -33,13 +33,13 @@
srcdir="${srcdir:-.}"
CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
unset RETCODE
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
-if test "${WINDIR}" != "";then
- exit 77
-fi
+if test "${WINDIR}" != ""; then
+ exit 77
+fi
. "${srcdir}/../scripts/common.sh"
@@ -48,16 +48,16 @@ PORT="${PORT:-${RPORT}}"
SERV=openssl
OPENSSL_CLI="openssl"
-if test -f /etc/debian_version;then
- DEBIAN=1
+if test -f /etc/debian_version; then
+ DEBIAN=1
fi
echo "Compatibility checks using "`${SERV} version`
${SERV} version|grep -e 1\.0 >/dev/null 2>&1
SV=$?
-if test ${SV} != 0;then
- echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
- exit 77
+if test ${SV} != 0; then
+ echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
+ exit 77
fi
${SERV} version|grep -e 1\.0\.1 >/dev/null 2>&1
@@ -69,283 +69,283 @@ echo "#################################################"
echo "# Client mode tests (gnutls cli-openssl server) #"
echo "#################################################"
-for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
-do
- if ! test -z "${ADD}";then
- echo ""
- echo "** Modifier: ${ADD}"
- fi
-
- if test "${DEBIAN}" != 1;then
-
- # It seems debian disabled SSL 3.0 completely on openssl
-
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
- PID=$!
- wait_server ${PID}
-
- # Test SSL 3.0 with RSA ciphersuite
- echo "Checking SSL 3.0 with RSA..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- # Test SSL 3.0 with DHE-RSA ciphersuite
- echo "Checking SSL 3.0 with DHE-RSA..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- # Test SSL 3.0 with DHE-DSS ciphersuite
- echo "Checking SSL 3.0 with DHE-DSS..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 &
- PID=$!
- wait_server ${PID}
-
- echo "Checking SSL 3.0 with RSA-RC4-MD5..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
- fi
-
- if test "${FIPS}" != 1;then
- #-cipher RSA-NULL
- launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
- PID=$!
- wait_server ${PID}
-
- # Test TLS 1.0 with RSA-NULL ciphersuite
- echo "Checking TLS 1.0 with RSA-NULL..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
- fi
-
- #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
- PID=$!
- wait_server ${PID}
-
- # Test TLS 1.0 with RSA ciphersuite
- echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- # Test TLS 1.0 with DHE-RSA ciphersuite
- echo "Checking TLS 1.0 with DHE-RSA..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- # Test TLS 1.0 with DHE-RSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-RSA..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- # Test TLS 1.0 with DHE-DSS ciphersuite
- echo "Checking TLS 1.0 with DHE-DSS..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- if test "${FIPS}" != 1;then
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
- PID=$!
- wait_server ${PID}
-
- # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
- fi
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
- PID=$!
- wait_server ${PID}
-
- # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- if test "${FIPS}" != 1;then
- #-cipher ECDHE-ECDSA-AES128-SHA
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
- PID=$!
- wait_server ${PID}
-
- # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
- fi
-
- #-cipher PSK
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
- PID=$!
- wait_server ${PID}
-
- echo "Checking TLS 1.0 with PSK..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- if test ${SV2} = 0;then
- # Tests requiring openssl 1.0.1 - TLS 1.2
- #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
- PID=$!
- wait_server ${PID}
-
- echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- echo "Checking TLS 1.2 with DHE-RSA..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- echo "Checking TLS 1.2 with ECDHE-RSA..."
- "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- echo "Checking TLS 1.2 with DHE-DSS..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- if test "${FIPS}" != 1;then
- #-cipher ECDHE-ECDSA-AES128-SHA
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
- PID=$!
- wait_server ${PID}
-
- echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
- fi
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
- PID=$!
- wait_server ${PID}
-
- echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- if test "${FIPS}" != 1;then
- #-cipher ECDHE-ECDSA-AES128-SHA
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
- PID=$!
- wait_server ${PID}
-
- echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
- fi #FIPS
- fi #SV2
-
- #-cipher PSK
- launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
- PID=$!
- wait_server ${PID}
-
- echo "Checking TLS 1.2 with PSK..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & PID=$!
- wait_server ${PID}
-
- # Test DTLS 1.0 with RSA ciphersuite
- echo "Checking DTLS 1.0 with RSA..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
- PID=$!
- wait_server ${PID}
-
- # Test DTLS 1.0 with DHE-RSA ciphersuite
- echo "Checking DTLS 1.0 with DHE-RSA..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
- PID=$!
- wait_server ${PID}
-
- # Test DTLS 1.0 with DHE-DSS ciphersuite
- echo "Checking DTLS 1.0 with DHE-DSS..."
- ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
- fail ${PID} "Failed"
+for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+ if ! test -z "${ADD}"; then
+ echo ""
+ echo "** Modifier: ${ADD}"
+ fi
+
+ if test "${DEBIAN}" != 1; then
+
+ # It seems debian disabled SSL 3.0 completely on openssl
- kill ${PID}
- wait
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test SSL 3.0 with RSA ciphersuite
+ echo "Checking SSL 3.0 with RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test SSL 3.0 with DHE-RSA ciphersuite
+ echo "Checking SSL 3.0 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test SSL 3.0 with DHE-DSS ciphersuite
+ echo "Checking SSL 3.0 with DHE-DSS..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking SSL 3.0 with RSA-RC4-MD5..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ if test "${FIPS}" != 1; then
+ #-cipher RSA-NULL
+ launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with RSA-NULL ciphersuite
+ echo "Checking TLS 1.0 with RSA-NULL..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with RSA ciphersuite
+ echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test TLS 1.0 with DHE-RSA ciphersuite
+ echo "Checking TLS 1.0 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test TLS 1.0 with DHE-RSA ciphersuite
+ echo "Checking TLS 1.0 with ECDHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test TLS 1.0 with DHE-DSS ciphersuite
+ echo "Checking TLS 1.0 with DHE-DSS..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1; then
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+ echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+ echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1; then
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+ echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ #-cipher PSK
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.0 with PSK..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test ${SV2} = 0; then
+ # Tests requiring openssl 1.0.1 - TLS 1.2
+ #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.2 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.2 with ECDHE-RSA..."
