commit 70c7373f81452c3b1f0bbd4b3c15636c1271ba90
author Hanno Becker <hanno.becker@arm.com> Mon Sep 02 09:03:53 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Wed Sep 04 16:19:49 2019 +0100
tree cc0134db169719321ce5f3b7118dcb7690f510c9
parent 2e80173dfcd16e1be99c2440c0e65da681ff847a

compat.sh: Introduce env variable for CRTs, CAs and keys

This commit introduces environment variables

- SRV_ECDSA_CRT
- SRV_ECDSA_KEY
- CLI_ECDSA_CRT
- CLI_ECDSA_KEY
- SRV_RSA_CRT
- SRV_RSA_KEY
- CLI_RSA_CRT
- CLI_RSA_KEY
- CA_FILE

to tests/compat.sh which hold the path of the CA, client and server
certificate and key files to use by the script.

This is a preparatory step towards switching to a different set of
certificates and keys in case the configuration doesn't match the
certificates in use so far (e.g.: the ECDSA certificates use Secp384r1,
so if that's disabled, ECDSA tests will fail).

tests/compat.sh

diff --git a/tests/compat.sh b/tests/compat.sh
index 54bc0b7..5244860 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -32,6 +32,16 @@
 : ${GNUTLS_CLI:=gnutls-cli}
 : ${GNUTLS_SERV:=gnutls-serv}
 
+: ${SRV_ECDSA_CRT:="data_files/server5.crt"}
+: ${SRV_ECDSA_KEY:="data_files/server5.key"}
+: ${CLI_ECDSA_CRT:="data_files/server6.crt"}
+: ${CLI_ECDSA_KEY:="data_files/server6.key"}
+: ${SRV_RSA_CRT:="data_files/server2.crt"}
+: ${SRV_RSA_KEY:="data_files/server2.key"}
+: ${CLI_RSA_CRT:="data_files/server1.crt"}
+: ${CLI_RSA_KEY:="data_files/server1.key"}
+: ${CA_FILE:="data_files/test-ca_cat12.crt"}
+
 # do we have a recent enough GnuTLS?
 if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
     G_VER="$( $GNUTLS_CLI --version | head -n1 )"
@@ -912,13 +922,13 @@
 
     if [ "X$VERIFY" = "XYES" ];
     then
-        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
-        O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
-        G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
+        M_SERVER_ARGS="$M_SERVER_ARGS ca_file=$CA_FILE auth_mode=required"
+        O_SERVER_ARGS="$O_SERVER_ARGS -CAfile $CA_FILE -Verify 10"
+        G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile $CA_FILE --require-client-cert"
 
-        M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
-        O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
-        G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
+        M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=$CA_FILE auth_mode=required"
+        O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile $CA_FILE -verify 10"
+        G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile $CA_FILE"
     else
         # don't request a client cert at all
         M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none"
@@ -931,28 +941,28 @@
 
     case $TYPE in
         "ECDSA")
-            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
-            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
-            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
+            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$SRV_ECDSA_CRT key_file=$SRV_ECDSA_KEY"
+            O_SERVER_ARGS="$O_SERVER_ARGS -cert $SRV_ECDSA_CRT -key $SRV_ECDSA_KEY"
+            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $SRV_ECDSA_CRT --x509keyfile $SRV_ECDSA_KEY"
 
             if [ "X$VERIFY" = "XYES" ]; then
-                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
-                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
-                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
+                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$CLI_ECDSA_CRT key_file=$CLI_ECDSA_KEY"
+                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $CLI_ECDSA_CRT -key $CLI_ECDSA_KEY"
+                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $CLI_ECDSA_CRT --x509keyfile $CLI_ECDSA_KEY"
             else
                 M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
             fi
             ;;
 
         "RSA")
-            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
-            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
-            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
+            M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$SRV_RSA_CRT key_file=$SRV_RSA_KEY"
+            O_SERVER_ARGS="$O_SERVER_ARGS -cert $SRV_RSA_CRT -key $SRV_RSA_KEY"
+            G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $SRV_RSA_CRT --x509keyfile $SRV_RSA_KEY"
 
             if [ "X$VERIFY" = "XYES" ]; then
-                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
-                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
-                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
+                M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$CLI_RSA_CRT key_file=$CLI_RSA_KEY"
+                O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $CLI_RSA_CRT -key $CLI_RSA_KEY"
+                G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $CLI_RSA_CRT --x509keyfile $CLI_RSA_KEY"
             else
                 M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
             fi