diff options
| author | inoguchi <> | 2018-09-15 13:26:13 +0000 |
|---|---|---|
| committer | inoguchi <> | 2018-09-15 13:26:13 +0000 |
| commit | 6866a4acd4ed648a146fbedc7e6ec4137681a819 (patch) | |
| tree | ae66980a86b81fdd129bb40a9af772db16573b89 /src | |
| parent | fc3e237db1d02e212ec15264530274152d20c109 (diff) | |
| download | openbsd-6866a4acd4ed648a146fbedc7e6ec4137681a819.tar.gz openbsd-6866a4acd4ed648a146fbedc7e6ec4137681a819.tar.bz2 openbsd-6866a4acd4ed648a146fbedc7e6ec4137681a819.zip | |
Modify regress appstest.sh for interoperability testing with OpenSSL 1.1.x
- add sleep before s_client instead of removing -pause option
- change check words for s_client output messages
- replace CAfile to CApath for s_time
- remove -prexit from s_client
- confirm openssl command path is executable
Diffstat (limited to 'src')
| -rwxr-xr-x | src/regress/usr.bin/openssl/appstest.sh | 56 |
1 files changed, 40 insertions, 16 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh index 535223cb14..788870fab1 100755 --- a/src/regress/usr.bin/openssl/appstest.sh +++ b/src/regress/usr.bin/openssl/appstest.sh | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | # | 2 | # |
| 3 | # $OpenBSD: appstest.sh,v 1.14 2018/09/14 13:54:57 inoguchi Exp $ | 3 | # $OpenBSD: appstest.sh,v 1.15 2018/09/15 13:26:13 inoguchi Exp $ |
| 4 | # | 4 | # |
| 5 | # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> | 5 | # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> |
| 6 | # | 6 | # |
| @@ -58,7 +58,7 @@ function check_exit_status { | |||
| 58 | } | 58 | } |
| 59 | 59 | ||
| 60 | function usage { | 60 | function usage { |
| 61 | echo "usage: appstest.sh [-q]" | 61 | echo "usage: appstest.sh [-iq]" |
| 62 | } | 62 | } |
| 63 | 63 | ||
| 64 | function test_usage_lists_others { | 64 | function test_usage_lists_others { |
| @@ -933,6 +933,8 @@ function test_server_client { | |||
| 933 | c_id="$2" | 933 | c_id="$2" |
| 934 | sc="$1$2" | 934 | sc="$1$2" |
| 935 | 935 | ||
| 936 | test_pause_sec=0.2 | ||
| 937 | |||
| 936 | if [ $s_id = "0" ] ; then | 938 | if [ $s_id = "0" ] ; then |
| 937 | s_bin=$openssl_bin | 939 | s_bin=$openssl_bin |
| 938 | else | 940 | else |
| @@ -952,13 +954,20 @@ function test_server_client { | |||
| 952 | port=4433 | 954 | port=4433 |
| 953 | sess_dat=$user1_dir/s_client_${sc}_sess.dat | 955 | sess_dat=$user1_dir/s_client_${sc}_sess.dat |
| 954 | s_server_out=$server_dir/s_server_${sc}_tls.out | 956 | s_server_out=$server_dir/s_server_${sc}_tls.out |
| 957 | |||
| 958 | $s_bin version | grep 'OpenSSL 1.1.1' > /dev/null | ||
| 959 | if [ $? -eq 0 ] ; then | ||
| 960 | extra_opts="-4" | ||
| 961 | else | ||
| 962 | extra_opts="" | ||
| 963 | fi | ||
| 955 | 964 | ||
| 956 | start_message "s_server ... start TLS/SSL test server" | 965 | start_message "s_server ... start TLS/SSL test server" |
| 957 | $s_bin s_server -accept $port -CAfile $ca_cert \ | 966 | $s_bin s_server -accept $port -CAfile $ca_cert \ |
| 958 | -cert $server_cert -key $server_key -pass pass:$server_pass \ | 967 | -cert $server_cert -key $server_key -pass pass:$server_pass \ |
| 959 | -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \ | 968 | -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \ |
| 960 | -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \ | 969 | -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \ |
| 961 | -cipher ALL \ | 970 | -cipher ALL $extra_opts \ |
| 962 | -msg -tlsextdebug > $s_server_out 2>&1 & | 971 | -msg -tlsextdebug > $s_server_out 2>&1 & |
| 963 | check_exit_status $? | 972 | check_exit_status $? |
| 964 | s_server_pid=$! | 973 | s_server_pid=$! |
| @@ -970,8 +979,8 @@ function test_server_client { | |||
| 970 | s_client_out=$user1_dir/s_client_${sc}_tls_1_0.out | 979 | s_client_out=$user1_dir/s_client_${sc}_tls_1_0.out |
| 971 | 980 | ||
