--- /dev/null
+#!/bin/bash
+
+# Copyright (c) 2010-2016, Free Software Foundation, Inc.
+# Copyright (c) 2012-2018, Nikos Mavrogiannopoulos
+# All rights reserved.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation and/or
+# other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors may
+# be used to endorse or promote products derived from this software without specific
+# prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+abs_top_srcdir="${abs_top_srcdir:-$(pwd)/../../}"
+srcdir="${srcdir:-.}"
+CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}"
+TMPFILE=testcompat-oldgnutls.$$.tmp
+
+# This assumes a root directory in /usr/local/OLDGNUTLS containing the
+# gnutls client and server
+
+if ! test -x "${CLI}"; then
+ exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+if test "${WINDIR}" != ""; then
+ exit 77
+fi
+
+LDPATH=/usr/local/OLDGNUTLS/lib/x86_64-linux-gnu:/usr/local/OLDGNUTLS/usr/lib/x86_64-linux-gnu
+
+. "${srcdir}/../scripts/common.sh"
+
+check_for_datefudge
+
+. "${srcdir}/testcompat-common"
+
+PORT="${PORT:-${RPORT}}"
+
+SERV=/usr/local/OLDGNUTLS/usr/bin/gnutls-serv
+
+if test -z "$OUTPUT";then
+OUTPUT=/dev/null
+fi
+
+>${OUTPUT}
+
+echo_cmd() {
+ tee -a ${OUTPUT} <<<$(echo $1)
+}
+
+echo_cmd "Compatibility checks using "`${SERV} version`
+
+echo_cmd "####################################################"
+echo_cmd "# Client mode tests (new cli-gnutls 2.12.x server) #"
+echo_cmd "####################################################"
+
+run_client_suite() {
+ ADD=$1
+ PREFIX=""
+ if ! test -z "${ADD}"; then
+ PREFIX="$(echo $ADD|sed 's/://g'): "
+ fi
+
+ eval "${GETPORT}"
+ LD_LIBRARY_PATH=$LDPATH launch_server $$ --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+ PID=$!
+ wait_server ${PID}
+
+ # Test TLS 1.0 with RSA ciphersuite
+ echo "${PREFIX}Checking TLS 1.0 with RSA and AES-128-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.0 with RSA and AES-256-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ # Test TLS 1.0 with DHE-RSA ciphersuite
+ echo "${PREFIX}Checking TLS 1.0 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.2 with RSA and AES-128-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.2 with RSA and AES-256-CBC..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.2 with DHE-RSA..."
+ ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.2 with RSA, AES-CBC and long packet..."
+ head -c 16384 /dev/zero|tr \\0 a >${TMPFILE}
+ echo >>${TMPFILE}
+ ${VALGRIND} "${CLI}" -d 6 ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" <${TMPFILE} >/dev/null ||
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+}
+
+run_client_suite
+
+echo_cmd "${PREFIX}Client mode tests were successfully completed"
+echo_cmd "${PREFIX}"
+echo_cmd "${PREFIX}###############################################"
+echo_cmd "${PREFIX}# Server mode tests (new server-old cli) #"
+echo_cmd "${PREFIX}###############################################"
+SERV="../../src/gnutls-serv${EXEEXT} -q"
+CLI=/usr/local/OLDGNUTLS/usr/bin/gnutls-cli
+
+run_server_suite() {
+ ADD=$1
+ PREFIX=""
+ if ! test -z "${ADD}"; then
+ PREFIX="$(echo $ADD|sed 's/://g'): "
+ fi
+
+ eval "${GETPORT}"
+ launch_server $$ --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
+ PID=$!
+ wait_server ${PID}
+
+ echo "${PREFIX}Checking TLS 1.0 with RSA and AES-128-CBC..."
+ LD_LIBRARY_PATH=$LDPATH "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.0 with RSA and AES-256-CBC..."
+ LD_LIBRARY_PATH=$LDPATH "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.0 with DHE-RSA..."
+ LD_LIBRARY_PATH=$LDPATH "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.2 with RSA and AES-128-CBC..."
+ LD_LIBRARY_PATH=$LDPATH "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.2 with RSA and AES-256-CBC..."
+ LD_LIBRARY_PATH=$LDPATH "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.2 with DHE-RSA..."
+ LD_LIBRARY_PATH=$LDPATH "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
+ fail ${PID} "Failed"
+
+ echo "${PREFIX}Checking TLS 1.2 with RSA, AES-CBC and long packet..."
+ head -c 16384 /dev/zero|tr \\0 a >${TMPFILE}
+ echo >>${TMPFILE}
+ LD_LIBRARY_PATH=$LDPATH "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" <${TMPFILE} >/dev/null || \
+ fail ${PID} "Failed"
+
+ kill ${PID}
+ wait
+
+}
+
+run_server_suite
+
+rm -f ${TMPFILE}
+
+exit 0
projects / thirdparty / gnutls.git / commitdiff
