remove obsolete testcompat-openssl-* tests

author Stanislav Zidek <szidek@redhat.com>

Fri, 31 May 2024 08:50:42 +0000 (10:50 +0200)

committer Stanislav Zidek <szidek@redhat.com>

Tue, 11 Jun 2024 08:10:56 +0000 (10:10 +0200)
author Stanislav Zidek <szidek@redhat.com>
Fri, 31 May 2024 08:50:42 +0000 (10:50 +0200)
committer Stanislav Zidek <szidek@redhat.com>
Tue, 11 Jun 2024 08:10:56 +0000 (10:10 +0200)
diff --git a/configure.ac b/configure.ac

index fc32bf7650f7b3d6adce0c458a2ee0d64217b99f..9d43cfe690f2ae17b37844b4f386bc8fc6e53b86 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -271,8 +271,6 @@ AC_ARG_ENABLE(tls13-interop,
    AS_HELP_STRING([--disable-tls13-interop], [disable TLS1.3 interoperability testing with openssl]),
      enable_tls13_interop=$enableval, enable_tls13_interop=yes)
  
-AM_CONDITIONAL(ENABLE_TLS13_INTEROP, test "$enable_tls13_interop" != "no")
-
  dnl Check for iovec type
  AC_CHECK_MEMBERS([struct iovec.iov_base],
        [
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am

index 3def64b77cc9b8e5614334ddd1e9ec8ed6b7926a..83e5566b43187a4d7398dcc6fdbb63005d9f60ab 100644 (file)
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -42,15 +42,6 @@ scripts_to_test = chain.sh \
         testcompat-polarssl-serv.sh \
         testcompat-polarssl-serv-compat.sh \
         testcompat-polarssl-serv-no-etm.sh \
-       testcompat-openssl-cli.sh \
-       testcompat-openssl-cli-compat.sh \
-       testcompat-openssl-cli-no-etm.sh \
-       testcompat-openssl-serv.sh \
-       testcompat-openssl-serv-compat.sh \
-       testcompat-openssl-serv-no-etm.sh \
-       testcompat-openssl-serv-no-tickets.sh \
-       testcompat-openssl-serv-no-safe-renegotiation.sh \
-       testcompat-openssl-serv-safe-renegotiation.sh \
         testrandom.sh \
         test-ciphersuite-names.sh \
         tls-fuzzer/tls-fuzzer-nocert.sh \
@@ -85,12 +76,6 @@ TESTS_ENVIRONMENT +=                                 \
         FAKETIME_F_OPT="$(FAKETIME_F_OPT)"              \
         ac_cv_faketime_works="$(ac_cv_faketime_works)"
  
-if ENABLE_TLS13_INTEROP
-scripts_to_test += \
-       testcompat-openssl-tls13-cli.sh \
-       testcompat-openssl-tls13-serv.sh
-endif
-
  if ENABLE_OLDGNUTLS_INTEROP
  scripts_to_test += testcompat-oldgnutls.sh
  endif
diff --git a/tests/suite/testcompat-openssl-cli-common.sh b/tests/suite/testcompat-openssl-cli-common.sh

deleted file mode 100755 (executable)

