feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4108 from elms/fix/scripts/paths_w_spaces

Browse Source 
tests: fix test scripts for paths with spaces
This commit is contained in:
David Garske
2021-06-15 08:18:08 -07:00
committed by GitHub
parent cce96f5fe6 9ae021d2cb
commit a9515b80eb
11 changed files with 173 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
scripts/crl-revoked.test
View File

@ -29,9 +29,9 @@ server_pid=$no_pid
ready_file=`pwd`/wolfssl_crl_ready$$ ready_file=`pwd`/wolfssl_crl_ready$$
remove_ready_file() { remove_ready_file() {
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "removing existing ready file" echo -e "removing existing ready file"
rm $ready_file rm "$ready_file"
fi fi
} }
@ -70,12 +70,12 @@ run_test() {
# starts the server on crl_port, -R generates ready file to be used as a # starts the server on crl_port, -R generates ready file to be used as a
# mutex lock, -c loads the revoked certificate. We capture the processid # mutex lock, -c loads the revoked certificate. We capture the processid
# into the variable server_pid # into the variable server_pid
./examples/server/server -R $ready_file -p $crl_port \ ./examples/server/server -R "$ready_file" -p $crl_port \
-c ${CERT_DIR}/server-revoked-cert.pem \ -c ${CERT_DIR}/server-revoked-cert.pem \
-k ${CERT_DIR}/server-revoked-key.pem & -k ${CERT_DIR}/server-revoked-key.pem &
server_pid=$! server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..." echo -e "waiting for ready file..."
sleep 0.1 sleep 0.1
counter=$((counter+ 1)) counter=$((counter+ 1))
@ -84,7 +84,7 @@ run_test() {
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file: # sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1 sleep 0.1
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
else else
echo -e "NO ready file ending test..." echo -e "NO ready file ending test..."
@ -92,7 +92,7 @@ run_test() {
fi fi
# get created port 0 ephemeral port # get created port 0 ephemeral port
crl_port="$(cat $ready_file)" crl_port="$(cat "$ready_file")"
# starts client on crl_port and captures the output from client # starts client on crl_port and captures the output from client
capture_out=$(./examples/client/client -p $crl_port 2>&1) capture_out=$(./examples/client/client -p $crl_port 2>&1)
@ -147,18 +147,18 @@ run_hashdir_test() {
# starts the server on crl_port, -R generates ready file to be used as a # starts the server on crl_port, -R generates ready file to be used as a
# mutex lock, -c loads the revoked certificate. We capture the processid # mutex lock, -c loads the revoked certificate. We capture the processid
# into the variable server_pid # into the variable server_pid
./examples/server/server -R $ready_file -p $crl_port \ ./examples/server/server -R "$ready_file" -p $crl_port \
-c ${CERT_DIR}/server-revoked-cert.pem \ -c ${CERT_DIR}/server-revoked-cert.pem \
-k ${CERT_DIR}/server-revoked-key.pem & -k ${CERT_DIR}/server-revoked-key.pem &
server_pid=$! server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..." echo -e "waiting for ready file..."
sleep 0.1 sleep 0.1
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
# get created port 0 ephemeral port # get created port 0 ephemeral port
crl_port="$(cat $ready_file)" crl_port="$(cat "$ready_file")"
# starts client on crl_port and captures the output from client # starts client on crl_port and captures the output from client
capture_out=$(./examples/client/client -p $crl_port -9 2>&1) capture_out=$(./examples/client/client -p $crl_port -9 2>&1)

2
scripts/external.test
View File

@ -34,7 +34,7 @@ if [ $? -ne 0 ]; then
fi fi
# is our desired server there? # is our desired server there?
${SCRIPT_DIR}/ping.test $server 2 "${SCRIPT_DIR}"/ping.test $server 2
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && exit 0 [ $RESULT -ne 0 ] && exit 0

