From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 23 Mar 2015 12:09:08 +0000 (+0100)
Subject: tests: check legacy RC4 in testcompat
X-Git-Tag: gnutls_3_4_0~135
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=94ca52d9bf5c6f53b5c42ee6dd05eb6dce463dc4;p=thirdparty%2Fgnutls.git

tests: check legacy RC4 in testcompat

That would prevent losing compatibility without detecting it.
That is currently the case since it is no longer enabled by default.
---

diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
index 065c9513e1..8eb78cf08f 100755
--- a/tests/suite/testcompat-main-openssl
+++ b/tests/suite/testcompat-main-openssl
@@ -48,6 +48,10 @@ PORT="${PORT:-$RPORT}"
 SERV=openssl
 OPENSSL_CLI="openssl"
 
+if test -f /etc/debian_version;then
+        DEBIAN=1
+fi
+
 echo "Compatibility checks using "`$SERV version`
 $SERV version|grep -e 1\.0 >/dev/null 2>&1
 SV=$?
@@ -73,7 +77,7 @@ echo ""
 echo "** Modifier: $ADD"
 fi
 
-if test 0 = 1;then
+if test "$DEBIAN" != 1;then
 
 # It seems debian disabled SSL 3.0 completely on openssl
 
@@ -99,6 +103,17 @@ $VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:
 kill $PID
 wait
 
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -cipher RC4-MD5 &
+PID=$!
+wait_server $PID
+
+echo "Checking SSL 3.0 with RSA-RC4-MD5..."
+$VALGRIND $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA$ADD" --insecure </dev/null >/dev/null || \
+  fail $PID "Failed"
+
+kill $PID
+wait
+
 fi
 
 if test "$FIPS" != 1;then
@@ -337,15 +352,19 @@ echo ""
 echo "** Modifier: $ADD"
 fi
 
-if test 0 = 1;then
+if test "$DEBIAN" != 1;then
 
 echo "Check SSL 3.0 with RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
+launch_server $$  --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA$ADD" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
 wait_server $PID
 
 $OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail $PID "Failed"
 
+echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
+$OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
+  fail $PID "Failed"
+
 kill $PID
 wait
 
@@ -366,6 +385,7 @@ wait_server $PID
 $OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail $PID "Failed"
 
+
 kill $PID
 wait