+ "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.2 with DHE-DSS..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1; then
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1; then
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi #FIPS
+ fi #SV2
+
+ #-cipher PSK
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with PSK..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test DTLS 1.0 with RSA ciphersuite
+ echo "Checking DTLS 1.0 with RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test DTLS 1.0 with DHE-RSA ciphersuite
+ echo "Checking DTLS 1.0 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test DTLS 1.0 with DHE-DSS ciphersuite
+ echo "Checking DTLS 1.0 with DHE-DSS..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
done
echo "Client mode tests were successfully completed"
@@ -357,296 +357,319 @@ SERV="../../src/gnutls-serv${EXEEXT} -q"
# Note that openssl s_client does not return error code on failure
-for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
-do
- if ! test -z "${ADD}";then
- echo ""
- echo "** Modifier: ${ADD}"
- fi
-
- if test "${DEBIAN}" != 1;then
-
- echo "Check SSL 3.0 with RSA ciphersuite"
- launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
-
- ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
-
- echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
- ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
+for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"; do
+ if ! test -z "${ADD}"; then
+ echo ""
+ echo "** Modifier: ${ADD}"
+ fi
- echo "Check SSL 3.0 with DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ if test "${DEBIAN}" != 1; then
- ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ echo "Check SSL 3.0 with RSA ciphersuite"
+ launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- echo "Check SSL 3.0 with DHE-DSS ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ kill ${PID}
+ wait
+ echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
- fi
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- #TLS 1.0
+ kill ${PID}
+ wait
- # This test was disabled because it doesn't work as expected with openssl 1.0.0d
- #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
- #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- #wait_server ${PID}
- #
- #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- # fail ${PID} "Failed"
- #
- #kill ${PID}
- #wait
+ echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- if test "${FIPS}" != 1;then
- echo "Check TLS 1.0 with RSA-NULL ciphersuite"
- launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
- kill ${PID}
- wait
- fi
+ kill ${PID}
+ wait
+ fi
- echo "Check TLS 1.0 with DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ #TLS 1.0
- ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ # This test was disabled because it doesn't work as expected with openssl 1.0.0d
+ #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
+ #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ #PID=$!
+ #wait_server ${PID}
+ #
+ #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ # fail ${PID} "Failed"
+ #
+ #kill ${PID}
+ #wait
- kill ${PID}
- wait
+ if test "${FIPS}" != 1; then
+ echo "Check TLS 1.0 with RSA-NULL ciphersuite"
+ launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
+
+ ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- echo "Check TLS 1.0 with DHE-DSS ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ kill ${PID}
+ wait
+ fi
- ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
+ kill ${PID}
+ wait
- #-cipher ECDHE-RSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- if test "${FIPS}" != 1;then
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
+ kill ${PID}
+ wait
- #-cipher ECDHE-ECDSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
- fi
+ #-cipher ECDHE-RSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
+ kill ${PID}
+ wait
- #-cipher ECDHE-ECDSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ if test "${FIPS}" != 1; then
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
+ kill ${PID}
+ wait
+ fi
- #-cipher ECDHE-ECDSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- if test "${FIPS}" != 1;then
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
+ kill ${PID}
+ wait
- #-cipher ECDHE-ECDSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
- fi
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1; then
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
- echo "Check TLS 1.0 with PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
+ echo "Check TLS 1.0 with PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #-cipher PSK-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
- fail ${PID} "Failed"
+ #-cipher PSK-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- if test ${SV2} = 0;then
+ if test ${SV2} = 0; then
- echo "Check TLS 1.2 with DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- echo "Check TLS 1.2 with DHE-DSS ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
+ echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #-cipher ECDHE-RSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ #-cipher ECDHE-RSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- if test "${FIPS}" != 1;then
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
+ if test "${FIPS}" != 1; then
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #-cipher ECDHE-ECDSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
- fi
+ kill ${PID}
+ wait
+ fi
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #-cipher ECDHE-ECDSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #-cipher ECDHE-ECDSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- if test "${FIPS}" != 1;then
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
+ if test "${FIPS}" != 1; then
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #-cipher ECDHE-ECDSA-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
- fi
+ kill ${PID}
+ wait
+ fi
- echo "Check TLS 1.2 with PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
+ echo "Check TLS 1.2 with PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #-cipher PSK-AES128-SHA
- ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
- fail ${PID} "Failed"
+ #-cipher PSK-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- fi #SV2
+ fi #SV2
- # DTLS
- echo "Check DTLS 1.0 with RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ # DTLS
+ echo "Check DTLS 1.0 with RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
- fail ${PID} "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
done
exit 0
diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl
index 74261b0..bf49918 100755
--- a/tests/suite/testcompat-main-polarssl
+++ b/tests/suite/testcompat-main-polarssl
@@ -34,44 +34,44 @@ srcdir="${srcdir:-.}"
CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
LOGFILE=polarssl.log
unset RETCODE
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
-if test "${WINDIR}" != "";then
- exit 77
+if test "${WINDIR}" != ""; then
+ exit 77
fi
. "${srcdir}/../scripts/common.sh"
PORT="${PORT:-${RPORT}}"
TXT=`"${CLI}" --priority NORMAL --list|grep SECP224`
-if test -z "${TXT}";then
- ALL_CURVES=0
+if test -z "${TXT}"; then
+ ALL_CURVES=0
else
- ALL_CURVES=1
+ ALL_CURVES=1
fi
echo "Compatibility checks using polarssl"
for POLARSSL_CLI in \
- /usr/bin/polarssl_ssl_client2 \
- /usr/bin/mbedtls_ssl_client2 \
- /usr/libexec/mbedtls/ssl_client2 \
- ""; do
- test -x "${POLARSSL_CLI}" && break
+ /usr/bin/polarssl_ssl_client2 \
+ /usr/bin/mbedtls_ssl_client2 \
+ /usr/libexec/mbedtls/ssl_client2 \
+ ""; do
+ test -x "${POLARSSL_CLI}" && break
done
-if test -z "${POLARSSL_CLI}";then
- echo "PolarSSL is required for this test to run"
- exit 77
+if test -z "${POLARSSL_CLI}"; then
+ echo "PolarSSL is required for this test to run"
+ exit 77
fi
"${POLARSSL_CLI}" >/dev/null 2>&1
-if test $? = 0;then
- echo "PolarSSL 1.3.x is required for the tests to run"
- exit 77
+if test $? = 0; then
+ echo "PolarSSL 1.3.x is required for the tests to run"
+ exit 77
fi
@@ -85,330 +85,358 @@ SERV="../../src/gnutls-serv${EXEEXT} -q"
rm -f "${LOGFILE}"
-for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
-do
- if ! test -z "${ADD}";then
- echo ""
- echo "** Modifier: ${ADD}"
- fi
+for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+ if ! test -z "${ADD}"; then
+ echo ""
+ echo "** Modifier: ${ADD}"
+ fi
- # SSL 3.0 is disabled in debian's polarssl
- if test 0 = 1;then
- echo "Check SSL 3.0 with RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ # SSL 3.0 is disabled in debian's polarssl
+ if test 0 = 1; then
+ echo "Check SSL 3.0 with RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
+ "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
+
+ echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- echo "Check SSL 3.0 with DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
+ kill ${PID}
+ wait
- kill ${PID}
- wait
+ # No DSS for polarssl
+ #echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+ #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+ #PID=$!
