wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow TLS 1.2 to be compiled out.

Browse Source
This commit is contained in:
Sean Parkinson
2018-05-17 09:08:03 +10:00
parent 453daee965
commit ba8e441e53
21 changed files with 843 additions and 606 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scripts/google.test
View File

@@ -6,6 +6,13 @@ server=www.google.com
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# TODO: [TLS13] Remove this when google supports final version of TLS 1.3
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
if [ $? -eq 0 ]; then
echo -e "\n\nClient doesn't support TLS v1.2"
exit 0
fi
# is our desired server there?
./scripts/ping.test $server 2
RESULT=$?

21
scripts/openssl.test
View File

@@ -21,6 +21,9 @@ wolf_suites_total=0
counter=0
testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#Tested\n"
versionName="Invalid"
if [ "$OPENSSL" = "" ]; then
OPENSSL=openssl
fi
version_name() {
case $version in "0")
@@ -73,7 +76,7 @@ else
fi
echo -e "\nTesting existence of openssl command...\n"
command -v openssl >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; }
command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; }
echo -e "\nTesting for _build directory as part of distcheck, different paths"
@@ -92,7 +95,7 @@ found_free_port=0
while [ "$counter" -lt 20 ]; do
echo -e "\nTrying to start openssl server on port $openssl_port...\n"
openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" &
$OPENSSL s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" &
server_pid=$!
# wait to see if s_server successfully starts before continuing
sleep 0.1
@@ -127,7 +130,7 @@ case $wolf_ciphers in
while [ "$counter" -lt 20 ]; do
echo -e "\nTrying to start ECDH-RSA openssl server on port $ecdh_port...\n"
openssl s_server -accept $ecdh_port -cert ./certs/server-ecc-rsa.pem -key ./certs/ecc-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" &
$OPENSSL s_server -accept $ecdh_port -cert ./certs/server-ecc-rsa.pem -key ./certs/ecc-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" &
ecdh_server_pid=$!
# wait to see if s_server successfully starts before continuing
sleep 0.1
@@ -193,11 +196,11 @@ do
echo -e "version = $version"
# get openssl ciphers depending on version
case $version in "0")
openssl_ciphers=`openssl ciphers "SSLv3"`
openssl_ciphers=`$OPENSSL ciphers "SSLv3"`
# double check that can actually do a sslv3 connection using
# client-cert.pem to send but any file with EOF works
openssl s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem
$OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem
sslv3_sup=$?
if [ $sslv3_sup != 0 ]
@@ -208,7 +211,7 @@ do
fi
;;
"1")
openssl_ciphers=`openssl ciphers "TLSv1"`
openssl_ciphers=`$OPENSSL ciphers "TLSv1"`
tlsv1_sup=$?
if [ $tlsv1_sup != 0 ]
then
@@ -218,7 +221,7 @@ do
fi
;;
"2")
openssl_ciphers=`openssl ciphers "TLSv1.1"`
openssl_ciphers=`$OPENSSL ciphers "TLSv1.1"`
tlsv1_1_sup=$?
if [ $tlsv1_1_sup != 0 ]
then
@@ -228,7 +231,7 @@ do
fi
;;
"3")
openssl_ciphers=`openssl ciphers "TLSv1.2"`
openssl_ciphers=`$OPENSSL ciphers "TLSv1.2"`
tlsv1_2_sup=$?
if [ $tlsv1_2_sup != 0 ]
then
@@ -238,7 +241,7 @@ do
fi
;;
"4") #test all suites
openssl_ciphers=`openssl ciphers "ALL"`
openssl_ciphers=`$OPENSSL ciphers "ALL"`
all_sup=$?
if [ $all_sup != 0 ]
then

93
scripts/psk.test
View File

@@ -83,67 +83,40 @@ echo ""
# client test against the server
###############################
# usual psk server / psk client
port=0
./examples/server/server -j -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -s -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nClient connection failed"
do_cleanup
exit 1
fi
echo ""
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
if [ $? -ne 0 ]; then
# Usual server / client. This use case is tested in
# tests/unit.test and is used here for just checking if cipher suite
# is available (one case for example is with disable-asn)
port=0
./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA &
server_pid=$!
create_port
./examples/client/client -p $port
RESULT=$?
remove_ready_file
# if fail here then is a settings issue so return 0
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with choosen non PSK suites"
do_cleanup
exit 0
fi
echo ""
# Usual server / client. This use case is tested in
# tests/unit.test and is used here for just checking if cipher suite
# is available (one case for example is with disable-asn)
port=0
./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA &
server_pid=$!
create_port
./examples/client/client -p $port
RESULT=$?
remove_ready_file
# if fail here then is a settings issue so return 0
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with choosen non PSK suites"
do_cleanup
exit 0
fi
echo ""
# psk server with non psk client
port=0
./examples/server/server -j -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nClient connection failed"
do_cleanup
exit 1
fi
echo ""
# check fail if no auth, psk server with non psk client
echo "Checking fail when not sending peer cert"
port=0
./examples/server/server -j -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -x -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\n\nClient connected when supposed to fail"
do_cleanup
exit 1
# check fail if no auth, psk server with non psk client
echo "Checking fail when not sending peer cert"
port=0
./examples/server/server -j -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -x -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\n\nClient connected when supposed to fail"
do_cleanup
exit 1
fi
fi
echo -e "\nALL Tests Passed"

