diff --git a/tests/compat.sh b/tests/compat.sh index 62badc88d..8b5dd6bd6 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -1,5 +1,8 @@ #!/bin/bash +# Test interop with OpenSSL for each common ciphersuite and version. +# Also test selfop for ciphersuites not shared with OpenSSL. + killall -q openssl ssl_server ssl_server2 let "tests = 0" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh new file mode 100755 index 000000000..a845110c6 --- /dev/null +++ b/tests/ssl-opt.sh @@ -0,0 +1,92 @@ +#!/bin/sh + +# Test various options that are not covered by compat.sh +# +# Here the goal is not to cover every ciphersuite/version, but +# rather specific options (max fragment length, truncated hmac, etc) +# or procedures (session resumption from cache or ticket, renego, etc). +# +# Assumes all options are compiled in. + +PROGS_DIR='../programs/ssl' +SRV_CMD="$PROGS_DIR/ssl_server2" +CLI_CMD="$PROGS_DIR/ssl_client2" + +# Usage: run_test name srv_args cli_args cli_exit [option [...]] +# Options: -s pattern pattern that must be present in server output +# -c pattern pattern that must be present in client output +# -S pattern pattern that must be absent in server output +# -C pattern pattern that must be absent in client output +run_test() { + echo -n "$1: " + shift + + # run the commands + $SRV_CMD $1 > srv_out & + SRV_PID=$! + sleep 1 + $CLI_CMD $2 > cli_out + CLI_EXIT=$? + echo SERVERQUIT | openssl s_client >/dev/null 2>&1 + wait $SRV_PID + shift 2 + + # check client exit code + if [ "$1" = 0 -a "$CLI_EXIT" != 0 ]; then + echo "FAIL - client exit" + return + fi + shift + + # check options + while [ $# -gt 0 ] + do + case $1 in + "-s") + if grep "$2" srv_out >/dev/null; then :; else + echo "FAIL - -s $2" + return + fi + ;; + + "-c") + if grep "$2" cli_out >/dev/null; then :; else + echo "FAIL - -c $2" + return + fi + ;; + + "-S") + if grep "$2" srv_out >/dev/null; then + echo "FAIL - -S $2" + return + fi + ;; + + "-C") + if grep "$2" cli_out >/dev/null; then + echo "FAIL - -C $2" + return + fi + ;; + + *) + echo "Unkown test: $1" >&2 + exit 1 + esac + shift 2 + done + + # if we're here, everything is ok + echo "PASS" + rm -r srv_out cli_out +} + +killall -q openssl ssl_server ssl_server2 + +run_test "Truncated HMAC" \ + "debug_level=5" \ + "debug_level=5 trunc_hmac=1 \ + force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + 0 \ + -s "dumping 'computed mac' (10 bytes)$"