diff --git a/tests/compat.sh b/tests/compat.sh index 4c292b02e..d35a8138d 100644 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -1,19 +1,22 @@ killall -q openssl ssl_server ssl_server2 MODES="ssl3 tls1 tls1_1 tls1_2" -#VERIFY="YES" -VERIFY="" +VERIFIES="NO YES" OPENSSL=openssl +for VERIFY in $VERIFIES; +do if [ "X$VERIFY" = "XYES" ]; then - P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key" - O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt" + P_SERVER_ARGS="auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt" + P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt" + O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key" + O_CLIENT_ARGS="-cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt" fi for MODE in $MODES; do -echo "Running for $MODE" +echo "Running for $MODE (Verify: $VERIFY)" echo "-----------" P_CIPHERS=" \ @@ -56,24 +59,24 @@ O_CIPHERS=" \ # Also add SHA256 ciphersuites # -P_CIPHERS="$P_CIPHERS \ - TLS-RSA-WITH-NULL-SHA256 \ - TLS-RSA-WITH-AES-128-CBC-SHA256 \ - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ - TLS-RSA-WITH-AES-256-CBC-SHA256 \ - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ - " - -O_CIPHERS="$O_CIPHERS \ - NULL-SHA256 \ - AES128-SHA256 \ - DHE-RSA-AES128-SHA256 \ - AES256-SHA256 \ - DHE-RSA-AES256-SHA256 \ - " - if [ "$MODE" = "tls1_2" ]; then + P_CIPHERS="$P_CIPHERS \ + TLS-RSA-WITH-NULL-SHA256 \ + TLS-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-RSA-WITH-AES-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ + " + + O_CIPHERS="$O_CIPHERS \ + NULL-SHA256 \ + AES128-SHA256 \ + DHE-RSA-AES128-SHA256 \ + AES256-SHA256 \ + DHE-RSA-AES256-SHA256 \ + " + P_CIPHERS="$P_CIPHERS \ TLS-RSA-WITH-AES-128-GCM-SHA256 \ TLS-RSA-WITH-AES-256-GCM-SHA384 \ @@ -112,14 +115,14 @@ do done kill $PROCESS_ID -../programs/ssl/ssl_server2 > /dev/null & +../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null & PROCESS_ID=$! sleep 1 for i in $O_CIPHERS; do - RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i 2>&1)" + RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )" EXIT=$? echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - " @@ -131,6 +134,8 @@ do echo "Ciphersuite not supported in server" else echo Failed + echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS + echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS echo $RESULT fi else @@ -140,7 +145,7 @@ done kill $PROCESS_ID -../programs/ssl/ssl_server2 > /dev/null & +../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null & PROCESS_ID=$! sleep 1 @@ -160,7 +165,7 @@ fi for i in $P_CIPHERS; do - RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )" + RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )" EXIT=$? echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - " if [ "$EXIT" = "2" ]; @@ -177,4 +182,4 @@ done kill $PROCESS_ID done - +done