summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorinoguchi <>2018-09-14 13:54:57 +0000
committerinoguchi <>2018-09-14 13:54:57 +0000
commit4ad8ba4c6a2a762df64956a2d2219ef6317f76d3 (patch)
treeaae6473fc92134ef978ff2ca450828ad78df4b79
parent0731e37042e0d53709a76cd8c185118bfdc9a087 (diff)
downloadopenbsd-4ad8ba4c6a2a762df64956a2d2219ef6317f76d3.tar.gz
openbsd-4ad8ba4c6a2a762df64956a2d2219ef6317f76d3.tar.bz2
openbsd-4ad8ba4c6a2a762df64956a2d2219ef6317f76d3.zip
Add interoperability test mode for regress appstest.sh
- test s_server and s_client between different version by option -i - indicate other version by defining OTHER_OPENSSL environment variable - fix "SSL/TLS" to "TLS/SSL", since TLS is correct as technical term - s/SKIPPNG/SKIPPING/
Diffstat (limited to '')
-rwxr-xr-xsrc/regress/usr.bin/openssl/appstest.sh114
1 files changed, 79 insertions, 35 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index 3d54da9509..535223cb14 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $OpenBSD: appstest.sh,v 1.13 2018/09/08 11:12:27 inoguchi Exp $ 3# $OpenBSD: appstest.sh,v 1.14 2018/09/14 13:54:57 inoguchi Exp $
4# 4#
5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> 5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6# 6#
@@ -237,7 +237,7 @@ function test_key {
237 -out $dhparam2.out 237 -out $dhparam2.out
238 check_exit_status $? 238 check_exit_status $?
239 else 239 else
240 start_message "SKIPPNG dhparam - Superseded by genpkey and pkeyparam. (quick mode)" 240 start_message "SKIPPING dhparam - Superseded by genpkey and pkeyparam. (quick mode)"
241 fi 241 fi
242 242
243 # DSA 243 # DSA
@@ -928,14 +928,33 @@ function test_pkcs {
928function test_server_client { 928function test_server_client {
929 # --- client/server operations (TLS) --- 929 # --- client/server operations (TLS) ---
930 section_message "client/server operations (TLS)" 930 section_message "client/server operations (TLS)"
931 931
932 s_id="$1"
933 c_id="$2"
934 sc="$1$2"
935
936 if [ $s_id = "0" ] ; then
937 s_bin=$openssl_bin
938 else
939 s_bin=$other_openssl_bin
940 fi
941
942 if [ $c_id = "0" ] ; then
943 c_bin=$openssl_bin
944 else
945 c_bin=$other_openssl_bin
946 fi
947
948 echo "s_server is [`$s_bin version`]"
949 echo "s_client is [`$c_bin version`]"
950
932 host="localhost" 951 host="localhost"
933 port=4433 952 port=4433
934 sess_dat=$user1_dir/s_client_sess.dat 953 sess_dat=$user1_dir/s_client_${sc}_sess.dat
935 s_server_out=$server_dir/s_server_tls.out 954 s_server_out=$server_dir/s_server_${sc}_tls.out
936 955
937 start_message "s_server ... start SSL/TLS test server" 956 start_message "s_server ... start TLS/SSL test server"
938 $openssl_bin s_server -accept $port -CAfile $ca_cert \ 957 $s_bin s_server -accept $port -CAfile $ca_cert \
939 -cert $server_cert -key $server_key -pass pass:$server_pass \ 958 -cert $server_cert -key $server_key -pass pass:$server_pass \
940 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \ 959 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
941 -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \ 960 -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \
@@ -948,10 +967,10 @@ function test_server_client {
948 967
949 # protocol = TLSv1 968 # protocol = TLSv1
950 969
951 s_client_out=$user1_dir/s_client_tls_1_0.out 970 s_client_out=$user1_dir/s_client_${sc}_tls_1_0.out
952 971
953 start_message "s_client ... connect to SSL/TLS test server by TLSv1" 972 start_message "s_client ... connect to TLS/SSL test server by TLSv1"
954 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \ 973 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
955 -pause -prexit \ 974 -pause -prexit \
956 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 975 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
957 check_exit_status $? 976 check_exit_status $?
