Add tests for tickets with OpenSSL
This commit is contained in:
parent
677884d174
commit
fccd3255f9
1 changed files with 45 additions and 19 deletions
|
@ -8,10 +8,15 @@
|
||||||
#
|
#
|
||||||
# Assumes all options are compiled in.
|
# Assumes all options are compiled in.
|
||||||
|
|
||||||
|
set -u
|
||||||
|
|
||||||
PROGS_DIR='../programs/ssl'
|
PROGS_DIR='../programs/ssl'
|
||||||
P_SRV="$PROGS_DIR/ssl_server2"
|
P_SRV="$PROGS_DIR/ssl_server2 server_addr=0.0.0.0" # force IPv4 for OpenSSL
|
||||||
P_CLI="$PROGS_DIR/ssl_client2"
|
P_CLI="$PROGS_DIR/ssl_client2"
|
||||||
|
|
||||||
|
O_ARGS="-www -cert data_files/server5.crt -key data_files/server5.key"
|
||||||
|
O_CLI="echo 'GET / HTTP/1.0' | openssl s_client"
|
||||||
|
|
||||||
TESTS=0
|
TESTS=0
|
||||||
FAILS=0
|
FAILS=0
|
||||||
|
|
||||||
|
@ -43,22 +48,27 @@ is_polar() {
|
||||||
echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
|
echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
# Usage: run_test name srv_args cli_args cli_exit [option [...]]
|
# Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]]
|
||||||
# Options: -s pattern pattern that must be present in server output
|
# Options: -s pattern pattern that must be present in server output
|
||||||
# -c pattern pattern that must be present in client output
|
# -c pattern pattern that must be present in client output
|
||||||
# -S pattern pattern that must be absent in server output
|
# -S pattern pattern that must be absent in server output
|
||||||
# -C pattern pattern that must be absent in client output
|
# -C pattern pattern that must be absent in client output
|
||||||
run_test() {
|
run_test() {
|
||||||
print_name "$1"
|
NAME="$1"
|
||||||
shift
|
SRV_CMD="$2"
|
||||||
|
CLI_CMD="$3"
|
||||||
|
CLI_EXPECT="$4"
|
||||||
|
shift 4
|
||||||
|
|
||||||
|
print_name "$NAME"
|
||||||
|
|
||||||
# run the commands
|
# run the commands
|
||||||
$SHELL -c "$1" > srv_out 2>&1 &
|
$SHELL -c "$SRV_CMD" > srv_out 2>&1 &
|
||||||
SRV_PID=$!
|
SRV_PID=$!
|
||||||
sleep 1
|
sleep 1
|
||||||
$SHELL -c "$2" > cli_out 2>&1
|
$SHELL -c "$CLI_CMD" > cli_out 2>&1
|
||||||
CLI_EXIT=$?
|
CLI_EXIT=$?
|
||||||
if is_polar $2; then
|
if is_polar "$SRV_CMD"; then
|
||||||
echo SERVERQUIT | openssl s_client -no_ticket \
|
echo SERVERQUIT | openssl s_client -no_ticket \
|
||||||
-cert data_files/cli2.crt -key data_files/cli2.key \
|
-cert data_files/cli2.crt -key data_files/cli2.key \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
@ -71,14 +81,14 @@ run_test() {
|
||||||
# (usefull to avoid tests with only negative assertions and non-zero
|
# (usefull to avoid tests with only negative assertions and non-zero
|
||||||
# expected client exit to incorrectly succeed in case of catastrophic
|
# expected client exit to incorrectly succeed in case of catastrophic
|
||||||
# failure)
|
# failure)
|
||||||
if is_polar $1; then
|
if is_polar "$SRV_CMD"; then
|
||||||
if grep "Performing the SSL/TLS handshake" srv_out >/dev/null; then :;
|
if grep "Performing the SSL/TLS handshake" srv_out >/dev/null; then :;
|
||||||
else
|
else
|
||||||
fail "server failed to start"
|
fail "server failed to start"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if is_polar $2; then
|
if is_polar "$CLI_CMD"; then
|
||||||
if grep "Performing the SSL/TLS handshake" cli_out >/dev/null; then :;
|
if grep "Performing the SSL/TLS handshake" cli_out >/dev/null; then :;
|
||||||
else
|
else
|
||||||
fail "client failed to start"
|
fail "client failed to start"
|
||||||
|
@ -86,8 +96,6 @@ run_test() {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
shift 2
|
|
||||||
|
|
||||||
# check server exit code
|
# check server exit code
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
fail "server fail"
|
fail "server fail"
|
||||||
|
@ -95,13 +103,12 @@ run_test() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# check client exit code
|
# check client exit code
|
||||||
if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
|
if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
|
||||||
\( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
|
\( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
|
||||||
then
|
then
|
||||||
fail "bad client exit code"
|
fail "bad client exit code"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
shift
|
|
||||||
|
|
||||||
# check options
|
# check options
|
||||||
while [ $# -gt 0 ]
|
while [ $# -gt 0 ]