478
scripts/tls13.test
View File

@@ -14,12 +14,13 @@ counter=0
# also let's add some randomness by adding pid in case multiple 'make check's
# per source tree
ready_file=`pwd`/wolfssl_tls13_ready$$
client_file=/tmp/wolfssl_tls13_client$$
echo "ready file $ready_file"
create_port() {
while [ ! -s $ready_file ]; do
if [ -a "$counter" -gt 50 ]; then
if [ "$counter" -gt 50 ]; then
break
fi
echo -e "waiting for ready file..."
@@ -54,6 +55,10 @@ do_cleanup() {
kill -9 $server_pid
fi
remove_ready_file
if [ -e $client_file ]; then
echo -e "removing existing client file"
rm $client_file
fi
}
do_trap() {
@@ -72,7 +77,7 @@ port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
./examples/client/client -v 4 -p $port | tee $client_file
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
@@ -82,268 +87,6 @@ if [ $RESULT -ne 0 ]; then
fi
echo ""
# Usual TLS v1.3 server / TLS v1.3 client - fragment.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - fragment"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -F 1 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 and fragments not working"
do_cleanup
exit 1
fi
echo ""
# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client.
echo -e "\n\nTLS v1.3 HelloRetryRequest"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -J -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 HelloRetryRequest not working"
do_cleanup
exit 1
fi
echo ""
# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client using cookie
echo -e "\n\nTLS v1.3 HelloRetryRequest with cookie"
port=0
./examples/server/server -v 4 -J -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -J -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 HelloRetryRequest with cookie not working"
do_cleanup
exit 1
fi
echo ""
# Use HelloRetryRequest with TLS v1.3 server / TLS v1.3 client - SHA384.
echo -e "\n\nTLS v1.3 HelloRetryRequest - SHA384"
port=0
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -J -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 HelloRetryRequest with SHA384 not working"
do_cleanup
exit 1
fi
echo ""
# Resumption TLS v1.3 server / TLS v1.3 client.
echo -e "\n\nTLS v1.3 resumption"
port=0
./examples/server/server -v 4 -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 resumption not working"
do_cleanup
exit 1
fi
echo ""
# Resumption TLS v1.3 server / TLS v1.3 client - SHA384
echo -e "\n\nTLS v1.3 resumption - SHA384"
port=0
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 resumption with SHA384 not working"
do_cleanup
exit 1
fi
echo ""
./examples/client/client -v 4 -e 2>&1 | grep -- '-ECC'
if [ $? -eq 0 ]; then
# Usual TLS v1.3 server / TLS v1.3 client and ECC certificates.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC certificates"
port=0
./examples/server/server -v 4 -A certs/client-ecc-cert.pem -c certs/server-ecc.pem -k certs/ecc-key.pem -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -A certs/ca-ecc-cert.pem -c certs/client-ecc-cert.pem -k certs/ecc-client-key.pem -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 ECC certificates not working"
do_cleanup
exit 1
fi
echo ""
fi
# Usual TLS v1.3 server / TLS v1.3 client and no client certificate.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - no client cretificate"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -x -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 and no client certificate not working"
do_cleanup
exit 1
fi
echo ""
# Usual TLS v1.3 server / TLS v1.3 client and DH Key.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - DH Key Exchange"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -y -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 DH Key Exchange not working"
do_cleanup
exit 1
fi
echo ""
# Usual TLS v1.3 server / TLS v1.3 client and ECC Key.
echo -e "\n\nTLS v1.3 server with TLS v1.3 client - ECC Key Exchange"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -Y -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nTLS v1.3 ECDH Key Exchange not working"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suites"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - only TLS v1.3"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-GCM SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-GCM-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-GCM SHA-256"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - AES256-GCM SHA-384"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES256-GCM-SHA384 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES256-GCM SHA-384"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - CHACHA20-POLY1305 SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-CHACHA20-POLY1305-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - CHACHA20-POLY1305 SHA-256"
do_cleanup
exit 1
fi
echo ""
./examples/client/client -v 4 -e 2>&1 | grep -- '-CCM'
if [ $? -eq 0 ]; then
