[gnutls-devel] [PATCH 2/4] tests: suite: cleanup shell usage
Alon Bar-Lev
alon.barlev at gmail.com
Sun Jun 21 02:00:03 CEST 2015
Add quotes for most usages of variables.
Added ${} for variables.
Cleanup indentation to be consistent with other tests.
Fix separate builddir issues.
Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>
---
configure.ac | 2 +-
tests/suite/certs/create-chain.sh | 145 +++--
tests/suite/chain | 68 +--
tests/suite/crl-test | 20 +-
tests/suite/eagain | 10 +-
tests/suite/invalid-cert | 13 +-
tests/suite/testcompat-common | 45 +-
tests/suite/testcompat-main-openssl | 992 +++++++++++++++++------------------
tests/suite/testcompat-main-polarssl | 526 +++++++++----------
tests/suite/testcompat-openssl | 18 +-
tests/suite/testcompat-polarssl | 6 +-
tests/suite/testdane | 62 +--
tests/suite/testpkcs11 | 702 ++++++++++++-------------
tests/suite/testpkcs11.pkcs15 | 41 +-
tests/suite/testpkcs11.sc-hsm | 49 +-
tests/suite/testpkcs11.softhsm | 85 ++-
tests/suite/testrandom | 58 +-
tests/suite/testrng | 128 ++---
tests/suite/testsrn | 78 +--
19 files changed, 1517 insertions(+), 1531 deletions(-)
diff --git a/configure.ac b/configure.ac
index 0cbba41..3701889 100644
--- a/configure.ac
+++ b/configure.ac
@@ -89,7 +89,7 @@ if test "$use_cxx" != "no"; then
AC_LANG_POP(C++)
fi
AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
-AM_CONDITIONAL(WANT_TEST_SUITE, [test -f tests/suite/mini-eagain2.c])
+AM_CONDITIONAL(WANT_TEST_SUITE, [test -f "${srcdir}/tests/suite/mini-eagain2.c"])
dnl Detect windows build
use_accel=yes
diff --git a/tests/suite/certs/create-chain.sh b/tests/suite/certs/create-chain.sh
index 11add61..53f6087 100755
--- a/tests/suite/certs/create-chain.sh
+++ b/tests/suite/certs/create-chain.sh
@@ -1,93 +1,92 @@
#!/bin/sh
-srcdir=${srcdir:-.}
-CERTTOOL=${CERTTOOL:-../../../src/certtool$EXEEXT}
+CERTTOOL="${CERTTOOL:-../../../src/certtool${EXEEXT}}"
OUTPUT=out
TEMPLATE=tmpl
-NUM=$1
+NUM="$1"
-if test "$NUM" = "";then
- echo "usage: $0 number"
- exit 1
+if test "${NUM}" = "";then
+ echo "usage: $0 number"
+ exit 1
fi
-LAST=`expr $NUM - 1`
+LAST=`expr ${NUM} - 1`
-rm -rf $OUTPUT
-mkdir -p $OUTPUT
+rm -rf "${OUTPUT}"
+mkdir -p "${OUTPUT}"
counter=0
-while test $counter -lt $NUM; do
- if test $counter = $LAST;then
- name="server-$counter"
- else
- name="CA-$counter"
- fi
- serial=$counter
+while test ${counter} -lt ${NUM}; do
+ if test ${counter} = ${LAST};then
+ name="server-${counter}"
+ else
+ name="CA-${counter}"
+ fi
+ serial="${counter}"
-
- $CERTTOOL --generate-privkey >$OUTPUT/$name.key 2>/dev/null
- if test $counter = 0;then
- # ROOT CA
- echo "cn = $name" >$TEMPLATE
- echo "serial = $serial" >>$TEMPLATE
- echo "ca" >>$TEMPLATE
- echo "expiration_days = -1" >>$TEMPLATE
- echo "cert_signing_key" >>$TEMPLATE
- echo "ocsp_signing_key" >>$TEMPLATE
- echo "crl_signing_key" >>$TEMPLATE
- $CERTTOOL --generate-self-signed --load-privkey $OUTPUT/$name.key --outfile \
- $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
+
+ "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null
+ if test ${counter} = 0;then
+ # ROOT CA
+ echo "cn = ${name}" >"${TEMPLATE}"
+ echo "serial = ${serial}" >>"${TEMPLATE}"
+ echo "ca" >>"${TEMPLATE}"
+ echo "expiration_days = -1" >>"${TEMPLATE}"
+ echo "cert_signing_key" >>"${TEMPLATE}"
+ echo "ocsp_signing_key" >>"${TEMPLATE}"
+ echo "crl_signing_key" >>"${TEMPLATE}"
+ "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \
+ "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
- echo "serial = $serial" >$TEMPLATE
- echo "expiration_days = -1" >>$TEMPLATE
- $CERTTOOL --generate-crl --load-ca-privkey $OUTPUT/$name.key --load-ca-certificate $OUTPUT/$name.crt --outfile \
- $OUTPUT/$name.crl --template $TEMPLATE 2>/dev/null
- else
- if test $counter = $LAST;then
- # END certificate
- echo "cn = $name" >$TEMPLATE
- echo "dns_name = localhost" >>$TEMPLATE
- echo "expiration_days = -1" >>$TEMPLATE
- echo "signing_key" >>$TEMPLATE
- echo "encryption_key" >>$TEMPLATE
- echo "ocsp_signing_key" >>$TEMPLATE
- $CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \
- --load-ca-certificate $OUTPUT/$prev_name.crt \
- --load-ca-privkey $OUTPUT/$prev_name.key \
- --outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
- else
- # intermediate CA
- echo "cn = $name" >$TEMPLATE
- echo "serial = $serial" >>$TEMPLATE
- echo "ca" >>$TEMPLATE
- echo "expiration_days = -1" >>$TEMPLATE
- echo "ocsp_signing_key" >>$TEMPLATE
- echo "cert_signing_key" >>$TEMPLATE
- echo "signing_key" >>$TEMPLATE
- $CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \
- --load-ca-certificate $OUTPUT/$prev_name.crt \
- --load-ca-privkey $OUTPUT/$prev_name.key \
- --outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
- fi
- fi
+ echo "serial = ${serial}" >"${TEMPLATE}"
+ echo "expiration_days = -1" >>"${TEMPLATE}"
+ "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \
+ "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null
+ else
+ if test ${counter} = ${LAST};then
+ # END certificate
+ echo "cn = ${name}" >"${TEMPLATE}"
+ echo "dns_name = localhost" >>"${TEMPLATE}"
+ echo "expiration_days = -1" >>"${TEMPLATE}"
+ echo "signing_key" >>"${TEMPLATE}"
+ echo "encryption_key" >>"${TEMPLATE}"
+ echo "ocsp_signing_key" >>"${TEMPLATE}"
+ "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
+ --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
+ --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
+ --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+ else
+ # intermediate CA
+ echo "cn = ${name}" >"${TEMPLATE}"
+ echo "serial = ${serial}" >>"${TEMPLATE}"
+ echo "ca" >>"${TEMPLATE}"
+ echo "expiration_days = -1" >>"${TEMPLATE}"
+ echo "ocsp_signing_key" >>"${TEMPLATE}"
+ echo "cert_signing_key" >>"${TEMPLATE}"
+ echo "signing_key" >>"${TEMPLATE}"
+ "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
+ --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
+ --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
+ --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
+ fi
+ fi
- counter=`expr $counter + 1`
- prev_name=$name
+ counter=`expr ${counter} + 1`
+ prev_name=${name}
done
-counter=`expr $NUM - 1`
-while test $counter -ge 0; do
- if test $counter = $LAST;then
- name="server-$counter"
- else
- name="CA-$counter"
- fi
+counter=`expr ${NUM} - 1`
+while test ${counter} -ge 0; do
+ if test ${counter} = ${LAST};then
+ name="server-${counter}"
+ else
+ name="CA-${counter}"
+ fi
- cat $OUTPUT/$name.crt >> $OUTPUT/chain
-
- counter=`expr $counter - 1`
+ cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain"
+
+ counter=`expr ${counter} - 1`
done
diff --git a/tests/suite/chain b/tests/suite/chain
index f1967c9..4f00320 100755
--- a/tests/suite/chain
+++ b/tests/suite/chain
@@ -20,7 +20,7 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-CERTTOOL=../../../src/certtool
+CERTTOOL="../../../src/certtool"
SUCCESS=" 1 4 7 12 15 16 17 18 24 26 27 30 33 56 57 62 63 "
FAILURE=" 2 3 5 6 8 9 10 11 13 14 19 20 21 22 23 25 28 29 31 32 54 55 58 59 60 61 "
@@ -33,41 +33,41 @@ mkdir -p chains
RET=0
i=1
-while test -d X509tests/test$i; do
- find X509tests/test$i -name *.crl -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --crl-info --inder --infile > chains/chain$i.pem 2>/dev/null
- find X509tests/test$i -name E*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
- if test "$i" -gt 1; then
- find X509tests/test$i -name I*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
- fi
- find X509tests/test$i -name T*.crt -print0 |sort -r -z|xargs -n1 --null $CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
- $CERTTOOL -e --infile chains/chain$i.pem > out 2>&1
- rc=$?
- if test $rc != 0 && test $rc != 1; then
- echo "Chain $i FATAL failure."
- RET=1
+while test -d X509tests/test${i}; do
+ find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 2>/dev/null
+ find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+ if test "${i}" -gt 1; then
+ find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+ fi
+ find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+ "${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1
+ rc=$?
+ if test $rc != 0 && test $rc != 1; then
+ echo "Chain ${i} FATAL failure."
+ RET=1
+ else
+ if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then
+ echo "Chain ${i} verification was skipped due to known bug."
+ elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then
+ if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+ echo "Chain ${i} verification failure UNEXPECTED."
+ RET=1
+ else
+ echo "Chain ${i} verification success as expected."
+ fi
+ elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then
+ if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+ echo "Chain ${i} verification failure as expected."
+ else
+ echo "Chain ${i} verification success UNEXPECTED. "
+ RET=1
+ fi
else
- if echo "$KNOWN_BUGS" | grep " $i " > /dev/null 2>&1; then
- echo "Chain $i verification was skipped due to known bug."
- elif echo "$SUCCESS" | grep " $i " > /dev/null 2>&1; then
- if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
- echo "Chain $i verification failure UNEXPECTED."