+ #wait_server ${PID}
+
+ #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ # fail ${PID} "Failed"
+ #
+ #kill ${PID}
+ #wait
+ fi
+
+ #TLS 1.0
+
+ echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
- # No DSS for polarssl
- #echo "Check SSL 3.0 with DHE-DSS ciphersuite"
- #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
- #wait_server ${PID}
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- # fail ${PID} "Failed"
- #
- #kill ${PID}
- #wait
- fi
+ kill ${PID}
+ wait
+
+ #echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+ #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+ #PID=$!
+ #wait_server ${PID}
+
+ #"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ # fail ${PID} "Failed"
+
+ #kill ${PID}
+ #wait
+
+ echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-RSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.0 with PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- #TLS 1.0
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.0 with DHE-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
- echo "Check TLS 1.0 with DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- #echo "Check TLS 1.0 with DHE-DSS ciphersuite"
- #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
- #wait_server ${PID}
+ kill ${PID}
+ wait
- #"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- # fail ${PID} "Failed"
+ echo "Check TLS 1.0 with RSA-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #kill ${PID}
- #wait
+ #-cipher RSA-PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
+ kill ${PID}
+ wait
- #-cipher ECDHE-RSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
+ if test ${ALL_CURVES} = 1; then
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- echo "Check TLS 1.0 with PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
+ kill ${PID}
+ wait
+ fi
- #-cipher PSK-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- kill ${PID}
- wait
+ kill ${PID}
+ wait
- echo "Check TLS 1.0 with DHE-PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
+
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
+
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
+
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
+
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" &
+ PID=$!
+ wait_server ${PID}
+
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ #echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+ #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" &
+ #PID=$!
+ #wait_server ${PID}
+ #
+ #"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ # fail ${PID} "Failed"
+ #
+ #kill ${PID}
+ #wait
+
+ echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-RSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test ${ALL_CURVES} = 1; then
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
- #-cipher PSK-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with DHE-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ echo "Check TLS 1.2 with RSA-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
- kill ${PID}
- wait
+ #-cipher RSA-PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
- echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher PSK-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.0 with RSA-PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher RSA-PSK-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- if test ${ALL_CURVES} = 1;then
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
- fi
-
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
-
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
-
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
-
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
-
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
- wait_server ${PID}
-
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- #echo "Check TLS 1.2 with DHE-DSS ciphersuite"
- #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
- #wait_server ${PID}
- #
- #"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- # fail ${PID} "Failed"
- #
- #kill ${PID}
- #wait
-
- echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-RSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- if test ${ALL_CURVES} = 1;then
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
- fi
-
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher ECDHE-ECDSA-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher PSK-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with DHE-PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher PSK-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher PSK-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
-
- echo "Check TLS 1.2 with RSA-PSK ciphersuite"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
- wait_server ${PID}
-
- #-cipher RSA-PSK-AES128-SHA
- "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
- fail ${PID} "Failed"
-
- kill ${PID}
- wait
+ kill ${PID}
+ wait
done
rm -f "${LOGFILE}"
diff --git a/tests/suite/testcompat-openssl b/tests/suite/testcompat-openssl
index 42b695d..d7f9cc0 100755
--- a/tests/suite/testcompat-openssl
+++ b/tests/suite/testcompat-openssl
@@ -32,16 +32,16 @@
srcdir="${srcdir:-.}"
-if ! test -x /usr/bin/openssl;then
- echo "You need openssl to run this test"
- exit 77
+if ! test -x /usr/bin/openssl; then
+ echo "You need openssl to run this test"
+ exit 77
fi
/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0;then
- export FIPS=1
+if test $? = 0; then
+ export FIPS=1
else
- export FIPS=0
+ export FIPS=0
fi
export TZ="UTC"
@@ -49,8 +49,8 @@ export TZ="UTC"
# Check for datefudge
TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null`
if test "${TSTAMP}" != "1158969600"; then
- echo "You need datefudge to run this test"
- exit 77
+ echo "You need datefudge to run this test"
+ exit 77
fi
datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl"
diff --git a/tests/suite/testcompat-polarssl b/tests/suite/testcompat-polarssl
index 41dd59f..c4dfb36 100755
--- a/tests/suite/testcompat-polarssl
+++ b/tests/suite/testcompat-polarssl
@@ -37,14 +37,14 @@ export TZ="UTC"
# Check for datefudge
TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null`
if test "${TSTAMP}" != "1158969600"; then
- echo "You need datefudge to run this test"
- exit 77
+ echo "You need datefudge to run this test"
+ exit 77
fi
cat /proc/cpuinfo|grep "model name"|grep "VIA Esther" >/dev/null 2>&1
-if test $? = 0;then
- echo "PolarSSL is broken on VIA processors"
- exit 77
+if test $? = 0; then
+ echo "PolarSSL is broken on VIA processors"
+ exit 77
fi
datefudge "2012-09-2" "${srcdir}/testcompat-main-polarssl"