index 8f04186..0000000
--- a/tests/suite/testcompat-openssl-cli-common.sh
+++ /dev/null
@@ -1,512 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2016, Free Software Foundation, Inc.
-# Copyright (c) 2012-2016, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-: ${SERV=../../src/gnutls-serv${EXEEXT}}
-: ${CLI=../../src/gnutls-cli${EXEEXT}}
-unset RETCODE
-
-if ! test -x "${CLI}"; then
-       exit 77
-fi
-
-if ! test -z "${VALGRIND}"; then
-       VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
-fi
-
-if test "${WINDIR}" != ""; then
-       exit 77
-fi
-
-. "${srcdir}/../scripts/common.sh"
-
-: ${PORT=${RPORT}}
-
-: ${OPENSSL=openssl}
-SIGALGS=RSA+SHA1:RSA+SHA256
-
-echo "Compatibility checks using "`${OPENSSL} version`
-${OPENSSL} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1
-if test $? != 0; then
-       echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
-       exit 77
-fi
-
-. "${srcdir}/testcompat-common"
-
-${OPENSSL} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
-HAVE_X25519=$?
-
-test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519"
-
-${OPENSSL} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
-NO_TLS1_2=$?
-
-test $NO_TLS1_2 != 0 && echo "Disabling interop tests for TLS 1.2"
-
-${OPENSSL} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
-if test $? = 0;then
-       NO_DH_PARAMS=0
-else
-       NO_DH_PARAMS=1
-fi
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1
-NO_DSS=$?
-
-if test $NO_DSS != 0;then
-       echo "Disabling interop tests for DSS ciphersuites"
-else
-       DSA_PARAMS="-dkey ${DSA_KEY} -dcert ${DSA_CERT}"
-       SIGALGS="$SIGALGS:DSA+SHA1:DSA+SHA256"
-fi
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
-NO_CAMELLIA=$?
-
-test $NO_CAMELLIA != 0 && echo "Disabling interop tests for Camellia ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1
-NO_RC4=$?
-
-test $NO_RC4 != 0 && echo "Disabling interop tests for RC4 ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
-NO_3DES=$?
-
-test $NO_3DES != 0 && echo "Disabling interop tests for 3DES ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
-NO_NULL=$?
-
-test $NO_NULL != 0 && echo "Disabling interop tests for NULL ciphersuites"
-
-${OPENSSL} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1
-NO_PRIME192v1=$?
-
-test $NO_PRIME192v1 != 0 && echo "Disabling interop tests for prime192v1 ecparam"
-
-if test "${NO_DH_PARAMS}" = 0;then
-       OPENSSL_DH_PARAMS_OPT=""
-else
-       OPENSSL_DH_PARAMS_OPT="-dhparam \"${DH_PARAMS}\""
-fi
-
-${OPENSSL} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
-HAVE_NOT_SSL3=$?
-
-if test $HAVE_NOT_SSL3 = 0;then
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1
-       PID=$!
-       wait_server ${PID}
-
-       ${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \
-               HAVE_NOT_SSL3=1
-       kill ${PID}
-       wait
-fi
-
-test $HAVE_NOT_SSL3 != 0 && echo "Disabling interop tests for SSL 3.0"
-
-
-echo "#################################################"
-echo "# Client mode tests (gnutls cli-openssl server) #"
-echo "#################################################"
-
-ADD=$1
-PREFIX=""
-if ! test -z "${ADD}"; then
-       PREFIX="$(echo $ADD|sed 's/://g'): "
-fi
-
-if test "${HAVE_NOT_SSL3}" != 1 && test "${ENABLE_SSL3}" = 1; then
-       # It seems debian disabled SSL 3.0 completely on openssl
-
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -cipher ALL -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-       PID=$!
-       wait_server ${PID}
-
-       # Test SSL 3.0 with RSA ciphersuite
-       echo "${PREFIX}Checking SSL 3.0 with RSA..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       # Test SSL 3.0 with DHE-RSA ciphersuite
-       echo "${PREFIX}Checking SSL 3.0 with DHE-RSA..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       if test "${NO_DSS}" = 0; then
-               # Test SSL 3.0 with DHE-DSS ciphersuite
-               echo "${PREFIX}Checking SSL 3.0 with DHE-DSS..."
-               ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-                       fail ${PID} "Failed"
-       fi
-
-       kill ${PID}
-       wait
-
-       if test "${NO_RC4}" != 1; then
-               eval "${GETPORT}"
-               launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher RC4-SHA >/dev/null
-               PID=$!
-               wait_server ${PID}
-