- RET=1
- else
- echo "Chain $i verification success as expected."
- fi
- elif echo "$FAILURE" | grep " $i " >/dev/null 2>&1; then
- if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
- echo "Chain $i verification failure as expected."
- else
- echo "Chain $i verification success UNEXPECTED. "
- RET=1
- fi
- else
- echo "Chain $i unclassified."
- fi
+ echo "Chain ${i} unclassified."
fi
- i=`expr $i + 1`
+ fi
+ i=`expr ${i} + 1`
done
rm -f out
-exit $RET
+exit ${RET}
diff --git a/tests/suite/crl-test b/tests/suite/crl-test
index de51bde..228f74e 100755
--- a/tests/suite/crl-test
+++ b/tests/suite/crl-test
@@ -20,29 +20,29 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-srcdir=${srcdir:-.}
-DIFF=${DIFF:-diff}
-CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+srcdir="${srcdir:-.}"
+DIFF="${DIFF:-diff}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
rm -f tmp-long.pem
-$VALGRIND $CERTTOOL --crl-info --inder --infile $srcdir/crl/long.crl --outfile tmp-long.pem
+${VALGRIND} "${CERTTOOL}" --crl-info --inder --infile "${srcdir}/crl/long.crl" --outfile tmp-long.pem
rc=$?
# We're done.
-if test "$rc" != "0"; then
+if test "${rc}" != "0"; then
echo "CRL decoding failed 1!"
- exit $rc
+ exit ${rc}
fi
-$DIFF $srcdir/crl/long.pem tmp-long.pem || $DIFF --strip-trailing-cr $srcdir/crl/long.pem tmp-long.pem
+${DIFF} "${srcdir}/crl/long.pem tmp-long.pem" || ${DIFF} --strip-trailing-cr "${srcdir}/crl/long.pem" tmp-long.pem
rc=$?
-if test "$rc" != "0"; then
+if test "${rc}" != "0"; then
echo "CRL decoding failed 2!"
- exit $rc
+ exit ${rc}
fi
rm -f tmp-long.pem
diff --git a/tests/suite/eagain b/tests/suite/eagain
index ba95b95..d05bab9 100755
--- a/tests/suite/eagain
+++ b/tests/suite/eagain
@@ -21,23 +21,23 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q"
+SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
PORT="${PORT:-5445}"
-$SERV -p $PORT --echo --priority "NORMAL:+ANON-DH" --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+$SERV -p "${PORT}" --echo --priority "NORMAL:+ANON-DH" --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
pid=$!
sleep 2
./eagain-cli
if [ $? != 0 ];then
- exit 1
+ exit 1
fi
if [ "$pid" != "" ];then
-kill $pid
-wait
+ kill $pid
+ wait
fi
exit 0
diff --git a/tests/suite/invalid-cert b/tests/suite/invalid-cert
index ec8e265..a9e1f5e 100755
--- a/tests/suite/invalid-cert
+++ b/tests/suite/invalid-cert
@@ -20,19 +20,18 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-srcdir=${srcdir:-.}
-CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
-$VALGRIND $CERTTOOL --certificate-info --inder --infile $srcdir/invalid-cert.der 2>/dev/null
-
+${VALGRIND} "${CERTTOOL}" --certificate-info --inder --infile "${srcdir}/invalid-cert.der" 2>/dev/null
rc=$?
# We're done.
-if test "$rc" != "1"; then
- exit $rc
+if test "${rc}" != "1"; then
+ exit ${rc}
fi
exit 0
diff --git a/tests/suite/testcompat-common b/tests/suite/testcompat-common
index 2eda62b..b4181e7 100644
--- a/tests/suite/testcompat-common
+++ b/tests/suite/testcompat-common
@@ -1,5 +1,3 @@
-#!/bin/sh
-
# Copyright (C) 2014 Red Hat, Inc.
# All rights reserved.
#
@@ -29,33 +27,32 @@
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-DSA_CERT=$srcdir/../dsa/cert.dsa.1024.pem
-DSA_KEY=$srcdir/../dsa/dsa.1024.pem
-
-RSA_CERT=$srcdir/../certs/cert-rsa-2432.pem
-RSA_KEY=$srcdir/../certs/rsa-2432.pem
+DSA_CERT="${srcdir}/../dsa/cert.dsa.1024.pem"
+DSA_KEY="${srcdir}/../dsa/dsa.1024.pem"
-CA_CERT=$srcdir/../../doc/credentials/x509/ca.pem
-CLI_CERT=$srcdir/../../doc/credentials/x509/clicert.pem
-CLI_KEY=$srcdir/../../doc/credentials/x509/clikey.pem
+RSA_CERT="${srcdir}/../certs/cert-rsa-2432.pem"
+RSA_KEY="${srcdir}/../certs/rsa-2432.pem"
-CA_ECC_CERT=$srcdir/../certs/ca-cert-ecc.pem
-ECC224_CERT=$srcdir/../certs/cert-ecc.pem
-ECC224_KEY=$srcdir/../certs/ecc.pem
+CA_CERT="${srcdir}/../../doc/credentials/x509/ca.pem"
+CLI_CERT="${srcdir}/../../doc/credentials/x509/clicert.pem"
+CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey.pem"
-ECC256_CERT=$srcdir/../certs/cert-ecc256.pem
-ECC256_KEY=$srcdir/../certs/ecc256.pem
+CA_ECC_CERT="${srcdir}/../certs/ca-cert-ecc.pem"
+ECC224_CERT="${srcdir}/../certs/cert-ecc.pem"
+ECC224_KEY="${srcdir}/../certs/ecc.pem"
-ECC521_CERT=$srcdir/../certs/cert-ecc521.pem
-ECC521_KEY=$srcdir/../certs/ecc521.pem
+ECC256_CERT="${srcdir}/../certs/cert-ecc256.pem"
+ECC256_KEY="${srcdir}/../certs/ecc256.pem"
-ECC384_CERT=$srcdir/../certs/cert-ecc384.pem
-ECC384_KEY=$srcdir/../certs/ecc384.pem
+ECC521_CERT="${srcdir}/../certs/cert-ecc521.pem"
+ECC521_KEY="${srcdir}/../certs/ecc521.pem"
-SERV_CERT=$srcdir/../../doc/credentials/x509/cert-rsa.pem
-SERV_KEY=$srcdir/../../doc/credentials/x509/key-rsa.pem
-SERV_DSA_CERT=$srcdir/../../doc/credentials/x509/cert-dsa.pem
-SERV_DSA_KEY=$srcdir/../../doc/credentials/x509/key-dsa.pem
+ECC384_CERT="${srcdir}/../certs/cert-ecc384.pem"
+ECC384_KEY="${srcdir}/../certs/ecc384.pem"
-SERV_PSK=$srcdir/../../doc/credentials/psk-passwd.txt
+SERV_CERT="${srcdir}/../../doc/credentials/x509/cert-rsa.pem"
+SERV_KEY="${srcdir}/../../doc/credentials/x509/key-rsa.pem"
+SERV_DSA_CERT="${srcdir}/../../doc/credentials/x509/cert-dsa.pem"
+SERV_DSA_KEY="${srcdir}/../../doc/credentials/x509/key-dsa.pem"
+SERV_PSK="${srcdir}/../../doc/credentials/psk-passwd.txt"
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
index 977706b..bac6026 100755
--- a/tests/suite/testcompat-main-openssl
+++ b/tests/suite/testcompat-main-openssl
@@ -31,39 +31,39 @@
# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
srcdir="${srcdir:-.}"
-CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
unset RETCODE
if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
if test "${WINDIR}" != "";then
exit 77
fi
-. $srcdir/../scripts/common.sh
+. "${srcdir}/../scripts/common.sh"
-PORT="${PORT:-$RPORT}"
+PORT="${PORT:-${RPORT}}"
SERV=openssl
OPENSSL_CLI="openssl"
if test -f /etc/debian_version;then
- DEBIAN=1
+ DEBIAN=1
fi
-echo "Compatibility checks using "`$SERV version`
-$SERV version|grep -e 1\.0 >/dev/null 2>&1
+echo "Compatibility checks using "`${SERV} version`
+${SERV} version|grep -e 1\.0 >/dev/null 2>&1
SV=$?
-if test $SV != 0;then
+if test ${SV} != 0;then
echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
exit 77
fi
-$SERV version|grep -e 1\.0\.1 >/dev/null 2>&1
+${SERV} version|grep -e 1\.0\.1 >/dev/null 2>&1
SV2=$?
-. ./testcompat-common
+. "${srcdir}/testcompat-common"
echo "#################################################"
echo "# Client mode tests (gnutls cli-openssl server) #"
@@ -71,288 +71,281 @@ echo "#################################################"
for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
do
+ if ! test -z "${ADD}";then
+ echo ""
+ echo "** Modifier: ${ADD}"
+ fi
+
+ if test "${DEBIAN}" != 1;then
+
+ # It seems debian disabled SSL 3.0 completely on openssl
+
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test SSL 3.0 with RSA ciphersuite
+ echo "Checking SSL 3.0 with RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test SSL 3.0 with DHE-RSA ciphersuite
+ echo "Checking SSL 3.0 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test SSL 3.0 with DHE-DSS ciphersuite
+ echo "Checking SSL 3.0 with DHE-DSS..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-MD5 &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking SSL 3.0 with RSA-RC4-MD5..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ if test "${FIPS}" != 1;then
+ #-cipher RSA-NULL
+ launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with RSA-NULL ciphersuite
+ echo "Checking TLS 1.0 with RSA-NULL..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with RSA ciphersuite
+ echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test TLS 1.0 with DHE-RSA ciphersuite
+ echo "Checking TLS 1.0 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test TLS 1.0 with DHE-RSA ciphersuite
+ echo "Checking TLS 1.0 with ECDHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test TLS 1.0 with DHE-DSS ciphersuite
+ echo "Checking TLS 1.0 with DHE-DSS..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1;then
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+ echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+ echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1;then
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+ echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ #-cipher PSK
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.0 with PSK..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test ${SV2} = 0;then
+ # Tests requiring openssl 1.0.1 - TLS 1.2
+ #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.2 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.2 with ECDHE-RSA..."
+ "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "Checking TLS 1.2 with DHE-DSS..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1;then
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi
+
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ if test "${FIPS}" != 1;then
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+ fi #FIPS
+ fi #SV2
+
+ #-cipher PSK
+ launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
+ PID=$!