|
||||||
|
@ -167,7 +174,7 @@ run_test "SSLv2 ClientHello #0 (reference)" \
|
||||||
# Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello
|
# Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello
|
||||||
run_test "SSLv2 ClientHello #1 (actual test)" \
|
run_test "SSLv2 ClientHello #1 (actual test)" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"echo GET / HTTP/1.0 | openssl s_client -cipher DES-CBC-MD5:ALL" \
|
"$O_CLI -cipher 'DES-CBC-MD5:ALL'" \
|
||||||
0 \
|
0 \
|
||||||
-s "parse client hello v2" \
|
-s "parse client hello v2" \
|
||||||
-S "ssl_handshake returned"
|
-S "ssl_handshake returned"
|
||||||
|
@ -188,7 +195,7 @@ run_test "Truncated HMAC #1" \
|
||||||
|
|
||||||
# Tests for Session Tickets
|
# Tests for Session Tickets
|
||||||
|
|
||||||
run_test "Session resume using tickets #1" \
|
run_test "Session resume using tickets #1 (basic)" \
|
||||||
"$P_SRV debug_level=4 tickets=1" \
|
"$P_SRV debug_level=4 tickets=1" \
|
||||||
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
|
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
|
||||||
0 \
|
0 \
|
||||||
|
@ -202,7 +209,7 @@ run_test "Session resume using tickets #1" \
|
||||||
-s "a session has been resumed" \
|
-s "a session has been resumed" \
|
||||||
-c "a session has been resumed"
|
-c "a session has been resumed"
|
||||||
|
|
||||||
run_test "Session resume using tickets #2" \
|
run_test "Session resume using tickets #2 (cache disabled)" \
|
||||||
"$P_SRV debug_level=4 tickets=1 cache_max=0" \
|
"$P_SRV debug_level=4 tickets=1 cache_max=0" \
|
||||||
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
|
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
|
||||||
0 \
|
0 \
|
||||||
|
@ -216,7 +223,7 @@ run_test "Session resume using tickets #2" \
|
||||||
-s "a session has been resumed" \
|
-s "a session has been resumed" \
|
||||||
-c "a session has been resumed"
|
-c "a session has been resumed"
|
||||||
|
|
||||||
run_test "Session resume using tickets #3" \
|
run_test "Session resume using tickets #3 (timeout)" \
|
||||||
"$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
|
"$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
|
||||||
"$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
|
"$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
|
||||||
0 \
|
0 \
|
||||||
|
@ -230,7 +237,7 @@ run_test "Session resume using tickets #3" \
|
||||||
-S "a session has been resumed" \
|
-S "a session has been resumed" \
|
||||||
-C "a session has been resumed"
|
-C "a session has been resumed"
|
||||||
|
|
||||||
run_test "Session resume using tickets #4" \
|
run_test "Session resume using tickets #4 (no timeout)" \
|
||||||
"$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
|
"$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
|
||||||
"$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
|
"$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
|
||||||
0 \
|
0 \
|
||||||
|
@ -244,6 +251,25 @@ run_test "Session resume using tickets #4" \
|
||||||
-s "a session has been resumed" \
|
-s "a session has been resumed" \
|
||||||
-c "a session has been resumed"
|
-c "a session has been resumed"
|
||||||
|
|
||||||
|
run_test "Session resume using tickets #5 (openssl server)" \
|
||||||
|
"openssl s_server $O_ARGS" \
|
||||||
|
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
|
||||||
|
0 \
|
||||||
|
-c "client hello, adding session ticket extension" \
|
||||||
|
-c "found session_ticket extension" \
|
||||||
|
-c "parse new session ticket" \
|
||||||
|
-c "a session has been resumed"
|
||||||
|
|
||||||
|
run_test "Session resume using tickets #6 (openssl client)" \
|
||||||
|
"$P_SRV debug_level=4 tickets=1" \
|
||||||
|
"($O_CLI -sess_out sess; $O_CLI -sess_in sess; rm -f sess)" \
|
||||||
|
0 \
|
||||||
|
-s "found session ticket extension" \
|
||||||
|
-s "server hello, adding session ticket extension" \
|
||||||
|
-S "session successfully restored from cache" \
|
||||||
|
-s "session successfully restored from ticket" \
|
||||||
|
-s "a session has been resumed"
|
||||||
|
|
||||||
# Tests for Session Resume based on session-ID and cache
|
# Tests for Session Resume based on session-ID and cache
|
||||||
|
|
||||||
run_test "Session resume using cache #1 (tickets enabled on client)" \
|
run_test "Session resume using cache #1 (tickets enabled on client)" \
|
||||||
|
|
Loading…
Reference in a new issue