-               echo "${PREFIX}Checking SSL 3.0 with RSA-RC4-SHA..."
-               ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+VERS-SSL3.0:+RSA${ADD}" --insecure </dev/null >/dev/null || \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi
-fi
-
-if test "${NO_NULL}" = 0; then
-       #-cipher RSA-NULL
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -cipher NULL-SHA -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-       PID=$!
-       wait_server ${PID}
-
-       # Test TLS 1.0 with RSA-NULL ciphersuite
-       echo "${PREFIX}Checking TLS 1.0 with RSA-NULL..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-fi
-
-#-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-PID=$!
-wait_server ${PID}
-
-# Test TLS 1.0 with RSA ciphersuite
-if test "${NO_3DES}" != 1; then
-       echo "${PREFIX}Checking TLS 1.0 with RSA and 3DES-CBC..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-fi
-
-echo "${PREFIX}Checking TLS 1.0 with RSA and AES-128-CBC..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-echo "${PREFIX}Checking TLS 1.0 with RSA and AES-256-CBC..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-if test "${NO_CAMELLIA}" != 1; then
-       echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-128-CBC..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       echo "${PREFIX}Checking TLS 1.0 with RSA and CAMELLIA-256-CBC..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CAMELLIA-256-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-fi
-
-if test "${NO_DSS}" = 0; then
-       # Test TLS 1.0 with DHE-DSS ciphersuite
-       echo "${PREFIX}Checking TLS 1.0 with DHE-DSS..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-fi
-
-# Test TLS 1.0 with DHE-RSA ciphersuite
-echo "${PREFIX}Checking TLS 1.0 with DHE-RSA..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-# Test TLS 1.0 with DHE-RSA ciphersuite
-echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-if test "${FIPS_CURVES}" != 1 && test "${NO_PRIME192v1}" != 1; then
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" >/dev/null
-       PID=$!
-       wait_server ${PID}
-
-       # Test TLS 1.2 with ECDHE-ECDSA ciphersuite
-       echo "${PREFIX}Checking TLS 1.0 with ECDHE-RSA (SECP192R1)..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-SECP192R1${ADD}" --insecure </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       #-cipher ECDHE-ECDSA-AES128-SHA
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-       PID=$!
-       wait_server ${PID}
-
-       # Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-       echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-fi
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-PID=$!
-wait_server ${PID}
-
-# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -cipher 'DEFAULT:@SECLEVEL=1' -tls1 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-PID=$!
-wait_server ${PID}
-
-# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "${PREFIX}Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-#-cipher PSK
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher 'PSK:@SECLEVEL=1' -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
-PID=$!
-wait_server ${PID}
-
-echo "${PREFIX}Checking TLS 1.0 with PSK..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK${ADD}" --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db --insecure </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-if test ${NO_TLS1_2} = 0; then
-       # Tests requiring openssl 1.0.1 - TLS 1.2
-       #-cipher RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-       PID=$!
-       wait_server ${PID}
-
-       echo "${PREFIX}Checking TLS 1.2 with RSA and AES-128-GCM..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       echo "${PREFIX}Checking TLS 1.2 with RSA and AES-256-GCM..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-256-GCM:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       echo "${PREFIX}Checking TLS 1.2 with DHE-RSA..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       if test "${NO_DSS}" = 0; then
-               echo "${PREFIX}Checking TLS 1.2 with DHE-DSS..."
-               ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-DSA-SHA256${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-                       fail ${PID} "Failed"
-       fi
-
-       echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA..."
