Add protocol and cipher patterns in regress appstest.sh

author: inoguchi <> 2018-08-27 06:50:13 +0000
committer: inoguchi <> 2018-08-27 06:50:13 +0000
commit: 28ef3600e1d9e3c81add81b0a8ca7ca2132409cf (patch)
tree: 17b4cbc03ba88f3086d6c612e1e1dacd9b254aad /src
parent: 8ce5b13cb65d965ee2ec79ee11e0708a87372462 (diff)
download: openbsd-28ef3600e1d9e3c81add81b0a8ca7ca2132409cf.tar.gz
openbsd-28ef3600e1d9e3c81add81b0a8ca7ca2132409cf.tar.bz2
openbsd-28ef3600e1d9e3c81add81b0a8ca7ca2132409cf.zip
1 files changed, 88 insertions, 18 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index 69b3d4b8f7..79b863392d 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $OpenBSD: appstest.sh,v 1.8 2018/08/26 13:28:13 inoguchi Exp $
+# $OpenBSD: appstest.sh,v 1.9 2018/08/27 06:50:13 inoguchi Exp $
 #
 # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
 #
@@ -940,22 +940,18 @@ check_exit_status $?
 #---------#---------#---------#---------#---------#---------#---------#---------
-# --- client/server operations ---
+# --- client/server operations (TLS) ---
-section_message "client/server operations"
+section_message "client/server operations (TLS)"
 host="localhost"
 port=4433
 sess_dat=$user1_dir/s_client_sess.dat
-s_server_out=$server_dir/s_server.out
+s_server_out=$server_dir/s_server_tls.out
-s_client_1_out=$user1_dir/s_client_1.out
-s_client_2_out=$user1_dir/s_client_2.out
-s_client_3_out=$user1_dir/s_client_3.out
 start_message "s_server ... start SSL/TLS test server"
 $openssl_bin s_server -accept $port -CAfile $ca_cert \
    -cert $server_cert -key $server_key -pass pass:$server_pass \
-    -context "appstest.sh" -id_prefix "APPSTEST.SH" \
+    -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
-    -crl_check -no_ssl2 -no_ssl3 -no_tls1 \
    -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \
    -msg -tlsextdebug > $s_server_out 2>&1 &
 check_exit_status $?
@@ -963,44 +959,118 @@ s_server_pid=$!
 echo "s_server pid = [ $s_server_pid ]"
 sleep 1
-start_message "s_client ... connect to SSL/TLS test server"
+# protocol = TLSv1
+s_client_out=$user1_dir/s_client_tls_1_0.out
+start_message "s_client ... connect to SSL/TLS test server by TLSv1"
+$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
+    -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+check_exit_status $?
+grep 'Protocol  : TLSv1$' $s_client_out > /dev/null
+check_exit_status $?
+grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+check_exit_status $?
+# protocol = TLSv1.1
+s_client_out=$user1_dir/s_client_tls_1_1.out
+start_message "s_client ... connect to SSL/TLS test server by TLSv1.1"
+$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
+    -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+check_exit_status $?
+grep 'Protocol  : TLSv1\.1$' $s_client_out > /dev/null
+check_exit_status $?
+grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+check_exit_status $?
+# protocol = TLSv1.2
+s_client_out=$user1_dir/s_client_tls_1_2.out
+start_message "s_client ... connect to SSL/TLS test server by TLSv1.2"
+$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
+    -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+check_exit_status $?
+grep 'Protocol  : TLSv1\.2$' $s_client_out > /dev/null
+check_exit_status $?
+grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+check_exit_status $?
+# cipher = CHACHA20
+s_client_out=$user1_dir/s_client_tls_chacha20.out
+start_message "s_client ... connect to SSL/TLS test server with CHACHA20"
+$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
+    -cipher 'CHACHA20' -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+check_exit_status $?
+grep 'Cipher    : .*-CHACHA20-.*' $s_client_out > /dev/null
+check_exit_status $?
+grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+check_exit_status $?
+# Get session ticket to reuse
+s_client_out=$user1_dir/s_client_tls_reuse_1.out
+start_message "s_client ... connect to SSL/TLS test server to get session id"
 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
    -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \
    -sess_out $sess_dat \
-    -msg -tlsextdebug < /dev/null > $s_client_1_out 2>&1
+    -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
 check_exit_status $?
-grep 'New, TLSv1/SSLv3' $s_client_1_out > /dev/null
+grep 'New, TLSv1/SSLv3' $s_client_out > /dev/null
 check_exit_status $?
-grep 'Verify return code: 0 (ok)' $s_client_1_out > /dev/null
+grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
 check_exit_status $?
+# Reuse session ticket
+s_client_out=$user1_dir/s_client_tls_reuse_2.out
 start_message "s_client ... connect to SSL/TLS test server reusing session id"
 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
    -sess_in $sess_dat \
-    -msg -tlsextdebug < /dev/null > $s_client_2_out 2>&1
+    -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
 check_exit_status $?
