Merge pull request #4861 from yuhaoth/pr/add-openssl-gnutls-tls1_3-check

Add openssl/gnutls tls1.3 feature tests.
This commit is contained in:
Manuel Pégourié-Gonnard 2021-08-13 09:15:22 +02:00 committed by GitHub
commit f11724bf2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -77,6 +77,14 @@ else
O_LEGACY_CLI=false O_LEGACY_CLI=false
fi fi
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
else
O_NEXT_SRV=false
O_NEXT_CLI=false
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
else else
@ -346,6 +354,57 @@ requires_openssl_legacy() {
fi fi
} }
requires_openssl_next() {
if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
OPENSSL_NEXT_AVAILABLE="YES"
else
OPENSSL_NEXT_AVAILABLE="NO"
fi
fi
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
SKIP_NEXT="YES"
fi
}
# skip next test if tls1_3 is not available
requires_openssl_tls1_3() {
requires_openssl_next
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
OPENSSL_TLS1_3_AVAILABLE="NO"
fi
if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then
if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null
then
OPENSSL_TLS1_3_AVAILABLE="YES"
else
OPENSSL_TLS1_3_AVAILABLE="NO"
fi
fi
if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
SKIP_NEXT="YES"
fi
}
# skip next test if tls1_3 is not available
requires_gnutls_tls1_3() {
requires_gnutls_next
if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
GNUTLS_TLS1_3_AVAILABLE="NO"
fi
if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then
if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null
then
GNUTLS_TLS1_3_AVAILABLE="YES"
else
GNUTLS_TLS1_3_AVAILABLE="NO"
fi
fi
if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then
SKIP_NEXT="YES"
fi
}
# skip next test if IPv6 isn't available on this host # skip next test if IPv6 isn't available on this host
requires_ipv6() { requires_ipv6() {
if [ -z "${HAS_IPV6:-}" ]; then if [ -z "${HAS_IPV6:-}" ]; then
@ -8487,6 +8546,24 @@ run_test "export keys functionality" \
-c "EAP-TLS IV is:" \ -c "EAP-TLS IV is:" \
-s "EAP-TLS IV is:" -s "EAP-TLS IV is:"
# openssl feature tests: check if tls1.3 exists.
requires_openssl_tls1_3
run_test "TLS1.3: Test openssl tls1_3 feature" \
"$O_NEXT_SRV -tls1_3 -msg" \
"$O_NEXT_CLI -tls1_3 -msg" \
0 \
-c "TLS 1.3" \
-s "TLS 1.3"
# gnutls feature tests: check if tls1.3 exists.
requires_gnutls_tls1_3
run_test "TLS1.3: Test gnutls tls1_3 feature" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
"$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V" \
0 \
-s "Version: TLS1.3" \
-c "Version: TLS1.3"
# TLS1.3 test cases # TLS1.3 test cases
# TODO: remove or rewrite this test case if #4832 is resolved. # TODO: remove or rewrite this test case if #4832 is resolved.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2