Merge pull request #4861 from yuhaoth/pr/add-openssl-gnutls-tls1_3-check
Add openssl/gnutls tls1.3 feature tests.
This commit is contained in:
commit
f11724bf2e
1 changed files with 77 additions and 0 deletions
|
@ -77,6 +77,14 @@ else
|
||||||
O_LEGACY_CLI=false
|
O_LEGACY_CLI=false
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "${OPENSSL_NEXT:-}" ]; then
|
||||||
|
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
|
||||||
|
O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
|
||||||
|
else
|
||||||
|
O_NEXT_SRV=false
|
||||||
|
O_NEXT_CLI=false
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
|
||||||
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
||||||
else
|
else
|
||||||
|
@ -346,6 +354,57 @@ requires_openssl_legacy() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
requires_openssl_next() {
|
||||||
|
if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
|
||||||
|
if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
|
||||||
|
OPENSSL_NEXT_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
OPENSSL_NEXT_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# skip next test if tls1_3 is not available
|
||||||
|
requires_openssl_tls1_3() {
|
||||||
|
requires_openssl_next
|
||||||
|
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
|
||||||
|
OPENSSL_TLS1_3_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then
|
||||||
|
if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null
|
||||||
|
then
|
||||||
|
OPENSSL_TLS1_3_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
OPENSSL_TLS1_3_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# skip next test if tls1_3 is not available
|
||||||
|
requires_gnutls_tls1_3() {
|
||||||
|
requires_gnutls_next
|
||||||
|
if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
|
||||||
|
GNUTLS_TLS1_3_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then
|
||||||
|
if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null
|
||||||
|
then
|
||||||
|
GNUTLS_TLS1_3_AVAILABLE="YES"
|
||||||
|
else
|
||||||
|
GNUTLS_TLS1_3_AVAILABLE="NO"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# skip next test if IPv6 isn't available on this host
|
# skip next test if IPv6 isn't available on this host
|
||||||
requires_ipv6() {
|
requires_ipv6() {
|
||||||
if [ -z "${HAS_IPV6:-}" ]; then
|
if [ -z "${HAS_IPV6:-}" ]; then
|
||||||
|
@ -8487,6 +8546,24 @@ run_test "export keys functionality" \
|
||||||
-c "EAP-TLS IV is:" \
|
-c "EAP-TLS IV is:" \
|
||||||
-s "EAP-TLS IV is:"
|
-s "EAP-TLS IV is:"
|
||||||
|
|
||||||
|
# openssl feature tests: check if tls1.3 exists.
|
||||||
|
requires_openssl_tls1_3
|
||||||
|
run_test "TLS1.3: Test openssl tls1_3 feature" \
|
||||||
|
"$O_NEXT_SRV -tls1_3 -msg" \
|
||||||
|
"$O_NEXT_CLI -tls1_3 -msg" \
|
||||||
|
0 \
|
||||||
|
-c "TLS 1.3" \
|
||||||
|
-s "TLS 1.3"
|
||||||
|
|
||||||
|
# gnutls feature tests: check if tls1.3 exists.
|
||||||
|
requires_gnutls_tls1_3
|
||||||
|
run_test "TLS1.3: Test gnutls tls1_3 feature" \
|
||||||
|
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
|
||||||
|
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V" \
|
||||||
|
0 \
|
||||||
|
-s "Version: TLS1.3" \
|
||||||
|
-c "Version: TLS1.3"
|
||||||
|
|
||||||
# TLS1.3 test cases
|
# TLS1.3 test cases
|
||||||
# TODO: remove or rewrite this test case if #4832 is resolved.
|
# TODO: remove or rewrite this test case if #4832 is resolved.
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
|
Loading…
Reference in a new issue