40
scripts/ocsp-stapling-with-ca-as-responder.test
View File

@ -43,7 +43,7 @@ CERT_DIR="certs/ocsp"
ready_file="${WORKSPACE}"/wolf_ocsp_s1_readyF$$ ready_file="${WORKSPACE}"/wolf_ocsp_s1_readyF$$
ready_file2="${WORKSPACE}"/wolf_ocsp_s1_readyF2$$ ready_file2="${WORKSPACE}"/wolf_ocsp_s1_readyF2$$
printf '%s\n' "ready files: $ready_file $ready_file2" printf '%s\n' "ready files: \"$ready_file\" \"$ready_file2\""
test_cnf="ocsp_s_w_ca_a_r.cnf" test_cnf="ocsp_s_w_ca_a_r.cnf"
@ -51,7 +51,7 @@ wait_for_readyFile(){
counter=0 counter=0
while [ ! -s $1 -a "$counter" -lt 20 ]; do while [ ! -s "$1" -a "$counter" -lt 20 ]; do
if [[ -n "${2-}" ]]; then if [[ -n "${2-}" ]]; then
if ! kill -0 $2 2>&-; then if ! kill -0 $2 2>&-; then
echo "pid $2 for port ${3-} exited before creating ready file. bailing..." echo "pid $2 for port ${3-} exited before creating ready file. bailing..."
@ -63,19 +63,19 @@ wait_for_readyFile(){
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
if test -e $1; then if test -e "$1"; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
else else
echo -e "NO ready file at $1 -- ending test..." echo -e "NO ready file at \"$1\" -- ending test..."
exit 1 exit 1
fi fi
} }
remove_single_rF(){ remove_single_rF(){
if test -e $1; then if test -e "$1"; then
printf '%s\n' "removing ready file: $1" printf '%s\n' "removing ready file: \"$1\""
rm $1 rm "$1"
fi fi
} }
@ -135,13 +135,13 @@ create_new_cnf() {
} }
remove_ready_file() { remove_ready_file() {
if test -e $ready_file; then if test -e "$ready_file"; then
printf '%s\n' "removing ready file" printf '%s\n' "removing ready file"
rm $ready_file rm "$ready_file"
fi fi
if test -e $ready_file2; then if test -e "$ready_file2"; then
printf '%s\n' "removing ready file: $ready_file2" printf '%s\n' "removing ready file: \"$ready_file2\""
rm $ready_file2 rm "$ready_file2"
fi fi
} }
@ -197,10 +197,10 @@ port2=$(get_first_free_port $((port1 + 1)))
# create a port to use with openssl ocsp responder # create a port to use with openssl ocsp responder
./examples/server/server -R $ready_file -p $port1 & ./examples/server/server -R "$ready_file" -p $port1 &
wolf_pid=$! wolf_pid=$!
wait_for_readyFile $ready_file $wolf_pid $port1 wait_for_readyFile "$ready_file" $wolf_pid $port1
if [ ! -f $ready_file ]; then if [ ! -f "$ready_file" ]; then
printf '%s\n' "Failed to create ready file: \"$ready_file\"" printf '%s\n' "Failed to create ready file: \"$ready_file\""
exit 1 exit 1
else else
@ -240,10 +240,10 @@ sleep 0.1
printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
# client test against our own server - GOOD CERT # client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem \ ./examples/server/server -c certs/ocsp/server1-cert.pem \
-k certs/ocsp/server1-key.pem -R $ready_file2 \ -k certs/ocsp/server1-key.pem -R "$ready_file2" \
-p $port2 & -p $port2 &
wolf_pid2=$! wolf_pid2=$!
wait_for_readyFile $ready_file2 $wolf_pid2 $port2 wait_for_readyFile "$ready_file2" $wolf_pid2 $port2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \
-p $port2 -p $port2
RESULT=$? RESULT=$?
@ -252,12 +252,12 @@ printf '%s\n\n' "Test PASSED!"
printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
# client test against our own server - REVOKED CERT # client test against our own server - REVOKED CERT
remove_single_rF $ready_file2 remove_single_rF "$ready_file2"
./examples/server/server -c certs/ocsp/server2-cert.pem \ ./examples/server/server -c certs/ocsp/server2-cert.pem \
-k certs/ocsp/server2-key.pem -R $ready_file2 \ -k certs/ocsp/server2-key.pem -R "$ready_file2" \
-p $port2 & -p $port2 &
wolf_pid2=$! wolf_pid2=$!
wait_for_readyFile $ready_file2 $wolf_pid2 $port2 wait_for_readyFile "$ready_file2" $wolf_pid2 $port2
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \
-p $port2 -p $port2
RESULT=$? RESULT=$?

