TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/development / . / tests / opt-testcases / sample.sh
blob: 88f3b1297c901db2286eab6fd5252d3bcee0f729 [file] [log] [blame]
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]1# Test that SSL sample programs can interoperate with each other
2# and with OpenSSL and GnuTLS.
Gilles Peskinea602a412024-09-04 16:04:42 +0200[diff] [blame]3
4# Copyright The Mbed TLS Contributors
5# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
7: ${PROGRAMS_DIR:=../programs/ssl}
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]8
Gilles Peskine465837b2024-09-25 21:26:02 +0200[diff] [blame]9# Disable session tickets for ssl_client1 when potentially using TLS 1.3
10# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved
11# and (if relevant) implemented in ssl_client1.
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]12run_test "Sample: ssl_client1, ssl_server2" \
13 -P 4433 \
Gilles Peskine465837b2024-09-25 21:26:02 +0200[diff] [blame]14 "$PROGRAMS_DIR/ssl_server2 tickets=0" \
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]15 "$PROGRAMS_DIR/ssl_client1" \
16 0 \
17 -s "[1-9][0-9]* bytes read" \
18 -s "[1-9][0-9]* bytes written" \
19 -c "[1-9][0-9]* bytes read" \
20 -c "[1-9][0-9]* bytes written" \
21 -S "error" \
22 -C "error"
23
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]24requires_protocol_version tls12
25run_test "Sample: ssl_client1, openssl server, TLS 1.2" \
26 -P 4433 \
27 "$O_SRV -tls1_2" \
28 "$PROGRAMS_DIR/ssl_client1" \
29 0 \
Gilles Peskine6ef52392024-09-04 23:33:36 +0200[diff] [blame]30 -c "Protocol.*TLSv1.2" \
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]31 -S "ERROR" \
32 -C "error"
33
34requires_protocol_version tls12
35run_test "Sample: ssl_client1, gnutls server, TLS 1.2" \
36 -P 4433 \
37 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
38 "$PROGRAMS_DIR/ssl_client1" \
39 0 \
40 -s "Version: TLS1.2" \
41 -c "<TD>Protocol version:</TD><TD>TLS1.2</TD>" \
42 -S "Error" \
43 -C "error"
44
Gilles Peskine465837b2024-09-25 21:26:02 +0200[diff] [blame]45# Disable session tickets for ssl_client1 when using TLS 1.3
46# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved
47# and (if relevant) implemented in ssl_client1.
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]48requires_protocol_version tls13
Gilles Peskine33388212024-09-04 23:32:42 +0200[diff] [blame]49requires_openssl_tls1_3
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]50run_test "Sample: ssl_client1, openssl server, TLS 1.3" \
51 -P 4433 \
Gilles Peskine465837b2024-09-25 21:26:02 +0200[diff] [blame]52 "$O_NEXT_SRV -tls1_3 -num_tickets 0" \
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]53 "$PROGRAMS_DIR/ssl_client1" \
54 0 \
55 -c "New, TLSv1.3, Cipher is" \
56 -S "ERROR" \
57 -C "error"
58
Gilles Peskine465837b2024-09-25 21:26:02 +0200[diff] [blame]59# Disable session tickets for ssl_client1 when using TLS 1.3
60# until https://github.com/Mbed-TLS/mbedtls/issues/6640 is resolved
61# and (if relevant) implemented in ssl_client1.
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]62requires_protocol_version tls13
Gilles Peskine8db2b792024-09-05 13:05:49 +0200[diff] [blame]63requires_gnutls_tls1_3
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]64run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \
65 -P 4433 \
Gilles Peskine465837b2024-09-25 21:26:02 +0200[diff] [blame]66 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 --noticket" \
Gilles Peskine7985d452024-09-04 16:06:10 +0200[diff] [blame]67 "$PROGRAMS_DIR/ssl_client1" \
68 0 \
69 -s "Version: TLS1.3" \
70 -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
71 -S "Error" \
72 -C "error"
Gilles Peskineae710c82024-09-04 16:07:56 +0200[diff] [blame]73
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]74# The server complains of extra data after it closes the connection
75# because the client keeps sending data, so the server receives
76# more application data when it expects a new handshake. We consider
77# the test a success if both sides have sent and received application
78# data, no matter what happens afterwards.
