echo "# Client mode tests (gnutls cli-openssl server) #"
echo "#################################################"
-for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+run_client_suite() {
+ ADD=$1
+ PREFIX=""
if ! test -z "${ADD}"; then
- echo ""
- echo "** Modifier: ${ADD}"
+ PREFIX="$(echo $ADD|sed 's/://g'): "
fi
if test "${HAVE_SSL3}" != 1 && test "{ENABLE_SSL3}" = 1; then
wait_server ${PID}
# Test SSL 3.0 with RSA ciphersuite
- echo "Checking SSL 3.0 with RSA..."
+ echo "${PREFIX}Checking SSL 3.0 with RSA..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
# Test SSL 3.0 with DHE-RSA ciphersuite
- echo "Checking SSL 3.0 with DHE-RSA..."
+ echo "${PREFIX}Checking SSL 3.0 with DHE-RSA..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
# Test SSL 3.0 with DHE-DSS ciphersuite
- echo "Checking SSL 3.0 with DHE-DSS..."
+ echo "${PREFIX}Checking SSL 3.0 with DHE-DSS..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
PID=$!
wait_server ${PID}
- echo "Checking SSL 3.0 with RSA-RC4-MD5..."
+ echo "${PREFIX}Checking SSL 3.0 with RSA-RC4-MD5..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_server ${PID}
# Test TLS 1.0 with RSA-NULL ciphersuite
- echo "Checking TLS 1.0 with RSA-NULL..."
+ echo "${PREFIX}Checking TLS 1.0 with RSA-NULL..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_server ${PID}
# Test TLS 1.0 with RSA ciphersuite
- echo "Checking TLS 1.0 with RSA and 3DES-CBC..."
+ echo "${PREFIX}Checking TLS 1.0 with RSA and 3DES-CBC..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
- echo "Checking TLS 1.0 with RSA and AES-128-CBC..."
+ echo "${PREFIX}Checking TLS 1.0 with RSA and AES-128-CBC..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
- echo "Checking TLS 1.0 with RSA and AES-256-CBC..."
+ echo "${PREFIX}Checking TLS 1.0 with RSA and AES-256-CBC..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
if test "${NO_CAMELLIA}" != 1; then
- echo "Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
+ echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
- echo "Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
+ echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
fi
if test "${NO_DSS}" != 1; then
# Test TLS 1.0 with DHE-DSS ciphersuite
- echo "Checking TLS 1.0 with DHE-DSS..."
+ echo "${PREFIX}Checking TLS 1.0 with DHE-DSS..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
fi
# Test TLS 1.0 with DHE-RSA ciphersuite
- echo "Checking TLS 1.0 with DHE-RSA..."
+ echo "${PREFIX}Checking TLS 1.0 with DHE-RSA..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
# Test TLS 1.0 with DHE-RSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-RSA..."
+ echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_server ${PID}
# Test TLS 1.2 with ECDHE-ECDSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-RSA (SECP192R1)..."
+ echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA (SECP192R1)..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-SECP192R1${ADD}" --insecure </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_server ${PID}
# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
+ echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_server ${PID}
# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
+ echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_server ${PID}
# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
- echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
+ echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
PID=$!
wait_server ${PID}
- echo "Checking TLS 1.0 with PSK..."
+ echo "${PREFIX}Checking TLS 1.0 with PSK..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
fail ${PID} "Failed"
PID=$!
wait_server ${PID}
- echo "Checking TLS 1.2 with RSA and AES-128-GCM..."
+ echo "${PREFIX}Checking TLS 1.2 with RSA and AES-128-GCM..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
- echo "Checking TLS 1.2 with RSA and AES-256-GCM..."
+ echo "${PREFIX}Checking TLS 1.2 with RSA and AES-256-GCM..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
- echo "Checking TLS 1.2 with DHE-RSA..."
+ echo "${PREFIX}Checking TLS 1.2 with DHE-RSA..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
if test "${NO_DSS}" != 1; then
- echo "Checking TLS 1.2 with DHE-DSS..."
+ echo "${PREFIX}Checking TLS 1.2 with DHE-DSS..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
fi
- echo "Checking TLS 1.2 with ECDHE-RSA..."
+ echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA..."
"${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
PID=$!
wait_server ${PID}
- echo "Checking TLS 1.2 with ECDHE-RSA (X25519)..."
+ echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA (X25519)..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --insecure --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
PID=$!
wait_server ${PID}
- echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
+ echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
PID=$!
wait_server ${PID}
- echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
+ echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
PID=$!
wait_server ${PID}
- echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
+ echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
PID=$!
wait_server ${PID}
- echo "Checking TLS 1.2 with PSK..."
+ echo "${PREFIX}Checking TLS 1.2 with PSK..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_udp_server ${PID}
# Test DTLS 1.0 with RSA ciphersuite
- echo "Checking DTLS 1.0 with RSA..."
+ echo "${PREFIX}Checking DTLS 1.0 with RSA..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_udp_server ${PID}
# Test DTLS 1.0 with DHE-RSA ciphersuite
- echo "Checking DTLS 1.0 with DHE-RSA..."
+ echo "${PREFIX}Checking DTLS 1.0 with DHE-RSA..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
wait_udp_server ${PID}
# Test DTLS 1.0 with DHE-DSS ciphersuite
- echo "Checking DTLS 1.0 with DHE-DSS..."
+ echo "${PREFIX}Checking DTLS 1.0 with DHE-DSS..."
