* Added support for expected fail test cases with example client/server and suites unit test.

* Added test for certificate with bad alt name containing a null character mid byte stream. * Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test. * Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`. * Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
parent d43aa37041
commit 89a4c98670
24 changed files with 311 additions and 242 deletions
--- a/scripts/include.am
+++ b/scripts/include.am
@ -12,11 +12,6 @@ if BUILD_EXAMPLE_SERVERS

 dist_noinst_SCRIPTS+= scripts/resume.test

-# only run this test if we have the ability to support cert validation
-if BUILD_PKI
-dist_noinst_SCRIPTS+= scripts/tls-cert-fail.test
-endif
-
 EXTRA_DIST+= scripts/benchmark.test

 if BUILD_CRL
--- a/scripts/tls-cert-fail.test
+++ b/scripts/tls-cert-fail.test
@ -1,173 +0,0 @@
-#!/bin/sh
-
-#tls-cert-fail.test
-
-asn_no_signer_e="-188"
-asn_sig_confirm_e="-155"
-exit_code=1
-counter=0
-
-# need a unique resume port since may run the same time as testsuite
-# use server port zero hack to get one
-tls_port=0
-
-#no_pid tells us process was never started if -1
-no_pid=-1
-
-#server_pid captured on startup, stores the id of the server process
-server_pid=$no_pid
-
-# let's use absolute path to a local dir (make distcheck may be in sub dir)
-# also let's add some randomness by adding pid in case multiple 'make check's
-# per source tree
-ready_file=`pwd`/wolfssl_tls_ready$$
-
-remove_ready_file() {
-    if test -e $ready_file; then
-        echo -e "removing existing ready file"
-        rm $ready_file
-    fi
-}
-
-# trap this function so if user aborts with ^C or other kill signal we still
-# get an exit that will in turn clean up the file system
-abort_trap() {
-    echo "script aborted"
-
-    if  [ $server_pid != $no_pid ]
-    then
-        echo "killing server"
-        kill -9 $server_pid
-    fi
-
-    exit_code=2 #different exit code in case of user interrupt
-
-    echo "got abort signal, exiting with $exit_code"
-    exit $exit_code
-}
-trap abort_trap INT TERM
-
-
-# trap this function so that if we exit on an error the file system will still
-# be restored and the other tests may still pass. Never call this function
-# instead use "exit <some value>" and this function will run automatically
-restore_file_system() {
-    remove_ready_file
-}
-trap restore_file_system EXIT
-
-run_tls_no_signer_test() {
-    echo -e "\nStarting example server for tls no signer fail test...\n"
-
-    remove_ready_file
-
-    # starts the server on tls_port, -R generates ready file to be used as a
-    # mutex lock. We capture the processid into the variable server_pid
-    ./examples/server/server -R $ready_file -p $tls_port &
-    server_pid=$!
-
-    while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
-        echo -e "waiting for ready file..."
-        sleep 0.1
-        counter=$((counter+ 1))
-    done
-
-    if test -e $ready_file; then
-        echo -e "found ready file, starting client..."
-    else
-        echo -e "NO ready file ending test..."
-        exit 1
-    fi
-
-    # get created port 0 ephemeral port
-    tls_port=`cat $ready_file`
-
-    # starts client on tls_port and captures the output from client
-    capture_out=$(./examples/client/client -p $tls_port -H badCert 2>&1)
-    client_result=$?
-
-    wait $server_pid
-    server_result=$?
-
-    case  "$capture_out" in
-    *$asn_no_signer_e*)
-        # only exit with zero on detection of the expected error code
-        echo ""
-        echo "$capture_out"
-        echo ""
-        echo "No signer error as expected! Test pass"
-        echo ""
-        exit_code=0
-        ;;
-    *)
-        echo ""
-        echo "Client did not return asn_no_signer_e as expected: $capture_out"
-        echo ""
-        exit_code=1
-    esac
-}
-
-run_tls_sig_confirm_test() {
-    echo -e "\nStarting example server for tls sig confirm fail test...\n"
-
-    remove_ready_file
-
-    # starts the server on tls_port, -R generates ready file to be used as a
-    # mutex lock. We capture the processid into the variable server_pid
-    ./examples/server/server -R $ready_file -p $tls_port -H badCert &
-    server_pid=$!
-
-    while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
-        echo -e "waiting for ready file..."
-        sleep 0.1
-        counter=$((counter+ 1))
-    done
-
-    if test -e $ready_file; then
-        echo -e "found ready file, starting client..."
-    else
-        echo -e "NO ready file ending test..."
-        exit 1
-    fi
-
-    # get created port 0 ephemeral port
-    tls_port=`cat $ready_file`
-
-    # starts client on tls_port and captures the output from client
-    capture_out=$(./examples/client/client -p $tls_port 2>&1)
-    client_result=$?
-
-    wait $server_pid
-    server_result=$?
-
-    case  "$capture_out" in
-    *$asn_sig_confirm_e*)
-        # only exit with zero on detection of the expected error code
-        echo ""
-        echo "$capture_out"
-        echo ""
-        echo "Sig confirm error as expected! Test pass"
-        echo ""
-        exit_code=0
-        ;;
-    *)
-        echo ""
-        echo "Client did not return asn_sig_confirm_e as expected: $capture_out"
-        echo ""
-        exit_code=1
-    esac
-}
-
-
-######### begin program #########
-
-# run the test
-run_tls_no_signer_test
-
-tls_port=0
-run_tls_sig_confirm_test
-
-echo "exiting with $exit_code"
-exit $exit_code
-########## end program ##########
-