wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

testing: fix openssl test for distcheck

Browse Source 
Previously missed case of cert locations for out-of-tree build. Use
relative path from script location for certificate path
This commit is contained in:
Elms
2021-02-10 07:10:15 -08:00
parent b704c3b3f8
commit 9b6f382b2c
1 changed files with 64 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
scripts/openssl.test
View File

@@ -2,6 +2,7 @@
#openssl.test #openssl.test
CERT_DIR="$(realpath $(dirname $0)/../certs)"
if ! test -n "$WOLFSSL_OPENSSL_TEST"; then if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
echo "WOLFSSL_OPENSSL_TEST NOT set, won't run" echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
exit 0 exit 0
@@ -133,11 +134,11 @@ start_openssl_server() {
if [ "$cert_file" != "" ] if [ "$cert_file" != "" ]
then then
echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
else else
echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
fi fi
server_pid=$! server_pid=$!
# wait to see if s_server successfully starts before continuing # wait to see if s_server successfully starts before continuing
@@ -451,7 +452,7 @@ esac
if [ "$wolf_certs" != "" ] if [ "$wolf_certs" != "" ]
then then
# Check if ECC certificates supported in wolfSSL # Check if ECC certificates supported in wolfSSL
wolf_ecc=`$WOLFSSL_CLIENT -A ./certs/ed25519/ca-ecc-cert.pem 2>&1` wolf_ecc=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed25519/ca-ecc-cert.pem 2>&1`
case $wolf_ecc in case $wolf_ecc in
*"ca file"*) *"ca file"*)
wolf_ecc="" wolf_ecc=""
@@ -460,7 +461,7 @@ then
;; ;;
esac esac
# Check if Ed25519 certificates supported in wolfSSL # Check if Ed25519 certificates supported in wolfSSL
wolf_ed25519=`$WOLFSSL_CLIENT -A ./certs/ed25519/root-ed25519.pem 2>&1` wolf_ed25519=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed25519/root-ed25519.pem 2>&1`
case $wolf_ed25519 in case $wolf_ed25519 in
*"ca file"*) *"ca file"*)
wolf_ed25519="" wolf_ed25519=""
@@ -469,7 +470,7 @@ then
;; ;;
esac esac
# Check if Ed25519 certificates supported in OpenSSL # Check if Ed25519 certificates supported in OpenSSL
openssl_ed25519=`$OPENSSL s_client -cert ./certs/ed25519/client-ed25519.pem -key ./certs/ed25519/client-ed25519-priv.pem 2>&1` openssl_ed25519=`$OPENSSL s_client -cert ${CERT_DIR}/ed25519/client-ed25519.pem -key ${CERT_DIR}/ed25519/client-ed25519-priv.pem 2>&1`
case $openssl_ed25519 in case $openssl_ed25519 in
*"unable to load"*) *"unable to load"*)
wolf_ed25519="" wolf_ed25519=""
@@ -478,7 +479,7 @@ then
;; ;;
esac esac
# Check if Ed448 certificates supported in wolfSSL # Check if Ed448 certificates supported in wolfSSL
wolf_ed448=`$WOLFSSL_CLIENT -A ./certs/ed448/root-ed448.pem 2>&1` wolf_ed448=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed448/root-ed448.pem 2>&1`
case $wolf_ed448 in case $wolf_ed448 in
*"ca file"*) *"ca file"*)
wolf_ed448="" wolf_ed448=""
@@ -487,7 +488,7 @@ then
;; ;;
esac esac
# Check if Ed448 certificates supported in OpenSSL # Check if Ed448 certificates supported in OpenSSL
openssl_ed448=`$OPENSSL s_client -cert ./certs/ed448/client-ed448.pem -key ./certs/ed448/client-ed448-priv.pem 2>&1` openssl_ed448=`$OPENSSL s_client -cert ${CERT_DIR}/ed448/client-ed448.pem -key ${CERT_DIR}/ed448/client-ed448-priv.pem 2>&1`