diff --git a/tests/suite/testdane b/tests/suite/testdane
index 2ec50dc..12d3ce1 100755
--- a/tests/suite/testdane
+++ b/tests/suite/testdane
@@ -24,8 +24,8 @@ unset RETCODE
# Unfortunately it is extremely fragile and fails 99% of the
# time.
-if test "${WINDIR}" != "";then
- exit 77
+if test "${WINDIR}" != ""; then
+ exit 77
fi
. "${srcdir}/../scripts/common.sh"
@@ -37,30 +37,30 @@ echo "*** Testing good HTTPS hosts ***"
# www.vulcano.cl dane.nox.su
HOSTS="good.dane.verisignlabs.com www.freebsd.org www.kumari.net torproject.org fedoraproject.org"
HOSTS="${HOSTS} nohats.ca"
-for host in ${HOSTS};do
- echo -n "${host}: "
+for host in ${HOSTS}; do
+ echo -n "${host}: "
- "${DANETOOL}" --check "${host}" >/dev/null 2>&1
- if [ $? != 0 ];then
- echo "Error checking ${host}"
- exit 1
- fi
- echo "ok"
+ "${DANETOOL}" --check "${host}" >/dev/null 2>&1
+ if [ $? != 0 ]; then
+ echo "Error checking ${host}"
+ exit 1
+ fi
+ echo "ok"
done
echo ""
echo "*** Testing good SMTP hosts ***"
#HOSTS="dougbarton.us nlnetlabs.nl"
HOSTS="nlnetlabs.nl"
-for host in ${HOSTS};do
- echo -n "${host}: "
+for host in ${HOSTS}; do
+ echo -n "${host}: "
- "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1
- if [ $? != 0 ];then
- echo "Error checking ${host}"
- exit 1
- fi
- echo "ok"
+ "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1
+ if [ $? != 0 ]; then
+ echo "Error checking ${host}"
+ exit 1
+ fi
+ echo "ok"
done
echo ""
@@ -69,14 +69,14 @@ echo "*** Testing bad HTTPS hosts ***"
# used to work: dane-broken.rd.nic.fr
HOSTS="bad-hash.dane.verisignlabs.com bad-params.dane.verisignlabs.com"
HOSTS="${HOSTS} bad-sig.dane.verisignlabs.com"
-for host in ${HOSTS};do
- echo -n "${host}: "
- "${DANETOOL}" --check "${host}" >/dev/null 2>&1
- if [ $? = 0 ];then
- echo "Checking ${host} should have failed"
- exit 1
- fi
- echo "ok"
+for host in ${HOSTS}; do
+ echo -n "${host}: "
+ "${DANETOOL}" --check "${host}" >/dev/null 2>&1
+ if [ $? = 0 ]; then
+ echo "Checking ${host} should have failed"
+ exit 1
+ fi
+ echo "ok"
done
diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11
index b301cc3..53ae752 100755
--- a/tests/suite/testpkcs11
+++ b/tests/suite/testpkcs11
@@ -26,15 +26,15 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
RETCODE=0
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no"
fi
TMPFILE="testpkcs11.debug"
CERTTOOL_PARAM="--stdout-info"
-if test "${WINDIR}" != "";then
- exit 77
+if test "${WINDIR}" != ""; then
+ exit 77
fi
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
@@ -46,11 +46,11 @@ PORT="${PORT:-${RPORT}}"
rm -f "${TMPFILE}"
exit_error () {
- echo "Check ${TMPFILE} for additional debugging information"
- echo ""
- echo ""
- tail "${TMPFILE}"
- exit 1
+ echo "Check ${TMPFILE} for additional debugging information"
+ echo ""
+ echo ""
+ tail "${TMPFILE}"
+ exit 1
}
# $1: token
@@ -58,18 +58,18 @@ exit_error () {
# $3: filename
# ${srcdir}/pkcs11-certs/client.key
write_privkey () {
- export GNUTLS_PIN="$2"
- filename="$3"
- token="$1"
-
- echo -n "* Writing a client private key... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ export GNUTLS_PIN="$2"
+ filename="$3"
+ token="$1"
+
+ echo -n "* Writing a client private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
@@ -77,18 +77,18 @@ write_privkey () {
# $2: PIN
# $3: filename
write_serv_privkey () {
- export GNUTLS_PIN="$2"
- filename="$3"
- token="$1"
-
- echo -n "* Writing the server private key... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ export GNUTLS_PIN="$2"
+ filename="$3"
+ token="$1"
+
+ echo -n "* Writing the server private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
@@ -96,18 +96,18 @@ write_serv_privkey () {
# $2: PIN
# $3: filename
write_serv_cert () {
- export GNUTLS_PIN="$2"
- filename="$3"
- token="$1"
-
- echo -n "* Writing the server certificate... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ export GNUTLS_PIN="$2"
+ filename="$3"
+ token="$1"
+
+ echo -n "* Writing the server certificate... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
@@ -115,48 +115,48 @@ write_serv_cert () {
# $2: PIN
# $3: bits
generate_rsa_privkey () {
- export GNUTLS_PIN="$2"
- token="$1"
- bits="$3"
-
- echo -n "* Generating RSA private key ("${bits}")... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit 1
- fi
+ export GNUTLS_PIN="$2"
+ token="$1"
+ bits="$3"
+
+ echo -n "* Generating RSA private key ("${bits}")... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit 1
+ fi
}
# $1: token
# $2: PIN
# $3: bits
generate_temp_rsa_privkey () {
- export GNUTLS_PIN="$2"
- token="$1"
- bits="$3"
-
- echo -n "* Generating RSA private key ("${bits}")... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- RETCODE=0
- echo ok
- else
- echo failed
- RETCODE=1
- fi
-
-# if test ${RETCODE} = 0;then
+ export GNUTLS_PIN="$2"
+ token="$1"
+ bits="$3"
+
+ echo -n "* Generating RSA private key ("${bits}")... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ RETCODE=0
+ echo ok
+ else
+ echo failed
+ RETCODE=1
+ fi
+
+# if test ${RETCODE} = 0; then
# echo -n "* Testing private key flags... "
# ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-keys "${token};object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>"${TMPFILE}"
-# if test $? != 0;then
+# if test $? != 0; then
# echo failed
# exit_error
# fi
#
# grep CKA_WRAP tmp-client-2.pub >>"${TMPFILE}" 2>&1
-# if test $? != 0;then
+# if test $? != 0; then
# echo "failed (no CKA_WRAP)"
# exit_error
# else
@@ -168,116 +168,116 @@ generate_temp_rsa_privkey () {
# $1: token
# $2: PIN
delete_temp_privkey () {
- export GNUTLS_PIN="$2"
- token="$1"
- type="$3"
+ export GNUTLS_PIN="$2"
+ token="$1"
+ type="$3"
- test "${RETCODE}" = "0" || return
+ test "${RETCODE}" = "0" || return
- echo -n "* Deleting private key... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1
+ echo -n "* Deleting private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo failed
- RETCODE=1
- return
- fi
+ if test $? != 0; then
+ echo failed
+ RETCODE=1
+ return
+ fi
- RETCODE=0
- echo ok
+ RETCODE=0
+ echo ok
}
# $1: token
# $2: PIN
# $3: bits
export_pubkey_of_privkey () {
- export GNUTLS_PIN="$2"
- token="$1"
