TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / a9062e96e7ea4d3e95edb960a8ee46959903d3d6 / . / tests / ssl-opt.sh
blob: f2879b0a67382e86c91f7dd427795f448761d5fd [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
11PROGS_DIR='../programs/ssl'
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]12P_SRV="$PROGS_DIR/ssl_server2"
13P_CLI="$PROGS_DIR/ssl_client2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]14
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]15TESTS=0
16FAILS=0
17
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]18# print_name <name>
19print_name() {
20 echo -n "$1 "
21 LEN=`echo "$1" | wc -c`
22 LEN=`echo 72 - $LEN | bc`
23 for i in `seq 1 $LEN`; do echo -n '.'; done
24 echo -n ' '
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]25
26 TESTS=`echo $TESTS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]27}
28
29# fail <message>
30fail() {
31 echo "FAIL"
32 echo " $1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]33
34 cp srv_out srv-${TESTS}.log
35 cp cli_out cli-${TESTS}.log
36 echo " outputs saved to srv-${TESTS}.log and cli-${TESTS}.log"
37
38 FAILS=`echo $FAILS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]39}
40
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]41# Usage: run_test name srv_args cli_args cli_exit [option [...]]
42# Options: -s pattern pattern that must be present in server output
43# -c pattern pattern that must be present in client output
44# -S pattern pattern that must be absent in server output
45# -C pattern pattern that must be absent in client output
46run_test() {
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]47 print_name "$1"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]48 shift
49
50 # run the commands
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame^]51 $SHELL -c "$1" > srv_out 2>&1 &
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]52 SRV_PID=$!
53 sleep 1
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame^]54 $SHELL -c "$2" > cli_out 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]55 CLI_EXIT=$?
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]56 echo SERVERQUIT | openssl s_client -no_ticket \
57 -cert data_files/cli2.crt -key data_files/cli2.key \
58 >/dev/null 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]59 wait $SRV_PID
60 shift 2
61
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]62 # check server exit code
63 if [ $? != 0 ]; then
64 fail "server fail"
65 return
66 fi
67
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]68 # check client exit code
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]69 if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
70 \( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
71 then
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]72 fail "bad client exit code"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]73 return
74 fi
75 shift
76
77 # check options
78 while [ $# -gt 0 ]
79 do
80 case $1 in
81 "-s")
82 if grep "$2" srv_out >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]83 fail "-s $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]84 return
85 fi
86 ;;
87
88 "-c")
89 if grep "$2" cli_out >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]90 fail "-c $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]91 return
92 fi
93 ;;
94
95 "-S")
96 if grep "$2" srv_out >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]97 fail "-S $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]98 return
99 fi
100 ;;
101
102 "-C")
103 if grep "$2" cli_out >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]104 fail "-C $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]105 return
106 fi
107 ;;
108
109 *)
110 echo "Unkown test: $1" >&2
111 exit 1
112 esac
113 shift 2
114 done
115
116 # if we're here, everything is ok
117 echo "PASS"
118 rm -r srv_out cli_out
119}
120
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame^]121cleanup() {
122 kill $SRV_PID
123 exit 1
124}
125
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]126killall -q openssl ssl_server ssl_server2
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame^]127trap cleanup INT TERM HUP
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]128
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]129# Test for SSLv2 ClientHello
130
131run_test "SSLv2 ClientHello #0 (reference)" \
132 "$P_SRV debug_level=3" \
133 "echo GET / HTTP/1.0 | openssl s_client -no_ssl2" \
134 0 \
135 -S "parse client hello v2" \
136 -S "ssl_handshake returned"
137
138# Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello
139run_test "SSLv2 ClientHello #1 (actual test)" \
140 "$P_SRV debug_level=3" \
141 "echo GET / HTTP/1.0 | openssl s_client -cipher DES-CBC-MD5:ALL" \
142 0 \
143 -s "parse client hello v2" \
144 -S "ssl_handshake returned"
145
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]146# Tests for Truncated HMAC extension
147
148run_test "Truncated HMAC #0" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]149 "$P_SRV debug_level=5" \
150 "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]151 0 \
152 -s "dumping 'computed mac' (20 bytes)"
153
154run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]155 "$P_SRV debug_level=5" \
156 "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]157 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]158 -s "dumping 'computed mac' (10 bytes)"
159
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]160# Tests for Session Tickets
161
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]162run_test "Session resume using tickets #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]163 "$P_SRV debug_level=4 tickets=1" \
164 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]165 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]166 -c "client hello, adding session ticket extension" \
167 -s "found session ticket extension" \
168 -s "server hello, adding session ticket extension" \