-grep 'Reused, TLSv1/SSLv3' $s_client_2_out > /dev/null
+grep 'Reused, TLSv1/SSLv3' $s_client_out > /dev/null
 check_exit_status $?
-grep 'Verify return code: 0 (ok)' $s_client_2_out > /dev/null
+grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
 check_exit_status $?
+# invalid verification pattern
+s_client_out=$user1_dir/s_client_tls_invalid.out
 start_message "s_client ... connect to SSL/TLS test server but verify error"
 $openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
    -showcerts -crl_check -issuer_checks -policy_check \
-    -msg -tlsextdebug < /dev/null > $s_client_3_out 2>&1
+    -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
 check_exit_status $?
-grep 'Verify return code: 24 (invalid CA certificate)' $s_client_3_out > /dev/null
+grep 'Verify return code: 24 (invalid CA certificate)' $s_client_out > /dev/null
 check_exit_status $?
+# s_time
 start_message "s_time ... connect to SSL/TLS test server"
 $openssl_bin s_time -connect $host:$port -CAfile $ca_cert -time 2
 check_exit_status $?
+# sess_id
 start_message "sess_id"
 $openssl_bin sess_id -in $sess_dat -text -out $sess_dat.out
 check_exit_status $?
author	inoguchi <>	2018-08-27 06:50:13 +0000
committer	inoguchi <>	2018-08-27 06:50:13 +0000
commit	28ef3600e1d9e3c81add81b0a8ca7ca2132409cf (patch)
tree	17b4cbc03ba88f3086d6c612e1e1dacd9b254aad /src
parent	8ce5b13cb65d965ee2ec79ee11e0708a87372462 (diff)
download	openbsd-28ef3600e1d9e3c81add81b0a8ca7ca2132409cf.tar.gz openbsd-28ef3600e1d9e3c81add81b0a8ca7ca2132409cf.tar.bz2 openbsd-28ef3600e1d9e3c81add81b0a8ca7ca2132409cf.zip

diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh index 69b3d4b8f7..79b863392d 100755 --- a/src/regress/usr.bin/openssl/appstest.sh +++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# $OpenBSD: appstest.sh,v 1.8 2018/08/26 13:28:13 inoguchi Exp $	3	# $OpenBSD: appstest.sh,v 1.9 2018/08/27 06:50:13 inoguchi Exp $
4	#	4	#
5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>	5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6	#	6	#
@@ -940,22 +940,18 @@ check_exit_status $?
940		940
941	#---------#---------#---------#---------#---------#---------#---------#---------	941	#---------#---------#---------#---------#---------#---------#---------#---------
942		942
943	# --- client/server operations ---	943	# --- client/server operations (TLS) ---
944	section_message "client/server operations"	944	section_message "client/server operations (TLS)"
945		945
946	host="localhost"	946	host="localhost"
947	port=4433	947	port=4433
948	sess_dat=$user1_dir/s_client_sess.dat	948	sess_dat=$user1_dir/s_client_sess.dat
949	s_server_out=$server_dir/s_server.out	949	s_server_out=$server_dir/s_server_tls.out
950	s_client_1_out=$user1_dir/s_client_1.out
951	s_client_2_out=$user1_dir/s_client_2.out
952	s_client_3_out=$user1_dir/s_client_3.out
953		950
954	start_message "s_server ... start SSL/TLS test server"	951	start_message "s_server ... start SSL/TLS test server"
955	$openssl_bin s_server -accept $port -CAfile $ca_cert \	952	$openssl_bin s_server -accept $port -CAfile $ca_cert \
956	-cert $server_cert -key $server_key -pass pass:$server_pass \	953	-cert $server_cert -key $server_key -pass pass:$server_pass \
957	-context "appstest.sh" -id_prefix "APPSTEST.SH" \	954	-context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
958	-crl_check -no_ssl2 -no_ssl3 -no_tls1 \
959	-nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \	955	-nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \
960	-msg -tlsextdebug > $s_server_out 2>&1 &	956	-msg -tlsextdebug > $s_server_out 2>&1 &
961	check_exit_status $?	957	check_exit_status $?
@@ -963,44 +959,118 @@ s_server_pid=$!
963	echo "s_server pid = [ $s_server_pid ]"	959	echo "s_server pid = [ $s_server_pid ]"
964	sleep 1	960	sleep 1
965		961
966	start_message "s_client ... connect to SSL/TLS test server"	962	# protocol = TLSv1
		963
		964	s_client_out=$user1_dir/s_client_tls_1_0.out
		965
		966	start_message "s_client ... connect to SSL/TLS test server by TLSv1"
		967	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
		968	-tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
		969	check_exit_status $?
		970
		971	grep 'Protocol : TLSv1$' $s_client_out > /dev/null
		972	check_exit_status $?
		973
		974	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
		975	check_exit_status $?
