From: Nikos Mavrogiannopoulos Date: Fri, 15 Apr 2011 07:27:55 +0000 (+0200) Subject: Added interoperability tests with openssl. X-Git-Tag: gnutls_2_99_1~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ec2c7d456483f147727d7e6e710cb285371b10e;p=thirdparty%2Fgnutls.git Added interoperability tests with openssl. --- diff --git a/tests/certs/cert-rsa-2432.pem b/tests/certs/cert-rsa-2432.pem new file mode 100644 index 0000000000..bbc2b63b82 --- /dev/null +++ b/tests/certs/cert-rsa-2432.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDlzCCAk+gAwIBAgIETadUITANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJC +RTEPMA0GA1UEChMGR251VExTMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTEwNDE0 +MjAwODAyWhcNMzgwODI5MjAwODA0WjAyMQswCQYDVQQGEwJCRTEPMA0GA1UEChMG +R251VExTMRIwEAYDVQQDEwlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IB +PwAwggE6AoIBMQDdz5fSpR2V3YYY2MS5raYMtJ223PrcIeE6YjQH6DOy6JfuLEHS +EvFf7eR2/2UmHgzHQRVpXw35rYkUjerXFlKaR8G7AALkiEVzeKSu2zjDxgfSZA6H +7XSMa8TAAlB8TqbRWOnlEwmp21rq6w8GgFwJ75TI6fs3LnXhrJOtmzcTS2Y6djPY +xNdM+2HIkiEH/N+piFTko6lH0my44zmJEYg4LaLcPl5KqaSO1R+y0N1BPNoQaJ5H +G2UCosUocwKDAwn99Sl+l9wqTkuqeUZGcIYbm7j2ir4ph31f2qWXa+/IQwlD4h+K +Fn4dUF312gLu8sMqSOZrMOoC1++siwy4wYXYv3yFqB6DvlwmLnl7R/VKP2Zikv1B +ILYsAPBSyiYGLXzPelB9D8vdlyDIb+TgUPTjAgMBAAGjVTBTMAwGA1UdEwEB/wQC +MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4E +FgQUklPWcbn4aKqzU/aN9TlFZpyn5TEwDQYJKoZIhvcNAQELBQADggExAJi/SInB +5uYVE8z8uu2gieWGRTBzaLJ5H4gCgPstybghVY3Ft1Ybz8N27tDw2SI6Y5LFBIZw +HkIzKjvEFAjFQpJzfD45wO40xzMWX5Ouzx+aMAlR/i2UnCitKn7kFIFFaw3XESH8 +2ycXdLTMlBpunntYqeAGjdpfYOG4byhotli+xaw2Rzf2qDh0I4HzIr5h/wgIh+vC +jykldV1M69UJKKt7mflpCKLGAtIuzfrxGc4/RGqhS6hW1RGuRONoBVBXjXIPxyHb +j6NQeF1aOcuQPVJDM7/qiQcaksyFJ6g9NLhbUu7vILm2/+rFkNNHxVGQ4uY+Urke +eRi+/eIkvkcyWrADa6rbw9v2YEQItiwZR6LwQ3/wB5dXq+yguGpJzgjmw03ypOm4 +Q+fwhNcachRdgho= +-----END CERTIFICATE----- diff --git a/tests/certs/rsa-2432.pem b/tests/certs/rsa-2432.pem new file mode 100644 index 0000000000..c3e3c44757 --- /dev/null +++ b/tests/certs/rsa-2432.pem @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIFfAIBAAKCATEA3c+X0qUdld2GGNjEua2mDLSdttz63CHhOmI0B+gzsuiX7ixB +0hLxX+3kdv9lJh4Mx0EVaV8N+a2JFI3q1xZSmkfBuwAC5IhFc3ikrts4w8YH0mQO +h+10jGvEwAJQfE6m0Vjp5RMJqdta6usPBoBcCe+UyOn7Ny514ayTrZs3E0tmOnYz +2MTXTPthyJIhB/zfqYhU5KOpR9JsuOM5iRGIOC2i3D5eSqmkjtUfstDdQTzaEGie +RxtlAqLFKHMCgwMJ/fUpfpfcKk5LqnlGRnCGG5u49oq+KYd9X9qll2vvyEMJQ+If +ihZ+HVBd9doC7vLDKkjmazDqAtfvrIsMuMGF2L98hageg75cJi55e0f1Sj9mYpL9 +QSC2LADwUsomBi18z3pQfQ/L3ZcgyG/k4FD04wIDAQABAoIBMQDKrMQSUpMs/ARq +sa9X5iai12qAy3xhJofxXAgk7XRH1qX0l/XwqSRqvimS3hyjbrPIYVzaMmPHr1xh +LqfVruz9UfHgF8uM3ENxllwL9f3xTQKaqJhqdXuYT2Sw+axnWUquYWseyH18+hUi +MHRDQYhX/9VYnAvSyR4nfhRWfkwd0jhv1M/dE0eTbONVbMjHzrTj6NGBNVYZa6U6 +NopQnn78Sku061751RCC7lwmwEwAgpu2+n5SQzoXN79cPy4NdHbEfW8JEPyOXTNB ++yUVwI4glPbT+9GG2LwIL/eGT71DQOW6O7De6+URU7thc4VQSpt0CBG3XDvtp1bo +AQ+MHncOAGtz5ueJwC10HjflosRLc1U2DBWQmAGCiG9smu8eYsFKfFwhxoW1VBdD +jP1GU4xZAoGZAN68jwJoaZ+GbRcAgkyHDA6u2nCjPZ5qTZAp4PWWkCcXlSG0rhjS +8ZW+p55dw6W5hm0k5Ozg+kYKgSRH5THTPzHy3ijmKXoyvEjz+A8arf4StedPAg2Z +OLw3cx0ZDGM86WDvhBrPxw0WtgpaJiogZ6vtSeOB64kLkdi9agDjuTucB/1kBgfx +6i17wkjfCkWIvvdebDpkMQqfAoGZAP7vpWHvz34u/c2HrviigWhNrA2oWnLmwhem +TSd8vLGPM4VmI189NIeP2x3SpLF+uPoLIhUWJSHxzl9yIZkZb2ci+jj5paiGad6P +wEruhJL7pngMgxrU69G2qG4BRc1F0UNKqqqql9428GjcpSczw2nklSxeifkpLAfc +kTDOxUSBx5k3oLEVEkov/FDmF0+afUOd/Rz1pHM9AoGYSPHpx/kX9lWY7nqNMbDc +owZipZbgfDwGMNt2QBfSF+tiPMqmZZzX35mz3WqJw4GR47a8flNjw4J3LsGY7wtm +293VIgHWvZ1WCnJT3+Z16wqHpjw6yOdQLFvgiDwG0Y1GRSfL1NgNMV0puxQxAYTh +Tu4ET8zhrV0ro5bM24O4yyvbdgHG890nO0QXqbPZ8lHJcMvsl+buJLMCgZhcxIfB +46n1mNPyfnVFNJ0yf1EkhyaiuSXXxUQ+Ij3nvtxYppoohfUff1GUwJn9nMdi9bop +Qi2w9HTMdpOTSpYnSasUIIQPlxnfSyAGJFVJxxkEhkkO8nv9jCIuJXhpAgbsHbeM +8xbgXc2N2vyeD1AEsJE33A8JA9pp4fFTeWp/S1p+fqeSyMAnDt8Z8SB6bxU2Db+V +Ui3NYQKBmQDcQLZxlmIVCSoi7bgYao0MzTZQRGxh2Sb8IP0JG/8JeXSvWBos2fA9 +gGnjYxuadFpkLlNE+mj8Y9YcHsnPsHblVc/ebKH9rB3jHWg8+SDvEDsaB3KLJp4g +ElDlARbld3I1ACNmpY7RTIAqSintWG2fg8w3lvCbm96xyisGLG9KL1z9pJdAO/LG +EYRdbwn1bSCWDbwiqYkWFg== +-----END RSA PRIVATE KEY----- diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh index f7b75e6649..18c321fa14 100644 --- a/tests/scripts/common.sh +++ b/tests/scripts/common.sh @@ -20,6 +20,7 @@ fail() { echo "Failure: $1" >&2 + kill $PID exit 1 } @@ -38,6 +39,21 @@ launch_server() { fi } +launch_bare_server() { + PARENT=$1; + shift; + $SERV $* >/dev/null 2>&1 & + LOCALPID="$!"; + trap "[ ! -z \"${LOCALPID}\" ] && kill ${LOCALPID};" 15 + wait "${LOCALPID}" + LOCALRET="$?" + if [ "${LOCALRET}" != "0" -a "${LOCALRET}" != "143" ] ; then + # Houston, we'v got a problem... + echo "Failed to launch server !" + kill -10 ${PARENT} + fi +} + wait_server() { trap "kill $1" 1 15 2 sleep 2 diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index 32aab4a492..6c95f437f5 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -72,6 +72,7 @@ nodist_eagain_cli_SOURCES = mini-eagain2.c noinst_PROGRAMS = eagain-cli -nodist_check_SCRIPTS = eagain testsrn +nodist_check_SCRIPTS = eagain testsrn testbig + +TESTS = eagain testsrn testbig -TESTS = eagain testsrn diff --git a/tests/suite/testbig b/tests/suite/testbig new file mode 100755 index 0000000000..fc69fbd2bd --- /dev/null +++ b/tests/suite/testbig @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright (C) 2010 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +if ! test -x /usr/bin/openssl;then + exit 77 +fi + +datefudge "2007-04-22" ./testbig-main diff --git a/tests/suite/testbig-main b/tests/suite/testbig-main new file mode 100755 index 0000000000..18ec3b1926 --- /dev/null +++ b/tests/suite/testbig-main @@ -0,0 +1,244 @@ +#!/bin/sh + +# Copyright (C) 2010 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" +PORT="${PORT:-5558}" +unset RETCODE + +if test "${WINDIR}" != "";then + exit 77 +fi + +. ../scripts/common.sh + +echo "Compatibility checks using "`openssl version` + +DSA_CERT=$srcdir/../dsa/cert.dsa.1024.pem +DSA_KEY=$srcdir/../dsa/dsa.1024.pem + +RSA_CERT=$srcdir/../certs/cert-rsa-2432.pem +RSA_KEY=$srcdir/../certs/rsa-2432.pem + +CA_CERT=$srcdir/../../doc/credentials/x509-ca.pem +CLI_CERT=$srcdir/../../doc/credentials/x509-client.pem +CLI_KEY=$srcdir/../../doc/credentials/x509-client-key.pem + +SERV_CERT=$srcdir/../../doc/credentials/x509-server.pem +SERV_KEY=$srcdir/../../doc/credentials/x509-server-key.pem +SERV_DSA_CERT=$srcdir/../../doc/credentials/x509-server-dsa.pem +SERV_DSA_KEY=$srcdir/../../doc/credentials/x509-server-key-dsa.pem + +echo "#####################" +echo "# Client mode tests #" +echo "#####################" + +SERV=openssl + +launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & +PID=$! +wait_server $PID + +# Test SSL 3.0 with RSA ciphersuite +echo "Checking SSL 3.0 with RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +# Test SSL 3.0 with DHE-RSA ciphersuite +echo "Checking SSL 3.0 with DHE-RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +# Test SSL 3.0 with DHE-DSS ciphersuite +echo "Checking SSL 3.0 with DHE-DSS..