+ wait_server ${PID}
+
+ echo "Checking TLS 1.2 with PSK..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
+
+ # Test DTLS 1.0 with RSA ciphersuite
+ echo "Checking DTLS 1.0 with RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test DTLS 1.0 with DHE-RSA ciphersuite
+ echo "Checking DTLS 1.0 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+ launch_bare_server $$ s_server -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout -dhparam "${srcdir}/params.dh" -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" &
+ PID=$!
+ wait_server ${PID}
+
+ # Test DTLS 1.0 with DHE-DSS ciphersuite
+ echo "Checking DTLS 1.0 with DHE-DSS..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
-if ! test -z "$ADD";then
-echo ""
-echo "** Modifier: $ADD"
-fi
-
-if test "$DEBIAN" != 1;then
-
-# It seems debian disabled SSL 3.0 completely on openssl
-
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test SSL 3.0 with RSA ciphersuite
-echo "Checking SSL 3.0 with RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-# Test SSL 3.0 with DHE-RSA ciphersuite
-echo "Checking SSL 3.0 with DHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-# Test SSL 3.0 with DHE-DSS ciphersuite
-echo "Checking SSL 3.0 with DHE-DSS..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher RC4-MD5 &
-PID=$!
-wait_server $PID
-
-echo "Checking SSL 3.0 with RSA-RC4-MD5..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA$ADD" --insecure </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-fi
-
-if test "$FIPS" != 1;then
-#-cipher RSA-NULL
-launch_bare_server $$ s_server -cipher NULL-SHA -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with RSA-NULL ciphersuite
-echo "Checking TLS 1.0 with RSA-NULL..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-fi
-
-#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with RSA ciphersuite
-echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-# Test TLS 1.0 with DHE-RSA ciphersuite
-echo "Checking TLS 1.0 with DHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-# Test TLS 1.0 with DHE-RSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-# Test TLS 1.0 with DHE-DSS ciphersuite
-echo "Checking TLS 1.0 with DHE-DSS..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-if test "$FIPS" != 1;then
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-fi
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-if test "$FIPS" != 1;then
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-fi
-
-#-cipher PSK
-launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.0 with PSK..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK$ADD" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-if test $SV2 = 0;then
-# Tests requiring openssl 1.0.1 - TLS 1.2
-#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-echo "Checking TLS 1.2 with DHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-echo "Checking TLS 1.2 with ECDHE-RSA..."
-$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-echo "Checking TLS 1.2 with DHE-DSS..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-if test "$FIPS" != 1;then
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-fi
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve secp384r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-if test "$FIPS" != 1;then
-#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1_2 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve secp521r1 -CAfile $CA_ECC_CERT &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-fi #FIPS
-
-fi #SV2
-
-#-cipher PSK
-launch_bare_server $$ s_server -quiet -www -accept $PORT -tls1_2 -keyform pem -certform pem -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db &
-PID=$!
-wait_server $PID
-
-echo "Checking TLS 1.2 with PSK..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test DTLS 1.0 with RSA ciphersuite
-echo "Checking DTLS 1.0 with RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test DTLS 1.0 with DHE-RSA ciphersuite
-echo "Checking DTLS 1.0 with DHE-RSA..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
-launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
-PID=$!
-wait_server $PID
-
-# Test DTLS 1.0 with DHE-DSS ciphersuite
-echo "Checking DTLS 1.0 with DHE-DSS..."
-$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail $PID "Failed"
-
-kill $PID
-wait
-
+ kill ${PID}
+ wait
done
echo "Client mode tests were successfully completed"
@@ -360,303 +353,300 @@ echo ""
echo "###############################################"
echo "# Server mode tests (gnutls server-openssl cli#"
echo "###############################################"
-SERV="../../src/gnutls-serv$EXEEXT -q"
+SERV="../../src/gnutls-serv${EXEEXT} -q"
# Note that openssl s_client does not return error code on failure
for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
do
+ if ! test -z "${ADD}";then
+ echo ""
+ echo "** Modifier: ${ADD}"
+ fi
-if ! test -z "$ADD";then
-echo ""
-echo "** Modifier: $ADD"
-fi
-
-if test "$DEBIAN" != 1;then
+ if test "${DEBIAN}" != 1;then
-echo "Check SSL 3.0 with RSA ciphersuite"
-launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ echo "Check SSL 3.0 with RSA ciphersuite"
+ launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
-$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
-echo "Check SSL 3.0 with DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
-echo "Check SSL 3.0 with DHE-DSS ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
-wait_server $PID
+ echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
+ fi
-fi
+ #TLS 1.0
-#TLS 1.0
+ # This test was disabled because it doesn't work as expected with openssl 1.0.0d
+ #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
+ #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ #wait_server ${PID}
+ #
+ #${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ # fail ${PID} "Failed"
+ #
+ #kill ${PID}
+ #wait
-# This test was disabled because it doesn't work as expected with openssl 1.0.0d
-#echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
-#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-#wait_server $PID
-#
-#$OPENSSL_CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
-# fail $PID "Failed"
-#
-#kill $PID
-#wait
+ if test "${FIPS}" != 1;then
+ echo "Check TLS 1.0 with RSA-NULL ciphersuite"
+ launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-if test "$FIPS" != 1;then
-echo "Check TLS 1.0 with RSA-NULL ciphersuite"
-launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ ${OPENSSL_CLI} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-$OPENSSL_CLI s_client -cipher NULL-SHA -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ kill ${PID}
+ wait
+ fi
-kill $PID
-wait
-fi
+ echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-echo "Check TLS 1.0 with DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ kill ${PID}
+ wait
-kill $PID
-wait
+ echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-echo "Check TLS 1.0 with DHE-DSS ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
-wait_server $PID
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ kill ${PID}
+ wait
-kill $PID
-wait
+ echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ #-cipher ECDHE-RSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-#-cipher ECDHE-RSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ kill ${PID}
+ wait
-kill $PID
-wait
+ if test "${FIPS}" != 1;then
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-if test "$FIPS" != 1;then
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-#-cipher ECDHE-ECDSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ kill ${PID}
+ wait
+ fi
-kill $PID
-wait
-fi
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-#-cipher ECDHE-ECDSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ kill ${PID}
+ wait
-kill $PID
-wait
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-#-cipher ECDHE-ECDSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ kill ${PID}
+ wait
-kill $PID
-wait
+ if test "${FIPS}" != 1;then
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-if test "$FIPS" != 1;then
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-#-cipher ECDHE-ECDSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ kill ${PID}
+ wait
+ fi
-kill $PID
-wait
-fi
-
-echo "Check TLS 1.0 with PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ echo "Check TLS 1.0 with PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-#-cipher PSK-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \
- fail $PID "Failed"
+ #-cipher PSK-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
-if test $SV2 = 0;then
+ if test ${SV2} = 0;then
-echo "Check TLS 1.2 with DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
-echo "Check TLS 1.2 with DHE-DSS ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
-wait_server $PID
+ echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
-echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-#-cipher ECDHE-RSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ #-cipher ECDHE-RSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
-if test "$FIPS" != 1;then
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ if test "${FIPS}" != 1;then
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-#-cipher ECDHE-ECDSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC224_CERT -key $ECC224_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
-fi
+ kill ${PID}
+ wait
+ fi
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-#-cipher ECDHE-ECDSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC256_CERT -key $ECC256_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-#-cipher ECDHE-ECDSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC384_CERT -key $ECC384_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-kill $PID
-wait
+ kill ${PID}
+ wait
-if test "$FIPS" != 1;then
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ if test "${FIPS}" != 1;then
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-#-cipher ECDHE-ECDSA-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -tls1_2 -port $PORT -cert $ECC521_CERT -key $ECC521_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
-
-kill $PID
-wait
-fi
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
+ fi
-#-cipher PSK-AES128-SHA
-$OPENSSL_CLI s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port $PORT crt_file=$CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep ":error:" && \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher PSK-AES128-SHA
+ ${OPENSSL_CLI} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
+ fail ${PID} "Failed"
-fi #SV2
+ kill ${PID}
+ wait
-# DTLS
-echo "Check DTLS 1.0 with RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ fi #SV2
+ # DTLS
+ echo "Check DTLS 1.0 with RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
-kill $PID
-wait
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
+ kill ${PID}
+ wait
-echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA$ADD" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
-kill $PID
-wait
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
+ kill ${PID}
+ wait
-echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256$ADD" --udp --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
-wait_server $PID
+ echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail $PID "Failed"
-kill $PID
-wait
+ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
+ fail ${PID} "Failed"
+ kill ${PID}
+ wait
done
exit 0
diff --git a/tests/suite/testcompat-main-polarssl b/tests/suite/testcompat-main-polarssl
index a6df66c..74261b0 100755
--- a/tests/suite/testcompat-main-polarssl
+++ b/tests/suite/testcompat-main-polarssl
@@ -11,9 +11,9 @@
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
-# 1. Redistributions of source code must retain the above copyright notice, this
+# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice,
+# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation and/or
# other materials provided with the distribution.
# 3. Neither the name of the copyright holder nor the names of its contributors may
@@ -23,7 +23,7 @@
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
@@ -31,386 +31,386 @@
# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
srcdir="${srcdir:-.}"
-CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
LOGFILE=polarssl.log
unset RETCODE
if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
if test "${WINDIR}" != "";then
exit 77
-fi
-
-. $srcdir/../scripts/common.sh
-
-PORT="${PORT:-$RPORT}"
-if test -x /usr/bin/mbedtls_ssl_client2;then
-POLARSSL_CLI="/usr/bin/mbedtls_ssl_client2"
-else
-POLARSSL_CLI="/usr/libexec/mbedtls/ssl_client2"
fi
-TXT=`$CLI --priority NORMAL --list|grep SECP224`
-if test -z $TEXT;then
- ALL_CURVES=0
+. "${srcdir}/../scripts/common.sh"
+
+PORT="${PORT:-${RPORT}}"
+TXT=`"${CLI}" --priority NORMAL --list|grep SECP224`
+if test -z "${TXT}";then
+ ALL_CURVES=0
else
- ALL_CURVES=1
+ ALL_CURVES=1
fi
echo "Compatibility checks using polarssl"
-if ! test -x $POLARSSL_CLI;then
+for POLARSSL_CLI in \
+ /usr/bin/polarssl_ssl_client2 \
+ /usr/bin/mbedtls_ssl_client2 \
+ /usr/libexec/mbedtls/ssl_client2 \
+ ""; do
+ test -x "${POLARSSL_CLI}" && break
+done
+
+if test -z "${POLARSSL_CLI}";then
echo "PolarSSL is required for this test to run"
exit 77
fi
-$POLARSSL_CLI >/dev/null 2>&1
+"${POLARSSL_CLI}" >/dev/null 2>&1
if test $? = 0;then
echo "PolarSSL 1.3.x is required for the tests to run"
exit 77
fi
-. ./testcompat-common
+. "${srcdir}/testcompat-common"
echo ""
echo "##################################################"
echo "# Server mode tests (gnutls server-polarssl cli) #"
echo "##################################################"
-SERV="../../src/gnutls-serv$EXEEXT -q"
+SERV="../../src/gnutls-serv${EXEEXT} -q"
-rm -f $LOGFILE
+rm -f "${LOGFILE}"
for ADD in "" ":%COMPAT" ":%NO_ETM" #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
do
+ if ! test -z "${ADD}";then
+ echo ""
+ echo "** Modifier: ${ADD}"
+ fi
-if ! test -z "$ADD";then
-echo ""
-echo "** Modifier: $ADD"
-fi
-
-# SSL 3.0 is disabled in debian's polarssl
-if test 0 = 1;then
-echo "Check SSL 3.0 with RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
-
-$POLARSSL_CLI server_port=$PORT server_name=localhost max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ # SSL 3.0 is disabled in debian's polarssl
+ if test 0 = 1;then
+ echo "Check SSL 3.0 with RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ "${POLARSSL_CLI}" server_port="${PORT}" server_name=localhost max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check SSL 3.0 with DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-$POLARSSL_CLI server_name=localhost server_port=$PORT max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ "${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-# No DSS for polarssl
-#echo "Check SSL 3.0 with DHE-DSS ciphersuite"
-#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
-#wait_server $PID
+ kill ${PID}
+ wait
-#$POLARSSL_CLI server_name=localhost server_port=$PORT max_version=ssl3 crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-# fail $PID "Failed"
-#
-#kill $PID
-#wait
-fi
+ # No DSS for polarssl
+ #echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+ #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
+ #wait_server ${PID}
-#TLS 1.0
+ #"${POLARSSL_CLI}" server_name=localhost server_port="${PORT}" max_version=ssl3 crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ # fail ${PID} "Failed"
+ #
+ #kill ${PID}
+ #wait
+ fi
-echo "Check TLS 1.0 with DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ #TLS 1.0
-$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-#echo "Check TLS 1.0 with DHE-DSS ciphersuite"
-#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
-#wait_server $PID
+ kill ${PID}
+ wait
-#$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-# fail $PID "Failed"
+ #echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+ #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
+ #wait_server ${PID}
-#kill $PID
-#wait
+ #"${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ # fail ${PID} "Failed"
-echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ #kill ${PID}
+ #wait
-#-cipher ECDHE-RSA-AES128-SHA
-$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher ECDHE-RSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.0 with PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher PSK-AES128-SHA
-$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.0 with DHE-PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher PSK-AES128-SHA
-$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with DHE-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher PSK-AES128-SHA
-$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.0 with RSA-PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher RSA-PSK-AES128-SHA
-$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with RSA-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher RSA-PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-if test $ALL_CURVES = 1;then
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
- wait_server $PID
+ kill ${PID}
+ wait
- #-cipher ECDHE-ECDSA-AES128-SHA
- $POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC224_CERT key_file=$ECC224_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ if test ${ALL_CURVES} = 1;then
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
- kill $PID
- wait
-fi
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
+ fi
-#-cipher ECDHE-ECDSA-AES128-SHA
-$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC256_CERT key_file=$ECC256_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher ECDHE-ECDSA-AES128-SHA
-$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC384_CERT key_file=$ECC384_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher ECDHE-ECDSA-AES128-SHA
-$POLARSSL_CLI server_name=localhost min_version=tls1 max_version=tls1 server_port=$PORT crt_file=$ECC521_CERT key_file=$ECC521_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1 max_version=tls1 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-#echo "Check TLS 1.2 with DHE-DSS ciphersuite"
-#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS$ADD" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
-#wait_server $PID
-#
-#$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
-# fail $PID "Failed"
-#
-#kill $PID
-#wait
+ kill ${PID}
+ wait
-echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ #echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+ #launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh" & PID=$!
+ #wait_server ${PID}
+ #
+ #"${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ # fail ${PID} "Failed"
+ #
+ #kill ${PID}
+ #wait
-#-cipher ECDHE-RSA-AES128-SHA
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher ECDHE-RSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-if test $ALL_CURVES = 1;then
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
- launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY --x509cafile $CA_ECC_CERT & PID=$!
- wait_server $PID
+ kill ${PID}
+ wait
- #-cipher ECDHE-ECDSA-AES128-SHA
- $POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC224_CERT key_file=$ECC224_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ if test ${ALL_CURVES} = 1;then
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
- kill $PID
- wait
-fi
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC224_CERT}" key_file="${ECC224_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC256_CERT --x509keyfile $ECC256_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
+ fi
-#-cipher ECDHE-ECDSA-AES128-SHA
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC256_CERT key_file=$ECC256_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC256_CERT}" key_file="${ECC256_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher ECDHE-ECDSA-AES128-SHA
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC384_CERT key_file=$ECC384_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC384_CERT}" key_file="${ECC384_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL$ADD" --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY --x509cafile $CA_ECC_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher ECDHE-ECDSA-AES128-SHA
-$POLARSSL_CLI server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$ECC521_CERT key_file=$ECC521_KEY ca_file=$CA_ECC_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher ECDHE-ECDSA-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${ECC521_CERT}" key_file="${ECC521_KEY}" ca_file="${CA_ECC_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher PSK-AES128-SHA
-$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with DHE-PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher PSK-AES128-SHA
-$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with DHE-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher PSK-AES128-SHA
-$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
-echo "Check TLS 1.2 with RSA-PSK ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL$ADD" --pskpasswd $SERV_PSK --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
-wait_server $PID
+ kill ${PID}
+ wait
-#-cipher RSA-PSK-AES128-SHA
-$POLARSSL_CLI server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port=$PORT crt_file=$CLI_CERT key_file=$CLI_KEY ca_file=$CA_CERT </dev/null >>$LOGFILE 2>&1 || \
- fail $PID "Failed"
+ echo "Check TLS 1.2 with RSA-PSK ciphersuite"
+ launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" & PID=$!
+ wait_server ${PID}
-kill $PID
-wait
+ #-cipher RSA-PSK-AES128-SHA
+ "${POLARSSL_CLI}" server_name=localhost psk_identity=jas psk=9e32cf7786321a828ef7668f09fb35db min_version=tls1_2 max_version=tls1_2 server_port="${PORT}" crt_file="${CLI_CERT}" key_file="${CLI_KEY}" ca_file="${CA_CERT}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ fail ${PID} "Failed"
+ kill ${PID}
+ wait
done
-rm -f $LOGFILE
+rm -f "${LOGFILE}"
exit 0
diff --git a/tests/suite/testcompat-openssl b/tests/suite/testcompat-openssl
index f99c812..f82f00e 100755
--- a/tests/suite/testcompat-openssl
+++ b/tests/suite/testcompat-openssl
@@ -30,23 +30,25 @@
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+srcdir="${srcdir:-.}"
+
if ! test -x /usr/bin/openssl;then
- echo "You need openssl to run this test"
- exit 77
+ echo "You need openssl to run this test"
+ exit 77
fi
/usr/bin/openssl version|grep fips >/dev/null 2>&1
if test $? = 0;then
- export FIPS=1
+ export FIPS=1
else
- export FIPS=0
+ export FIPS=0
fi
# Check for datefudge
TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null`
-if test "$TSTAMP" != "1158969600"; then
- echo "You need datefudge to run this test"
- exit 77
+if test "${TSTAMP}" != "1158969600"; then
+ echo "You need datefudge to run this test"
+ exit 77
fi
-datefudge "2012-09-2" ./testcompat-main-openssl
+datefudge "2012-09-2" "${srcdir}/testcompat-main-openssl"
diff --git a/tests/suite/testcompat-polarssl b/tests/suite/testcompat-polarssl
index 3e78deb..fcaf99b 100755
--- a/tests/suite/testcompat-polarssl
+++ b/tests/suite/testcompat-polarssl
@@ -30,9 +30,11 @@
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+srcdir="${srcdir:-.}"
+
# Check for datefudge
TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null`
-if test "$TSTAMP" != "1158969600"; then
+if test "${TSTAMP}" != "1158969600"; then
echo "You need datefudge to run this test"
exit 77
fi
@@ -43,4 +45,4 @@ if test $? = 0;then
exit 77
fi
-datefudge "2012-09-2" ./testcompat-main-polarssl
+datefudge "2012-09-2" "${srcdir}/testcompat-main-polarssl"
diff --git a/tests/suite/testdane b/tests/suite/testdane
index 714a582..2ec50dc 100755
--- a/tests/suite/testdane
+++ b/tests/suite/testdane
@@ -19,64 +19,64 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-DANETOOL="${DANETOOL:-../../src/danetool$EXEEXT}"
+DANETOOL="${DANETOOL:-../../src/danetool${EXEEXT}}"