${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
fail ${PID} "Failed"
kill ${PID}
wait
fi
+}
+
+for mod in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+ run_client_suite $mod &
done
+wait
-echo "Client mode tests were successfully completed"
-echo ""
-echo "###############################################"
-echo "# Server mode tests (gnutls server-openssl cli#"
-echo "###############################################"
+echo "${PREFIX}Client mode tests were successfully completed"
+echo "${PREFIX}"
+echo "${PREFIX}###############################################"
+echo "${PREFIX}# Server mode tests (gnutls server-openssl cli#"
+echo "${PREFIX}###############################################"
SERV="../../src/gnutls-serv${EXEEXT} -q"
# Note that openssl s_client does not return error code on failure
-for ADD in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"; do
+run_server_suite() {
+ ADD=$1
+ PREFIX=""
if ! test -z "${ADD}"; then
- echo ""
- echo "** Modifier: ${ADD}"
+ PREFIX="$(echo $ADD|sed 's/://g'): "
fi
if test "${HAVE_SSL3}" != 1 && test "{ENABLE_SSL3}" = 1; then
- echo "Check SSL 3.0 with RSA ciphersuite"
+ echo "${PREFIX}Check SSL 3.0 with RSA ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+MD5:+ARCFOUR-128:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
fail ${PID} "Failed"
- echo "Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
+ echo "${PREFIX}Check SSL 3.0 with RSA-RC4-MD5 ciphersuite"
${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-MD5 </dev/null 2>&1 | grep "\:error\:" && \
fail ${PID} "Failed"
kill ${PID}
wait
- echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+ echo "${PREFIX}Check SSL 3.0 with DHE-RSA ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
kill ${PID}
wait
- echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+ echo "${PREFIX}Check SSL 3.0 with DHE-DSS ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"
PID=$!
#TLS 1.0
# This test was disabled because it doesn't work as expected with openssl 1.0.0d
- #echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
+ #echo "${PREFIX}Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
#PID=$!
#wait_server ${PID}
#wait
if test "${NO_NULL}" = 0; then
- echo "Check TLS 1.0 with RSA-NULL ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with RSA-NULL ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait
fi
- echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait
if test "${NO_DSS}" != 1; then
- echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"
PID=$!
wait
fi
- echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait
if test "${FIPS}" != 1; then
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait
fi
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
kill ${PID}
wait
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait
if test "${FIPS}" != 1; then
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait
fi
- echo "Check TLS 1.0 with PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
if test ${NO_TLS1_2} = 0; then
- echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait
if test "${NO_DSS}" != 1; then
- echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"
PID=$!
wait
fi
- echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait
if test "${NO_X22519}" = 0 && test "${FIPS}" != 1; then
- echo "Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
fi
if test "${FIPS}" != 1; then
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait
fi
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
kill ${PID}
wait
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait
if test "${FIPS}" != 1; then
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait
fi
- echo "Check TLS 1.2 with PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
fi #NO_TLS1_2
# DTLS
- echo "Check DTLS 1.0 with RSA ciphersuite"
+ echo "${PREFIX}Check DTLS 1.0 with RSA ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait
- echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
+ echo "${PREFIX}Check DTLS 1.0 with DHE-RSA ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait
- echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
+ echo "${PREFIX}Check DTLS 1.0 with DHE-DSS ciphersuite"
eval "${GETPORT}"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"
PID=$!
kill ${PID}
wait
+}
+for mod in "" ":%COMPAT" ":%NO_ETM" ":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"; do
+ run_server_suite $mod &
done
+wait
exit 0
rm -f "${LOGFILE}"
-for ADD in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+run_server_suite() {
+ ADD=$1
+ PREFIX=""
if ! test -z "${ADD}"; then
- echo ""
- echo "** Modifier: ${ADD}"
+ PREFIX="$(echo $ADD|sed 's/://g'): "
fi
eval "${GETPORT}"
#TLS 1.0
- echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait_server ${PID}
kill ${PID}
wait
- #echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+ #echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite"
#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"
#PID=$!
#wait_server ${PID}
#wait
eval "${GETPORT}"
- echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.0 with PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.0 with DHE-PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with DHE-PSK ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.0 with ECDHE-PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-PSK ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.0 with RSA-PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.0 with RSA-PSK ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
if test ${ALL_CURVES} = 1; then
eval "${GETPORT}"
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait_server ${PID}
fi
eval "${GETPORT}"
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with DHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with CAMELLIA-128-GCM-DHE-RSA ciphersuite"
launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with CAMELLIA-256-GCM-DHE-RSA ciphersuite"
launch_server $$ --priority "NONE:-CIPHER-ALL:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with AES-128-CCM-DHE-RSA ciphersuite"
launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with AES-128-CCM-8-DHE-RSA ciphersuite"
launch_server $$ --priority "NONE:-CIPHER-ALL:+AES-128-CCM-8:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${srcdir}/params.dh"
PID=$!
wait_server ${PID}
kill ${PID}
wait
- #echo "Check TLS 1.2 with DHE-DSS ciphersuite"
+ #echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite"
#launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${srcdir}/params.dh"
#PID=$!
#wait_server ${PID}
#wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with ECDHE-RSA ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
if test ${ALL_CURVES} = 1; then
eval "${GETPORT}"
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait_server ${PID}
fi
eval "${GETPORT}"
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with DHE-PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with DHE-PSK ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with ECDHE-PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with ECDHE-PSK ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
wait
eval "${GETPORT}"
- echo "Check TLS 1.2 with RSA-PSK ciphersuite"
+ echo "${PREFIX}Check TLS 1.2 with RSA-PSK ciphersuite"
launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA-PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
PID=$!
wait_server ${PID}
kill ${PID}
wait
+}
+
+for mod in "" ":%COMPAT" ":%NO_ETM"; do #":%NO_TICKETS" ":%DISABLE_SAFE_RENEGOTIATION"
+ run_server_suite $mod &
done
+wait
rm -f "${LOGFILE}"
projects / thirdparty / gnutls.git / commitdiff