case $openssl_ed448 in case $openssl_ed448 in
*"unable to load"*) *"unable to load"*)
wolf_ed448="" wolf_ed448=""
@@ -572,9 +573,9 @@ if [ "$wolf_rsa" != "" -o "$wolf_tls_psk" != "" ]
then then
if [ "$wolf_rsa" != "" ] if [ "$wolf_rsa" != "" ]
then then
cert_file="./certs/server-cert.pem" cert_file="${CERT_DIR}/server-cert.pem"
key_file="./certs/server-key.pem" key_file="${CERT_DIR}/server-key.pem"
ca_file="./certs/client-ca.pem" ca_file="${CERT_DIR}/client-ca.pem"
else else
cert_file= cert_file=
key_file= key_file=
@@ -601,9 +602,9 @@ fi
# If ECDH-RSA cipher suites supported in wolfSSL then start servers # If ECDH-RSA cipher suites supported in wolfSSL then start servers
if [ "$wolf_ecdh_rsa" != "" ] if [ "$wolf_ecdh_rsa" != "" ]
then then
cert_file="./certs/server-ecc-rsa.pem" cert_file="${CERT_DIR}/server-ecc-rsa.pem"
key_file="./certs/ecc-key.pem" key_file="${CERT_DIR}/ecc-key.pem"
ca_file="./certs/client-ca.pem" ca_file="${CERT_DIR}/client-ca.pem"
openssl_suite="ECDH-RSA" openssl_suite="ECDH-RSA"
start_openssl_server start_openssl_server
@@ -618,9 +619,9 @@ fi
if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ] if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ]
then then
cert_file="./certs/server-ecc.pem" cert_file="${CERT_DIR}/server-ecc.pem"
key_file="./certs/ecc-key.pem" key_file="${CERT_DIR}/ecc-key.pem"
ca_file="./certs/client-ca.pem" ca_file="${CERT_DIR}/client-ca.pem"
openssl_suite="ECDH[E]-ECDSA" openssl_suite="ECDH[E]-ECDSA"
start_openssl_server start_openssl_server
@@ -636,9 +637,9 @@ fi
# If Ed25519 certificates supported in wolfSSL then start servers # If Ed25519 certificates supported in wolfSSL then start servers
if [ "$wolf_ed25519" != "" ]; if [ "$wolf_ed25519" != "" ];
then then
cert_file="./certs/ed25519/server-ed25519.pem" cert_file="${CERT_DIR}/ed25519/server-ed25519.pem"
key_file="./certs/ed25519/server-ed25519-priv.pem" key_file="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
ca_file="./certs/ed25519/root-ed25519.pem" ca_file="${CERT_DIR}/ed25519/root-ed25519.pem"
openssl_suite="Ed25519" openssl_suite="Ed25519"
start_openssl_server start_openssl_server
@@ -656,9 +657,9 @@ fi
# If Ed448 certificates supported in wolfSSL then start servers # If Ed448 certificates supported in wolfSSL then start servers
if [ "$wolf_ed448" != "" ]; if [ "$wolf_ed448" != "" ];
then then
cert_file="./certs/ed448/server-ed448.pem" cert_file="${CERT_DIR}/ed448/server-ed448.pem"
key_file="./certs/ed448/server-ed448-priv.pem" key_file="${CERT_DIR}/ed448/server-ed448-priv.pem"
ca_file="./certs/ed448/client-ed448.pem" ca_file="${CERT_DIR}/ed448/client-ed448.pem"
openssl_suite="Ed448" openssl_suite="Ed448"
start_openssl_server start_openssl_server
@@ -729,7 +730,7 @@ do
# double check that can actually do a sslv3 connection using # double check that can actually do a sslv3 connection using
# client-cert.pem to send but any file with EOF works # client-cert.pem to send but any file with EOF works
$OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ${CERT_DIR}/client-cert.pem
sslv3_sup=$? sslv3_sup=$?