unset RETCODE
# Unfortunately it is extremely fragile and fails 99% of the
# time.
if test "${WINDIR}" != "";then
exit 77
-fi
+fi
-. $srcdir/../scripts/common.sh
+. "${srcdir}/../scripts/common.sh"
# Fine hosts
echo ""
echo "*** Testing good HTTPS hosts ***"
-# www.vulcano.cl dane.nox.su
+# www.vulcano.cl dane.nox.su
HOSTS="good.dane.verisignlabs.com www.freebsd.org www.kumari.net torproject.org fedoraproject.org"
-HOSTS="$HOSTS nohats.ca"
-for i in $HOSTS;do
-echo -n "$i: "
+HOSTS="${HOSTS} nohats.ca"
+for host in ${HOSTS};do
+ echo -n "${host}: "
-$DANETOOL --check $i >/dev/null 2>&1
-if [ $? != 0 ];then
- echo "Error checking $i"
- exit 1
-fi
-echo "ok"
+ "${DANETOOL}" --check "${host}" >/dev/null 2>&1
+ if [ $? != 0 ];then
+ echo "Error checking ${host}"
+ exit 1
+ fi
+ echo "ok"
done
echo ""
echo "*** Testing good SMTP hosts ***"
#HOSTS="dougbarton.us nlnetlabs.nl"
HOSTS="nlnetlabs.nl"
-for i in $HOSTS;do
-echo -n "$i: "
+for host in ${HOSTS};do
+ echo -n "${host}: "
-$DANETOOL --check $i --port 25 >/dev/null 2>&1
-if [ $? != 0 ];then
- echo "Error checking $i"
- exit 1
-fi
-echo "ok"
+ "${DANETOOL}" --check "${host}" --port 25 >/dev/null 2>&1
+ if [ $? != 0 ];then
+ echo "Error checking ${host}"
+ exit 1
+ fi
+ echo "ok"
done
echo ""
echo "*** Testing bad HTTPS hosts ***"
# Not ok
-# used to work: dane-broken.rd.nic.fr
+# used to work: dane-broken.rd.nic.fr
HOSTS="bad-hash.dane.verisignlabs.com bad-params.dane.verisignlabs.com"
-HOSTS="$HOSTS bad-sig.dane.verisignlabs.com"
-for i in $HOSTS;do
-echo -n "$i: "
-$DANETOOL --check $i >/dev/null 2>&1
-if [ $? = 0 ];then
- echo "Checking $i should have failed"
- exit 1
-fi
-echo "ok"
+HOSTS="${HOSTS} bad-sig.dane.verisignlabs.com"
+for host in ${HOSTS};do
+ echo -n "${host}: "
+ "${DANETOOL}" --check "${host}" >/dev/null 2>&1
+ if [ $? = 0 ];then
+ echo "Checking ${host} should have failed"
+ exit 1
+ fi
+ echo "ok"
done
diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11
index 2a4b88f..b301cc3 100755
--- a/tests/suite/testpkcs11
+++ b/tests/suite/testpkcs11
@@ -19,57 +19,57 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-P11TOOL="${P11TOOL:-../../src/p11tool$EXEEXT}"
-CERTTOOL="${CERTTOOL:-../../src/certtool$EXEEXT}"
+P11TOOL="${P11TOOL:-../../src/p11tool${EXEEXT}}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
DIFF="${DIFF:-diff -b -B}"
-SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q"
-CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
RETCODE=0
if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no"
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no"
fi
-TMPFILE=$srcdir/testpkcs11.debug
+TMPFILE="testpkcs11.debug"
CERTTOOL_PARAM="--stdout-info"
if test "${WINDIR}" != "";then
exit 77
fi
-P11TOOL="$VALGRIND $P11TOOL --batch"
+P11TOOL="${VALGRIND} ${P11TOOL} --batch"
-. $srcdir/../scripts/common.sh
+. ${srcdir}/../scripts/common.sh
-PORT="${PORT:-$RPORT}"
+PORT="${PORT:-${RPORT}}"
-rm -f $TMPFILE
+rm -f "${TMPFILE}"
exit_error () {
- echo "Check $TMPFILE for additional debugging information"
- echo ""
- echo ""
- tail $TMPFILE
- exit 1
+ echo "Check ${TMPFILE} for additional debugging information"
+ echo ""
+ echo ""
+ tail "${TMPFILE}"
+ exit 1
}
# $1: token
# $2: PIN
# $3: filename
-# $srcdir/pkcs11-certs/client.key
+# ${srcdir}/pkcs11-certs/client.key
write_privkey () {
- export GNUTLS_PIN=$2
-
- filename=$3
- token=$1
- echo -n "* Writing a client private key... "
- $P11TOOL $ADDITIONAL_PARAM --login --write --label gnutls-client2 --load-privkey "$filename" "$token" >>$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ export GNUTLS_PIN="$2"
+ filename="$3"
+ token="$1"
+
+ echo -n "* Writing a client private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
@@ -77,18 +77,18 @@ write_privkey () {
# $2: PIN
# $3: filename
write_serv_privkey () {
- export GNUTLS_PIN=$2
-
- filename=$3
- token=$1
- echo -n "* Writing the server private key... "
- $P11TOOL $ADDITIONAL_PARAM --login --write --label serv-key --load-privkey "$filename" "$token" >>$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ export GNUTLS_PIN="$2"
+ filename="$3"
+ token="$1"
+
+ echo -n "* Writing the server private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
@@ -96,18 +96,18 @@ write_serv_privkey () {
# $2: PIN
# $3: filename
write_serv_cert () {
- export GNUTLS_PIN=$2
-
- filename=$3
- token=$1
- echo -n "* Writing the server certificate... "
- $P11TOOL $ADDITIONAL_PARAM --login --write --no-mark-private --label serv-cert --load-certificate "$filename" "$token" >>$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ export GNUTLS_PIN="$2"
+ filename="$3"
+ token="$1"
+
+ echo -n "* Writing the server certificate... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
@@ -115,282 +115,282 @@ write_serv_cert () {
# $2: PIN
# $3: bits
generate_rsa_privkey () {
- export GNUTLS_PIN=$2
- token=$1
- bits=$3
-
- echo -n "* Generating RSA private key ($bits)... "
- $P11TOOL $ADDITIONAL_PARAM --login --id 000102030405 --label gnutls-client --generate-rsa --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit 1
- fi
+ export GNUTLS_PIN="$2"
+ token="$1"
+ bits="$3"
+
+ echo -n "* Generating RSA private key ("${bits}")... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit 1
+ fi
}
# $1: token
# $2: PIN
# $3: bits
generate_temp_rsa_privkey () {
- export GNUTLS_PIN=$2
- token=$1
- bits=$3
-
- echo -n "* Generating RSA private key ($bits)... "
- $P11TOOL $ADDITIONAL_PARAM --login --label temp-rsa-$bits --generate-rsa --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1
- if test $? = 0;then
- RETCODE=0
- echo ok
- else
- echo failed
- RETCODE=1
- fi
-
-# if test $RETCODE = 0;then
-# echo -n "* Testing private key flags... "
-# $P11TOOL $ADDITIONAL_PARAM --login --list-keys "$token;object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>$TMPFILE
-# if test $? != 0;then
-# echo failed
-# exit_error
-# fi
+ export GNUTLS_PIN="$2"
+ token="$1"
+ bits="$3"
+
+ echo -n "* Generating RSA private key ("${bits}")... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ RETCODE=0
+ echo ok
+ else
+ echo failed
+ RETCODE=1
+ fi
+
+# if test ${RETCODE} = 0;then
+# echo -n "* Testing private key flags... "
+# ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-keys "${token};object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>"${TMPFILE}"
+# if test $? != 0;then
+# echo failed
+# exit_error
+# fi
#
-# grep CKA_WRAP tmp-client-2.pub >>$TMPFILE 2>&1
-# if test $? != 0;then
-# echo "failed (no CKA_WRAP)"
-# exit_error
-# else
-# echo ok
-# fi
-# fi
+# grep CKA_WRAP tmp-client-2.pub >>"${TMPFILE}" 2>&1
+# if test $? != 0;then
+# echo "failed (no CKA_WRAP)"
+# exit_error
+# else
+# echo ok
+# fi
+# fi
}
# $1: token
# $2: PIN
delete_temp_privkey () {
- export GNUTLS_PIN=$2
- token=$1
- type=$3
+ export GNUTLS_PIN="$2"
+ token="$1"
+ type="$3"
- test "$RETCODE" = "0" || return
+ test "${RETCODE}" = "0" || return
- echo -n "* Deleting private key... "
- $P11TOOL $ADDITIONAL_PARAM --login --delete "$token;object=temp-$type;object-type=private" >>$TMPFILE 2>&1
+ echo -n "* Deleting private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${TMPFILE}" 2>&1
- if test $? != 0;then
- echo failed
- RETCODE=1
- return
- fi
+ if test $? != 0;then
+ echo failed
+ RETCODE=1
+ return
+ fi
- RETCODE=0
- echo ok
+ RETCODE=0
+ echo ok
}
# $1: token
# $2: PIN
# $3: bits
export_pubkey_of_privkey () {
- export GNUTLS_PIN=$2
- token=$1
- bits=$3
-
- echo -n "* Exporting public key of generated private key... "
- $P11TOOL $ADDITIONAL_PARAM --login --export-pubkey "$token;object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>$TMPFILE 2>&1
- if test $? != 0;then
- echo failed
- exit 1
- fi
-
- $DIFF tmp-client.pub tmp-client-2.pub
- if test $? != 0;then
- echo keys differ
- exit 1
- fi
-
- echo ok
+ export GNUTLS_PIN="$2"
+ token="$1"
+ bits="$3"
+
+ echo -n "* Exporting public key of generated private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo failed
+ exit 1
+ fi
+
+ ${DIFF} tmp-client.pub tmp-client-2.pub
+ if test $? != 0;then
+ echo keys differ
+ exit 1
+ fi
+
+ echo ok
}
# $1: token
# $2: PIN
change_id_of_privkey () {
- export GNUTLS_PIN=$2
- token=$1
-
- echo -n "* Change the CKA_ID of generated private key... "
- $P11TOOL $ADDITIONAL_PARAM --login --set-id "01a1b103" "$token;object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>$TMPFILE 2>&1
- if test $? != 0;then
- echo failed
- exit_error
- fi
-
- $P11TOOL $ADDITIONAL_PARAM --login --list-privkeys "$token;object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>$TMPFILE 2>&1
- if test $? != 0;then
- echo "ID didn't change"
- exit_error
- fi
-
- echo ok
+ export GNUTLS_PIN="$2"
+ token="$1"
+
+ echo -n "* Change the CKA_ID of generated private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo failed
+ exit_error
+ fi
+
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo "ID didn't change"
+ exit_error
+ fi
+
+ echo ok
}
# $1: token
# $2: PIN
change_label_of_privkey () {
- export GNUTLS_PIN=$2
- token=$1
-
- echo -n "* Change the CKA_LABEL of generated private key... "
- $P11TOOL $ADDITIONAL_PARAM --login --set-label "new-label" "$token;object=gnutls-client;object-type=private" >>$TMPFILE 2>&1
- if test $? != 0;then
- echo failed
- exit_error
- fi
-
- $P11TOOL $ADDITIONAL_PARAM --login --list-privkeys "$token;object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>$TMPFILE 2>&1
- if test $? != 0;then
- echo "label didn't change"
- exit_error
- fi
-
- $P11TOOL $ADDITIONAL_PARAM --login --set-label "gnutls-client" "$token;object=new-label;object-type=private" >>$TMPFILE 2>&1
- if test $? != 0;then
- echo failed
- exit_error
- fi
-
- echo ok
+ export GNUTLS_PIN="$2"
+ token="$1"
+
+ echo -n "* Change the CKA_LABEL of generated private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo failed
+ exit_error
+ fi
+
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo "label didn't change"
+ exit_error
+ fi
+
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo failed
+ exit_error
+ fi
+
+ echo ok
}
# $1: token
# $2: PIN
# $3: bits
generate_temp_ecc_privkey () {
- export GNUTLS_PIN=$2
- token=$1
- bits=$3
-
- echo -n "* Generating ECC private key ($bits)... "
- $P11TOOL $ADDITIONAL_PARAM --login --label temp-ecc-$bits --generate-ecc --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1
- if test $? = 0;then
- RETCODE=0
- echo ok
- else
- echo failed
- RETCODE=1
- fi
+ export GNUTLS_PIN="$2"
+ token="$1"
+ bits="$3"
+
+ echo -n "* Generating ECC private key (${bits})... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ RETCODE=0
