wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3741 from elms/test/openssl_distcheck_fix

Browse Source 
testing: fix openssl test for `distcheck`
This commit is contained in:
toddouska
2021-02-11 13:53:09 -08:00
committed by GitHub
parent 81dcf0d28b d67934f6b8
commit ae073b7ce2
2 changed files with 68 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/external.test
View File

@@ -2,6 +2,8 @@
# external.test # external.test
SCRIPT_DIR="$(dirname "$0")"
server=www.wolfssl.com server=www.wolfssl.com
ca=./certs/wolfssl-website-ca.pem ca=./certs/wolfssl-website-ca.pem
@@ -32,7 +34,7 @@ if [ $? -ne 0 ]; then
fi fi
# is our desired server there? # is our desired server there?
./scripts/ping.test $server 2 ${SCRIPT_DIR}/ping.test $server 2
RESULT=$? RESULT=$?
[ $RESULT -ne 0 ] && exit 0 [ $RESULT -ne 0 ] && exit 0

128
scripts/openssl.test
View File

@@ -2,6 +2,8 @@
#openssl.test #openssl.test
CERT_DIR="$PWD/$(dirname "$0")/../certs"
if ! test -n "$WOLFSSL_OPENSSL_TEST"; then if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
echo "WOLFSSL_OPENSSL_TEST NOT set, won't run" echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
exit 0 exit 0
@@ -133,11 +135,11 @@ start_openssl_server() {
if [ "$cert_file" != "" ] if [ "$cert_file" != "" ]
then then
echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
else else
echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
$OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
fi fi
server_pid=$! server_pid=$!
# wait to see if s_server successfully starts before continuing # wait to see if s_server successfully starts before continuing
@@ -451,7 +453,7 @@ esac
if [ "$wolf_certs" != "" ] if [ "$wolf_certs" != "" ]
then then
# Check if ECC certificates supported in wolfSSL # Check if ECC certificates supported in wolfSSL
wolf_ecc=`$WOLFSSL_CLIENT -A ./certs/ed25519/ca-ecc-cert.pem 2>&1` wolf_ecc=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed25519/ca-ecc-cert.pem 2>&1`
case $wolf_ecc in case $wolf_ecc in
*"ca file"*) *"ca file"*)
wolf_ecc="" wolf_ecc=""
@@ -460,7 +462,7 @@ then
;; ;;
esac esac
# Check if Ed25519 certificates supported in wolfSSL # Check if Ed25519 certificates supported in wolfSSL
wolf_ed25519=`$WOLFSSL_CLIENT -A ./certs/ed25519/root-ed25519.pem 2>&1` wolf_ed25519=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed25519/root-ed25519.pem 2>&1`
case $wolf_ed25519 in case $wolf_ed25519 in
*"ca file"*) *"ca file"*)
wolf_ed25519="" wolf_ed25519=""
@@ -469,7 +471,7 @@ then
;; ;;
esac esac
# Check if Ed25519 certificates supported in OpenSSL # Check if Ed25519 certificates supported in OpenSSL
openssl_ed25519=`$OPENSSL s_client -cert ./certs/ed25519/client-ed25519.pem -key ./certs/ed25519/client-ed25519-priv.pem 2>&1` openssl_ed25519=`$OPENSSL s_client -cert ${CERT_DIR}/ed25519/client-ed25519.pem -key ${CERT_DIR}/ed25519/client-ed25519-priv.pem 2>&1`
case $openssl_ed25519 in case $openssl_ed25519 in
*"unable to load"*) *"unable to load"*)
wolf_ed25519="" wolf_ed25519=""
@@ -478,7 +480,7 @@ then
;; ;;
esac esac
# Check if Ed448 certificates supported in wolfSSL # Check if Ed448 certificates supported in wolfSSL
wolf_ed448=`$WOLFSSL_CLIENT -A ./certs/ed448/root-ed448.pem 2>&1` wolf_ed448=`$WOLFSSL_CLIENT -A ${CERT_DIR}/ed448/root-ed448.pem 2>&1`
case $wolf_ed448 in case $wolf_ed448 in
*"ca file"*) *"ca file"*)
wolf_ed448="" wolf_ed448=""
@@ -487,7 +489,7 @@ then
;; ;;
esac esac