- bits="$3"
-
- echo -n "* Exporting public key of generated private key... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo failed
- exit 1
- fi
-
- ${DIFF} tmp-client.pub tmp-client-2.pub
- if test $? != 0;then
- echo keys differ
- exit 1
- fi
-
- echo ok
+ export GNUTLS_PIN="$2"
+ token="$1"
+ bits="$3"
+
+ echo -n "* Exporting public key of generated private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo failed
+ exit 1
+ fi
+
+ ${DIFF} tmp-client.pub tmp-client-2.pub
+ if test $? != 0; then
+ echo keys differ
+ exit 1
+ fi
+
+ echo ok
}
# $1: token
# $2: PIN
change_id_of_privkey () {
- export GNUTLS_PIN="$2"
- token="$1"
-
- echo -n "* Change the CKA_ID of generated private key... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo failed
- exit_error
- fi
-
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo "ID didn't change"
- exit_error
- fi
-
- echo ok
+ export GNUTLS_PIN="$2"
+ token="$1"
+
+ echo -n "* Change the CKA_ID of generated private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo failed
+ exit_error
+ fi
+
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo "ID didn't change"
+ exit_error
+ fi
+
+ echo ok
}
# $1: token
# $2: PIN
change_label_of_privkey () {
- export GNUTLS_PIN="$2"
- token="$1"
-
- echo -n "* Change the CKA_LABEL of generated private key... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo failed
- exit_error
- fi
-
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo "label didn't change"
- exit_error
- fi
-
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo failed
- exit_error
- fi
-
- echo ok
+ export GNUTLS_PIN="$2"
+ token="$1"
+
+ echo -n "* Change the CKA_LABEL of generated private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo failed
+ exit_error
+ fi
+
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo "label didn't change"
+ exit_error
+ fi
+
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo failed
+ exit_error
+ fi
+
+ echo ok
}
# $1: token
# $2: PIN
# $3: bits
generate_temp_ecc_privkey () {
- export GNUTLS_PIN="$2"
- token="$1"
- bits="$3"
-
- echo -n "* Generating ECC private key (${bits})... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- RETCODE=0
- echo ok
- else
- echo failed
- RETCODE=1
- fi
+ export GNUTLS_PIN="$2"
+ token="$1"
+ bits="$3"
+
+ echo -n "* Generating ECC private key (${bits})... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ RETCODE=0
+ echo ok
+ else
+ echo failed
+ RETCODE=1
+ fi
}
# $1: token
@@ -288,109 +288,109 @@ generate_temp_ecc_privkey () {
# Tests writing a certificate which corresponds to the given key,
# as well as the CA certificate, and tries to export them.
write_certificate_test () {
- export GNUTLS_PIN="$2"
- token="$1"
- cakey="$3"
- cacert="$4"
- pubkey="$5"
-
- echo -n "* Generating client certificate... "
- "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
- --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
- --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1
-
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
-
- echo -n "* Writing client certificate... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
-
- echo -n "* Checking whether ID was correctly set... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo "ID was not set on copy"
- exit_error
- fi
- echo ok
-
- echo -n "* Writing certificate of client's CA... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
- ret=$?
- if test ${ret} != 0;then
- ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
- ret=$?
- fi
-
- if test ${ret} = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
-
- echo -n "* Testing certificate flags... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}"
- if test $? != 0;then
- echo failed
- exit_error
- fi
-
- grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo "failed (no CKA_TRUSTED)"
- #exit_error
- fi
-
- grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)"
- #exit_error
- fi
-
- echo ok
-
-
- echo -n "* Trying to obtain back the cert... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1
- ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt"
- if test $? != 0;then
- echo "failed. Exported certificate differs (crt1.tmp)!"
- exit_error
- fi
- rm -f crt1.tmp
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
-
- echo -n "* Trying to obtain the full chain... "
- ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1
-
- cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp
- ${DIFF} crt1.tmp crt2.tmp
- if test $? != 0;then
- echo "failed. Exported certificate chain differs!"
- exit_error
- fi
- rm -f crt1.tmp crt2.tmp
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ export GNUTLS_PIN="$2"
+ token="$1"
+ cakey="$3"
+ cacert="$4"
+ pubkey="$5"
+
+ echo -n "* Generating client certificate... "
+ "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
+ --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
+ --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1
+
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ echo -n "* Writing client certificate... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ echo -n "* Checking whether ID was correctly set... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo "ID was not set on copy"
+ exit_error
+ fi
+ echo ok
+
+ echo -n "* Writing certificate of client's CA... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
+ ret=$?
+ if test ${ret} != 0; then
+ ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
+ ret=$?
+ fi
+
+ if test ${ret} = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ echo -n "* Testing certificate flags... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}"
+ if test $? != 0; then
+ echo failed
+ exit_error
+ fi
+
+ grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo "failed (no CKA_TRUSTED)"
+ #exit_error
+ fi
+
+ grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)"
+ #exit_error
+ fi
+
+ echo ok
+
+
+ echo -n "* Trying to obtain back the cert... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1
+ ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt"
+ if test $? != 0; then
+ echo "failed. Exported certificate differs (crt1.tmp)!"