-       "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       if test "${HAVE_X25519}" = 0; then
-               eval "${GETPORT}"
-               launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" >/dev/null
-               PID=$!
-               wait_server ${PID}
-
-               echo "${PREFIX}Checking TLS 1.2 with ECDHE-RSA (X25519)..."
-               ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --insecure --x509certfile "${RSA_CERT}" --x509keyfile "${RSA_KEY}" </dev/null >/dev/null || \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi
-
-       if test "${FIPS_CURVES}" != 1; then
-               #-cipher ECDHE-ECDSA-AES128-SHA
-               eval "${GETPORT}"
-               launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-               PID=$!
-               wait_server ${PID}
-
-               echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
-               ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" </dev/null >/dev/null || \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi
-
-       #-cipher ECDHE-ECDSA-AES128-SHA
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC384_KEY}" -cert "${ECC384_CERT}" -Verify 1 -named_curve secp384r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-       PID=$!
-       wait_server ${PID}
-
-       echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       if test "${FIPS_CURVES}" != 1; then
-               #-cipher ECDHE-ECDSA-AES128-SHA
-               eval "${GETPORT}"
-               launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" >/dev/null
-               PID=$!
-               wait_server ${PID}
-
-               echo "${PREFIX}Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
-               ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --insecure --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" </dev/null >/dev/null || \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi #FIPS_CURVES
-fi #NO_TLS1_2
-
-#-cipher PSK
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -quiet -www -accept "${PORT}" -tls1_2 -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -cipher PSK -psk 9e32cf7786321a828ef7668f09fb35db >/dev/null
-PID=$!
-wait_server ${PID}
-
-echo "${PREFIX}Checking TLS 1.2 with PSK..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --insecure --pskusername Client_identity --pskkey 9e32cf7786321a828ef7668f09fb35db </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-PID=$!
-wait_udp_server ${PID}
-
-# Test DTLS 1.0 with RSA ciphersuite
-echo "${PREFIX}Checking DTLS 1.0 with RSA..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-PID=$!
-wait_udp_server ${PID}
-
-# Test DTLS 1.0 with DHE-RSA ciphersuite
-echo "${PREFIX}Checking DTLS 1.0 with DHE-RSA..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-if test "${NO_DSS}" = 0; then
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -cipher "ALL:@SECLEVEL=1" -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-       PID=$!
-       wait_udp_server ${PID}
-
-       # Test DTLS 1.0 with DHE-DSS ciphersuite
-       echo "${PREFIX}Checking DTLS 1.0 with DHE-DSS..."
-       ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-fi
-
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -cipher 'ALL:@SECLEVEL=1' -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" ${DSA_PARAMS} -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-PID=$!
-wait_udp_server ${PID}
-
-echo "${PREFIX}Checking DTLS 1.2 with AES-CBC..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-PID=$!
-wait_udp_server ${PID}
-
-# Test DTLS 1.2 with RSA ciphersuite
-echo "${PREFIX}Checking DTLS 1.2 with RSA..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-eval "${GETPORT}"
-launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -accept "${PORT}" -keyform pem -certform pem -dtls1_2 -timeout ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null
-PID=$!
-wait_udp_server ${PID}
-
-echo "${PREFIX}Checking DTLS 1.2 with ECDHE-RSA..."
-${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+GROUP-ALL:+MAC-ALL:+VERS-DTLS1.2:+ECDHE-RSA${ADD}" --udp --insecure --x509certfile "${CLI_CERT}" --x509keyfile "${CLI_KEY}" </dev/null >/dev/null || \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
diff --git a/tests/suite/testcompat-openssl-cli-compat.sh b/tests/suite/testcompat-openssl-cli-compat.sh

