diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test index d13b70369..821b6aac8 100755 --- a/scripts/crl-revoked.test +++ b/scripts/crl-revoked.test @@ -1,15 +1,15 @@ -#!/bin/bash +#!/bin/sh #crl.test # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi revocation_code="-361" diff --git a/scripts/include.am b/scripts/include.am index 50eeed9a3..2ad416b68 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -24,12 +24,17 @@ dist_noinst_SCRIPTS+= scripts/crl-revoked.test scripts/crl-revoked.log: scripts/resume.log endif +# arrange to serialize ocsp.test, ocsp-stapling.test, ocsp-stapling-with-ca-as-responder.test, ocsp-stapling2.test, and testsuite, +# to help mitigate port conflicts among them. +# note that unit.test is gated on testsuite in Makefile.am, which is also helpful for these purposes. + if BUILD_OCSP_STAPLING dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test -scripts/ocsp-stapling.log: tests/unit.log +if !BUILD_OCSP_STAPLING_V2 +testsuite/testsuite.log: scripts/ocsp-stapling.log scripts/ocsp-stapling-with-ca-as-responder.log +endif scripts/ocsp-stapling.log: scripts/ocsp.log dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-ca-as-responder.test -scripts/ocsp-stapling-with-ca-as-responder.log: tests/unit.log scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp.log scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp-stapling.log endif @@ -38,12 +43,11 @@ if BUILD_OCSP_STAPLING_V2 dist_noinst_SCRIPTS+= scripts/ocsp-stapling2.test if BUILD_OCSP_STAPLING -scripts/ocsp-stapling2.log: tests/unit.log +testsuite/testsuite.log: scripts/ocsp-stapling2.log scripts/ocsp-stapling2.log: scripts/ocsp.log scripts/ocsp-stapling2.log: scripts/ocsp-stapling.log scripts/ocsp-stapling2.log: scripts/ocsp-stapling-with-ca-as-responder.log else -scripts/ocsp-stapling2.log: tests/unit.log scripts/ocsp-stapling2.log: scripts/ocsp.log endif diff --git a/scripts/ocsp-stapling-with-ca-as-responder.test b/scripts/ocsp-stapling-with-ca-as-responder.test index 1baadb996..fa264ef0f 100755 --- a/scripts/ocsp-stapling-with-ca-as-responder.test +++ b/scripts/ocsp-stapling-with-ca-as-responder.test @@ -3,13 +3,13 @@ # ocsp-stapling-with-ca-as-responder.test # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi if [[ -z "${RETRIES_REMAINING-}" ]]; then @@ -39,7 +39,6 @@ ln -s ../examples CERT_DIR="certs/ocsp" -resume_port=0 ready_file="${WORKSPACE}"/wolf_ocsp_s1_readyF$$ ready_file2="${WORKSPACE}"/wolf_ocsp_s1_readyF2$$ printf '%s\n' "ready files: $ready_file $ready_file2" @@ -190,8 +189,9 @@ get_first_free_port() { return 0 } -base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024)) +base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) port1=$(get_first_free_port $base_port) +port2=$(get_first_free_port $((port1 + 1))) # create a port to use with openssl ocsp responder @@ -240,7 +240,7 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERT ./examples/server/server -c certs/ocsp/server1-cert.pem \ -k certs/ocsp/server1-key.pem -R $ready_file2 \ - -p $resume_port & + -p $port2 & wait_for_readyFile $ready_file2 CLI_PORT=`cat $ready_file2` ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ @@ -254,7 +254,7 @@ printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" remove_single_rF $ready_file2 ./examples/server/server -c certs/ocsp/server2-cert.pem \ -k certs/ocsp/server2-key.pem -R $ready_file2 \ - -p $resume_port & + -p $port2 & wait_for_readyFile $ready_file2 CLI_PORT=`cat $ready_file2` ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 073cb0352..4df14a53e 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -3,6 +3,8 @@ # ocsp-stapling.test # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST +# Note, this script makes connection(s) to the public Internet. + if [[ -z "${RETRIES_REMAINING-}" ]]; then export RETRIES_REMAINING=2 fi @@ -29,7 +31,6 @@ cd "$WORKSPACE" || exit $? ln -s ../examples CERT_DIR="./certs/ocsp" -resume_port=0 ready_file="$WORKSPACE"/wolf_ocsp_s1_readyF$$ ready_file2="$WORKSPACE"/wolf_ocsp_s1_readyF2$$ printf '%s\n' "ready file: $ready_file" @@ -191,9 +192,10 @@ get_first_free_port() { return 0 } -base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024)) +base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) port1=$(get_first_free_port $base_port) port2=$(get_first_free_port $((port1 + 1))) +port3=$(get_first_free_port $((port2 + 1))) # test interop fail case @@ -279,7 +281,7 @@ sleep 0.1 printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERT ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ - -k certs/ocsp/server1-key.pem -p $resume_port & + -k certs/ocsp/server1-key.pem -p $port3 & wait_for_readyFile $ready_file2 CLI_PORT=`cat $ready_file2` ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT @@ -291,7 +293,7 @@ printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED CERT remove_single_rF $ready_file2 ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ - -k certs/ocsp/server2-key.pem -p $resume_port & + -k certs/ocsp/server2-key.pem -p $port3 & wait_for_readyFile $ready_file2 sleep 0.1 CLI_PORT=`cat $ready_file2` @@ -309,7 +311,7 @@ if [ $? -ne 0 ]; then remove_single_rF $ready_file2 ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \ -k certs/ocsp/server1-key.pem -v 4 \ - -p $resume_port & + -p $port3 & wait_for_readyFile $ready_file2 CLI_PORT=`cat $ready_file2` ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ @@ -323,7 +325,7 @@ if [ $? -ne 0 ]; then remove_single_rF $ready_file2 ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \ -k certs/ocsp/server2-key.pem -v 4 \ - -p $resume_port & + -p $port3 & wait_for_readyFile $ready_file2 CLI_PORT=`cat $ready_file2` ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index 9c2f82180..d166bfc9b 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -4,13 +4,13 @@ # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2 # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi if [[ -z "${RETRIES_REMAINING-}" ]]; then @@ -40,7 +40,6 @@ ln -s ../examples CERT_DIR="certs/ocsp" -resume_port=0 ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$ ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$ ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$ @@ -219,7 +218,7 @@ get_first_free_port() { return 0 } -base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024)) +base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) port1=$(get_first_free_port $base_port) port2=$(get_first_free_port $((port1 + 1))) port3=$(get_first_free_port $((port2 + 1))) @@ -334,7 +333,7 @@ printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW" #remove_single_rF $ready_file5 #./examples/server/server -c certs/ocsp/server3-cert.pem \ # -k certs/ocsp/server3-key.pem -R $ready_file5 \ -# -p $resume_port & +# -p $port5 & #wait_for_readyFile $ready_file5 #CLI_PORT=`cat $ready_file5` #./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ diff --git a/scripts/ocsp.test b/scripts/ocsp.test index 543705617..a939ca229 100755 --- a/scripts/ocsp.test +++ b/scripts/ocsp.test @@ -2,6 +2,8 @@ # ocsp.test +# Note, this script makes connection(s) to the public Internet. + server=www.globalsign.com ca=certs/external/ca-globalsign-root.pem diff --git a/scripts/openssl.test b/scripts/openssl.test index 69724478c..8c12d136b 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh #openssl.test @@ -8,13 +8,13 @@ if ! test -n "$WOLFSSL_OPENSSL_TEST"; then fi # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi echo "WOLFSSL_OPENSSL_TEST set, running test..." diff --git a/scripts/pkcallbacks.test b/scripts/pkcallbacks.test index a28820090..82aaef1e4 100755 --- a/scripts/pkcallbacks.test +++ b/scripts/pkcallbacks.test @@ -1,15 +1,15 @@ -#!/bin/bash +#!/bin/sh #pkcallbacks.test # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi exit_code=1 diff --git a/scripts/psk.test b/scripts/psk.test index e5f435a01..cef3beba2 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -1,16 +1,16 @@ -#!/bin/bash +#!/bin/sh # psk.test # copyright wolfSSL 2016 # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi # getting unique port is modeled after resume.test script diff --git a/scripts/resume.test b/scripts/resume.test index af23a669a..7d02339c6 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -1,15 +1,15 @@ -#!/bin/bash +#!/bin/sh #resume.test # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi # need a unique resume port since may run the same time as testsuite diff --git a/scripts/sniffer-testsuite.test b/scripts/sniffer-testsuite.test index 79aca3df1..69bfa50df 100755 --- a/scripts/sniffer-testsuite.test +++ b/scripts/sniffer-testsuite.test @@ -1,15 +1,15 @@ -#!/bin/bash +#!/bin/sh #sniffer-testsuite.test # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi # ./configure --enable-sniffer [--enable-session-ticket] diff --git a/scripts/tls13.test b/scripts/tls13.test index 665799b20..e393e68aa 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -1,16 +1,16 @@ -#!/bin/bash +#!/bin/sh # tls13.test # copyright wolfSSL 2016 # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi # getting unique port is modeled after resume.test script diff --git a/scripts/trusted_peer.test b/scripts/trusted_peer.test index fbf7260d8..f6e4b3e0b 100755 --- a/scripts/trusted_peer.test +++ b/scripts/trusted_peer.test @@ -1,16 +1,16 @@ -#!/bin/bash +#!/bin/sh # trusted_peer.test # copyright wolfSSL 2016 # if we can, isolate the network namespace to eliminate port collisions. -if [[ "${AM_BWRAPPED-}" != "yes" ]]; then +if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" - if [[ -n "$bwrap_path" ]]; then + if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" - unset AM_BWRAPPED fi + unset AM_BWRAPPED fi # getting unique port is modeled after resume.test script