# Check if Ed448 certificates supported in OpenSSL # Check if Ed448 certificates supported in OpenSSL
openssl_ed448=`$OPENSSL s_client -cert ./certs/ed448/client-ed448.pem -key ./certs/ed448/client-ed448-priv.pem 2>&1` openssl_ed448=`$OPENSSL s_client -cert ${CERT_DIR}/ed448/client-ed448.pem -key ${CERT_DIR}/ed448/client-ed448-priv.pem 2>&1`
case $openssl_ed448 in case $openssl_ed448 in
*"unable to load"*) *"unable to load"*)
wolf_ed448="" wolf_ed448=""
@@ -572,9 +574,9 @@ if [ "$wolf_rsa" != "" -o "$wolf_tls_psk" != "" ]
then then
if [ "$wolf_rsa" != "" ] if [ "$wolf_rsa" != "" ]
then then
cert_file="./certs/server-cert.pem" cert_file="${CERT_DIR}/server-cert.pem"
key_file="./certs/server-key.pem" key_file="${CERT_DIR}/server-key.pem"
ca_file="./certs/client-ca.pem" ca_file="${CERT_DIR}/client-ca.pem"
else else
cert_file= cert_file=
key_file= key_file=
@@ -601,9 +603,9 @@ fi
# If ECDH-RSA cipher suites supported in wolfSSL then start servers # If ECDH-RSA cipher suites supported in wolfSSL then start servers
if [ "$wolf_ecdh_rsa" != "" ] if [ "$wolf_ecdh_rsa" != "" ]
then then
cert_file="./certs/server-ecc-rsa.pem" cert_file="${CERT_DIR}/server-ecc-rsa.pem"
key_file="./certs/ecc-key.pem" key_file="${CERT_DIR}/ecc-key.pem"
ca_file="./certs/client-ca.pem" ca_file="${CERT_DIR}/client-ca.pem"
openssl_suite="ECDH-RSA" openssl_suite="ECDH-RSA"
start_openssl_server start_openssl_server
@@ -618,9 +620,9 @@ fi
if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ] if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ]
then then
cert_file="./certs/server-ecc.pem" cert_file="${CERT_DIR}/server-ecc.pem"
key_file="./certs/ecc-key.pem" key_file="${CERT_DIR}/ecc-key.pem"
ca_file="./certs/client-ca.pem" ca_file="${CERT_DIR}/client-ca.pem"
openssl_suite="ECDH[E]-ECDSA" openssl_suite="ECDH[E]-ECDSA"
start_openssl_server start_openssl_server
@@ -636,9 +638,9 @@ fi
# If Ed25519 certificates supported in wolfSSL then start servers # If Ed25519 certificates supported in wolfSSL then start servers
if [ "$wolf_ed25519" != "" ]; if [ "$wolf_ed25519" != "" ];
then then
cert_file="./certs/ed25519/server-ed25519.pem" cert_file="${CERT_DIR}/ed25519/server-ed25519.pem"
key_file="./certs/ed25519/server-ed25519-priv.pem" key_file="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
ca_file="./certs/ed25519/root-ed25519.pem" ca_file="${CERT_DIR}/ed25519/root-ed25519.pem"
openssl_suite="Ed25519" openssl_suite="Ed25519"
start_openssl_server start_openssl_server
@@ -656,9 +658,9 @@ fi
# If Ed448 certificates supported in wolfSSL then start servers # If Ed448 certificates supported in wolfSSL then start servers
if [ "$wolf_ed448" != "" ]; if [ "$wolf_ed448" != "" ];
then then
cert_file="./certs/ed448/server-ed448.pem" cert_file="${CERT_DIR}/ed448/server-ed448.pem"
key_file="./certs/ed448/server-ed448-priv.pem" key_file="${CERT_DIR}/ed448/server-ed448-priv.pem"
ca_file="./certs/ed448/client-ed448.pem" ca_file="${CERT_DIR}/ed448/client-ed448.pem"
openssl_suite="Ed448" openssl_suite="Ed448"
start_openssl_server start_openssl_server
@@ -729,7 +731,7 @@ do
# double check that can actually do a sslv3 connection using # double check that can actually do a sslv3 connection using
# client-cert.pem to send but any file with EOF works # client-cert.pem to send but any file with EOF works
$OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ${CERT_DIR}/client-cert.pem
sslv3_sup=$? sslv3_sup=$?