| 972 | start_message "s_client ... connect to TLS/SSL test server by TLSv1" | 981 | start_message "s_client ... connect to TLS/SSL test server by TLSv1" |
| 982 | sleep $test_pause_sec | ||
| 973 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ | 983 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ |
| 974 | -pause -prexit \ | ||
| 975 | -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 | 984 | -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 |
| 976 | check_exit_status $? | 985 | check_exit_status $? |
| 977 | 986 | ||
| @@ -986,8 +995,8 @@ function test_server_client { | |||
| 986 | s_client_out=$user1_dir/s_client_${sc}_tls_1_1.out | 995 | s_client_out=$user1_dir/s_client_${sc}_tls_1_1.out |
| 987 | 996 | ||
| 988 | start_message "s_client ... connect to TLS/SSL test server by TLSv1.1" | 997 | start_message "s_client ... connect to TLS/SSL test server by TLSv1.1" |
| 998 | sleep $test_pause_sec | ||
| 989 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ | 999 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ |
| 990 | -pause -prexit \ | ||
| 991 | -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 | 1000 | -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 |
| 992 | check_exit_status $? | 1001 | check_exit_status $? |
| 993 | 1002 | ||
| @@ -1002,8 +1011,8 @@ function test_server_client { | |||
| 1002 | s_client_out=$user1_dir/s_client_${sc}_tls_1_2.out | 1011 | s_client_out=$user1_dir/s_client_${sc}_tls_1_2.out |
| 1003 | 1012 | ||
| 1004 | start_message "s_client ... connect to TLS/SSL test server by TLSv1.2" | 1013 | start_message "s_client ... connect to TLS/SSL test server by TLSv1.2" |
| 1014 | sleep $test_pause_sec | ||
| 1005 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ | 1015 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ |
| 1006 | -pause -prexit \ | ||
| 1007 | -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 | 1016 | -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 |
| 1008 | check_exit_status $? | 1017 | check_exit_status $? |
| 1009 | 1018 | ||
| @@ -1039,8 +1048,9 @@ function test_server_client { | |||
| 1039 | s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out | 1048 | s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out |
| 1040 | 1049 | ||
| 1041 | start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c" | 1050 | start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c" |
| 1051 | sleep $test_pause_sec | ||
| 1042 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ | 1052 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ |
| 1043 | -pause -prexit -cipher $c \ | 1053 | -cipher $c \ |
| 1044 | -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 | 1054 | -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 |
| 1045 | check_exit_status $? | 1055 | check_exit_status $? |
| 1046 | 1056 | ||
| @@ -1056,14 +1066,14 @@ function test_server_client { | |||
| 1056 | s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out | 1066 | s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out |
| 1057 | 1067 | ||
| 1058 | start_message "s_client ... connect to TLS/SSL test server to get session id" | 1068 | start_message "s_client ... connect to TLS/SSL test server to get session id" |
| 1069 | sleep $test_pause_sec | ||
| 1059 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ | 1070 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ |
| 1060 | -pause -prexit \ | ||
| 1061 | -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \ | 1071 | -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \ |
| 1062 | -sess_out $sess_dat \ | 1072 | -sess_out $sess_dat \ |
| 1063 | -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 | 1073 | -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 |
| 1064 | check_exit_status $? | 1074 | check_exit_status $? |
| 1065 | 1075 | ||
| 1066 | grep 'New, TLSv1/SSLv3' $s_client_out > /dev/null | 1076 | grep '^New, TLS.*$' $s_client_out > /dev/null |