+ echo ok
+ else
+ echo failed
+ RETCODE=1
+ fi
}
# $1: token
# $2: PIN
-# $3: cakey: $srcdir/pkcs11-certs/ca.key
-# $4: cacert: $srcdir/pkcs11-certs/ca.crt
+# $3: cakey: ${srcdir}/pkcs11-certs/ca.key
+# $4: cacert: ${srcdir}/pkcs11-certs/ca.crt
#
# Tests writing a certificate which corresponds to the given key,
# as well as the CA certificate, and tries to export them.
write_certificate_test () {
- export GNUTLS_PIN=$2
- token=$1
- cakey=$3
- cacert=$4
- pubkey=$5
-
- echo -n "* Generating client certificate... "
- $CERTTOOL $CERTTOOL_PARAM $ADDITIONAL_PARAM --generate-certificate --load-ca-privkey "$cakey" --load-ca-certificate "$cacert" \
- --template $srcdir/pkcs11-certs/client-tmpl --load-privkey "$token;object=gnutls-client;object-type=private" \
- --load-pubkey "$pubkey" --outfile tmp-client.crt >>$TMPFILE 2>&1
-
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
-
- echo -n "* Writing client certificate... "
- $P11TOOL $ADDITIONAL_PARAM --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "$token" >>$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
-
- echo -n "* Checking whether ID was correctly set... "
- $P11TOOL $ADDITIONAL_PARAM --login --list-certs "$token;object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>$TMPFILE 2>&1
- if test $? != 0;then
- echo "ID was not set on copy"
- exit_error
- fi
- echo ok
-
- echo -n "* Writing certificate of client's CA... "
- $P11TOOL $ADDITIONAL_PARAM --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "$cacert" "$token" >>$TMPFILE 2>&1
- ret=$?
- if test $ret != 0;then
- $P11TOOL $ADDITIONAL_PARAM --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "$cacert" "$token" >>$TMPFILE 2>&1
- ret=$?
- fi
-
- if test $ret = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
-
- echo -n "* Testing certificate flags... "
- $P11TOOL $ADDITIONAL_PARAM --login --list-all-certs "$token;object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>$TMPFILE
- if test $? != 0;then
- echo failed
- exit_error
- fi
-
- grep CKA_TRUSTED tmp-client-2.pub >>$TMPFILE 2>&1
- if test $? != 0;then
- echo "failed (no CKA_TRUSTED)"
- #exit_error
- fi
-
- grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>$TMPFILE 2>&1
- if test $? != 0;then
- echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)"
- #exit_error
- fi
-
- echo ok
-
-
- echo -n "* Trying to obtain back the cert... "
- $P11TOOL $ADDITIONAL_PARAM --export "$token;object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>$TMPFILE 2>&1
- $DIFF crt1.tmp $srcdir/pkcs11-certs/ca.crt
- if test $? != 0;then
- echo "failed. Exported certificate differs (crt1.tmp)!"
- exit_error
- fi
- rm -f crt1.tmp
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
-
- echo -n "* Trying to obtain the full chain... "
- $P11TOOL $ADDITIONAL_PARAM --login --export-chain "$token;object=gnutls-client;object-type=cert"|$CERTTOOL $CERTTOOL_PARAM -i --outfile crt1.tmp >>$TMPFILE 2>&1
-
- cat tmp-client.crt $srcdir/pkcs11-certs/ca.crt|$CERTTOOL $CERTTOOL_PARAM -i >crt2.tmp
- $DIFF crt1.tmp crt2.tmp
- if test $? != 0;then
- echo "failed. Exported certificate chain differs!"
- exit_error
- fi
- rm -f crt1.tmp crt2.tmp
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ export GNUTLS_PIN="$2"
+ token="$1"
+ cakey="$3"
+ cacert="$4"
+ pubkey="$5"
+
+ echo -n "* Generating client certificate... "
+ "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
+ --template ${srcdir}/pkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
+ --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${TMPFILE}" 2>&1
+
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ echo -n "* Writing client certificate... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ echo -n "* Checking whether ID was correctly set... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo "ID was not set on copy"
+ exit_error
+ fi
+ echo ok
+
+ echo -n "* Writing certificate of client's CA... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
+ ret=$?
+ if test ${ret} != 0;then
+ ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
+ ret=$?
+ fi
+
+ if test ${ret} = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ echo -n "* Testing certificate flags... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" |grep Flags|head -n 1 >tmp-client-2.pub 2>>"${TMPFILE}"
+ if test $? != 0;then
+ echo failed
+ exit_error
+ fi
+
+ grep CKA_TRUSTED tmp-client-2.pub >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo "failed (no CKA_TRUSTED)"
+ #exit_error
+ fi
+
+ grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${TMPFILE}" 2>&1
+ if test $? != 0;then
+ echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)"
+ #exit_error
+ fi
+
+ echo ok
+
+
+ echo -n "* Trying to obtain back the cert... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${TMPFILE}" 2>&1
+ ${DIFF} crt1.tmp "${srcdir}/pkcs11-certs/ca.crt"
+ if test $? != 0;then
+ echo "failed. Exported certificate differs (crt1.tmp)!"
+ exit_error
+ fi
+ rm -f crt1.tmp
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ echo -n "* Trying to obtain the full chain... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${TMPFILE}" 2>&1
+
+ cat tmp-client.crt ${srcdir}/pkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp
+ ${DIFF} crt1.tmp crt2.tmp
+ if test $? != 0;then
+ echo "failed. Exported certificate chain differs!"
+ exit_error
+ fi
+ rm -f crt1.tmp crt2.tmp
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
@@ -402,39 +402,39 @@ write_certificate_test () {
#
# Tests using a certificate and key pair using gnutls-serv and gnutls-cli.
use_certificate_test () {
- export GNUTLS_PIN=$2
- token=$1
- certfile=$3
- keyfile=$4
- cafile=$5
- txt=$6
-
- echo -n "* Using PKCS #11 with gnutls-cli ($txt)... "
- # start server
- launch_pkcs11_server $$ "$ADDITIONAL_PARAM" --echo --priority NORMAL --x509certfile="$certfile" \
- --x509keyfile="$keyfile" --x509cafile="$cafile" \
- --require-client-cert >>$TMPFILE 2>&1 &
-
- PID=$!
- wait_server $PID
-
- # connect to server using SC
- $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 && \
- fail $PID "Connection should have failed!"
-
- $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$certfile" \
- --x509keyfile="$keyfile" --x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 || \
- fail $PID "Connection (with files) should have succeeded!"
-
- $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$token;object=gnutls-client;object-type=cert" \
- --x509keyfile="$token;object=gnutls-client;object-type=private" \
- --x509cafile="$cafile" </dev/null >>$TMPFILE 2>&1 || \
- fail $PID "Connection (with SC) should have succeeded!"
-
- kill $PID
- wait
-
- echo ok
+ export GNUTLS_PIN="$2"
+ token="$1"
+ certfile="$3"
+ keyfile="$4"
+ cafile="$5"
+ txt="$6"
+
+ echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
+ # start server
+ launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
+ --x509keyfile="$keyfile" --x509cafile="${cafile}" \
+ --require-client-cert >>"${TMPFILE}" 2>&1 &
+
+ PID=$!
+ wait_server ${PID}
+
+ # connect to server using SC
+ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 && \
+ fail ${PID} "Connection should have failed!"
+
+ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
+ --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
+ fail ${PID} "Connection (with files) should have succeeded!"
+
+ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
+ --x509keyfile="${token};object=gnutls-client;object-type=private" \
+ --x509cafile="${cafile}" </dev/null >>"${TMPFILE}" 2>&1 || \
+ fail ${PID} "Connection (with SC) should have succeeded!"