		976
		977	# protocol = TLSv1.1
		978
		979	s_client_out=$user1_dir/s_client_tls_1_1.out
		980
		981	start_message "s_client ... connect to SSL/TLS test server by TLSv1.1"
		982	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
		983	-tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
		984	check_exit_status $?
		985
		986	grep 'Protocol : TLSv1\.1$' $s_client_out > /dev/null
		987	check_exit_status $?
		988
		989	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
		990	check_exit_status $?
		991
		992	# protocol = TLSv1.2
		993
		994	s_client_out=$user1_dir/s_client_tls_1_2.out
		995
		996	start_message "s_client ... connect to SSL/TLS test server by TLSv1.2"
		997	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
		998	-tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
		999	check_exit_status $?
		1000
		1001	grep 'Protocol : TLSv1\.2$' $s_client_out > /dev/null
		1002	check_exit_status $?
		1003
		1004	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
		1005	check_exit_status $?
		1006
		1007	# cipher = CHACHA20
		1008
		1009	s_client_out=$user1_dir/s_client_tls_chacha20.out
		1010
		1011	start_message "s_client ... connect to SSL/TLS test server with CHACHA20"
		1012	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
		1013	-cipher 'CHACHA20' -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
		1014	check_exit_status $?
		1015
		1016	grep 'Cipher : .-CHACHA20-.' $s_client_out > /dev/null
		1017	check_exit_status $?
		1018
		1019	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
		1020	check_exit_status $?
		1021
		1022	# Get session ticket to reuse
		1023
		1024	s_client_out=$user1_dir/s_client_tls_reuse_1.out
		1025
		1026	start_message "s_client ... connect to SSL/TLS test server to get session id"
967	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \	1027	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
968	-nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \	1028	-nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \
969	-sess_out $sess_dat \	1029	-sess_out $sess_dat \
970	-msg -tlsextdebug < /dev/null > $s_client_1_out 2>&1	1030	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
971	check_exit_status $?	1031	check_exit_status $?
972		1032
973	grep 'New, TLSv1/SSLv3' $s_client_1_out > /dev/null	1033	grep 'New, TLSv1/SSLv3' $s_client_out > /dev/null
974	check_exit_status $?	1034	check_exit_status $?
975		1035
976	grep 'Verify return code: 0 (ok)' $s_client_1_out > /dev/null	1036	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
977	check_exit_status $?	1037	check_exit_status $?
978		1038
		1039	# Reuse session ticket
		1040
		1041	s_client_out=$user1_dir/s_client_tls_reuse_2.out
		1042
979	start_message "s_client ... connect to SSL/TLS test server reusing session id"	1043	start_message "s_client ... connect to SSL/TLS test server reusing session id"
980	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \	1044	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
981	-sess_in $sess_dat \	1045	-sess_in $sess_dat \
982	-msg -tlsextdebug < /dev/null > $s_client_2_out 2>&1	1046	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
983	check_exit_status $?	1047	check_exit_status $?
984		1048
985	grep 'Reused, TLSv1/SSLv3' $s_client_2_out > /dev/null	1049	grep 'Reused, TLSv1/SSLv3' $s_client_out > /dev/null
986	check_exit_status $?	1050	check_exit_status $?
987		1051
988	grep 'Verify return code: 0 (ok)' $s_client_2_out > /dev/null	1052	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
989	check_exit_status $?	1053	check_exit_status $?
990		1054
		1055	# invalid verification pattern
		1056
		1057	s_client_out=$user1_dir/s_client_tls_invalid.out
		1058
991	start_message "s_client ... connect to SSL/TLS test server but verify error"	1059	start_message "s_client ... connect to SSL/TLS test server but verify error"
992	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \	1060	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert -pause -prexit \
993	-showcerts -crl_check -issuer_checks -policy_check \	1061	-showcerts -crl_check -issuer_checks -policy_check \
994	-msg -tlsextdebug < /dev/null > $s_client_3_out 2>&1	1062	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
995	check_exit_status $?	1063	check_exit_status $?
996		1064
997	grep 'Verify return code: 24 (invalid CA certificate)' $s_client_3_out > /dev/null	1065	grep 'Verify return code: 24 (invalid CA certificate)' $s_client_out > /dev/null
998	check_exit_status $?	1066	check_exit_status $?
999		1067
		1068	# s_time
1000	start_message "s_time ... connect to SSL/TLS test server"	1069	start_message "s_time ... connect to SSL/TLS test server"
1001	$openssl_bin s_time -connect $host:$port -CAfile $ca_cert -time 2	1070	$openssl_bin s_time -connect $host:$port -CAfile $ca_cert -time 2
1002	check_exit_status $?	1071	check_exit_status $?
1003		1072
		1073	# sess_id
1004	start_message "sess_id"	1074	start_message "sess_id"
1005	$openssl_bin sess_id -in $sess_dat -text -out $sess_dat.out	1075	$openssl_bin sess_id -in $sess_dat -text -out $sess_dat.out
1006	check_exit_status $?	1076	check_exit_status $?