summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xsrc/regress/usr.bin/openssl/appstest.sh56
1 files changed, 40 insertions, 16 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index 535223cb14..788870fab1 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $OpenBSD: appstest.sh,v 1.14 2018/09/14 13:54:57 inoguchi Exp $ 3# $OpenBSD: appstest.sh,v 1.15 2018/09/15 13:26:13 inoguchi Exp $
4# 4#
5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> 5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6# 6#
@@ -58,7 +58,7 @@ function check_exit_status {
58} 58}
59 59
60function usage { 60function usage {
61 echo "usage: appstest.sh [-q]" 61 echo "usage: appstest.sh [-iq]"
62} 62}
63 63
64function test_usage_lists_others { 64function test_usage_lists_others {
@@ -933,6 +933,8 @@ function test_server_client {
933 c_id="$2" 933 c_id="$2"
934 sc="$1$2" 934 sc="$1$2"
935 935
936 test_pause_sec=0.2
937
936 if [ $s_id = "0" ] ; then 938 if [ $s_id = "0" ] ; then
937 s_bin=$openssl_bin 939 s_bin=$openssl_bin
938 else 940 else
@@ -952,13 +954,20 @@ function test_server_client {
952 port=4433 954 port=4433
953 sess_dat=$user1_dir/s_client_${sc}_sess.dat 955 sess_dat=$user1_dir/s_client_${sc}_sess.dat
954 s_server_out=$server_dir/s_server_${sc}_tls.out 956 s_server_out=$server_dir/s_server_${sc}_tls.out
957
958 $s_bin version | grep 'OpenSSL 1.1.1' > /dev/null
959 if [ $? -eq 0 ] ; then
960 extra_opts="-4"
961 else
962 extra_opts=""
963 fi
955 964
956 start_message "s_server ... start TLS/SSL test server" 965 start_message "s_server ... start TLS/SSL test server"
957 $s_bin s_server -accept $port -CAfile $ca_cert \ 966 $s_bin s_server -accept $port -CAfile $ca_cert \
958 -cert $server_cert -key $server_key -pass pass:$server_pass \ 967 -cert $server_cert -key $server_key -pass pass:$server_pass \
959 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \ 968 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
960 -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \ 969 -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \
961 -cipher ALL \ 970 -cipher ALL $extra_opts \
962 -msg -tlsextdebug > $s_server_out 2>&1 & 971 -msg -tlsextdebug > $s_server_out 2>&1 &
963 check_exit_status $? 972 check_exit_status $?
964 s_server_pid=$! 973 s_server_pid=$!
@@ -970,8 +979,8 @@ function test_server_client {
970 s_client_out=$user1_dir/s_client_${sc}_tls_1_0.out 979 s_client_out=$user1_dir/s_client_${sc}_tls_1_0.out
971 980
972 start_message "s_client ... connect to TLS/SSL test server by TLSv1" 981 start_message "s_client ... connect to TLS/SSL test server by TLSv1"
982 sleep $test_pause_sec
973 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 983 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
974 -pause -prexit \
975 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 984 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
976 check_exit_status $? 985 check_exit_status $?
977 986
@@ -986,8 +995,8 @@ function test_server_client {
986 s_client_out=$user1_dir/s_client_${sc}_tls_1_1.out 995 s_client_out=$user1_dir/s_client_${sc}_tls_1_1.out
987 996
988 start_message "s_client ... connect to TLS/SSL test server by TLSv1.1" 997 start_message "s_client ... connect to TLS/SSL test server by TLSv1.1"
998 sleep $test_pause_sec
989 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 999 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
990 -pause -prexit \
991 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1000 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
992 check_exit_status $? 1001 check_exit_status $?
993 1002
@@ -1002,8 +1011,8 @@ function test_server_client {
1002 s_client_out=$user1_dir/s_client_${sc}_tls_1_2.out 1011 s_client_out=$user1_dir/s_client_${sc}_tls_1_2.out
1003 1012
1004 start_message "s_client ... connect to TLS/SSL test server by TLSv1.2" 1013 start_message "s_client ... connect to TLS/SSL test server by TLSv1.2"
1014 sleep $test_pause_sec
1005 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1015 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1006 -pause -prexit \
1007 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1016 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1008 check_exit_status $? 1017 check_exit_status $?