72
scripts/ocsp-stapling.test
View File

@ -60,7 +60,7 @@ ln -s ../examples
CERT_DIR="./certs/ocsp" CERT_DIR="./certs/ocsp"
ready_file="$WORKSPACE"/wolf_ocsp_s1_readyF$$ ready_file="$WORKSPACE"/wolf_ocsp_s1_readyF$$
ready_file2="$WORKSPACE"/wolf_ocsp_s1_readyF2$$ ready_file2="$WORKSPACE"/wolf_ocsp_s1_readyF2$$
printf '%s\n' "ready file: $ready_file" printf '%s\n' "ready file: \"$ready_file\""
test_cnf="ocsp_s1.cnf" test_cnf="ocsp_s1.cnf"
@ -68,7 +68,7 @@ wait_for_readyFile(){
counter=0 counter=0
while [ ! -s $1 -a "$counter" -lt 20 ]; do while [ ! -s "$1" -a "$counter" -lt 20 ]; do
if [[ -n "${2-}" ]]; then if [[ -n "${2-}" ]]; then
if ! kill -0 $2 2>&-; then if ! kill -0 $2 2>&-; then
echo "pid $2 for port ${3-} exited before creating ready file. bailing..." echo "pid $2 for port ${3-} exited before creating ready file. bailing..."
@ -80,19 +80,19 @@ wait_for_readyFile(){
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
if test -e $1; then if test -e "$1"; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
else else
echo -e "NO ready file at $1 -- ending test..." echo -e "NO ready file at \"$1\" -- ending test..."
exit 1 exit 1
fi fi
} }
remove_single_rF(){ remove_single_rF(){
if test -e $1; then if test -e "$1"; then
printf '%s\n' "removing ready file: $1" printf '%s\n' "removing ready file: \"$1\""
rm $1 rm "$1"
fi fi
} }
@ -148,17 +148,17 @@ create_new_cnf() {
CURR_LOC="$PWD" CURR_LOC="$PWD"
printf '%s\n' "echo now in $CURR_LOC" printf '%s\n' "echo now in $CURR_LOC"
./renewcerts-for-test.sh $test_cnf ./renewcerts-for-test.sh $test_cnf
cd $WORKSPACE cd "$WORKSPACE"
} }
remove_ready_file() { remove_ready_file() {
if test -e $ready_file; then if test -e "$ready_file"; then
printf '%s\n' "removing ready file" printf '%s\n' "removing ready file"
rm $ready_file rm "$ready_file"
fi fi
if test -e $ready_file2; then if test -e "$ready_file2"; then
printf '%s\n' "removing ready file: $ready_file2" printf '%s\n' "removing ready file: \"$ready_file2\""
rm $ready_file2 rm "$ready_file2"
fi fi
} }
@ -227,11 +227,11 @@ port3=$(get_first_free_port $((port2 + 1)))
# test interop fail case # test interop fail case
ready_file=$PWD/wolf_ocsp_readyF$$ ready_file=$PWD/wolf_ocsp_readyF$$
printf '%s\n' "ready file: $ready_file" printf '%s\n' "ready file: \"$ready_file\""
./examples/server/server -b -p $port1 -o -R $ready_file & ./examples/server/server -b -p $port1 -o -R "$ready_file" &
wolf_pid=$! wolf_pid=$!
wait_for_readyFile $ready_file $wolf_pid $port1 wait_for_readyFile "$ready_file" $wolf_pid $port1
if [ ! -f $ready_file ]; then if [ ! -f "$ready_file" ]; then
printf '%s\n' "Failed to create ready file: \"$ready_file\"" printf '%s\n' "Failed to create ready file: \"$ready_file\""
exit 1 exit 1
else else
@ -239,10 +239,10 @@ else
echo "hi" | openssl s_client -status $V4V6_FLAG -connect ${LOCALHOST}:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem 2>&1 | tee /dev/stderr | fgrep -q 'self signed certificate in certificate chain' echo "hi" | openssl s_client -status $V4V6_FLAG -connect ${LOCALHOST}:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem 2>&1 | tee /dev/stderr | fgrep -q 'self signed certificate in certificate chain'
if [ $? -neq 0 ]; then if [ $? -neq 0 ]; then
printf '%s\n' "Expected verification error from s_client is missing." printf '%s\n' "Expected verification error from s_client is missing."
remove_single_rF $ready_file remove_single_rF "$ready_file"
exit 1 exit 1
fi fi
remove_single_rF $ready_file remove_single_rF "$ready_file"
wait $wolf_pid wait $wolf_pid
if [ $? -ne 1 ]; then if [ $? -ne 1 ]; then
printf '%s\n' "wolfSSL server unexpected fail value" printf '%s\n' "wolfSSL server unexpected fail value"
@ -252,10 +252,10 @@ fi