+
+ kill ${PID}
+ wait
+
+ echo ok
}
@@ -443,65 +443,65 @@ echo "Testing PKCS11 support"
# erase SC
-type=$1
+type="$1"
-if test -z "$type";then
- echo "usage: $0: [pkcs15|softhsm|sc-hsm]"
- if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then
- echo "assuming 'softhsm'"
- echo ""
- type=softhsm
- else
- exit 1
- fi
+if test -z "${type}";then
+ echo "usage: $0: [pkcs15|softhsm|sc-hsm]"
+ if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then
+ echo "assuming 'softhsm'"
+ echo ""
+ type=softhsm
+ else
+ exit 1
+ fi
fi
-. $srcdir/testpkcs11.$type
+. "${srcdir}/testpkcs11.${type}"
export GNUTLS_PIN=12345678
export GNUTLS_SO_PIN=00000000
-init_card $GNUTLS_PIN $GNUTLS_SO_PIN
+init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}"
# find token name
-TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
+TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
-echo "* Token: $TOKEN"
-if test x"$TOKEN" = x;then
- echo "Could not find generated token"
- exit_error
+echo "* Token: ${TOKEN}"
+if test "x${TOKEN}" = x;then
+ echo "Could not find generated token"
+ exit_error
fi
#write a given privkey
-write_privkey $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/client.key"
+write_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/client.key"
-generate_temp_ecc_privkey $TOKEN $GNUTLS_PIN 256
-delete_temp_privkey $TOKEN $GNUTLS_PIN ecc-256
+generate_temp_ecc_privkey "${TOKEN}" "${GNUTLS_PIN}" 256
+delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" ecc-256
-generate_temp_ecc_privkey $TOKEN $GNUTLS_PIN 384
-delete_temp_privkey $TOKEN $GNUTLS_PIN ecc-384
+generate_temp_ecc_privkey "${TOKEN}" "${GNUTLS_PIN}" 384
+delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" ecc-384
-generate_temp_rsa_privkey $TOKEN $GNUTLS_PIN 2048
-delete_temp_privkey $TOKEN $GNUTLS_PIN rsa-2048
+generate_temp_rsa_privkey "${TOKEN}" "${GNUTLS_PIN}" 2048
+delete_temp_privkey "${TOKEN}" "${GNUTLS_PIN}" rsa-2048
-generate_rsa_privkey $TOKEN $GNUTLS_PIN 1024
-change_id_of_privkey $TOKEN $GNUTLS_PIN
-export_pubkey_of_privkey $TOKEN $GNUTLS_PIN
-change_label_of_privkey $TOKEN $GNUTLS_PIN
+generate_rsa_privkey "${TOKEN}" "${GNUTLS_PIN}" 1024
+change_id_of_privkey "${TOKEN}" "${GNUTLS_PIN}"
+export_pubkey_of_privkey "${TOKEN}" "${GNUTLS_PIN}"
+change_label_of_privkey "${TOKEN}" "${GNUTLS_PIN}"
-write_certificate_test $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/ca.key" "$srcdir/pkcs11-certs/ca.crt" tmp-client.pub
+write_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/ca.key" "${srcdir}/pkcs11-certs/ca.crt" tmp-client.pub
-write_serv_privkey $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/server.key"
-write_serv_cert $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/server.crt"
+write_serv_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.key"
+write_serv_cert "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.crt"
-use_certificate_test $TOKEN $GNUTLS_PIN "$TOKEN;object=serv-cert;object-type=cert" "$TOKEN;object=serv-key;object-type=private" "$srcdir/pkcs11-certs/ca.crt" "full URLs"
+use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert;object-type=cert" "${TOKEN};object=serv-key;object-type=private" "${srcdir}/pkcs11-certs/ca.crt" "full URLs"
-use_certificate_test $TOKEN $GNUTLS_PIN "$TOKEN;object=serv-cert" "$TOKEN;object=serv-key" "$srcdir/pkcs11-certs/ca.crt" "abbrv URLs"
+use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/pkcs11-certs/ca.crt" "abbrv URLs"
-if test $RETCODE = 0;then
- echo "* All smart cards tests succeeded"
+if test ${RETCODE} = 0;then
+ echo "* All smart cards tests succeeded"
fi
-rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub $TMPFILE
+rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub "${TMPFILE}"
exit 0
diff --git a/tests/suite/testpkcs11.pkcs15 b/tests/suite/testpkcs11.pkcs15
index d72163b..59c535e 100644
--- a/tests/suite/testpkcs11.pkcs15
+++ b/tests/suite/testpkcs11.pkcs15
@@ -20,27 +20,26 @@
init_card () {
- PIN=$1
- PUK=$2
+ PIN="$1"
+ PUK="$2"
- echo -n "* Erasing smart card... "
- pkcs15-init -E >$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- cat $TMPFILE
- exit_error
- fi
+ echo -n "* Erasing smart card... "
+ pkcs15-init -E >"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ cat "${TMPFILE}"
+ exit_error
+ fi
- echo -n "* Initializing smart card... "
- pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin $PIN --pin $PIN --puk $PUK --label "GnuTLS-Test" >$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- cat $TMPFILE
- exit_error
- fi
+ echo -n "* Initializing smart card... "
+ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ cat "${TMPFILE}"
+ exit_error
+ fi
}
-
diff --git a/tests/suite/testpkcs11.sc-hsm b/tests/suite/testpkcs11.sc-hsm
index 03b86a4..26ce485 100644
--- a/tests/suite/testpkcs11.sc-hsm
+++ b/tests/suite/testpkcs11.sc-hsm
@@ -20,32 +20,31 @@
init_card () {
- PIN=$1
- PUK=3537363231383830
- export GNUTLS_SO_PIN=$PUK
+ PIN="$1"
+ PUK=3537363231383830
+ export GNUTLS_SO_PIN="${PUK}"
- echo -n "* Erasing smart card... "
- sc-hsm-tool --initialize --so-pin $PUK --pin $PIN --label=GnuTLS-Test >>$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ echo -n "* Erasing smart card... "
+ sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
- echo -n "* Initializing smart card... "
- TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
- if test -z "$TOKEN";then
- echo "Could not find initialized card"
- exit_error
- fi
+ echo -n "* Initializing smart card... "
+ TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
+ if test -z "${TOKEN}";then
+ echo "Could not find initialized card"
+ exit_error
+ fi
- $P11TOOL $ADDITIONAL_PARAM --initialize "$TOKEN" --set-so-pin $PUK --set-pin $PIN --label "GnuTLS-Test" >>$TMPFILE 2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
-
diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm
index c58dde1..b444e62 100755
--- a/tests/suite/testpkcs11.softhsm
+++ b/tests/suite/testpkcs11.softhsm
@@ -19,57 +19,56 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
if test -f /usr/lib64/pkcs11/libsofthsm2.so;then
- ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
+ ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
else
- if test -f /usr/lib/softhsm/libsofthsm.so;then
- ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
- else
- ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so"
- fi
+ if test -f /usr/lib/softhsm/libsofthsm.so;then
+ ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
+ else
+ ADDITIONAL_PARAM="--provider /usr/lib64/softhsm/libsofthsm.so"
+ fi
fi
init_card () {
- PIN=$1
- PUK=$2
+ PIN="$1"
+ PUK="$2"
- if test -x "/usr/bin/softhsm2-util";then
- export SOFTHSM2_CONF="softhsm-testpkcs11.config"
- SOFTHSM_TOOL="/usr/bin/softhsm2-util"
- $SOFTHSM_TOOL --version|grep "2.0.0b1" >/dev/null 2>&1
- if test $? = 0;then
- echo "softhsm2-util 2.0.0b1 is broken"
- exit 77
- fi
- fi
+ if test -x "/usr/bin/softhsm2-util";then
+ export SOFTHSM2_CONF="softhsm-testpkcs11.config"
+ SOFTHSM_TOOL="/usr/bin/softhsm2-util"
+ ${SOFTHSM_TOOL} --version|grep "2.0.0b1" >/dev/null 2>&1
+ if test $? = 0;then
+ echo "softhsm2-util 2.0.0b1 is broken"
+ exit 77
+ fi
+ fi
- if test -x "/usr/bin/softhsm";then
- export SOFTHSM_CONF="softhsm-testpkcs11.config"
- SOFTHSM_TOOL="/usr/bin/softhsm"
- fi
+ if test -x "/usr/bin/softhsm";then
+ export SOFTHSM_CONF="softhsm-testpkcs11.config"
+ SOFTHSM_TOOL="/usr/bin/softhsm"
+ fi
- if test -z "$SOFTHSM_TOOL";then
- echo "Could not find softhsm(2) tool"
- exit 77
- fi
+ if test -z "${SOFTHSM_TOOL}";then
+ echo "Could not find softhsm(2) tool"
+ exit 77
+ fi
- if test -z "$SOFTHSM_CONF";then
- rm -rf ./softhsm-testpkcs11.db
- mkdir -p ./softhsm-testpkcs11.db
- echo "objectstore.backend = file" > $SOFTHSM2_CONF
- echo "directories.tokendir = ./softhsm-testpkcs11.db" >> $SOFTHSM2_CONF
- else
- rm -rf ./softhsm-testpkcs11.db
- echo "0:./softhsm-testpkcs11.db" > $SOFTHSM_CONF
- fi
+ if test -z "${SOFTHSM_CONF}";then
+ rm -rf ./softhsm-testpkcs11.db
+ mkdir -p ./softhsm-testpkcs11.db
+ echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
+ echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
+ else
+ rm -rf ./softhsm-testpkcs11.db
+ echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
+ fi
- echo -n "* Initializing smart card... "
- $SOFTHSM_TOOL --init-token --slot 0 --label "GnuTLS-Test" --so-pin $PUK --pin $PIN >/dev/null #2>&1
- if test $? = 0;then
- echo ok
- else
- echo failed
- exit_error
- fi
+ echo -n "* Initializing smart card... "
+ ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1
+ if test $? = 0;then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
}
-
diff --git a/tests/suite/testrandom b/tests/suite/testrandom
index e682375..894b2e9d 100755
--- a/tests/suite/testrandom
+++ b/tests/suite/testrandom
@@ -20,10 +20,10 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-srcdir=${srcdir:-.}
-CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
if ! test -z "${VALGRIND}";then
-VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
counter=0
@@ -32,58 +32,58 @@ file=test.out
counter=0
echo "Testing verification with randomly generated certificates..."
-while [ $counter -lt 400 ]
+while [ ${counter} -lt 400 ]
do
- $srcdir/x509random.pl > $srcdir/$file
- $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file --outfile $srcdir/$file.pem >/dev/null 2>&1
+ "${srcdir}/x509random.pl" > "${file}"
+ ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" --outfile "${file}.pem" >/dev/null 2>&1
if test $? != 0;then
- continue
+ continue
fi
- cat $srcdir/$file.pem $srcdir/../certs/ca-cert-ecc.pem > $srcdir/$file-chain.pem
+ cat "${file}.pem" "${srcdir}/../certs/ca-cert-ecc.pem" > "${file}-chain.pem"
- $VALGRIND $CERTTOOL -e --infile $srcdir/$file-chain.pem >/dev/null 2>&1
+ ${VALGRIND} "${CERTTOOL}" -e --infile "${file}-chain.pem" >/dev/null 2>&1
ret=$?
- if [ $ret != 1 ];then
- echo "Succeeded verification with $file-chain.pem!"
- exit 1
+ if [ ${ret} != 1 ];then
+ echo "Succeeded verification with ${file}-chain.pem!"
