wait_server $PID
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
- fail "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+ fail $PID "Failed connection to a server with DSA 1024 key and TLS 1.0!"
echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0"
#try with client key of 1024 bits (should succeed)
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null >/dev/null || \
- fail "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+ fail $PID "Failed connection to a server with DSA 1024 key and TLS 1.0!"
echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0"
#try with client key of 2048 bits (should fail)
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null 2>&1 && \
- fail "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
+ fail $PID "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"
#try with client key of 3072 bits (should fail)
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null 2>&1 && \
- fail "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
+ fail $PID "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
kill $PID
wait
wait_server $PID
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
- fail "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+ fail $PID "Failed connection to a server with DSA 1024 key and TLS 1.2!"
echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2"
#try with client key of 1024 bits (should succeed)
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null >/dev/null || \
- fail "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+ fail $PID "Failed connection to a server with DSA 1024 key and TLS 1.2!"
echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2"
#try with client key of 2048 bits (should succeed)
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null || \
- fail "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
+ fail $PID "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"
#try with client key of 3072 bits (should succeed)
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null || \
- fail "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
+ fail $PID "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
kill $PID
wait_server $PID
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
- fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
+ fail $PID "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
kill $PID
wait
wait_server $PID
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
- fail "Failed connection to a server with DSA 2048 key and TLS 1.2!"
+ fail $PID "Failed connection to a server with DSA 2048 key and TLS 1.2!"
kill $PID
wait
wait_server $PID
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
- fail "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
+ fail $PID "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
kill $PID
wait
wait_server $PID
$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
- fail "Failed connection to a server with DSA 3072 key and TLS 1.2!"
+ fail $PID "Failed connection to a server with DSA 3072 key and TLS 1.2!"
kill $PID
wait
# fail "Connection to verified IP address should have succeeded! (error code $?)" $?
$CLI $DEBUG -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null 2>&1 && \
- fail "Connection to unrecognized IP address should have failed!"
+ fail $PID "Connection to unrecognized IP address should have failed!"
$CLI $DEBUG -p $PORT localhost --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null 2>&1 && \
- fail "Connection to unverified (but present) 'localhost' should have failed!"
+ fail $PID "Connection to unverified (but present) 'localhost' should have failed!"
kill $PID
wait
wait_server $PID
echo | $CLI $DEBUG -p $PORT 127.0.0.1 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null 2>&1 && \
- fail "Connection to unverified IP address should have failed! (error code $?)" $?
+ fail $PID "Connection to unverified IP address should have failed! (error code $?)" $?
$CLI $DEBUG -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null 2>&1 && \
- fail "Connection to unrecognized IP address should have failed!"
+ fail $PID "Connection to unrecognized IP address should have failed!"
#see reason above
#$CLI -p $PORT localhost --pgpkeyring ca-public.gpg </dev/null >/dev/null || \
-# fail "Connection to verified 'localhost' should have succeded! (error code $?)" $?
+# fail $PID "Connection to verified 'localhost' should have succeded! (error code $?)" $?
kill $PID
wait
# give the server a chance to initialize
echo | $CLI $DEBUG -p $PORT 127.0.0.1 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null || \
- fail "Connection to signed PGP certificate should have succeeded! (error code $?)" $?
+ fail $PID "Connection to signed PGP certificate should have succeeded! (error code $?)" $?
$CLI $DEBUG -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg </dev/null >/dev/null && \
- fail "Connection to unrecognized IP address should have failed!"
+ fail $PID "Connection to unrecognized IP address should have failed!"
kill $PID
wait
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
fail() {
+ PID=$1
+ shift;
echo "Failure: $1" >&2
kill $PID
exit 1
# Test SSL 3.0 with RSA ciphersuite
echo "Checking SSL 3.0 with RSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
# Test SSL 3.0 with DHE-RSA ciphersuite
echo "Checking SSL 3.0 with DHE-RSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
# Test SSL 3.0 with DHE-DSS ciphersuite
echo "Checking SSL 3.0 with DHE-DSS..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
# Test TLS 1.0 with RSA ciphersuite
echo "Checking TLS 1.0 with RSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
# Test TLS 1.0 with DHE-RSA ciphersuite
echo "Checking TLS 1.0 with DHE-RSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
if test $SV = 0;then
# Test TLS 1.0 with DHE-RSA ciphersuite
echo "Checking TLS 1.0 with ECDHE-RSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
fi
# Test TLS 1.0 with DHE-DSS ciphersuite
echo "Checking TLS 1.0 with DHE-DSS..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS" --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
echo "Checking TLS 1.0 with ECDHE-ECDSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --insecure --x509certfile $ECC_CERT --x509keyfile $ECC_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
# Test DTLS 1.0 with RSA ciphersuite
echo "Checking DTLS 1.0 with RSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
# Test DTLS 1.0 with DHE-RSA ciphersuite
echo "Checking DTLS 1.0 with DHE-RSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
# Test DTLS 1.0 with DHE-DSS ciphersuite
echo "Checking DTLS 1.0 with DHE-DSS..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS" --udp --insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
- fail "Failed"
+ fail $PID "Failed"
fi
wait_server $PID
$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$OPENSSL_CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$OPENSSL_CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
#-cipher ECDHE-RSA-AES128-SHA
$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
#-cipher ECDHE-ECDSA-AES128-SHA
$OPENSSL_CLI s_client -host localhost -tls1 -port $PORT -cert $ECC_CERT -key $ECC_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$OPENSSL_CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
- fail "Failed"
+ fail $PID "Failed"
kill $PID
wait
wait_server $PID
$CLI -p $PORT 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-SSL3.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "0. Renegotiation should have succeeded!"
+ fail $PID "0. Renegotiation should have succeeded!"
$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "1. Safe rehandshake should have succeeded!"
+ fail $PID "1. Safe rehandshake should have succeeded!"
$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "2. Unsafe rehandshake should have succeeded!"
+ fail $PID "2. Unsafe rehandshake should have succeeded!"
$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "3. Unsafe negotiation should have succeeded!"
+ fail $PID "3. Unsafe negotiation should have succeeded!"
$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail "4. Unsafe renegotiation should have failed!"
+ fail $PID "4. Unsafe renegotiation should have failed!"
kill $PID
wait_server $PID
$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "5. Safe rehandshake should have succeeded!"
+ fail $PID "5. Safe rehandshake should have succeeded!"
$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "6. Unsafe rehandshake should have succeeded!"
+ fail $PID "6. Unsafe rehandshake should have succeeded!"
$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail "7. Unsafe negotiation should have failed!"
+ fail $PID "7. Unsafe negotiation should have failed!"
$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail "8. Unsafe renegotiation should have failed!"
+ fail $PID "8. Unsafe renegotiation should have failed!"
kill $PID
wait
wait_server $PID
$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
- fail "9. Initial connection should have failed!"
+ fail $PID "9. Initial connection should have failed!"
$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "10. Unsafe connection should have succeeded!"
+ fail $PID "10. Unsafe connection should have succeeded!"
$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "11. Unsafe negotiation should have succeeded!"
+ fail $PID "11. Unsafe negotiation should have succeeded!"
$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "12. Unsafe renegotiation should have succeeded!"
+ fail $PID "12. Unsafe renegotiation should have succeeded!"
kill $PID
wait