| 1067 | check_exit_status $? | 1077 | check_exit_status $? |
| 1068 | 1078 | ||
| 1069 | grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null | 1079 | grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null |
| @@ -1074,12 +1084,13 @@ function test_server_client { | |||
| 1074 | s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out | 1084 | s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out |
| 1075 | 1085 | ||
| 1076 | start_message "s_client ... connect to TLS/SSL test server reusing session id" | 1086 | start_message "s_client ... connect to TLS/SSL test server reusing session id" |
| 1087 | sleep $test_pause_sec | ||
| 1077 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ | 1088 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ |
| 1078 | -pause -prexit -sess_in $sess_dat \ | 1089 | -sess_in $sess_dat \ |
| 1079 | -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 | 1090 | -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 |
| 1080 | check_exit_status $? | 1091 | check_exit_status $? |
| 1081 | 1092 | ||
| 1082 | grep 'Reused, TLSv1/SSLv3' $s_client_out > /dev/null | 1093 | grep '^Reused, TLS.*$' $s_client_out > /dev/null |
| 1083 | check_exit_status $? | 1094 | check_exit_status $? |
| 1084 | 1095 | ||
| 1085 | grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null | 1096 | grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null |
| @@ -1090,19 +1101,22 @@ function test_server_client { | |||
| 1090 | s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out | 1101 | s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out |
| 1091 | 1102 | ||
| 1092 | start_message "s_client ... connect to TLS/SSL test server but verify error" | 1103 | start_message "s_client ... connect to TLS/SSL test server but verify error" |
| 1104 | sleep $test_pause_sec | ||
| 1093 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ | 1105 | $c_bin s_client -connect $host:$port -CAfile $ca_cert \ |
| 1094 | -pause -prexit \ | ||
| 1095 | -showcerts -crl_check -issuer_checks -policy_check \ | 1106 | -showcerts -crl_check -issuer_checks -policy_check \ |
| 1096 | -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 | 1107 | -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 |
| 1097 | check_exit_status $? | 1108 | check_exit_status $? |
| 1098 | 1109 | ||
| 1099 | grep 'Verify return code: 24 (invalid CA certificate)' $s_client_out \ | 1110 | grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null |
| 1100 | > /dev/null | 1111 | if [ $? -eq 0 ] ; then |
| 1101 | check_exit_status $? | 1112 | check_exit_status 1 |
| 1113 | else | ||
| 1114 | check_exit_status 0 | ||
| 1115 | fi | ||
| 1102 | 1116 | ||
| 1103 | # s_time | 1117 | # s_time |
| 1104 | start_message "s_time ... connect to TLS/SSL test server" | 1118 | start_message "s_time ... connect to TLS/SSL test server" |
| 1105 | $c_bin s_time -connect $host:$port -CAfile $ca_cert -time 2 | 1119 | $c_bin s_time -connect $host:$port -CApath $ca_dir -time 2 |
| 1106 | check_exit_status $? | 1120 | check_exit_status $? |
| 1107 | 1121 | ||
| 1108 | # sess_id | 1122 | # sess_id |
| @@ -1156,6 +1170,16 @@ while [ "$1" != "" ]; do | |||
| 1156 | esac | 1170 | esac |
| 1157 | done | 1171 | done |
| 1158 | 1172 | ||
| 1173 | if [ ! -x $openssl_bin ] ; then | ||
| 1174 | echo ":-< \$OPENSSL [$openssl_bin] is not executable." | ||
| 1175 | exit 1 | ||
| 1176 | fi | ||
| 1177 | |||
| 1178 | if [ $interop_tests = 1 -a ! -x $other_openssl_bin ] ; then | ||
| 1179 | echo ":-< \$OTHER_OPENSSL [$other_openssl_bin] is not executable." | ||
| 1180 | exit 1 | ||
| 1181 | fi | ||
| 1182 | |||
| 1159 | # | 1183 | # |
| 1160 | # create ssldir, and all files generated by this script goes under this dir. | 1184 | # create ssldir, and all files generated by this script goes under this dir. |
| 1161 | # | 1185 | # |