deleted file mode 100755 (executable)

index bf2ace3..0000000
--- a/tests/suite/testcompat-openssl-cli-compat.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-cli-common.sh" ":%COMPAT"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
diff --git a/tests/suite/testcompat-openssl-cli-no-etm.sh b/tests/suite/testcompat-openssl-cli-no-etm.sh

deleted file mode 100755 (executable)

index c246b0e..0000000
--- a/tests/suite/testcompat-openssl-cli-no-etm.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-cli-common.sh" ":%NO_ETM"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
diff --git a/tests/suite/testcompat-openssl-cli.sh b/tests/suite/testcompat-openssl-cli.sh

deleted file mode 100755 (executable)

index 4ba4acf..0000000
--- a/tests/suite/testcompat-openssl-cli.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-cli-common.sh"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-common.sh b/tests/suite/testcompat-openssl-serv-common.sh

deleted file mode 100755 (executable)

index ae18358..0000000
--- a/tests/suite/testcompat-openssl-serv-common.sh
+++ /dev/null
@@ -1,567 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2016, Free Software Foundation, Inc.
-# Copyright (c) 2012-2016, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-: ${SERV=../../src/gnutls-serv${EXEEXT}}
-: ${CLI=../../src/gnutls-cli${EXEEXT}}
-unset RETCODE
-
-if ! test -x "${CLI}"; then
-       exit 77
-fi
-
-if ! test -z "${VALGRIND}"; then
-       VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
-fi
-
-if test "${WINDIR}" != ""; then
-       exit 77
-fi
-
-. "${srcdir}/../scripts/common.sh"
-
-: ${PORT=${RPORT}}
-
-: ${OPENSSL=openssl}
-SIGALGS=RSA+SHA1:RSA+SHA256
-
-echo "Compatibility checks using "`${OPENSSL} version`
-${OPENSSL} version|grep -e '1\.[0-9]\..' >/dev/null 2>&1
-if test $? != 0; then
-       echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
-       exit 77
-fi
-
-. "${srcdir}/testcompat-common"
-
-${OPENSSL} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
-HAVE_X25519=$?
-
-test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519"
-
-${OPENSSL} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
-NO_TLS1_2=$?
-
-test $NO_TLS1_2 != 0 && echo "Disabling interop tests for TLS 1.2"
-
-${OPENSSL} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
-if test $? = 0;then
-       NO_DH_PARAMS=0
-else
-       NO_DH_PARAMS=1
-fi
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e DHE-DSS >/dev/null 2>&1
-NO_DSS=$?
-
-if test $NO_DSS != 0;then
-       echo "Disabling interop tests for DSS ciphersuites"
-else
-       DSA_PARAMS="-dkey ${DSA_KEY} -dcert ${DSA_CERT}"
-       SIGALGS="$SIGALGS:DSA+SHA1:DSA+SHA256"
-fi
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
-NO_CAMELLIA=$?
-
-test $NO_CAMELLIA != 0 && echo "Disabling interop tests for Camellia ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e RC4 >/dev/null 2>&1
-NO_RC4=$?
-
-test $NO_RC4 != 0 && echo "Disabling interop tests for RC4 ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
-NO_3DES=$?
-
-test $NO_3DES != 0 && echo "Disabling interop tests for 3DES ciphersuites"
-
-${OPENSSL} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
-NO_NULL=$?
-
-test $NO_NULL != 0 && echo "Disabling interop tests for NULL ciphersuites"
-
-${OPENSSL} ecparam -list_curves 2>&1|grep -e prime192v1 >/dev/null 2>&1
-NO_PRIME192v1=$?
-
-test $NO_PRIME192v1 != 0 && echo "Disabling interop tests for prime192v1 ecparam"
-
-if test "${NO_DH_PARAMS}" = 0;then
-       OPENSSL_DH_PARAMS_OPT=""
-else
-       OPENSSL_DH_PARAMS_OPT="-dhparam \"${DH_PARAMS}\""
-fi
-
-${OPENSSL} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
-HAVE_NOT_SSL3=$?
-
-if test $HAVE_NOT_SSL3 = 0;then
-       eval "${GETPORT}"
-       launch_bare_server "$OPENSSL" s_server -cipher ALL -quiet -www -accept "${PORT}" -keyform pem -certform pem -ssl3 -key "${RSA_KEY}" -cert "${RSA_CERT}" >/dev/null 2>&1
-       PID=$!
-       wait_server ${PID}
-
-       ${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 </dev/null 2>&1 | grep "\:error\:" && \
-               HAVE_NOT_SSL3=1
-       kill ${PID}
-       wait
-fi
-
-test $HAVE_NOT_SSL3 != 0 && echo "Disabling interop tests for SSL 3.0"
-
-
-echo "${PREFIX}###############################################"
-echo "${PREFIX}# Server mode tests (gnutls server-openssl cli#"
-echo "${PREFIX}###############################################"
-SERV="${SERV} -q"
-
-# Note that openssl s_client does not return error code on failure
-
-ADD=$1
-PREFIX=""
-if ! test -z "${ADD}"; then