169 -c "found session_ticket extension" \
170 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]171 -S "session successfully restored from cache" \
172 -s "session successfully restored from ticket" \
173 -s "a session has been resumed" \
174 -c "a session has been resumed"
175
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]176run_test "Session resume using tickets #2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]177 "$P_SRV debug_level=4 tickets=1 cache_max=0" \
178 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]179 0 \
180 -c "client hello, adding session ticket extension" \
181 -s "found session ticket extension" \
182 -s "server hello, adding session ticket extension" \
183 -c "found session_ticket extension" \
184 -c "parse new session ticket" \
185 -S "session successfully restored from cache" \
186 -s "session successfully restored from ticket" \
187 -s "a session has been resumed" \
188 -c "a session has been resumed"
189
190run_test "Session resume using tickets #3" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]191 "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
192 "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]193 0 \
194 -c "client hello, adding session ticket extension" \
195 -s "found session ticket extension" \
196 -s "server hello, adding session ticket extension" \
197 -c "found session_ticket extension" \
198 -c "parse new session ticket" \
199 -S "session successfully restored from cache" \
200 -S "session successfully restored from ticket" \
201 -S "a session has been resumed" \
202 -C "a session has been resumed"
203
204run_test "Session resume using tickets #4" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]205 "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
206 "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]207 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]208 -c "client hello, adding session ticket extension" \
209 -s "found session ticket extension" \
210 -s "server hello, adding session ticket extension" \
211 -c "found session_ticket extension" \
212 -c "parse new session ticket" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]213 -S "session successfully restored from cache" \
214 -s "session successfully restored from ticket" \
215 -s "a session has been resumed" \
216 -c "a session has been resumed"
217
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]218# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]219
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]220run_test "Session resume using cache #1 (tickets enabled on client)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]221 "$P_SRV debug_level=4 tickets=0" \
222 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]223 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]224 -c "client hello, adding session ticket extension" \
225 -s "found session ticket extension" \
226 -S "server hello, adding session ticket extension" \
227 -C "found session_ticket extension" \
228 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]229 -s "session successfully restored from cache" \
230 -S "session successfully restored from ticket" \
231 -s "a session has been resumed" \
232 -c "a session has been resumed"
233
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]234run_test "Session resume using cache #2 (tickets enabled on server)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]235 "$P_SRV debug_level=4 tickets=1" \
236 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]237 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]238 -C "client hello, adding session ticket extension" \
239 -S "found session ticket extension" \
240 -S "server hello, adding session ticket extension" \
241 -C "found session_ticket extension" \
242 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]243 -s "session successfully restored from cache" \
244 -S "session successfully restored from ticket" \
245 -s "a session has been resumed" \
246 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]247
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]248run_test "Session resume using cache #3 (cache_max=0)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]249 "$P_SRV debug_level=4 tickets=0 cache_max=0" \
250 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]251 0 \
252 -S "session successfully restored from cache" \
253 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]254 -S "a session has been resumed" \
255 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]256
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]257run_test "Session resume using cache #4 (cache_max=1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]258 "$P_SRV debug_level=4 tickets=0 cache_max=1" \
259 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]260 0 \
261 -s "session successfully restored from cache" \
262 -S "session successfully restored from ticket" \
263 -s "a session has been resumed" \
264 -c "a session has been resumed"
265
266run_test "Session resume using cache #5 (timemout > delay)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]267 "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \
268 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]269 0 \
270 -s "session successfully restored from cache" \
271 -S "session successfully restored from ticket" \
272 -s "a session has been resumed" \
273 -c "a session has been resumed"
274
275run_test "Session resume using cache #6 (timeout < delay)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]276 "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \
277 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]278 0 \
279 -S "session successfully restored from cache" \
280 -S "session successfully restored from ticket" \
281 -S "a session has been resumed" \
282 -C "a session has been resumed"
283