79run_test "Sample: dtls_client, ssl_server2" \
80 -P 4433 \
81 "$PROGRAMS_DIR/ssl_server2 dtls=1 server_addr=localhost" \
82 "$PROGRAMS_DIR/dtls_client" \
83 0 \
84 -s "[1-9][0-9]* bytes read" \
85 -s "[1-9][0-9]* bytes written" \
86 -c "[1-9][0-9]* bytes read" \
87 -c "[1-9][0-9]* bytes written" \
88 -C "error"
89
Gilles Peskinee13ff092024-09-13 18:15:13 +0200[diff] [blame]90# The dtls_client program connects to localhost. This test case fails on
91# systems where the name "localhost" resolves to an IPv6 address, but
92# the IPv6 connection is not possible. Possible reasons include:
93# * OpenSSL is too old (IPv6 support was added in 1.1.0).
94# * OpenSSL was built without IPv6 support.
95# * A firewall blocks IPv6.
96#
97# To facilitate working with this test case, have it run with $OPENSSL_NEXT
98# which is at least 1.1.1a. At the time it was introduced, this test case
99# passed with OpenSSL 1.0.2g on an environment where IPv6 is disabled.
Gilles Peskineae710c82024-09-04 16:07:56 +0200[diff] [blame]100requires_protocol_version dtls12
101run_test "Sample: dtls_client, openssl server, DTLS 1.2" \
102 -P 4433 \
Gilles Peskinee13ff092024-09-13 18:15:13 +0200[diff] [blame]103 "$O_NEXT_SRV -dtls1_2" \
Gilles Peskineae710c82024-09-04 16:07:56 +0200[diff] [blame]104 "$PROGRAMS_DIR/dtls_client" \
105 0 \
106 -s "Echo this" \
Gilles Peskineae710c82024-09-04 16:07:56 +0200[diff] [blame]107 -c "Echo this" \
108 -c "[1-9][0-9]* bytes written" \
109 -c "[1-9][0-9]* bytes read" \
110 -S "ERROR" \
111 -C "error"
112
113requires_protocol_version dtls12
114run_test "Sample: dtls_client, gnutls server, DTLS 1.2" \
115 -P 4433 \
116 "$G_SRV -u --echo --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
117 "$PROGRAMS_DIR/dtls_client" \
118 0 \
119 -s "Server listening" \
120 -s "[1-9][0-9]* bytes command:" \
121 -c "Echo this" \
122 -c "[1-9][0-9]* bytes written" \
123 -c "[1-9][0-9]* bytes read" \
124 -S "Error" \
125 -C "error"
Gilles Peskinea21e8932024-09-04 16:30:32 +0200[diff] [blame]126
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]127run_test "Sample: ssl_server, ssl_client2" \
128 -P 4433 \
129 "$PROGRAMS_DIR/ssl_server" \
130 "$PROGRAMS_DIR/ssl_client2" \
131 0 \
132 -s "[1-9][0-9]* bytes read" \
133 -s "[1-9][0-9]* bytes written" \
134 -c "[1-9][0-9]* bytes read" \
135 -c "[1-9][0-9]* bytes written" \
136 -S "error" \
137 -C "error"
138
139run_test "Sample: ssl_client1 with ssl_server" \
140 -P 4433 \
141 "$PROGRAMS_DIR/ssl_server" \
142 "$PROGRAMS_DIR/ssl_client1" \
143 0 \
144 -s "[1-9][0-9]* bytes read" \
145 -s "[1-9][0-9]* bytes written" \
146 -c "[1-9][0-9]* bytes read" \
147 -c "[1-9][0-9]* bytes written" \
148 -S "error" \
149 -C "error"
150
Gilles Peskinea21e8932024-09-04 16:30:32 +0200[diff] [blame]151requires_protocol_version tls12
152run_test "Sample: ssl_server, openssl client, TLS 1.2" \
153 -P 4433 \
154 "$PROGRAMS_DIR/ssl_server" \
155 "$O_CLI -tls1_2" \
156 0 \
157 -s "Successful connection using: TLS-" \
Gilles Peskine6ef52392024-09-04 23:33:36 +0200[diff] [blame]158 -c "Protocol.*TLSv1.2" \