-       PREFIX="$(echo $ADD|sed 's/://g'): "
-fi
-
-if test "${HAVE_NOT_SSL3}" != 1 && test "${ENABLE_SSL3}" = 1; then
-
-       echo "${PREFIX}Check SSL 3.0 with RSA ciphersuite"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+SHA1:+ARCFOUR-128:+3DES-CBC:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-       PID=$!
-       wait_server ${PID}
-
-       ${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       if test "${NO_RC4}" != 1; then
-               echo "${PREFIX}Check SSL 3.0 with RSA-RC4-SHA ciphersuite"
-               ${OPENSSL} s_client -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" -cipher RC4-SHA </dev/null 2>&1 | grep "\:error\:" && \
-                       fail ${PID} "Failed"
-       fi
-
-       kill ${PID}
-       wait
-
-       echo "${PREFIX}Check SSL 3.0 with DHE-RSA ciphersuite"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-       PID=$!
-       wait_server ${PID}
-
-       ${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       if test "${NO_DSS}" = 0; then
-               echo "${PREFIX}Check SSL 3.0 with DHE-DSS ciphersuite"
-               eval "${GETPORT}"
-               launch_server --priority "NONE:+CIPHER-ALL:+3DES-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
-               PID=$!
-               wait_server ${PID}
-
-               ${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -ssl3 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi
-fi
-
-#TLS 1.0
-
-# This test was disabled because it doesn't work as expected with openssl 1.0.0d
-#echo "${PREFIX}Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
-#launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-#PID=$!
-#wait_server ${PID}
-#
-#${OPENSSL} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-#      fail ${PID} "Failed"
-#
-#kill ${PID}
-#wait
-
-if test "${NO_NULL}" = 0; then
-       echo "${PREFIX}Check TLS 1.0 with RSA-NULL ciphersuite"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+NULL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-       PID=$!
-       wait_server ${PID}
-
-       ${OPENSSL} s_client -cipher NULL-SHA -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-fi
-
-echo "${PREFIX}Check TLS 1.0 with DHE-RSA ciphersuite"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-PID=$!
-wait_server ${PID}
-
-${OPENSSL} s_client -cipher DHE:@SECLEVEL=1 -host localhost -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-if test "${NO_DSS}" = 0; then
-       echo "${PREFIX}Check TLS 1.0 with DHE-DSS ciphersuite"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
-       PID=$!
-       wait_server ${PID}
-
-       ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -sigalgs "$SIGALGS" -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-fi
-
-echo "${PREFIX}Check TLS 1.0 with ECDHE-RSA ciphersuite"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-PID=$!
-wait_server ${PID}
-
-#-cipher ECDHE-RSA-AES128-SHA
-${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-if test "${FIPS_CURVES}" != 1; then
-       echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
-       PID=$!
-       wait_server ${PID}
-
-       #-cipher ECDHE-ECDSA-AES128-SHA
-       ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-fi
-
-echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
-PID=$!
-wait_server ${PID}
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
-PID=$!
-wait_server ${PID}
-
-#-cipher ECDHE-ECDSA-AES128-SHA
-${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-if test "${FIPS_CURVES}" != 1; then
-       echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
-       PID=$!
-       wait_server ${PID}
-
-       #-cipher ECDHE-ECDSA-AES128-SHA
-       ${OPENSSL} s_client -host localhost -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-fi
-
-echo "${PREFIX}Check TLS 1.0 with PSK ciphersuite"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-PID=$!
-wait_server ${PID}
-
-#-cipher PSK-AES128-SHA
-${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -cipher ALL:@SECLEVEL=1 -tls1 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-if test ${NO_TLS1_2} = 0; then
-       # test resumption
-       echo "${PREFIX}Check TLS 1.2 with resumption"
-       eval "${GETPORT}"
-       launch_server --priority "NORMAL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-       PID=$!
-       wait_server ${PID}
-
-       ${OPENSSL} s_client -host localhost -reconnect -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       echo "${PREFIX}Check TLS 1.2 with DHE-RSA ciphersuite"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-RSA${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-       PID=$!
