More expansive testing
diff --git a/tests/compat.sh b/tests/compat.sh
index 4c292b0..d35a813 100644
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -1,19 +1,22 @@
killall -q openssl ssl_server ssl_server2
MODES="ssl3 tls1 tls1_1 tls1_2"
-#VERIFY="YES"
-VERIFY=""
+VERIFIES="NO YES"
OPENSSL=openssl
+for VERIFY in $VERIFIES;
+do
if [ "X$VERIFY" = "XYES" ];
then
- P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key"
- O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt"
+ P_SERVER_ARGS="auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
+ P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
+ O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
+ O_CLIENT_ARGS="-cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
fi
for MODE in $MODES;
do
-echo "Running for $MODE"
+echo "Running for $MODE (Verify: $VERIFY)"
echo "-----------"
P_CIPHERS=" \
@@ -56,24 +59,24 @@
# Also add SHA256 ciphersuites
#
-P_CIPHERS="$P_CIPHERS \
- TLS-RSA-WITH-NULL-SHA256 \
- TLS-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
- "
-
-O_CIPHERS="$O_CIPHERS \
- NULL-SHA256 \
- AES128-SHA256 \
- DHE-RSA-AES128-SHA256 \
- AES256-SHA256 \
- DHE-RSA-AES256-SHA256 \
- "
-
if [ "$MODE" = "tls1_2" ];
then
+ P_CIPHERS="$P_CIPHERS \
+ TLS-RSA-WITH-NULL-SHA256 \
+ TLS-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
+ TLS-RSA-WITH-AES-256-CBC-SHA256 \
+ TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
+ "
+
+ O_CIPHERS="$O_CIPHERS \
+ NULL-SHA256 \
+ AES128-SHA256 \
+ DHE-RSA-AES128-SHA256 \
+ AES256-SHA256 \
+ DHE-RSA-AES256-SHA256 \
+ "
+
P_CIPHERS="$P_CIPHERS \
TLS-RSA-WITH-AES-128-GCM-SHA256 \
TLS-RSA-WITH-AES-256-GCM-SHA384 \
@@ -112,14 +115,14 @@
done
kill $PROCESS_ID
-../programs/ssl/ssl_server2 > /dev/null &
+../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
PROCESS_ID=$!
sleep 1
for i in $O_CIPHERS;
do
- RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i 2>&1)"
+ RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
EXIT=$?
echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
@@ -131,6 +134,8 @@
echo "Ciphersuite not supported in server"
else
echo Failed
+ echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
+ echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
echo $RESULT
fi
else
@@ -140,7 +145,7 @@
kill $PROCESS_ID
-../programs/ssl/ssl_server2 > /dev/null &
+../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
PROCESS_ID=$!
sleep 1
@@ -160,7 +165,7 @@
for i in $P_CIPHERS;
do
- RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
+ RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )"
EXIT=$?
echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
if [ "$EXIT" = "2" ];
@@ -177,4 +182,4 @@
kill $PROCESS_ID
done
-
+done