# create a port to use with openssl ocsp responder # create a port to use with openssl ocsp responder
./examples/server/server -b -p $port2 -R $ready_file & ./examples/server/server -b -p $port2 -R "$ready_file" &
wolf_pid2=$! wolf_pid2=$!
wait_for_readyFile $ready_file $wolf_pid2 $port2 wait_for_readyFile "$ready_file" $wolf_pid2 $port2
if [ ! -f $ready_file ]; then if [ ! -f "$ready_file" ]; then
printf '%s\n' "Failed to create ready file: \"$ready_file\"" printf '%s\n' "Failed to create ready file: \"$ready_file\""
exit 1 exit 1
else else
@ -307,10 +307,10 @@ sleep 0.1
printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
# client test against our own server - GOOD CERT # client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
-k certs/ocsp/server1-key.pem -p $port3 & -k certs/ocsp/server1-key.pem -p $port3 &
wolf_pid3=$! wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3 wait_for_readyFile "$ready_file2" $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
@ -318,11 +318,11 @@ printf '%s\n\n' "Test PASSED!"
printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
# client test against our own server - REVOKED CERT # client test against our own server - REVOKED CERT
remove_single_rF $ready_file2 remove_single_rF "$ready_file2"
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server2-cert.pem -R "$ready_file2" \
-k certs/ocsp/server2-key.pem -p $port3 & -k certs/ocsp/server2-key.pem -p $port3 &
wolf_pid3=$! wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3 wait_for_readyFile "$ready_file2" $wolf_pid3 $port3
sleep 0.1 sleep 0.1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3
RESULT=$? RESULT=$?
@ -335,12 +335,12 @@ printf '%s\n\n' "Test successfully REVOKED!"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------" printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------"
# client test against our own server - GOOD CERT # client test against our own server - GOOD CERT
remove_single_rF $ready_file2 remove_single_rF "$ready_file2"
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
-k certs/ocsp/server1-key.pem -v 4 \ -k certs/ocsp/server1-key.pem -v 4 \
-p $port3 & -p $port3 &
wolf_pid3=$! wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3 wait_for_readyFile "$ready_file2" $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
-p $port3 -p $port3
RESULT=$? RESULT=$?
@ -349,12 +349,12 @@ if [ $? -ne 0 ]; then
printf '%s\n\n' "------------- TEST CASE 4 SHOULD PASS --------------------" printf '%s\n\n' "------------- TEST CASE 4 SHOULD PASS --------------------"
# client test against our own server, must staple - GOOD CERT # client test against our own server, must staple - GOOD CERT
remove_single_rF $ready_file2 remove_single_rF "$ready_file2"
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
-k certs/ocsp/server1-key.pem -v 4 \ -k certs/ocsp/server1-key.pem -v 4 \
-p $port3 & -p $port3 &
wolf_pid3=$! wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3 wait_for_readyFile "$ready_file2" $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \
-p $port3 -p $port3
RESULT=$? RESULT=$?
@ -363,12 +363,12 @@ if [ $? -ne 0 ]; then
printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ------------------" printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ------------------"
# client test against our own server - REVOKED CERT # client test against our own server - REVOKED CERT
remove_single_rF $ready_file2 remove_single_rF "$ready_file2"
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ ./examples/server/server -c certs/ocsp/server2-cert.pem -R "$ready_file2" \
-k certs/ocsp/server2-key.pem -v 4 \ -k certs/ocsp/server2-key.pem -v 4 \
-p $port3 & -p $port3 &
wolf_pid3=$! wolf_pid3=$!
wait_for_readyFile $ready_file2 $wolf_pid3 $port3 wait_for_readyFile "$ready_file2" $wolf_pid3 $port3
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
-p $port3 -p $port3
RESULT=$? RESULT=$?