284run_test "Session resume using cache #7 (no timeout)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]285 "$P_SRV debug_level=4 tickets=0 cache_timeout=0" \
286 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]287 0 \
288 -s "session successfully restored from cache" \
289 -S "session successfully restored from ticket" \
290 -s "a session has been resumed" \
291 -c "a session has been resumed"
292
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]293# Tests for Max Fragment Length extension
294
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]295run_test "Max fragment length #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]296 "$P_SRV debug_level=4" \
297 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]298 0 \
299 -C "client hello, adding max_fragment_length extension" \
300 -S "found max fragment length extension" \
301 -S "server hello, max_fragment_length extension" \
302 -C "found max_fragment_length extension"
303
304run_test "Max fragment length #2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]305 "$P_SRV debug_level=4" \
306 "$P_CLI debug_level=4 max_frag_len=4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]307 0 \
308 -c "client hello, adding max_fragment_length extension" \
309 -s "found max fragment length extension" \
310 -s "server hello, max_fragment_length extension" \
311 -c "found max_fragment_length extension"
312
313run_test "Max fragment length #3" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]314 "$P_SRV debug_level=4 max_frag_len=4096" \
315 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]316 0 \
317 -C "client hello, adding max_fragment_length extension" \
318 -S "found max fragment length extension" \
319 -S "server hello, max_fragment_length extension" \
320 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]321
322# Tests for renegotiation
323
324run_test "Renegotiation #0 (none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]325 "$P_SRV debug_level=4" \
326 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]327 0 \
328 -C "client hello, adding renegotiation extension" \
329 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
330 -S "found renegotiation extension" \
331 -s "server hello, secure renegotiation extension" \
332 -c "found renegotiation extension" \
333 -C "renegotiate" \
334 -S "renegotiate" \
335 -S "write hello request"
336
337run_test "Renegotiation #1 (enabled, client-initiated)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]338 "$P_SRV debug_level=4" \
339 "$P_CLI debug_level=4 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]340 0 \
341 -c "client hello, adding renegotiation extension" \
342 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
343 -s "found renegotiation extension" \
344 -s "server hello, secure renegotiation extension" \
345 -c "found renegotiation extension" \
346 -c "renegotiate" \
347 -s "renegotiate" \
348 -S "write hello request"
349
350run_test "Renegotiation #2 (enabled, server-initiated)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]351 "$P_SRV debug_level=4 renegotiate=1" \
352 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]353 0 \
354 -c "client hello, adding renegotiation extension" \
355 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
356 -s "found renegotiation extension" \
357 -s "server hello, secure renegotiation extension" \
358 -c "found renegotiation extension" \
359 -c "renegotiate" \
360 -s "renegotiate" \
361 -s "write hello request"
362
363run_test "Renegotiation #3 (enabled, double)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]364 "$P_SRV debug_level=4 renegotiate=1" \
365 "$P_CLI debug_level=4 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]366 0 \
367 -c "client hello, adding renegotiation extension" \
368 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
369 -s "found renegotiation extension" \
370 -s "server hello, secure renegotiation extension" \
371 -c "found renegotiation extension" \
372 -c "renegotiate" \
373 -s "renegotiate" \
374 -s "write hello request"
375
376run_test "Renegotiation #4 (client-initiated, server-rejected)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]377 "$P_SRV debug_level=4 renegotiation=0" \
378 "$P_CLI debug_level=4 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]379 1 \
380 -c "client hello, adding renegotiation extension" \
381 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
382 -S "found renegotiation extension" \
383 -s "server hello, secure renegotiation extension" \
384 -c "found renegotiation extension" \
385 -c "renegotiate" \
386 -S "renegotiate" \
387 -S "write hello request"
388
389run_test "Renegotiation #5 (server-initiated, client-rejected)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]390 "$P_SRV debug_level=4 renegotiate=1" \
391 "$P_CLI debug_level=4 renegotiation=0" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]392 0 \
393 -C "client hello, adding renegotiation extension" \
394 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
395 -S "found renegotiation extension" \
396 -s "server hello, secure renegotiation extension" \
397 -c "found renegotiation extension" \
398 -C "renegotiate" \
399 -S "renegotiate" \
400 -s "write hello request" \
401 -s "SSL - An unexpected message was received from our peer" \
402 -s "failed"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]403
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]404# Tests for auth_mode
405
406run_test "Authentication #1 (server badcert, client required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]407 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]408 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]409 "$P_CLI debug_level=2 auth_mode=required" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]410 1 \
411 -c "x509_verify_cert() returned" \
412 -c "! self-signed or not signed by a trusted CA" \
413 -c "! ssl_handshake returned" \
414 -c "X509 - Certificate verification failed"
415