Gilles Peskinea21e8932024-09-04 16:30:32 +0200[diff] [blame]159 -S "error" \
160 -C "ERROR"
161
162requires_protocol_version tls12
163run_test "Sample: ssl_server, gnutls client, TLS 1.2" \
164 -P 4433 \
165 "$PROGRAMS_DIR/ssl_server" \
166 "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
167 0 \
168 -s "Successful connection using: TLS-" \
169 -c "Description:.*TLS1.2" \
170 -S "error" \
171 -C "ERROR"
172
173requires_protocol_version tls13
Gilles Peskine33388212024-09-04 23:32:42 +0200[diff] [blame]174requires_openssl_tls1_3
Gilles Peskinea21e8932024-09-04 16:30:32 +0200[diff] [blame]175run_test "Sample: ssl_server, openssl client, TLS 1.3" \
176 -P 4433 \
177 "$PROGRAMS_DIR/ssl_server" \
Gilles Peskine33388212024-09-04 23:32:42 +0200[diff] [blame]178 "$O_NEXT_CLI -tls1_3" \
Gilles Peskinea21e8932024-09-04 16:30:32 +0200[diff] [blame]179 0 \
180 -s "Successful connection using: TLS1-3-" \
181 -c "New, TLSv1.3, Cipher is" \
182 -S "error" \
183 -C "ERROR"
184
185requires_protocol_version tls13
Gilles Peskine8db2b792024-09-05 13:05:49 +0200[diff] [blame]186requires_gnutls_tls1_3
Gilles Peskinea21e8932024-09-04 16:30:32 +0200[diff] [blame]187run_test "Sample: ssl_server, gnutls client, TLS 1.3" \
188 -P 4433 \
189 "$PROGRAMS_DIR/ssl_server" \
Gilles Peskine8db2b792024-09-05 13:05:49 +0200[diff] [blame]190 "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
Gilles Peskinea21e8932024-09-04 16:30:32 +0200[diff] [blame]191 0 \
192 -s "Successful connection using: TLS1-3-" \
193 -c "Description:.*TLS1.3" \
194 -S "error" \
195 -C "ERROR"
Gilles Peskine3abca952024-09-04 16:31:06 +0200[diff] [blame]196
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]197run_test "Sample: ssl_fork_server, ssl_client2" \
198 -P 4433 \
199 "$PROGRAMS_DIR/ssl_fork_server" \
200 "$PROGRAMS_DIR/ssl_client2" \
201 0 \
202 -s "[1-9][0-9]* bytes read" \
203 -s "[1-9][0-9]* bytes written" \
204 -c "[1-9][0-9]* bytes read" \
205 -c "[1-9][0-9]* bytes written" \
206 -S "error" \
207 -C "error"
208
209run_test "Sample: ssl_client1 with ssl_fork_server" \
210 -P 4433 \
211 "$PROGRAMS_DIR/ssl_fork_server" \
212 "$PROGRAMS_DIR/ssl_client1" \
213 0 \
214 -s "[1-9][0-9]* bytes read" \
215 -s "[1-9][0-9]* bytes written" \
216 -c "[1-9][0-9]* bytes read" \
217 -c "[1-9][0-9]* bytes written" \
218 -S "error" \
219 -C "error"
220
Gilles Peskine3abca952024-09-04 16:31:06 +0200[diff] [blame]221requires_protocol_version tls12
Gilles Peskinec83e56c2024-09-04 17:47:14 +0200[diff] [blame]222run_test "Sample: ssl_fork_server, openssl client, TLS 1.2" \
223 -P 4433 \
224 "$PROGRAMS_DIR/ssl_fork_server" \
225 "$O_CLI -tls1_2" \
226 0 \
227 -s "Successful connection using: TLS-" \
Gilles Peskine6ef52392024-09-04 23:33:36 +0200[diff] [blame]228 -c "Protocol.*TLSv1.2" \
Gilles Peskinec83e56c2024-09-04 17:47:14 +0200[diff] [blame]229 -S "error" \
230 -C "ERROR"
231
232requires_protocol_version tls12
233run_test "Sample: ssl_fork_server, gnutls client, TLS 1.2" \
234 -P 4433 \
235 "$PROGRAMS_DIR/ssl_fork_server" \