6
scripts/ocsp.test
View File

@ -27,7 +27,7 @@ if [ "$OUTPUT" = "SNI is: ON" ]; then
printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test" printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test"
# is our desired server there? # is our desired server there?
${SCRIPT_DIR}/ping.test $server 2 "${SCRIPT_DIR}/ping.test" $server 2
RESULT=$? RESULT=$?
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
GL_UNREACHABLE=1 GL_UNREACHABLE=1
@ -35,7 +35,7 @@ if [ "$OUTPUT" = "SNI is: ON" ]; then
if [ $RESULT -eq 0 ]; then if [ $RESULT -eq 0 ]; then
# client test against the server # client test against the server
./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N -v d -S $server ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server
GL_RESULT=$? GL_RESULT=$?
[ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
else else
@ -54,7 +54,7 @@ ${SCRIPT_DIR}/ping.test $server 2
RESULT=$? RESULT=$?
if [ $RESULT -eq 0 ]; then if [ $RESULT -eq 0 ]; then
# client test against the server # client test against the server
./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N
GR_RESULT=$? GR_RESULT=$?
[ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" [ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
else else

42
scripts/openssl.test
View File

@ -161,11 +161,11 @@ start_openssl_server() {
if [ "$cert_file" != "" ] if [ "$cert_file" != "" ]
then then
echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert \"$cert_file\" -key \"$key_file\" -quiet -CAfile \"$ca_file\" -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert "$cert_file" -key "$key_file" -quiet -CAfile "$ca_file" -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
else else
echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
fi fi
server_pid=$! server_pid=$!
# wait to see if s_server successfully starts before continuing # wait to see if s_server successfully starts before continuing
@ -229,8 +229,8 @@ start_wolfssl_server() {
echo -e "\n# Trying to start $wolfssl_suite wolfSSL server on port $server_port..." echo -e "\n# Trying to start $wolfssl_suite wolfSSL server on port $server_port..."
echo "#" echo "#"
echo "# $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL" echo "# $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\""
$WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL & $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" &
server_pid=$! server_pid=$!
# wait to see if server successfully starts before continuing # wait to see if server successfully starts before continuing
sleep 0.1 sleep 0.1
@ -316,13 +316,13 @@ do_wolfssl_client() {
if [ "$version" != "5" -a "$version" != "" ] if [ "$version" != "5" -a "$version" != "" ]
then then
echo "#" echo "#"
echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl" echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl"
$WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
else else
echo "#" echo "#"
echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl" echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl"
# do all versions # do all versions
$WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
fi fi
client_result=$? client_result=$?
@ -370,12 +370,12 @@ do_openssl_client() {
if [ "$tls13_cipher" = "" ] if [ "$tls13_cipher" = "" ]
then then
echo "#" echo "#"
echo "# $OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2" echo "# $OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2" echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
else else
echo "#" echo "#"
echo "# $OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2" echo "# $OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2" echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
fi fi
client_result=$? client_result=$?
@ -407,7 +407,7 @@ command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but
echo -e "\nTesting for _build directory as part of distcheck, different paths" echo -e "\nTesting for _build directory as part of distcheck, different paths"
currentDir=`pwd` currentDir=`pwd`
if [ $currentDir = *"_build" ] if [ "$currentDir" = *"_build" ]
then then
echo -e "_build directory detected, moving a directory back" echo -e "_build directory detected, moving a directory back"
cd .. cd ..
@ -479,7 +479,7 @@ esac
if [ "$wolf_certs" != "" ] if [ "$wolf_certs" != "" ]
then then
# Check if ECC certificates supported in wolfSSL # Check if ECC certificates supported in wolfSSL
wolf_ecc=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed25519/ca-ecc-cert.pem 2>&1` wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/ca-ecc-cert.pem" 2>&1`
case $wolf_ecc in case $wolf_ecc in
*"ca file"*) *"ca file"*)
wolf_ecc="" wolf_ecc=""
@ -488,7 +488,7 @@ then
;; ;;
esac esac
# Check if Ed25519 certificates supported in wolfSSL # Check if Ed25519 certificates supported in wolfSSL
wolf_ed25519=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed25519/root-ed25519.pem 2>&1` wolf_ed25519=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1`
case $wolf_ed25519 in case $wolf_ed25519 in
*"ca file"*) *"ca file"*)
wolf_ed25519="" wolf_ed25519=""
@ -497,7 +497,7 @@ then
;; ;;
esac esac
# Check if Ed25519 certificates supported in OpenSSL # Check if Ed25519 certificates supported in OpenSSL
openssl_ed25519=`$OPENSSL s_client -cert ${CERT_DIR}/ed25519/client-ed25519.pem -key ${CERT_DIR}/ed25519/client-ed25519-priv.pem 2>&1` openssl_ed25519=`$OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1`
case $openssl_ed25519 in case $openssl_ed25519 in
*"unable to load"*) *"unable to load"*)
wolf_ed25519="" wolf_ed25519=""
@ -506,7 +506,7 @@ then
;; ;;
esac esac
# Check if Ed448 certificates supported in wolfSSL # Check if Ed448 certificates supported in wolfSSL
wolf_ed448=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed448/root-ed448.pem 2>&1` wolf_ed448=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1`
case $wolf_ed448 in case $wolf_ed448 in
*"ca file"*) *"ca file"*)
wolf_ed448="" wolf_ed448=""
@ -515,7 +515,7 @@ then
;; ;;
esac esac
# Check if Ed448 certificates supported in OpenSSL # Check if Ed448 certificates supported in OpenSSL
openssl_ed448=`$OPENSSL s_client -cert ${CERT_DIR}/ed448/client-ed448.pem -key ${CERT_DIR}/ed448/client-ed448-priv.pem 2>&1` openssl_ed448=`$OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1`
case $openssl_ed448 in case $openssl_ed448 in
*"unable to load"*) *"unable to load"*)
wolf_ed448="" wolf_ed448=""
@ -757,7 +757,7 @@ do
# double check that can actually do a sslv3 connection using # double check that can actually do a sslv3 connection using
# client-cert.pem to send but any file with EOF works # client-cert.pem to send but any file with EOF works
$OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ${CERT_DIR}/client-cert.pem $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < "${CERT_DIR}/client-cert.pem"
sslv3_sup=$? sslv3_sup=$?
if [ $sslv3_sup != 0 ] if [ $sslv3_sup != 0 ]
then then