@@ -964,10 +983,10 @@ function test_server_client {
964 983
965 # protocol = TLSv1.1 984 # protocol = TLSv1.1
966 985
967 s_client_out=$user1_dir/s_client_tls_1_1.out 986 s_client_out=$user1_dir/s_client_${sc}_tls_1_1.out
968 987
969 start_message "s_client ... connect to SSL/TLS test server by TLSv1.1" 988 start_message "s_client ... connect to TLS/SSL test server by TLSv1.1"
970 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \ 989 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
971 -pause -prexit \ 990 -pause -prexit \
972 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 991 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
973 check_exit_status $? 992 check_exit_status $?
@@ -980,10 +999,10 @@ function test_server_client {
980 999
981 # protocol = TLSv1.2 1000 # protocol = TLSv1.2
982 1001
983 s_client_out=$user1_dir/s_client_tls_1_2.out 1002 s_client_out=$user1_dir/s_client_${sc}_tls_1_2.out
984 1003
985 start_message "s_client ... connect to SSL/TLS test server by TLSv1.2" 1004 start_message "s_client ... connect to TLS/SSL test server by TLSv1.2"
986 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \ 1005 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
987 -pause -prexit \ 1006 -pause -prexit \
988 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1007 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
989 check_exit_status $? 1008 check_exit_status $?
@@ -996,15 +1015,31 @@ function test_server_client {
996 1015
997 # all available ciphers with random order 1016 # all available ciphers with random order
998 1017
999 ciphers=`$openssl_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' | sort -R` 1018 s_ciph=$server_dir/s_ciph_${sc}
1019 if [ $s_id = "0" ] ; then
1020 $s_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $s_ciph
1021 else
1022 $s_bin ciphers -v | awk '{print $1}' > $s_ciph
1023 fi
1024
1025 c_ciph=$user1_dir/c_ciph_${sc}
1026 if [ $c_id = "0" ] ; then
1027 $c_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $c_ciph
1028 else
1029 $c_bin ciphers -v | awk '{print $1}' > $c_ciph
1030 fi
1031
1032 ciphers=$user1_dir/ciphers_${sc}
1033 grep -x -f $s_ciph $c_ciph | sort -R > $ciphers
1034
1000 cnum=0 1035 cnum=0
1001 for c in $ciphers ; do 1036 for c in `cat $ciphers` ; do
1002 cnum=`expr $cnum + 1` 1037 cnum=`expr $cnum + 1`
1003 cnstr=`printf %03d $cnum` 1038 cnstr=`printf %03d $cnum`
1004 s_client_out=$user1_dir/s_client_tls_${cnstr}_${c}.out 1039 s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out
1005 1040
1006 start_message "s_client ... connect to SSL/TLS test server with [ $cnstr ] $c" 1041 start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"
1007 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \ 1042 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1008 -pause -prexit -cipher $c \ 1043 -pause -prexit -cipher $c \
1009 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1044 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1010 check_exit_status $? 1045 check_exit_status $?
@@ -1018,10 +1053,10 @@ function test_server_client {
1018 1053
1019 # Get session ticket to reuse 1054 # Get session ticket to reuse
1020 1055
1021 s_client_out=$user1_dir/s_client_tls_reuse_1.out 1056 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out
1022 1057
1023 start_message "s_client ... connect to SSL/TLS test server to get session id" 1058 start_message "s_client ... connect to TLS/SSL test server to get session id"
1024 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \ 1059 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1025 -pause -prexit \ 1060 -pause -prexit \
1026 -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \ 1061 -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \
1027 -sess_out $sess_dat \ 1062 -sess_out $sess_dat \
@@ -1036,10 +1071,10 @@ function test_server_client {
1036 1071
1037 # Reuse session ticket 1072 # Reuse session ticket
1038 1073
1039 s_client_out=$user1_dir/s_client_tls_reuse_2.out 1074 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out
1040 1075
1041 start_message "s_client ... connect to SSL/TLS test server reusing session id" 1076 start_message "s_client ... connect to TLS/SSL test server reusing session id"
1042 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \ 1077 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1043 -pause -prexit -sess_in $sess_dat \ 1078 -pause -prexit -sess_in $sess_dat \
1044 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1079 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1045 check_exit_status $? 1080 check_exit_status $?