236 "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
237 0 \
238 -s "Successful connection using: TLS-" \
239 -c "Description:.*TLS1.2" \
240 -S "error" \
241 -C "ERROR"
242
243requires_protocol_version tls13
Gilles Peskine33388212024-09-04 23:32:42 +0200[diff] [blame]244requires_openssl_tls1_3
Gilles Peskinec83e56c2024-09-04 17:47:14 +0200[diff] [blame]245run_test "Sample: ssl_fork_server, openssl client, TLS 1.3" \
246 -P 4433 \
247 "$PROGRAMS_DIR/ssl_fork_server" \
Gilles Peskine33388212024-09-04 23:32:42 +0200[diff] [blame]248 "$O_NEXT_CLI -tls1_3" \
Gilles Peskinec83e56c2024-09-04 17:47:14 +0200[diff] [blame]249 0 \
250 -s "Successful connection using: TLS1-3-" \
251 -c "New, TLSv1.3, Cipher is" \
252 -S "error" \
253 -C "ERROR"
254
255requires_protocol_version tls13
Gilles Peskine8db2b792024-09-05 13:05:49 +0200[diff] [blame]256requires_gnutls_tls1_3
Gilles Peskinec83e56c2024-09-04 17:47:14 +0200[diff] [blame]257run_test "Sample: ssl_fork_server, gnutls client, TLS 1.3" \
258 -P 4433 \
259 "$PROGRAMS_DIR/ssl_fork_server" \
Gilles Peskine8db2b792024-09-05 13:05:49 +0200[diff] [blame]260 "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
Gilles Peskinec83e56c2024-09-04 17:47:14 +0200[diff] [blame]261 0 \
262 -s "Successful connection using: TLS1-3-" \
263 -c "Description:.*TLS1.3" \
264 -S "error" \
265 -C "ERROR"
266
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]267run_test "Sample: ssl_pthread_server, ssl_client2" \
268 -P 4433 \
269 "$PROGRAMS_DIR/ssl_pthread_server" \
270 "$PROGRAMS_DIR/ssl_client2" \
271 0 \
272 -s "[1-9][0-9]* bytes read" \
273 -s "[1-9][0-9]* bytes written" \
274 -c "[1-9][0-9]* bytes read" \
275 -c "[1-9][0-9]* bytes written" \
276 -S "error" \
277 -C "error"
278
279run_test "Sample: ssl_client1 with ssl_pthread_server" \
280 -P 4433 \
281 "$PROGRAMS_DIR/ssl_pthread_server" \
282 "$PROGRAMS_DIR/ssl_client1" \
283 0 \
284 -s "[1-9][0-9]* bytes read" \
285 -s "[1-9][0-9]* bytes written" \
286 -c "[1-9][0-9]* bytes read" \
287 -c "[1-9][0-9]* bytes written" \
288 -S "error" \
289 -C "error"
290
Gilles Peskinec83e56c2024-09-04 17:47:14 +0200[diff] [blame]291requires_protocol_version tls12
Gilles Peskine3abca952024-09-04 16:31:06 +0200[diff] [blame]292run_test "Sample: ssl_pthread_server, openssl client, TLS 1.2" \
293 -P 4433 \
294 "$PROGRAMS_DIR/ssl_pthread_server" \
295 "$O_CLI -tls1_2" \
296 0 \
297 -s "Successful connection using: TLS-" \
Gilles Peskine6ef52392024-09-04 23:33:36 +0200[diff] [blame]298 -c "Protocol.*TLSv1.2" \
Gilles Peskine3abca952024-09-04 16:31:06 +0200[diff] [blame]299 -S "error" \
300 -C "ERROR"
301
302requires_protocol_version tls12
303run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.2" \
304 -P 4433 \
305 "$PROGRAMS_DIR/ssl_pthread_server" \
306 "$G_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
307 0 \
308 -s "Successful connection using: TLS-" \
309 -c "Description:.*TLS1.2" \
310 -S "error" \
311 -C "ERROR"
312
313requires_protocol_version tls13
Gilles Peskine33388212024-09-04 23:32:42 +0200[diff] [blame]314requires_openssl_tls1_3