12
scripts/pkcallbacks.test
View File

@ -27,9 +27,9 @@ server_pid=$no_pid
ready_file=`pwd`/wolfssl_pk_ready$$ ready_file=`pwd`/wolfssl_pk_ready$$
remove_ready_file() { remove_ready_file() {
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "removing existing ready file" echo -e "removing existing ready file"
rm $ready_file rm "$ready_file"
fi fi
} }
@ -79,16 +79,16 @@ run_test() {
# starts the server on pk_port, -R generates ready file to be used as a # starts the server on pk_port, -R generates ready file to be used as a
# mutex lock, -P does pkcallbacks. We capture the processid # mutex lock, -P does pkcallbacks. We capture the processid
# into the variable server_pid # into the variable server_pid
./examples/server/server -P -R $ready_file -p $pk_port & ./examples/server/server -P -R "$ready_file" -p $pk_port &
server_pid=$! server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..." echo -e "waiting for ready file..."
sleep 0.1 sleep 0.1
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
else else
echo -e "NO ready file ending test..." echo -e "NO ready file ending test..."
@ -99,7 +99,7 @@ run_test() {
sleep 0.1 sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
pk_port=`cat $ready_file` pk_port=`cat "$ready_file"`
# starts client on pk_port with pkcallbacks, captures the output from client # starts client on pk_port with pkcallbacks, captures the output from client
capture_out=$(./examples/client/client -P -p $pk_port 2>&1) capture_out=$(./examples/client/client -P -p $pk_port 2>&1)

20
scripts/psk.test
View File

@ -25,23 +25,23 @@ counter=0
# per source tree # per source tree
ready_file=`pwd`/wolfssl_psk_ready$$ ready_file=`pwd`/wolfssl_psk_ready$$
echo "ready file $ready_file" echo "ready file \"$ready_file\""
create_port() { create_port() {
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..." echo -e "waiting for ready file..."
sleep 0.1 sleep 0.1
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file: # sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1 sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
port=`cat $ready_file` port=`cat "$ready_file"`
else else
echo -e "NO ready file ending test..." echo -e "NO ready file ending test..."
do_cleanup do_cleanup
@ -49,9 +49,9 @@ create_port() {
} }
remove_ready_file() { remove_ready_file() {
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "removing existing ready file" echo -e "removing existing ready file"
rm $ready_file rm "$ready_file"
fi fi
} }
@ -87,7 +87,7 @@ fi
# Usual psk server / psk client. This use case is tested in # Usual psk server / psk client. This use case is tested in
# tests/unit.test and is used here for just checking if PSK is enabled # tests/unit.test and is used here for just checking if PSK is enabled
port=0 port=0
./examples/server/server -s -R $ready_file -p $port & ./examples/server/server -s -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -s -p $port ./examples/client/client -s -p $port
@ -110,7 +110,7 @@ if [ $? -ne 0 ]; then
# tests/unit.test and is used here for just checking if cipher suite # tests/unit.test and is used here for just checking if cipher suite
# is available (one case for example is with disable-asn) # is available (one case for example is with disable-asn)
port=0 port=0
./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & ./examples/server/server -R "$ready_file" -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -p $port ./examples/client/client -p $port
@ -126,7 +126,7 @@ if [ $? -ne 0 ]; then
# psk server with non psk client # psk server with non psk client
port=0 port=0
./examples/server/server -j -R $ready_file -p $port & ./examples/server/server -j -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -p $port ./examples/client/client -p $port
@ -142,7 +142,7 @@ if [ $? -ne 0 ]; then
# check fail if no auth, psk server with non psk client # check fail if no auth, psk server with non psk client
echo "Checking fail when not sending peer cert" echo "Checking fail when not sending peer cert"
port=0 port=0
./examples/server/server -j -R $ready_file -p $port & ./examples/server/server -j -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -x -p $port ./examples/client/client -x -p $port