if [ $sslv3_sup != 0 ] if [ $sslv3_sup != 0 ]
then then
@@ -922,9 +923,9 @@ do
caCert="" caCert=""
case $wolfSuite in case $wolfSuite in
*ECDH-RSA*) *ECDH-RSA*)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$ecdh_openssl_port port=$ecdh_openssl_port
do_wolfssl_client do_wolfssl_client
port=$ecdh_wolfssl_port port=$ecdh_wolfssl_port
@@ -933,9 +934,9 @@ do
*ECDHE-ECDSA*|*ECDH-ECDSA*) *ECDHE-ECDSA*|*ECDH-ECDSA*)
if [ "$wolf_ecc" != "" ] if [ "$wolf_ecc" != "" ]
then then
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-ecc-cert.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem"
port=$ecdsa_openssl_port port=$ecdsa_openssl_port
do_wolfssl_client do_wolfssl_client
@@ -946,9 +947,9 @@ do
fi fi
if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ] if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
then then
cert="./certs/ed25519/server-ed25519.pem" cert="${CERT_DIR}/ed25519/server-ed25519.pem"
key="./certs/ed25519/server-ed25519-priv.pem" key="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
caCert="./certs/ed25519/server-ed25519.pem" caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ed25519_openssl_port port=$ed25519_openssl_port
@@ -960,9 +961,9 @@ do
fi fi
if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ] if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
then then
cert="./certs/ed448/client-ed448.pem" cert="${CERT_DIR}/ed448/client-ed448.pem"
key="./certs/ed448/client-ed448-priv.pem" key="${CERT_DIR}/ed448/client-ed448-priv.pem"
caCert="./certs/ed448/server-ed448.pem" caCert="${CERT_DIR}/ed448/server-ed448.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ed448_openssl_port port=$ed448_openssl_port
@@ -974,9 +975,9 @@ do
fi fi
;; ;;
*DHE-PSK*) *DHE-PSK*)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$openssl_port port=$openssl_port
psk="-s" psk="-s"
@@ -992,9 +993,9 @@ do
fi fi
;; ;;
*PSK*) *PSK*)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$openssl_port port=$openssl_port
psk="-s" psk="-s"
@@ -1004,9 +1005,9 @@ do
do_openssl_client do_openssl_client
;; ;;
*ADH*) *ADH*)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ] if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ]
then then
@@ -1028,9 +1029,9 @@ do
# RSA # RSA
if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ] if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ]
then then
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$openssl_port port=$openssl_port
do_wolfssl_client do_wolfssl_client
@@ -1068,25 +1069,25 @@ do
# ECDSA # ECDSA
if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ] if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ]
then then
cert="./certs/client-ecc-cert.pem" cert="${CERT_DIR}/client-ecc-cert.pem"
key="./certs/ecc-client-key.pem" key="${CERT_DIR}/ecc-client-key.pem"
caCert="./certs/ca-ecc-cert.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ecdsa_openssl_port port=$ecdsa_openssl_port
caCert="./certs/ca-ecc-cert.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem"
do_wolfssl_client do_wolfssl_client
open_temp_cases_total=$((open_temp_cases_total + 1)) open_temp_cases_total=$((open_temp_cases_total + 1))
port=$ecdsa_wolfssl_port port=$ecdsa_wolfssl_port
caCert="./certs/ca-ecc-cert.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem"
do_openssl_client do_openssl_client
fi fi
# Ed25519 # Ed25519
if [ $ed25519_openssl_pid != $no_pid ] if [ $ed25519_openssl_pid != $no_pid ]
then then
cert="./certs/ed25519/server-ed25519.pem" cert="${CERT_DIR}/ed25519/server-ed25519.pem"
key="./certs/ed25519/server-ed25519-priv.pem" key="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
caCert="./certs/ed25519/server-ed25519.pem" caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ed25519_openssl_port port=$ed25519_openssl_port
@@ -1099,9 +1100,9 @@ do
# Ed448 # Ed448
if [ $ed448_openssl_pid != $no_pid ] if [ $ed448_openssl_pid != $no_pid ]
then then
cert="./certs/ed448/client-ed448.pem" cert="${CERT_DIR}/ed448/client-ed448.pem"
key="./certs/ed448/client-ed448-priv.pem" key="${CERT_DIR}/ed448/client-ed448-priv.pem"
caCert="./certs/ed448/server-ed448.pem" caCert="${CERT_DIR}/ed448/server-ed448.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ed448_openssl_port port=$ed448_openssl_port
@@ -1114,9 +1115,9 @@ do
tls13_cipher= tls13_cipher=
;; ;;
*) *)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$openssl_port port=$openssl_port
do_wolfssl_client do_wolfssl_client