--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw
+CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy
+dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu
+dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB
+BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X
+uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud
+DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG
+SM49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA
+l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
+-----END CERTIFICATE-----
--- /dev/null
+Testing SECP224R1 (1)
+Testing SECP256R1 (2)
+Testing SECP384R1 (3)
+Public Key Info:
+ Public Key Algorithm: ECC
+ Key Security Level: High
+
+curve: SECP256R1
+private key:
+ 19:f4:6b:fc:8e:67:e7:51:98:ef:58:67:5f:4c:ee:
+ 22:b9:2e:a4:22:ad:99:28:0d:29:c1:1e:3b:f7:2c:
+ 61:48:
+x:
+ 52:d8:8d:23:8a:e3:67:d7:86:36:b1:20:0b:09:7d:
+ c8:c9:ba:a2:20:95:2f:c5:4a:63:fa:83:5f:ce:78:
+ 2f:8f:
+y:
+ 00:f3:62:ca:fd:b7:f7:80:56:9d:6e:17:b9:0e:11:
+ 4c:48:b2:c0:af:3b:59:17:16:30:68:09:07:99:17:
+ fe:dd:a7:
+
+Public Key ID: D8:37:48:4E:0C:07:DE:56:4E:C8:1E:7F:13:1D:7B:54:FA:9D:2D:BE
+
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBn0a/yOZ+dRmO9YZ19M7iK5LqQirZkoDSnBHjv3LGFIoAoGCCqGSM49
+AwEHoUQDQgAEUtiNI4rjZ9eGNrEgCwl9yMm6oiCVL8VKY/qDX854L4/zYsr9t/eA
+Vp1uF7kOEUxIssCvO1kXFjBoCQeZF/7dpw==
+-----END EC PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAaGgAwIBAgIETd4LiTAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEP
+MA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0
+aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZp
+Y2F0ZSBhdXRob3JpdHkwHhcNMTEwNTI2MDgxMjU4WhcNMTIxMjI0MTkxNjI5WjAh
+MQswCQYDVQQGEwJCRTESMBAGA1UEAxMJbG9jYWxob3N0ME4wEAYHKoZIzj0CAQYF
+K4EEACEDOgAEajvYx+4zlK+ML3N97kxGydOZ09wqD7YwOvRqLEt6lYUymIwd7RpG
+Ejz2W69GUXtw8vMbZmULNjyjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYI
+KwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUm+S0YAc8Me/osocf
+UaYG4uYxpwkwHwYDVR0jBBgwFoAU8LSB/pgSv7UouWRAA8vMH2ZOKAMwCgYIKoZI
+zj0EAwIDRwAwRAIgTqvgggIh57TVhSKXRie+XDhndnCUeNTE7qx2VO5CgfACIAwA
+OLnOYanr1sWQVKxSACU1wnNZ6UsuWSMr/uDlKJfZ
+-----END CERTIFICATE-----
. ../scripts/common.sh
-echo "Compatibility checks using "`openssl version`
-openssl version|grep -e 1\.0 >/dev/null 2>&1
+SERV=openssl
+OPENSSL_CLI="openssl"
+
+echo "Compatibility checks using "`$SERV version`
+$SERV version|grep -e 1\.0 >/dev/null 2>&1
SV=$?
if test $SV != 0;then
echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
CLI_CERT=$srcdir/../../doc/credentials/x509-client.pem
CLI_KEY=$srcdir/../../doc/credentials/x509-client-key.pem
+CA_ECC_CERT=$srcdir/../certs/ca-cert-ecc.pem
+ECC_CERT=$srcdir/../certs/cert-ecc.pem
+ECC_KEY=$srcdir/../certs/ecc.pem
+
SERV_CERT=$srcdir/../../doc/credentials/x509-server.pem
SERV_KEY=$srcdir/../../doc/credentials/x509-server-key.pem
SERV_DSA_CERT=$srcdir/../../doc/credentials/x509-server-dsa.pem
echo "# Client mode tests #"
echo "#####################"
-SERV=openssl
launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
PID=$!
kill $PID
wait
+if test $SV = 0;then
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC_KEY -cert $ECC_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-ECDSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --insecure --x509certfile $ECC_CERT --x509keyfile $ECC_KEY </dev/null >/dev/null || \
+ fail "Failed"
+
+kill $PID
+wait
+
+fi
+
launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -mtu 1000 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
PID=$!
wait_server $PID
echo "# Server mode tests #"
echo "#####################"
SERV="../../src/gnutls-serv$EXEEXT -q"
-CLI="openssl"
PORT="5559"
# Note that openssl s_client does not return error code on failure
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
wait_server $PID
-$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
fail "Failed"
kill $PID
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
wait_server $PID
-$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
fail "Failed"
kill $PID
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
wait_server $PID
-$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
fail "Failed"
kill $PID
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
wait_server $PID
-$CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
fail "Failed"
kill $PID
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
wait_server $PID
-$CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
fail "Failed"
kill $PID
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$!
wait_server $PID
-$CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
fail "Failed"
kill $PID
if test $SV = 0;then
echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
-launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
wait_server $PID
#-cipher ECDHE-RSA-AES128-SHA
-$CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite"
+launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC_CERT --x509keyfile $ECC_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC_CERT -key $ECC_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
fail "Failed"
kill $PID
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
wait_server $PID
-$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
fail "Failed"
kill $PID