Gilles Peskine3abca952024-09-04 16:31:06 +0200[diff] [blame]315run_test "Sample: ssl_pthread_server, openssl client, TLS 1.3" \
316 -P 4433 \
317 "$PROGRAMS_DIR/ssl_pthread_server" \
Gilles Peskine33388212024-09-04 23:32:42 +0200[diff] [blame]318 "$O_NEXT_CLI -tls1_3" \
Gilles Peskine3abca952024-09-04 16:31:06 +0200[diff] [blame]319 0 \
320 -s "Successful connection using: TLS1-3-" \
321 -c "New, TLSv1.3, Cipher is" \
322 -S "error" \
323 -C "ERROR"
324
325requires_protocol_version tls13
Gilles Peskine8db2b792024-09-05 13:05:49 +0200[diff] [blame]326requires_gnutls_tls1_3
Gilles Peskine3abca952024-09-04 16:31:06 +0200[diff] [blame]327run_test "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
328 -P 4433 \
329 "$PROGRAMS_DIR/ssl_pthread_server" \
Gilles Peskine8db2b792024-09-05 13:05:49 +0200[diff] [blame]330 "$G_NEXT_CLI --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3 localhost" \
Gilles Peskine3abca952024-09-04 16:31:06 +0200[diff] [blame]331 0 \
332 -s "Successful connection using: TLS1-3-" \
333 -c "Description:.*TLS1.3" \
334 -S "error" \
335 -C "ERROR"
Gilles Peskine6b4d6932024-09-04 16:51:50 +0200[diff] [blame]336
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]337run_test "Sample: dtls_client with dtls_server" \
338 -P 4433 \
339 "$PROGRAMS_DIR/dtls_server" \
340 "$PROGRAMS_DIR/dtls_client" \
341 0 \
342 -s "[1-9][0-9]* bytes read" \
343 -s "[1-9][0-9]* bytes written" \
344 -c "[1-9][0-9]* bytes read" \
345 -c "[1-9][0-9]* bytes written" \
Gilles Peskine13b49542024-10-01 12:48:42 +0200[diff] [blame]346 -S "error" \
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]347 -C "error"
348
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]349run_test "Sample: ssl_client2, dtls_server" \
350 -P 4433 \
351 "$PROGRAMS_DIR/dtls_server" \
352 "$PROGRAMS_DIR/ssl_client2 dtls=1" \
353 0 \
354 -s "[1-9][0-9]* bytes read" \
355 -s "[1-9][0-9]* bytes written" \
356 -c "[1-9][0-9]* bytes read" \
357 -c "[1-9][0-9]* bytes written" \
Gilles Peskine13b49542024-10-01 12:48:42 +0200[diff] [blame]358 -S "error" \
Gilles Peskinec3d1a1d2024-09-10 00:03:18 +0200[diff] [blame]359 -C "error"
360
Gilles Peskine6b4d6932024-09-04 16:51:50 +0200[diff] [blame]361requires_protocol_version dtls12
362run_test "Sample: dtls_server, openssl client, DTLS 1.2" \
363 -P 4433 \
364 "$PROGRAMS_DIR/dtls_server" \
365 "$O_CLI -dtls1_2" \
366 0 \
367 -s "[1-9][0-9]* bytes read" \
368 -s "[1-9][0-9]* bytes written" \
Gilles Peskine6ef52392024-09-04 23:33:36 +0200[diff] [blame]369 -c "Protocol.*TLSv1.2" \
Gilles Peskine6b4d6932024-09-04 16:51:50 +0200[diff] [blame]370 -S "error" \
371 -C "ERROR"
372
373requires_protocol_version dtls12
374run_test "Sample: dtls_server, gnutls client, DTLS 1.2" \
375 -P 4433 \
376 "$PROGRAMS_DIR/dtls_server" \
377 "$G_CLI -u --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 localhost" \
378 0 \
379 -s "[1-9][0-9]* bytes read" \
380 -s "[1-9][0-9]* bytes written" \
381 -c "Description:.*DTLS1.2" \
382 -S "error" \
383 -C "ERROR"