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM SHA-256"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 cipher suites server / client.
echo -e "\n\nOnly TLS v1.3 cipher suite - AES128-CCM-8 SHA-256"
port=0
./examples/server/server -v 4 -R $ready_file -p $port -l TLS13-AES128-CCM-8-SHA256 &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 cipher suites - AES128-CCM-8 SHA-256"
do_cleanup
exit 1
fi
echo ""
fi
# TLS 1.3 cipher suites server / client.
echo -e "\n\nTLS v1.3 cipher suite mismatch"
port=0
@@ -353,189 +96,48 @@ create_port
./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384
RESULT=$?
remove_ready_file
if [ $RESULT -ne 1 ]; then
if [ $RESULT -eq 0 ]; then
echo -e "\n\nIssue with mismatched TLS v1.3 cipher suites"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 server / TLS 1.2 client.
echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 3 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
do_cleanup
exit 1
fi
echo ""
# TLS Downgrade server / TLS 1.2 client.
echo -e "\n\nTLS server downgrading to TLS v1.2"
port=0
./examples/server/server -v d -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 3 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS server downgrading to TLS v1.2"
do_cleanup
exit 1
fi
echo ""
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
if [ $? -ne 0 ]; then
# TLS 1.3 server / TLS 1.2 client.
echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2"
port=0
./examples/server/server -v 4 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 3 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\n\nIssue with TLS v1.3 server downgrading to TLS v1.2"
do_cleanup
exit 1
fi
echo ""
# TLS 1.2 server / TLS 1.3 client.
echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
port=0
./examples/server/server -v 3 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
do_cleanup
exit 1
# TLS 1.2 server / TLS 1.3 client.
echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3"
port=0
./examples/server/server -v 3 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -eq 0 ]; then
echo -e "\n\nIssue with TLS v1.3 client upgrading server to TLS v1.3"
do_cleanup
exit 1
fi
echo ""
fi
echo ""
# TLS 1.2 server / TLS downgrade client.
echo -e "\n\nTLS client downgrading to TLS v1.2"
port=0
./examples/server/server -v 3 -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v d -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS client downgrading to TLS v1.2"
do_cleanup
exit 1
fi
echo ""
# TLS Downgrade server / TLS Downgrade client.
echo -e "\n\nTLS server and client able to downgrade but don't"
port=0
./examples/server/server -v d -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v d -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS not downgrading"
do_cleanup
exit 1
fi
echo ""
# TLS Downgrade server / TLS Downgrade client resumption.
echo -e "\n\nTLS server and client able to downgrade but don't and resume"
port=0
./examples/server/server -v d -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v d -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS not downgrading and resumption"
do_cleanup
exit 1
fi
echo ""
# TLS Downgrade server / TLS 1.2 client and resume.
echo -e "\n\nTLS server downgrade and resume"
port=0
./examples/server/server -v d -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 3 -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS server downgrading and resumption"
do_cleanup
exit 1
fi
echo ""
# TLS 1.2 server / TLS downgrade client and resume.
echo -e "\n\nTLS client downgrade and resume"
port=0
./examples/server/server -v 3 -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v d -r -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS client downgrading and resumption"
do_cleanup
exit 1
fi
echo ""
# TLS Downgrade server / TLS Downgrade client.
# TLS 1.3 server / TLS 1.3 client send KeyUpdate before sending app data.
echo -e "\n\nTLS v1.3 KeyUpdate"
port=0
./examples/server/server -v 4 -U -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -I -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 KeyUpdate"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 server / TLS 1.3 client - don't use (EC)DHE with PSK.
echo -e "\n\nTLS v1.3 PSK without (EC)DHE"
port=0
./examples/server/server -v 4 -r -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -r -K -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 PSK without (EC)DHE"
do_cleanup
exit 1
fi
echo ""
# TLS 1.3 server / TLS 1.3 client and Post-Handshake Authentication.
echo -e "\n\nTLS v1.3 Post-Handshake Authentication"
port=0
./examples/server/server -v 4 -Q -R $ready_file -p $port &
server_pid=$!
create_port
./examples/client/client -v 4 -Q -p $port
RESULT=$?
remove_ready_file
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Post-Handshake Auth"
do_cleanup
exit 1
fi
echo ""
echo -e "\nALL Tests Passed"