+ exit 1
fi
- rm -f $srcdir/$file.pem $srcdir/$file-chain.pem
+ rm -f "${file}.pem" "${file}-chain.pem"
- counter=`expr $counter + 1`
+ counter=`expr ${counter} + 1`
done
echo "Testing with randomly generated certificates..."
-while [ $counter -lt 200 ]
+while [ ${counter} -lt 200 ]
do
- $srcdir/x509random.pl > $srcdir/$file
- $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file >/dev/null
+ "${srcdir}/x509random.pl" > "${file}"
+ ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null
ret=$?
- if [ $ret != 0 -a $ret != 1 ];then
- echo "Unknown exit code with $file"
- exit 1
+ if [ ${ret} != 0 -a ${ret} != 1 ];then
+ echo "Unknown exit code with ${file}"
+ exit 1
fi
- counter=`expr $counter + 1`
+ counter=`expr ${counter} + 1`
done
counter=0
echo "Testing with random ASN.1 data..."
-while [ $counter -lt 200 ]
+while [ ${counter} -lt 200 ]
do
- $srcdir/asn1random.pl > $srcdir/$file
- $VALGRIND $CERTTOOL -i --inder --infile $srcdir/$file >/dev/null 2>/dev/null
+ "${srcdir}/asn1random.pl" > "${file}"
+ ${VALGRIND} "${CERTTOOL}" -i --inder --infile "${file}" >/dev/null 2>/dev/null
ret=$?
- if [ $ret != 0 -a $ret != 1 ];then
- echo "Unknown exit code with $file"
- exit 1
+ if [ ${ret} != 0 -a ${ret} != 1 ];then
+ echo "Unknown exit code with ${file}"
+ exit 1
fi
- counter=`expr $counter + 1`
+ counter=`expr ${counter} + 1`
done
-rm -f $srcdir/$file
+rm -f "${file}"
exit 0
diff --git a/tests/suite/testrng b/tests/suite/testrng
index c780cf4..16fb4d5 100755
--- a/tests/suite/testrng
+++ b/tests/suite/testrng
@@ -29,7 +29,7 @@ VERSION=`dieharder -l|grep version|cut -d ' ' -f 6`
if test "$1" = "full";then
OPTIONS="-a"
else
- if test "$VERSION" = "2.28.1";then
+ if test "${VERSION}" = "2.28.1";then
OPTIONS="-d 5"
OPTIONS2="-d 10"
else
@@ -42,122 +42,122 @@ OUTFILE=rng.log
RNGFILE=rng.out
RNGFILE2=rng2.out
-rm -f $OUTFILE
-rm -f $RNGFILE
-rm -f $RNGFILE2
+rm -f "${OUTFILE}"
+rm -f "${RNGFILE}"
+rm -f "${RNGFILE2}"
-. $srcdir/../scripts/common.sh
+. "${srcdir}/../scripts/common.sh"
RINPUTNO=`dieharder -g -1|grep file_input_raw|cut -d '|' -f 2|cut -d ' ' -f 1`
-if test -z "$RINPUTNO";then
- echo "Cannot determine dieharder option for raw file input, assuming 201"
- RINPUTNO=201
+if test -z "${RINPUTNO}";then
+ echo "Cannot determine dieharder option for raw file input, assuming 201"
+ RINPUTNO=201
fi
echo ""
echo "Testing nonce PRNG"
-./rng nonce 64 $RNGFILE
-./rng nonce 64 $RNGFILE2
-cmp $RNGFILE $RNGFILE2 >/dev/null 2>&1
+./rng nonce 64 "${RNGFILE}"
+./rng nonce 64 "${RNGFILE2}"
+cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1
ret=$?
-if test $ret = 0;then
- echo "numbers are repeated in nonce!"
- exit 1
+if test ${ret} = 0;then
+ echo "numbers are repeated in nonce!"
+ exit 1
fi
-./rng nonce 100000000 $RNGFILE
+./rng nonce 100000000 "${RNGFILE}"
-dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
-if ! test -z "$OPTIONS2";then
- dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}";then
+ dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
fi
-grep FAILED $OUTFILE >/dev/null 2>&1
+grep FAILED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "$ret" = "0";then
- echo "test failed for nonce"
- exit 1
+if test "${ret}" = "0";then
+ echo "test failed for nonce"
+ exit 1
fi
-grep PASSED $OUTFILE >/dev/null 2>&1
+grep PASSED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "$ret" != "0";then
- echo "could not run dieharder test?"
- exit 1
+if test "${ret}" != "0";then
+ echo "could not run dieharder test?"
+ exit 1
fi
-cat $OUTFILE
-rm -f $OUTFILE
+cat "${OUTFILE}"
+rm -f "${OUTFILE}"
echo ""
echo "Testing key PRNG"
-./rng key 64 $RNGFILE
-./rng key 64 $RNGFILE2
-cmp $RNGFILE $RNGFILE2 >/dev/null 2>&1
+./rng key 64 "${RNGFILE}"
+./rng key 64 "${RNGFILE2}"
+cmp "${RNGFILE}" "${RNGFILE2}" >/dev/null 2>&1
ret=$?
-if test $ret = 0;then
- echo "numbers are repeated in nonce!"
- exit 1
+if test ${ret} = 0;then
+ echo "numbers are repeated in nonce!"
+ exit 1
fi
-./rng key 100000000 $RNGFILE
+./rng key 100000000 "${RNGFILE}"
-dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
-if ! test -z "$OPTIONS2";then
- dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}";then
+ dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
fi
-grep FAILED $OUTFILE >/dev/null 2>&1
+grep FAILED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "$ret" = "0";then
- echo "test failed for key"
- exit 1
+if test "${ret}" = "0";then
+ echo "test failed for key"
+ exit 1
fi
-grep PASSED $OUTFILE >/dev/null 2>&1
+grep PASSED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "$ret" != "0";then
- echo "could not run dieharder test?"
- exit 1
+if test "${ret}" != "0";then
+ echo "could not run dieharder test?"
+ exit 1
fi
-cat $OUTFILE
-rm -f $OUTFILE
+cat "${OUTFILE}"
+rm -f "${OUTFILE}"
echo ""
echo "Testing /dev/zero PRNG"
-dd if=/dev/zero of=$RNGFILE bs=4 count=10000000 >/dev/null 2>&1
+dd if=/dev/zero of="${RNGFILE}" bs=4 count=10000000 >/dev/null 2>&1
-dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS >$OUTFILE 2>&1
-if ! test -z "$OPTIONS2";then
- dieharder -f $RNGFILE -g $RINPUTNO $OPTIONS2 >>$OUTFILE 2>&1
+dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS} >"${OUTFILE}" 2>&1
+if ! test -z "${OPTIONS2}";then
+ dieharder -f "${RNGFILE}" -g ${RINPUTNO} ${OPTIONS2} >>"${OUTFILE}" 2>&1
fi
-grep PASSED $OUTFILE >/dev/null 2>&1
+grep PASSED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "$ret" = "0";then
- echo "test succeeded for /dev/zero!!!"
- exit 1
+if test "${ret}" = "0";then
+ echo "test succeeded for /dev/zero!!!"
+ exit 1
fi
-grep FAILED $OUTFILE >/dev/null 2>&1
+grep FAILED "${OUTFILE}" >/dev/null 2>&1
ret=$?
-if test "$ret" != "0";then
- echo "could not run dieharder test?"
- exit 1
+if test "${ret}" != "0";then
+ echo "could not run dieharder test?"
+ exit 1
fi
-cat $OUTFILE
-rm -f $OUTFILE
-rm -f $RNGFILE
-rm -f $RNGFILE2
+cat "${OUTFILE}"
+rm -f "${OUTFILE}"
+rm -f "${RNGFILE}"
+rm -f "${RNGFILE2}"
exit 0
diff --git a/tests/suite/testsrn b/tests/suite/testsrn
index 826bb4a..783ed9d 100755
--- a/tests/suite/testsrn
+++ b/tests/suite/testsrn
@@ -21,79 +21,79 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
srcdir="${srcdir:-.}"
-SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q"
-CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+SERV="${SERV:-../../src/gnutls-serv${EXEEXT}} -q"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
unset RETCODE
if test "${WINDIR}" != "";then
exit 77
fi
-. $srcdir/../scripts/common.sh
+. "${srcdir}/../scripts/common.sh"
-PORT="${PORT:-$RPORT}"
+PORT="${PORT:-${RPORT}}"
echo "Checking Safe renegotiation"
-launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
PID=$!
-wait_server $PID
+wait_server ${PID}
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "0. Renegotiation should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "0. Renegotiation should have succeeded!"
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "1. Safe rehandshake should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "1. Safe rehandshake should have succeeded!"
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "2. Unsafe rehandshake should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "2. Unsafe rehandshake should have succeeded!"
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "3. Unsafe negotiation should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "3. Unsafe negotiation should have succeeded!"
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail $PID "4. Unsafe renegotiation should have failed!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail ${PID} "4. Unsafe renegotiation should have failed!"
-kill $PID
+kill ${PID}
wait
-launch_server $$ --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+launch_server $$ --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
PID=$!
-wait_server $PID
+wait_server ${PID}
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "5. Safe rehandshake should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "5. Safe rehandshake should have succeeded!"
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "6. Unsafe rehandshake should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "6. Unsafe rehandshake should have succeeded!"
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail $PID "7. Unsafe negotiation should have failed!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail ${PID} "7. Unsafe negotiation should have failed!"
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail $PID "8. Unsafe renegotiation should have failed!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail ${PID} "8. Unsafe renegotiation should have failed!"
-kill $PID
+kill ${PID}
wait
-launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams "${srcdir}/params.dh" >/dev/null 2>&1 &
PID=$!
-wait_server $PID
+wait_server ${PID}
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail $PID "9. Initial connection should have failed!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail ${PID} "9. Initial connection should have failed!"
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "10. Unsafe connection should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "10. Unsafe connection should have succeeded!"
-$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "11. Unsafe negotiation should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "11. Unsafe negotiation should have succeeded!"
-$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail $PID "12. Unsafe renegotiation should have succeeded!"
+"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail ${PID} "12. Unsafe renegotiation should have succeeded!"
-kill $PID
+kill ${PID}
wait
exit 0
--
2.3.6
More information about the Gnutls-devel
mailing list