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +kill $PID +wait + +launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & +PID=$! +wait_server $PID + +# Test TLS 1.0 with RSA ciphersuite +echo "Checking TLS 1.0 with RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +# Test TLS 1.0 with DHE-RSA ciphersuite +echo "Checking TLS 1.0 with DHE-RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +# Test TLS 1.0 with DHE-DSS ciphersuite +echo "Checking TLS 1.0 with DHE-DSS..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +kill $PID +wait + +launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -mtu 1000 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & +PID=$! +wait_server $PID + +# Test DTLS 1.0 with RSA ciphersuite +echo "Checking DTLS 1.0 with RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +kill $PID +wait + +launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -mtu 1000 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & +PID=$! +wait_server $PID + +# Test DTLS 1.0 with DHE-RSA ciphersuite +echo "Checking DTLS 1.0 with DHE-RSA..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +kill $PID +wait + +launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -mtu 1000 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT & +PID=$! +wait_server $PID + +# Test DTLS 1.0 with DHE-DSS ciphersuite +echo "Checking DTLS 1.0 with DHE-DSS..." +$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY /dev/null || \ + fail "Failed" + +kill $PID +wait + +echo "Client mode tests were successfully completed" +echo "" +echo "#####################" +echo "# Server mode tests #" +echo "#####################" +SERV="../../src/gnutls-serv$EXEEXT -q" +CLI="openssl" +PORT="5559" + +# Note that openssl s_client does not return error code on failure + +echo "Check SSL 3.0 with RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + +echo "Check SSL 3.0 with DHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + +echo "Check SSL 3.0 with DHE-DSS ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + +#TLS 1.0 + +echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with DHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + +echo "Check TLS 1.0 with DHE-DSS ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + + +# DTLS +echo "Check DTLS 1.0 with RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + +echo "Check DTLS 1.0 with DHE-RSA ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + +echo "Check DTLS 1.0 with DHE-DSS ciphersuite" +launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS" --udp --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh & PID=$! +wait_server $PID + +$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT &1 | grep "\:error\:" && \ + fail "Failed" + +kill $PID +wait + + + +exit 0