+ exit_error
+ fi
+ rm -f crt1.tmp
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ echo -n "* Trying to obtain the full chain... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1
+
+ cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp
+ ${DIFF} crt1.tmp crt2.tmp
+ if test $? != 0; then
+ echo "failed. Exported certificate chain differs!"
+ exit_error
+ fi
+ rm -f crt1.tmp crt2.tmp
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
@@ -402,39 +402,39 @@ write_certificate_test () {
#
# Tests using a certificate and key pair using gnutls-serv and gnutls-cli.
use_certificate_test () {
- export GNUTLS_PIN="$2"
- token="$1"
- certfile="$3"
- keyfile="$4"
- cafile="$5"
- txt="$6"
-
- echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
- # start server
- launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
- --x509keyfile="$keyfile" --x509cafile="${cafile}" \
- --require-client-cert >>"${TMPFILE}" 2>&1 &
-
- PID=$!
- wait_server ${PID}
-
- # connect to server using SC
- ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \
- fail ${PID} "Connection should have failed!"
-
- ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
- --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
- fail ${PID} "Connection (with files) should have succeeded!"
-
- ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
- --x509keyfile="${token};object=gnutls-client;object-type=private" \
- --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
- fail ${PID} "Connection (with SC) should have succeeded!"
-
- kill ${PID}
- wait
-
- echo ok
+ export GNUTLS_PIN="$2"
+ token="$1"
+ certfile="$3"
+ keyfile="$4"
+ cafile="$5"
+ txt="$6"
+
+ echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
+ # start server
+ launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
+ --x509keyfile="$keyfile" --x509cafile="${cafile}" \
+ --require-client-cert >>"${TMPFILE}" 2>&1 &
+
+ PID=$!
+ wait_server ${PID}
+
+ # connect to server using SC
+ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \
+ fail ${PID} "Connection should have failed!"
+
+ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
+ --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
+ fail ${PID} "Connection (with files) should have succeeded!"
+
+ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
+ --x509keyfile="${token};object=gnutls-client;object-type=private" \
+ --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
+ fail ${PID} "Connection (with SC) should have succeeded!"
+
+ kill ${PID}
+ wait
+
+ echo ok
}
@@ -445,15 +445,15 @@ echo "Testing PKCS11 support"
type="$1"
-if test -z "${type}";then
- echo "usage: $0: [pkcs15|softhsm|sc-hsm]"
- if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then
- echo "assuming 'softhsm'"
- echo ""
- type=softhsm
- else
- exit 1
- fi
+if test -z "${type}"; then
+ echo "usage: $0: [pkcs15|softhsm|sc-hsm]"
+ if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util"; then
+ echo "assuming 'softhsm'"
+ echo ""
+ type=softhsm
+ else
+ exit 1
+ fi
fi
@@ -468,9 +468,9 @@ init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}"
TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
echo "* Token: ${TOKEN}"
-if test "x${TOKEN}" = x;then
- echo "Could not find generated token"
- exit_error
+if test "x${TOKEN}" = x; then
+ echo "Could not find generated token"
+ exit_error
fi
#write a given privkey
@@ -499,8 +499,8 @@ use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert;objec
use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/pkcs11-certs/ca.crt" "abbrv URLs"
-if test ${RETCODE} = 0;then
- echo "* All smart cards tests succeeded"
+if test ${RETCODE} = 0; then
+ echo "* All smart cards tests succeeded"
fi
rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub "${TMPFILE}"
diff --git a/tests/suite/testpkcs11.pkcs15 b/tests/suite/testpkcs11.pkcs15
index 59c535e..565282a 100644
--- a/tests/suite/testpkcs11.pkcs15
+++ b/tests/suite/testpkcs11.pkcs15
@@ -20,26 +20,26 @@
init_card () {
- PIN="$1"
- PUK="$2"
+ PIN="$1"
+ PUK="$2"
- echo -n "* Erasing smart card... "
- pkcs15-init -E >"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- cat "${TMPFILE}"
- exit_error
- fi
+ echo -n "* Erasing smart card... "
+ pkcs15-init -E >"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ cat "${TMPFILE}"
+ exit_error
+ fi
- echo -n "* Initializing smart card... "
- pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- cat "${TMPFILE}"
- exit_error
- fi
+ echo -n "* Initializing smart card... "
+ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ cat "${TMPFILE}"
+ exit_error
+ fi
}
diff --git a/tests/suite/testpkcs11.sc-hsm b/tests/suite/testpkcs11.sc-hsm
index 26ce485..f3eab68 100644
--- a/tests/suite/testpkcs11.sc-hsm
+++ b/tests/suite/testpkcs11.sc-hsm
@@ -20,31 +20,31 @@
init_card () {
- PIN="$1"
- PUK=3537363231383830
- export GNUTLS_SO_PIN="${PUK}"
+ PIN="$1"
+ PUK=3537363231383830
+ export GNUTLS_SO_PIN="${PUK}"
- echo -n "* Erasing smart card... "
- sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ echo -n "* Erasing smart card... "
+ sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
- echo -n "* Initializing smart card... "
- TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
- if test -z "${TOKEN}";then
- echo "Could not find initialized card"
- exit_error
- fi
+ echo -n "* Initializing smart card... "
+ TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
+ if test -z "${TOKEN}"; then
+ echo "Could not find initialized card"
+ exit_error
+ fi
- ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm
index b444e62..70badf1 100755
--- a/tests/suite/testpkcs11.softhsm
+++ b/tests/suite/testpkcs11.softhsm
@@ -18,57 +18,57 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-if test -f /usr/lib64/pkcs11/libsofthsm2.so;then
- ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
+if test -f /usr/lib64/pkcs11/libsofthsm2.so; then
+ ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
else
- if test -f /usr/lib/softhsm/libsofthsm.so;then
- ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
- else
- ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so"
- fi
+ if test -f /usr/lib/softhsm/libsofthsm.so; then
+ ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
+ else
+ ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so"
+ fi
fi
init_card () {
- PIN="$1"
- PUK="$2"
+ PIN="$1"
+ PUK="$2"
- if test -x "/usr/bin/softhsm2-util";then
- export SOFTHSM2_CONF="softhsm-testpkcs11.config"
- SOFTHSM_TOOL="/usr/bin/softhsm2-util"
- ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1
- if test $? = 0;then
- echo "softhsm2-util 2.0.0b1 is broken"
- exit 77
- fi
- fi
+ if test -x "/usr/bin/softhsm2-util"; then
+ export SOFTHSM2_CONF="softhsm-testpkcs11.config"
+ SOFTHSM_TOOL="/usr/bin/softhsm2-util"
+ ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1
+ if test $? = 0; then
+ echo "softhsm2-util 2.0.0b1 is broken"
+ exit 77
+ fi
+ fi
- if test -x "/usr/bin/softhsm";then
- export SOFTHSM_CONF="softhsm-testpkcs11.config"
- SOFTHSM_TOOL="/usr/bin/softhsm"
- fi
+ if test -x "/usr/bin/softhsm"; then
+ export SOFTHSM_CONF="softhsm-testpkcs11.config"
+ SOFTHSM_TOOL="/usr/bin/softhsm"
+ fi
- if test -z "${SOFTHSM_TOOL}";then
- echo "Could not find softhsm(2) tool"
- exit 77
- fi
+ if test -z "${SOFTHSM_TOOL}"; then
+ echo "Could not find softhsm(2) tool"
+ exit 77
+ fi
- if test -z "${SOFTHSM_CONF}";then
- rm -rf ./softhsm-testpkcs11.db
- mkdir -p ./softhsm-testpkcs11.db
- echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
- echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
- else
- rm -rf ./softhsm-testpkcs11.db
- echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
- fi
+ if test -z "${SOFTHSM_CONF}"; then
+ rm -rf ./softhsm-testpkcs11.db
+ mkdir -p ./softhsm-testpkcs11.db
+ echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
+ echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
+ else
+ rm -rf ./softhsm-testpkcs11.db
+ echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
+ fi
- echo -n "* Initializing smart card... "
- ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ echo -n "* Initializing smart card... "
+ ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
diff --git a/tests/suite/testrandom b/tests/suite/testrandom
index 894b2e9d..79b90d3 100755
--- a/tests/suite/testrandom
+++ b/tests/suite/testrandom
@@ -22,8 +22,8 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
-if ! test -z "${VALGRIND}";then
- VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
counter=0
@@ -32,56 +32,53 @@ file=test.out
counter=0
echo "Testing verification with randomly generated certificates..."
-while [ ${counter} -lt 400 ]
-do
- "${srcdir}/x509random.pl" > "${file}"
- ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1
- if test $? != 0;then
- continue
- fi
-
- cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem"
-
- ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1
- ret=$?
- if [ ${ret} != 1 ];then
- echo "Succeeded verification with ${file}-chain.pem!"
- exit 1
- fi
- rm -f "${file}.pem" "${file}-chain.pem"
-
- counter=`expr ${counter} + 1`
+while [ ${counter} -lt 400 ]; do
+ "${srcdir}/x509random.pl" > "${file}"
+ ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1
+ if test $? != 0; then
+ continue
+ fi
+
+ cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem"
+
+ ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1
+ ret=$?
+ if [ ${ret} != 1 ]; then
+ echo "Succeeded verification with ${file}-chain.pem!"
+ exit 1
+ fi
+ rm -f "${file}.pem" "${file}-chain.pem"
+
+ counter=`expr ${counter} + 1`
done
echo "Testing with randomly generated certificates..."
-while [ ${counter} -lt 200 ]
-do
- "${srcdir}/x509random.pl" > "${file}"
- ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null
- ret=$?
- if [ ${ret} != 0 -a ${ret} != 1 ];then
- echo "Unknown exit code with ${file}"
- exit 1
- fi
-
- counter=`expr ${counter} + 1`
+while [ ${counter} -lt 200 ]; do
+ "${srcdir}/x509random.pl" > "${file}"
+ ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null
+ ret=$?
+ if [ ${ret} != 0 -a ${ret} != 1 ]; then
+ echo "Unknown exit code with ${file}"
+ exit 1
+ fi
+
+ counter=`expr ${counter} + 1`
done
counter=0
echo "Testing with random ASN.1 data..."
-while [ ${counter} -lt 200 ]
-do
- "${srcdir}/asn1random.pl" > "${file}"
- ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null
- ret=$?
- if [ ${ret} != 0 -a ${ret} != 1 ];then
- echo "Unknown exit code with ${file}"
- exit 1
- fi
-
- counter=`expr ${counter} + 1`
+while [ ${counter} -lt 200 ]; do
+ "${srcdir}/asn1random.pl" > "${file}"
+ ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null
+ ret=$?
+ if [ ${ret} != 0 -a ${ret} != 1 ]; then
+ echo "Unknown exit code with ${file}"
+ exit 1
+ fi
+
+ counter=`expr ${counter} + 1`
done
rm -f "${file}"
diff --git a/tests/suite/testrng b/tests/suite/testrng
index 16fb4d5..c45c930 100755
--- a/tests/suite/testrng
+++ b/tests/suite/testrng
@@ -20,22 +20,22 @@
srcdir="${srcdir:-.}"
-if ! test -x "/usr/bin/dieharder";then
- exit 77
+if ! test -x "/usr/bin/dieharder"; then
+ exit 77
fi
VERSION=`dieharder -l|grep version|cut -d ' ' -f 6`
-if test "$1" = "full";then
- OPTIONS="-a"
+if test "$1" = "full"; then
+ OPTIONS="-a"
else
- if test "${VERSION}" = "2.28.1";then
- OPTIONS="-d 5"
- OPTIONS2="-d 10"
- else
- OPTIONS="-d 202"
- OPTIONS2="-d 10"
- fi
+ if test "${VERSION}" = "2.28.1"; then
+ OPTIONS="-d 5"
+ OPTIONS2="-d 10"
+ else
+ OPTIONS="-d 202"
+ OPTIONS2="-d 10"
+ fi
fi
OUTFILE=rng.log
@@ -51,9 +51,9 @@ rm -f "${RNGFILE2}"
RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1`
-if test -z "${RINPUTNO}";then
- echo "Cannot determine dieharder option for raw file input, assuming 201"
- RINPUTNO=201
+if test -z "${RINPUTNO}"; then
+ echo "Cannot determine dieharder option for raw file input, assuming 201"
+ RINPUTNO=201
fi
echo ""
@@ -64,31 +64,31 @@ echo "Testing nonce PRNG"
cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1
ret=$?