1009 1018
@@ -1039,8 +1048,9 @@ function test_server_client {
1039 s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out 1048 s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out
1040 1049
1041 start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c" 1050 start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"
1051 sleep $test_pause_sec
1042 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1052 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1043 -pause -prexit -cipher $c \ 1053 -cipher $c \
1044 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1054 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1045 check_exit_status $? 1055 check_exit_status $?
1046 1056
@@ -1056,14 +1066,14 @@ function test_server_client {
1056 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out 1066 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out
1057 1067
1058 start_message "s_client ... connect to TLS/SSL test server to get session id" 1068 start_message "s_client ... connect to TLS/SSL test server to get session id"
1069 sleep $test_pause_sec
1059 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1070 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1060 -pause -prexit \
1061 -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \ 1071 -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \
1062 -sess_out $sess_dat \ 1072 -sess_out $sess_dat \
1063 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1073 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1064 check_exit_status $? 1074 check_exit_status $?
1065 1075
1066 grep 'New, TLSv1/SSLv3' $s_client_out > /dev/null 1076 grep '^New, TLS.*$' $s_client_out > /dev/null
1067 check_exit_status $? 1077 check_exit_status $?
1068 1078
1069 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1079 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
@@ -1074,12 +1084,13 @@ function test_server_client {
1074 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out 1084 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out
1075 1085
1076 start_message "s_client ... connect to TLS/SSL test server reusing session id" 1086 start_message "s_client ... connect to TLS/SSL test server reusing session id"
1087 sleep $test_pause_sec
1077 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1088 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1078 -pause -prexit -sess_in $sess_dat \ 1089 -sess_in $sess_dat \
1079 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1090 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1080 check_exit_status $? 1091 check_exit_status $?
1081 1092
1082 grep 'Reused, TLSv1/SSLv3' $s_client_out > /dev/null 1093 grep '^Reused, TLS.*$' $s_client_out > /dev/null
1083 check_exit_status $? 1094 check_exit_status $?
1084 1095
1085 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1096 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
@@ -1090,19 +1101,22 @@ function test_server_client {
1090 s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out 1101 s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out
1091 1102
1092 start_message "s_client ... connect to TLS/SSL test server but verify error" 1103 start_message "s_client ... connect to TLS/SSL test server but verify error"
1104 sleep $test_pause_sec
1093 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1105 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1094 -pause -prexit \
1095 -showcerts -crl_check -issuer_checks -policy_check \ 1106 -showcerts -crl_check -issuer_checks -policy_check \
1096 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1107 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1097 check_exit_status $? 1108 check_exit_status $?
1098 1109
1099 grep 'Verify return code: 24 (invalid CA certificate)' $s_client_out \ 1110 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1100 > /dev/null 1111 if [ $? -eq 0 ] ; then
1101 check_exit_status $? 1112 check_exit_status 1
1113 else
1114 check_exit_status 0
1115 fi
1102 1116
1103 # s_time 1117 # s_time
1104 start_message "s_time ... connect to TLS/SSL test server" 1118 start_message "s_time ... connect to TLS/SSL test server"
1105 $c_bin s_time -connect $host:$port -CAfile $ca_cert -time 2 1119 $c_bin s_time -connect $host:$port -CApath $ca_dir -time 2
1106 check_exit_status $? 1120 check_exit_status $?
1107 1121
1108 # sess_id 1122 # sess_id
@@ -1156,6 +1170,16 @@ while [ "$1" != "" ]; do
1156 esac 1170 esac
1157done 1171done
1158 1172
1173if [ ! -x $openssl_bin ] ; then
1174 echo ":-< \$OPENSSL [$openssl_bin] is not executable."
1175 exit 1
1176fi
1177
1178if [ $interop_tests = 1 -a ! -x $other_openssl_bin ] ; then
1179 echo ":-< \$OTHER_OPENSSL [$other_openssl_bin] is not executable."
1180 exit 1
1181fi
1182
1159# 1183#
1160# create ssldir, and all files generated by this script goes under this dir. 1184# create ssldir, and all files generated by this script goes under this dir.
1161# 1185#
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-29 12:30:15 +0000