416run_test "Authentication #2 (server badcert, client optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]417 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]418 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]419 "$P_CLI debug_level=2 auth_mode=optional" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]420 0 \
421 -c "x509_verify_cert() returned" \
422 -c "! self-signed or not signed by a trusted CA" \
423 -C "! ssl_handshake returned" \
424 -C "X509 - Certificate verification failed"
425
426run_test "Authentication #3 (server badcert, client none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]427 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]428 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]429 "$P_CLI debug_level=2 auth_mode=none" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]430 0 \
431 -C "x509_verify_cert() returned" \
432 -C "! self-signed or not signed by a trusted CA" \
433 -C "! ssl_handshake returned" \
434 -C "X509 - Certificate verification failed"
435
436run_test "Authentication #4 (client badcert, server required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]437 "$P_SRV debug_level=4 auth_mode=required" \
438 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]439 key_file=data_files/server5.key" \
440 1 \
441 -S "skip write certificate request" \
442 -C "skip parse certificate request" \
443 -c "got a certificate request" \
444 -C "skip write certificate" \
445 -C "skip write certificate verify" \
446 -S "skip parse certificate verify" \
447 -s "x509_verify_cert() returned" \
448 -S "! self-signed or not signed by a trusted CA" \
449 -s "! ssl_handshake returned" \
450 -c "! ssl_handshake returned" \
451 -s "X509 - Certificate verification failed"
452
453run_test "Authentication #5 (client badcert, server optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]454 "$P_SRV debug_level=4 auth_mode=optional" \
455 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]456 key_file=data_files/server5.key" \
457 0 \
458 -S "skip write certificate request" \
459 -C "skip parse certificate request" \
460 -c "got a certificate request" \
461 -C "skip write certificate" \
462 -C "skip write certificate verify" \
463 -S "skip parse certificate verify" \
464 -s "x509_verify_cert() returned" \
465 -s "! self-signed or not signed by a trusted CA" \
466 -S "! ssl_handshake returned" \
467 -C "! ssl_handshake returned" \
468 -S "X509 - Certificate verification failed"
469
470run_test "Authentication #6 (client badcert, server none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]471 "$P_SRV debug_level=4 auth_mode=none" \
472 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]473 key_file=data_files/server5.key" \
474 0 \
475 -s "skip write certificate request" \
476 -C "skip parse certificate request" \
477 -c "got no certificate request" \
478 -c "skip write certificate" \
479 -c "skip write certificate verify" \
480 -s "skip parse certificate verify" \
481 -S "x509_verify_cert() returned" \
482 -S "! self-signed or not signed by a trusted CA" \
483 -S "! ssl_handshake returned" \
484 -C "! ssl_handshake returned" \
485 -S "X509 - Certificate verification failed"
486
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]487# tests for SNI
488
489run_test "SNI #0 (no SNI callback)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]490 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]491 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]492 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]493 server_name=localhost" \
494 0 \
495 -S "parse ServerName extension" \
496 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
497 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
498
499run_test "SNI #1 (matching cert 1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]500 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]501 crt_file=data_files/server5.crt key_file=data_files/server5.key \
502 sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]503 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]504 server_name=localhost" \
505 0 \
506 -s "parse ServerName extension" \
507 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
508 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
509
510run_test "SNI #2 (matching cert 2)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]511 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]512 crt_file=data_files/server5.crt key_file=data_files/server5.key \
513 sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]514 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]515 server_name='PolarSSL Server 1'" \
516 0 \
517 -s "parse ServerName extension" \
518 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
519 -c "subject name *: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
520
521run_test "SNI #3 (no matching cert)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]522 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]523 crt_file=data_files/server5.crt key_file=data_files/server5.key \
524 sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]525 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]526 server_name='PolarSSL Server 2'" \
527 1 \
528 -s "parse ServerName extension" \
529 -s "ssl_sni_wrapper() returned" \
530 -s "ssl_handshake returned" \
531 -c "ssl_handshake returned" \
532 -c "SSL - A fatal alert message was received from our peer"
533
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]534# Final report
535
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]536echo "------------------------------------------------------------------------"
537
538if [ $FAILS = 0 ]; then
539 echo -n "PASSED"
540else
541 echo -n "FAILED"
542fi
543PASSES=`echo $TESTS - $FAILS | bc`
Manuel Pégourié-Gonnard4145b892014-02-24 13:20:14 +0100[diff] [blame]544echo " ($PASSES / $TESTS tests)"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]545
546exit $FAILS