-if test ${ret} = 0;then
- echo "numbers are repeated in nonce!"
- exit 1
+if test ${ret} = 0; then
+ echo "numbers are repeated in nonce!"
+ exit 1
fi
./rng nonce 100000000 "${RNGFILE}"
dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
-if ! test -z "${OPTIONS2}";then
- dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}"; then
+ dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
fi
grep FAILED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "${ret}" = "0";then
- echo "test failed for nonce"
- exit 1
+if test "${ret}" = "0"; then
+ echo "test failed for nonce"
+ exit 1
fi
grep PASSED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "${ret}" != "0";then
- echo "could not run dieharder test?"
- exit 1
+if test "${ret}" != "0"; then
+ echo "could not run dieharder test?"
+ exit 1
fi
cat "${OUTFILE}"
@@ -101,32 +101,32 @@ echo "Testing key PRNG"
cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1
ret=$?
-if test ${ret} = 0;then
- echo "numbers are repeated in nonce!"
- exit 1
+if test ${ret} = 0; then
+ echo "numbers are repeated in nonce!"
+ exit 1
fi
./rng key 100000000 "${RNGFILE}"
dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
-if ! test -z "${OPTIONS2}";then
- dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}"; then
+ dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
fi
grep FAILED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "${ret}" = "0";then
- echo "test failed for key"
- exit 1
+if test "${ret}" = "0"; then
+ echo "test failed for key"
+ exit 1
fi
grep PASSED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "${ret}" != "0";then
- echo "could not run dieharder test?"
- exit 1
+if test "${ret}" != "0"; then
+ echo "could not run dieharder test?"
+ exit 1
fi
cat "${OUTFILE}"
@@ -136,23 +136,23 @@ echo "Testing /dev/zero PRNG"
dd if=/dev/zero of="${RNGFILE}" bs=4 count=10000000 >/dev/null 2>&1
dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
-if ! test -z "${OPTIONS2}";then
- dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}"; then
+ dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
fi
grep PASSED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "${ret}" = "0";then
- echo "test succeeded for /dev/zero!!!"
- exit 1
+if test "${ret}" = "0"; then
+ echo "test succeeded for /dev/zero!!!"
+ exit 1
fi
grep FAILED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "${ret}" != "0";then
- echo "could not run dieharder test?"
- exit 1
+if test "${ret}" != "0"; then
+ echo "could not run dieharder test?"
+ exit 1
fi
cat "${OUTFILE}"
diff --git a/tests/suite/testsrn b/tests/suite/testsrn
index 783ed9d..3ea2c15 100755
--- a/tests/suite/testsrn
+++ b/tests/suite/testsrn
@@ -25,8 +25,8 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
unset RETCODE
-if test "${WINDIR}" != "";then
- exit 77
+if test "${WINDIR}" != ""; then
+ exit 77
fi
. "${srcdir}/../scripts/common.sh"
@@ -40,19 +40,19 @@ PID=$!
wait_server ${PID}
"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "0. Renegotiation should have succeeded!"
+ fail ${PID} "0. Renegotiation should have succeeded!"
"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "1. Safe rehandshake should have succeeded!"
+ fail ${PID} "1. Safe rehandshake should have succeeded!"
"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "2. Unsafe rehandshake should have succeeded!"
+ fail ${PID} "2. Unsafe rehandshake should have succeeded!"
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "3. Unsafe negotiation should have succeeded!"
+ fail ${PID} "3. Unsafe negotiation should have succeeded!"
"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail ${PID} "4. Unsafe renegotiation should have failed!"
+ fail ${PID} "4. Unsafe renegotiation should have failed!"
kill ${PID}
@@ -63,16 +63,16 @@ PID=$!
wait_server ${PID}
"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "5. Safe rehandshake should have succeeded!"
+ fail ${PID} "5. Safe rehandshake should have succeeded!"
"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "6. Unsafe rehandshake should have succeeded!"
+ fail ${PID} "6. Unsafe rehandshake should have succeeded!"
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail ${PID} "7. Unsafe negotiation should have failed!"
+ fail ${PID} "7. Unsafe negotiation should have failed!"
"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail ${PID} "8. Unsafe renegotiation should have failed!"
+ fail ${PID} "8. Unsafe renegotiation should have failed!"
kill ${PID}
wait
@@ -82,16 +82,16 @@ PID=$!
wait_server ${PID}
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail ${PID} "9. Initial connection should have failed!"
+ fail ${PID} "9. Initial connection should have failed!"
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "10. Unsafe connection should have succeeded!"
+ fail ${PID} "10. Unsafe connection should have succeeded!"
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "11. Unsafe negotiation should have succeeded!"
+ fail ${PID} "11. Unsafe negotiation should have succeeded!"
"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail ${PID} "12. Unsafe renegotiation should have succeeded!"
+ fail ${PID} "12. Unsafe renegotiation should have succeeded!"
kill ${PID}
wait
diff --git a/tests/userid/userid b/tests/userid/userid
index fbf97e7..b1c93fc 100755
--- a/tests/userid/userid
+++ b/tests/userid/userid
@@ -23,12 +23,12 @@
srcdir="${srcdir:-.}"
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
-$CERTTOOL --certificate-info --infile "${srcdir}/userid.pem" >out 2>&1
+"${CERTTOOL}" --certificate-info --infile "${srcdir}/userid.pem" >out 2>&1
RET=$?
-if [ ${RET} != 0 ];then
- echo "Error in userid:"
- cat out
- exit 1
+if [ ${RET} != 0 ]; then
+ echo "Error in userid:"
+ cat out
+ exit 1
fi
rm -f out
--
2.3.6
More information about the Gnutls-devel
mailing list