@@ -1052,10 +1087,10 @@ function test_server_client {
1052 1087
1053 # invalid verification pattern 1088 # invalid verification pattern
1054 1089
1055 s_client_out=$user1_dir/s_client_tls_invalid.out 1090 s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out
1056 1091
1057 start_message "s_client ... connect to SSL/TLS test server but verify error" 1092 start_message "s_client ... connect to TLS/SSL test server but verify error"
1058 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \ 1093 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1059 -pause -prexit \ 1094 -pause -prexit \
1060 -showcerts -crl_check -issuer_checks -policy_check \ 1095 -showcerts -crl_check -issuer_checks -policy_check \
1061 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1096 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
@@ -1066,13 +1101,13 @@ function test_server_client {
1066 check_exit_status $? 1101 check_exit_status $?
1067 1102
1068 # s_time 1103 # s_time
1069 start_message "s_time ... connect to SSL/TLS test server" 1104 start_message "s_time ... connect to TLS/SSL test server"
1070 $openssl_bin s_time -connect $host:$port -CAfile $ca_cert -time 2 1105 $c_bin s_time -connect $host:$port -CAfile $ca_cert -time 2
1071 check_exit_status $? 1106 check_exit_status $?
1072 1107
1073 # sess_id 1108 # sess_id
1074 start_message "sess_id" 1109 start_message "sess_id"
1075 $openssl_bin sess_id -in $sess_dat -text -out $sess_dat.out 1110 $c_bin sess_id -in $sess_dat -text -out $sess_dat.out
1076 check_exit_status $? 1111 check_exit_status $?
1077 1112
1078 stop_s_server 1113 stop_s_server
@@ -1087,7 +1122,7 @@ function test_speed {
1087 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed 1122 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed
1088 check_exit_status $? 1123 check_exit_status $?
1089 else 1124 else
1090 start_message "SKIPPNG speed (quick mode)" 1125 start_message "SKIPPING speed (quick mode)"
1091 fi 1126 fi
1092} 1127}
1093 1128
@@ -1103,11 +1138,16 @@ function test_version {
1103#---------#---------#---------#---------#---------#---------#---------#--------- 1138#---------#---------#---------#---------#---------#---------#---------#---------
1104 1139
1105openssl_bin=${OPENSSL:-/usr/bin/openssl} 1140openssl_bin=${OPENSSL:-/usr/bin/openssl}
1141other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl}
1106 1142
1143interop_tests=0
1107no_long_tests=0 1144no_long_tests=0
1108 1145
1109while [ "$1" != "" ]; do 1146while [ "$1" != "" ]; do
1110 case $1 in 1147 case $1 in
1148 -i | --interop) shift
1149 interop_tests=1
1150 ;;
1111 -q | --quick ) shift 1151 -q | --quick ) shift
1112 no_long_tests=1 1152 no_long_tests=1
1113 ;; 1153 ;;
@@ -1159,7 +1199,11 @@ test_tsa
1159test_smime 1199test_smime
1160test_ocsp 1200test_ocsp
1161test_pkcs 1201test_pkcs
1162test_server_client 1202test_server_client 0 0
1203if [ $interop_tests = 1 ] ; then
1204 test_server_client 0 1
1205 test_server_client 1 0
1206fi
1163test_speed 1207test_speed
1164test_version 1208test_version
1165 1209
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-29 23:35:02 +0000