12
scripts/resume.test
View File

@ -29,9 +29,9 @@ ready_file=`pwd`/wolfssl_resume_ready$$
echo "ready file $ready_file" echo "ready file $ready_file"
remove_ready_file() { remove_ready_file() {
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "removing existing ready file" echo -e "removing existing ready file"
rm $ready_file rm "$ready_file"
fi fi
} }
@ -69,16 +69,16 @@ do_test() {
esac esac
remove_ready_file remove_ready_file
./examples/server/server -r -R $ready_file -p $resume_port & ./examples/server/server -r -R "$ready_file" -p $resume_port &
server_pid=$! server_pid=$!
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..." echo -e "waiting for ready file..."
sleep 0.1 sleep 0.1
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
else else
echo -e "NO ready file ending test..." echo -e "NO ready file ending test..."
@ -90,7 +90,7 @@ do_test() {
sleep 0.1 sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
resume_port=`cat $ready_file` resume_port=`cat "$ready_file"`
capture_out=$(./examples/client/client $1 -r -p $resume_port 2>&1) capture_out=$(./examples/client/client $1 -r -p $resume_port 2>&1)
client_result=$? client_result=$?

60
scripts/tls13.test
View File

@ -30,10 +30,10 @@ server_out_file=`pwd`/wolfssl_tls13_server_out$$
# Client output # Client output
client_out_file=`pwd`/wolfssl_tls13_client_out$$ client_out_file=`pwd`/wolfssl_tls13_client_out$$
echo "ready file $ready_file" echo "ready file "$ready_file""
create_port() { create_port() {
while [ ! -s $ready_file ]; do while [ ! -s "$ready_file" ]; do
if [ "$counter" -gt 50 ]; then if [ "$counter" -gt 50 ]; then
break break
fi fi
@ -42,14 +42,14 @@ create_port() {
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
if [ -e $ready_file ]; then if [ -e "$ready_file" ]; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file: # sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1 sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
port=`cat $ready_file` port=`cat "$ready_file"`
else else
echo -e "NO ready file ending test..." echo -e "NO ready file ending test..."
do_cleanup do_cleanup
@ -57,9 +57,9 @@ create_port() {
} }
remove_ready_file() { remove_ready_file() {
if [ -e $ready_file ]; then if [ -e "$ready_file" ]; then
echo -e "removing existing ready file" echo -e "removing existing ready file"
rm $ready_file rm "$ready_file"
fi fi
} }
@ -73,17 +73,17 @@ do_cleanup() {
server_pid=$no_pid server_pid=$no_pid
fi fi
remove_ready_file remove_ready_file
if [ -e $client_file ]; then if [ -e "$client_file" ]; then
echo -e "removing existing client file" echo -e "removing existing client file"
rm $client_file rm "$client_file"
fi fi
if [ -e $server_out_file ]; then if [ -e "$server_out_file" ]; then
echo -e "removing existing server output file" echo -e "removing existing server output file"
rm $server_out_file rm "$server_out_file"
fi fi
if [ -e $client_out_file ]; then if [ -e "$client_out_file" ]; then
echo -e "removing existing client output file" echo -e "removing existing client output file"
rm $client_out_file rm "$client_out_file"
fi fi
} }
@ -108,10 +108,10 @@ fi
# Usual TLS v1.3 server / TLS v1.3 client. # Usual TLS v1.3 server / TLS v1.3 client.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client" echo -e "\n\nTLS v1.3 server with TLS v1.3 client"
port=0 port=0
./examples/server/server -v 4 -R $ready_file -p $port & ./examples/server/server -v 4 -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v 4 -p $port | tee $client_file ./examples/client/client -v 4 -p $port | tee "$client_file"
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
@ -124,7 +124,7 @@ echo ""
# TLS 1.3 cipher suites server / client. # TLS 1.3 cipher suites server / client.
echo -e "\n\nTLS v1.3 cipher suite mismatch" echo -e "\n\nTLS v1.3 cipher suite mismatch"
port=0 port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 & ./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384 ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
@ -146,7 +146,7 @@ if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then
# TLS 1.3 mutual auth required but client doesn't send certificates. # TLS 1.3 mutual auth required but client doesn't send certificates.
echo -e "\n\nTLS v1.3 mutual auth fail" echo -e "\n\nTLS v1.3 mutual auth fail"
port=0 port=0
./examples/server/server -v 4 -F -R $ready_file -p $port & ./examples/server/server -v 4 -F -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v 4 -x -p $port ./examples/client/client -v 4 -x -p $port
@ -167,7 +167,7 @@ if [ $? -ne 0 ]; then
# TLS 1.3 server / TLS 1.2 client. # TLS 1.3 server / TLS 1.2 client.
echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2" echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
port=0 port=0
./examples/server/server -v 4 -R $ready_file -p $port & ./examples/server/server -v 4 -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v 3 -p $port ./examples/client/client -v 3 -p $port
@ -184,7 +184,7 @@ if [ $? -ne 0 ]; then
# TLS 1.2 server / TLS 1.3 client. # TLS 1.2 server / TLS 1.3 client.
echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3" echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
port=0 port=0
./examples/server/server -v 3 -R $ready_file -p $port & ./examples/server/server -v 3 -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v 4 -p $port ./examples/client/client -v 4 -p $port
@ -215,7 +215,7 @@ if [ $? -ne 0 ]; then
port=0 port=0
SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS" SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS"
CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS" CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS"
./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port & ./examples/server/server -v d -l $SERVER_CS -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v d -l $CLIENT_CS -p $port ./examples/client/client -v d -l $CLIENT_CS -p $port
@ -246,17 +246,17 @@ fi
if [ "$early_data" = "yes" ]; then if [ "$early_data" = "yes" ]; then
echo -e "\n\nTLS v1.3 Early Data - session ticket" echo -e "\n\nTLS v1.3 Early Data - session ticket"
port=0 port=0
(./examples/server/server -v 4 -r -0 -R $ready_file -p $port 2>&1 | \ (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \
tee $server_out_file) & tee "$server_out_file") &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v 4 -r -0 -p $port 2>&1 >$client_out_file ./examples/client/client -v 4 -r -0 -p $port 2>&1 >"$client_out_file"
RESULT=$? RESULT=$?
cat $client_out_file cat "$client_out_file"
remove_ready_file remove_ready_file
grep 'Session Ticket' $client_out_file grep 'Session Ticket' "$client_out_file"
session_ticket=$? session_ticket=$?
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l` early_data_cnt=`grep 'Early Data' "$server_out_file" | wc -l`
if [ $session_ticket -eq 0 -a $early_data_cnt -ne 4 ]; then if [ $session_ticket -eq 0 -a $early_data_cnt -ne 4 ]; then
RESULT=1 RESULT=1
fi fi
@ -272,8 +272,8 @@ fi
if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
echo -e "\n\nTLS v1.3 Early Data - PSK" echo -e "\n\nTLS v1.3 Early Data - PSK"
port=0 port=0
(./examples/server/server -v 4 -s -0 -R $ready_file -p $port 2>&1 | \ (./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \
tee $server_out_file) & tee "$server_out_file") &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -v 4 -s -0 -p $port ./examples/client/client -v 4 -s -0 -p $port
@ -283,14 +283,14 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
# wait for the server to quit and write output # wait for the server to quit and write output
wait $server_pid wait $server_pid
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l` early_data_cnt=`grep 'Early Data' "$server_out_file" | wc -l`
if [ $early_data_cnt -ne 3 -a $early_data_cnt -ne 5 ]; then if [ $early_data_cnt -ne 3 -a $early_data_cnt -ne 5 ]; then
echo echo
echo "Server out file" echo "Server out file"
cat $server_out_file cat "$server_out_file"
echo echo
echo "Found lines" echo "Found lines"
grep 'Early Data' $server_out_file grep 'Early Data' "$server_out_file"
echo -e "\n\nToo few 'Early Data' lines - $early_data_cnt" echo -e "\n\nToo few 'Early Data' lines - $early_data_cnt"
RESULT=1 RESULT=1
fi fi