if [ $sslv3_sup != 0 ] if [ $sslv3_sup != 0 ]
then then
@@ -922,9 +924,9 @@ do
caCert="" caCert=""
case $wolfSuite in case $wolfSuite in
*ECDH-RSA*) *ECDH-RSA*)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$ecdh_openssl_port port=$ecdh_openssl_port
do_wolfssl_client do_wolfssl_client
port=$ecdh_wolfssl_port port=$ecdh_wolfssl_port
@@ -933,9 +935,9 @@ do
*ECDHE-ECDSA*|*ECDH-ECDSA*) *ECDHE-ECDSA*|*ECDH-ECDSA*)
if [ "$wolf_ecc" != "" ] if [ "$wolf_ecc" != "" ]
then then
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-ecc-cert.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem"
port=$ecdsa_openssl_port port=$ecdsa_openssl_port
do_wolfssl_client do_wolfssl_client
@@ -946,9 +948,9 @@ do
fi fi
if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ] if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
then then
cert="./certs/ed25519/server-ed25519.pem" cert="${CERT_DIR}/ed25519/server-ed25519.pem"
key="./certs/ed25519/server-ed25519-priv.pem" key="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
caCert="./certs/ed25519/server-ed25519.pem" caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ed25519_openssl_port port=$ed25519_openssl_port
@@ -960,9 +962,9 @@ do
fi fi
if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ] if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
then then
cert="./certs/ed448/client-ed448.pem" cert="${CERT_DIR}/ed448/client-ed448.pem"
key="./certs/ed448/client-ed448-priv.pem" key="${CERT_DIR}/ed448/client-ed448-priv.pem"
caCert="./certs/ed448/server-ed448.pem" caCert="${CERT_DIR}/ed448/server-ed448.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ed448_openssl_port port=$ed448_openssl_port
@@ -974,9 +976,9 @@ do
fi fi
;; ;;
*DHE-PSK*) *DHE-PSK*)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$openssl_port port=$openssl_port
psk="-s" psk="-s"
@@ -992,9 +994,9 @@ do
fi fi
;; ;;
*PSK*) *PSK*)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$openssl_port port=$openssl_port
psk="-s" psk="-s"
@@ -1004,9 +1006,9 @@ do
do_openssl_client do_openssl_client
;; ;;
*ADH*) *ADH*)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ] if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ]
then then
@@ -1028,9 +1030,9 @@ do
# RSA # RSA
if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ] if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ]
then then
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$openssl_port port=$openssl_port
do_wolfssl_client do_wolfssl_client
@@ -1068,25 +1070,25 @@ do
# ECDSA # ECDSA
if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ] if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ]
then then
cert="./certs/client-ecc-cert.pem" cert="${CERT_DIR}/client-ecc-cert.pem"
key="./certs/ecc-client-key.pem" key="${CERT_DIR}/ecc-client-key.pem"
caCert="./certs/ca-ecc-cert.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ecdsa_openssl_port port=$ecdsa_openssl_port
caCert="./certs/ca-ecc-cert.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem"
do_wolfssl_client do_wolfssl_client
open_temp_cases_total=$((open_temp_cases_total + 1)) open_temp_cases_total=$((open_temp_cases_total + 1))
port=$ecdsa_wolfssl_port port=$ecdsa_wolfssl_port
caCert="./certs/ca-ecc-cert.pem" caCert="${CERT_DIR}/ca-ecc-cert.pem"
do_openssl_client do_openssl_client
fi fi
# Ed25519 # Ed25519
if [ $ed25519_openssl_pid != $no_pid ] if [ $ed25519_openssl_pid != $no_pid ]
then then
cert="./certs/ed25519/server-ed25519.pem" cert="${CERT_DIR}/ed25519/server-ed25519.pem"
key="./certs/ed25519/server-ed25519-priv.pem" key="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
caCert="./certs/ed25519/server-ed25519.pem" caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ed25519_openssl_port port=$ed25519_openssl_port
@@ -1099,9 +1101,9 @@ do
# Ed448 # Ed448
if [ $ed448_openssl_pid != $no_pid ] if [ $ed448_openssl_pid != $no_pid ]
then then
cert="./certs/ed448/client-ed448.pem" cert="${CERT_DIR}/ed448/client-ed448.pem"
key="./certs/ed448/client-ed448-priv.pem" key="${CERT_DIR}/ed448/client-ed448-priv.pem"
caCert="./certs/ed448/server-ed448.pem" caCert="${CERT_DIR}/ed448/server-ed448.pem"
wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
port=$ed448_openssl_port port=$ed448_openssl_port
@@ -1114,9 +1116,9 @@ do
tls13_cipher= tls13_cipher=
;; ;;
*) *)
cert="./certs/client-cert.pem" cert="${CERT_DIR}/client-cert.pem"
key="./certs/client-key.pem" key="${CERT_DIR}/client-key.pem"
caCert="./certs/ca-cert.pem" caCert="${CERT_DIR}/ca-cert.pem"
port=$openssl_port port=$openssl_port
do_wolfssl_client do_wolfssl_client