62
scripts/trusted_peer.test
View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
# trusted_peer.test # trusted_peer.test
# copyright wolfSSL 2016 # copyright wolfSSL 2016
@ -36,23 +36,23 @@ combined_cert=`pwd`/certs/client_combined.pem
wrong_ca=`pwd`/certs/wolfssl-website-ca.pem wrong_ca=`pwd`/certs/wolfssl-website-ca.pem
wrong_cert=`pwd`/certs/server-revoked-cert.pem wrong_cert=`pwd`/certs/server-revoked-cert.pem
echo "ready file $ready_file" echo "ready file \"$ready_file\""
create_port() { create_port() {
while [ ! -s $ready_file -a "$counter" -lt 20 ]; do while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
echo -e "waiting for ready file..." echo -e "waiting for ready file..."
sleep 0.1 sleep 0.1
counter=$((counter+ 1)) counter=$((counter+ 1))
done done
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "found ready file, starting client..." echo -e "found ready file, starting client..."
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file: # sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
sleep 0.1 sleep 0.1
# get created port 0 ephemeral port # get created port 0 ephemeral port
port=`cat $ready_file` port=`cat "$ready_file"`
else else
echo -e "NO ready file ending test..." echo -e "NO ready file ending test..."
do_cleanup do_cleanup
@ -60,9 +60,9 @@ create_port() {
} }
remove_ready_file() { remove_ready_file() {
if test -e $ready_file; then if test -e "$ready_file"; then
echo -e "removing existing ready file" echo -e "removing existing ready file"
rm $ready_file rm "$ready_file"
fi fi
} }
@ -89,7 +89,7 @@ trap do_trap INT TERM
# Look for if RSA and/or ECC is enabled and adjust certs/keys # Look for if RSA and/or ECC is enabled and adjust certs/keys
ciphers=`./examples/client/client -e` ciphers=`./examples/client/client -e`
if [[ $ciphers != *"RSA"* ]]; then if [[ "$ciphers" != *"RSA"* ]]; then
if [[ $ciphers == *"ECDSA"* ]]; then if [[ $ciphers == *"ECDSA"* ]]; then
client_cert=`pwd`/certs/client-ecc-cert.pem client_cert=`pwd`/certs/client-ecc-cert.pem
client_ca=`pwd`/certs/server-ecc.pem client_ca=`pwd`/certs/server-ecc.pem
@ -107,7 +107,7 @@ fi
# CRL list not set up for tests # CRL list not set up for tests
crl_test=`./examples/client/client -h` crl_test=`./examples/client/client -h`
if [[ $crl_test == *"-C "* ]]; then if [[ "$crl_test" == *"-C "* ]]; then
echo "test not set up to run with CRL" echo "test not set up to run with CRL"
exit 0 exit 0
fi fi
@ -118,10 +118,10 @@ echo "Checking built with trusted peer certs "
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
remove_ready_file remove_ready_file
./examples/server/server -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $client_ca -p $port ./examples/client/client -A "$client_ca" -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
# if fail here then is a settings issue so return 0 # if fail here then is a settings issue so return 0
@ -136,10 +136,10 @@ echo ""
echo "Server and Client relying on trusted peer cert loaded" echo "Server and Client relying on trusted peer cert loaded"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
./examples/server/server -A $wrong_ca -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -A "$wrong_ca" -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $wrong_ca -E $server_cert -c $client_cert -p $port ./examples/client/client -A "$wrong_ca" -E "$server_cert" -c "$client_cert" -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
@ -153,10 +153,10 @@ echo ""
echo "Server relying on trusted peer cert loaded" echo "Server relying on trusted peer cert loaded"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
./examples/server/server -A $wrong_ca -E $client_cert -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -A "$wrong_ca" -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $client_ca -c $client_cert -p $port ./examples/client/client -A "$client_ca" -c "$client_cert" -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
@ -170,10 +170,10 @@ echo ""
echo "Client relying on trusted peer cert loaded" echo "Client relying on trusted peer cert loaded"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $wrong_ca -E $server_cert -p $port ./examples/client/client -A "$wrong_ca" -E "$server_cert" -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
@ -187,10 +187,10 @@ echo ""
echo "Client fall through to loaded CAs" echo "Client fall through to loaded CAs"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $client_ca -E $wrong_cert -p $port ./examples/client/client -A "$client_ca" -E "$wrong_cert" -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
@ -206,10 +206,10 @@ if [[ $wrong_ca != *"ecc"* ]]; then
echo "Client wrong CA and wrong trusted peer cert loaded" echo "Client wrong CA and wrong trusted peer cert loaded"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
./examples/server/server -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $wrong_ca -E $wrong_cert -p $port ./examples/client/client -A "$wrong_ca" -E "$wrong_cert" -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -eq 0 ]; then if [ $RESULT -eq 0 ]; then
@ -224,10 +224,10 @@ fi
echo "Server wrong CA and wrong trusted peer cert loaded" echo "Server wrong CA and wrong trusted peer cert loaded"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
./examples/server/server -A $wrong_ca -E $wrong_cert -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -A "$wrong_ca" -E "$wrong_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $client_ca -p $port ./examples/client/client -A "$client_ca" -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -eq 0 ]; then if [ $RESULT -eq 0 ]; then
@ -241,10 +241,10 @@ echo ""
echo "Server fall through to loaded CAs" echo "Server fall through to loaded CAs"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
./examples/server/server -E $wrong_cert -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -E "$wrong_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $client_ca -p $port ./examples/client/client -A "$client_ca" -p $port
RESULT=$? RESULT=$?
remove_ready_file remove_ready_file
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
@ -259,25 +259,25 @@ echo "Server loading multiple trusted peer certs"
echo "Test two success cases and one fail case" echo "Test two success cases and one fail case"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"
port=0 port=0
cat $client_cert $client_ca > $combined_cert cat "$client_cert" "$client_ca" > "$combined_cert"
./examples/server/server -i -A $wrong_ca -E $combined_cert -c $server_cert -k $server_key -R $ready_file -p $port & ./examples/server/server -i -A "$wrong_ca" -E "$combined_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port &
server_pid=$! server_pid=$!
create_port create_port
./examples/client/client -A $client_ca -c $client_cert -k $client_key -p $port ./examples/client/client -A "$client_ca" -c "$client_cert" -k "$client_key" -p $port
RESULT=$? RESULT=$?
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
echo -e "\nServer load multiple trusted peer certs failed!" echo -e "\nServer load multiple trusted peer certs failed!"
do_cleanup do_cleanup
exit 1 exit 1
fi fi
./examples/client/client -A $client_ca -c $client_ca -k $ca_key -p $port ./examples/client/client -A "$client_ca" -c "$client_ca" -k "$ca_key" -p $port
RESULT=$? RESULT=$?
if [ $RESULT -ne 0 ]; then if [ $RESULT -ne 0 ]; then
echo -e "\nServer load multiple trusted peer certs failed!" echo -e "\nServer load multiple trusted peer certs failed!"
do_cleanup do_cleanup
exit 1 exit 1
fi fi
./examples/client/client -A $client_ca -c $wrong_cert -k $client_key -p $port ./examples/client/client -A "$client_ca" -c "$wrong_cert" -k "$client_key" -p $port
RESULT=$? RESULT=$?
if [ $RESULT -eq 0 ]; then if [ $RESULT -eq 0 ]; then
echo -e "\nServer load multiple trusted peer certs failed!" echo -e "\nServer load multiple trusted peer certs failed!"
@ -286,7 +286,7 @@ if [ $RESULT -eq 0 ]; then
fi fi
do_cleanup # kill PID of server running in infinite loop do_cleanup # kill PID of server running in infinite loop
rm $combined_cert rm "$combined_cert"
remove_ready_file remove_ready_file
echo "" echo ""