-       wait_server ${PID}
-
-       ${OPENSSL} s_client -cipher DHE -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       if test "${NO_DSS}" = 0; then
-               echo "${PREFIX}Check TLS 1.2 with DHE-DSS ciphersuite"
-               eval "${GETPORT}"
-               launch_server --priority "NONE:+CIPHER-ALL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
-               PID=$!
-               wait_server ${PID}
-
-               ${OPENSSL} s_client -cipher DHE -host localhost -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi
-
-       echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-ALL${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-       PID=$!
-       wait_server ${PID}
-
-       #-cipher ECDHE-RSA-AES128-SHA
-       ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       if test "${HAVE_X22519}" = 0; then
-               echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)"
-               eval "${GETPORT}"
-               launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-               PID=$!
-               wait_server ${PID}
-
-               ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi
-
-       if test "${FIPS_CURVES}" != 1; then
-               echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
-               eval "${GETPORT}"
-               launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
-               PID=$!
-               wait_server ${PID}
-
-               #-cipher ECDHE-ECDSA-AES128-SHA
-               ${OPENSSL} s_client -host localhost -cipher 'ALL:@SECLEVEL=1' -tls1_2 -named_curve secp224r1 -port "${PORT}" -cert "${ECC224_CERT}" -key "${ECC224_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi
-
-       echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP256R1)"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC256_CERT}" --x509keyfile "${ECC256_KEY}" --x509cafile "${CA_ECC_CERT}"
-       PID=$!
-       wait_server ${PID}
-
-       #-cipher ECDHE-ECDSA-AES128-SHA
-       ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC256_CERT}" -key "${ECC256_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP384R1)"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC384_CERT}" --x509keyfile "${ECC384_KEY}" --x509cafile "${CA_ECC_CERT}"
-       PID=$!
-       wait_server ${PID}
-
-       #-cipher ECDHE-ECDSA-AES128-SHA
-       ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC384_CERT}" -key "${ECC384_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-       if test "${FIPS_CURVES}" != 1; then
-               echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
-               eval "${GETPORT}"
-               launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
-               PID=$!
-               wait_server ${PID}
-
-               #-cipher ECDHE-ECDSA-AES128-SHA
-               ${OPENSSL} s_client -host localhost -tls1_2 -port "${PORT}" -cert "${ECC521_CERT}" -key "${ECC521_KEY}" -CAfile "${CA_ECC_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-                       fail ${PID} "Failed"
-
-               kill ${PID}
-               wait
-       fi
-
-       echo "${PREFIX}Check TLS 1.2 with PSK ciphersuite"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+PSK:+CURVE-ALL${ADD}" --pskpasswd "${SERV_PSK}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-       PID=$!
-       wait_server ${PID}
-
-       #-cipher PSK-AES128-SHA
-       ${OPENSSL} s_client -host localhost -psk_identity Client_identity -psk 9e32cf7786321a828ef7668f09fb35db -tls1_2 -port "${PORT}" crt_file="${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep ":error:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-
-fi #NO_TLS1_2
-
-# DTLS
-echo "${PREFIX}Check DTLS 1.0 with RSA ciphersuite"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-PID=$!
-wait_udp_server ${PID}
-
-${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-
-echo "${PREFIX}Check DTLS 1.0 with DHE-RSA ciphersuite"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-PID=$!
-wait_udp_server ${PID}
-
-
-${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-if test "${NO_DSS}" = 0; then
-       echo "${PREFIX}Check DTLS 1.0 with DHE-DSS ciphersuite"
-       eval "${GETPORT}"
-       launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256${ADD}" --udp --x509certfile "${SERV_DSA_CERT}" --x509keyfile "${SERV_DSA_KEY}" --dhparams "${DH_PARAMS}"
-       PID=$!
-       wait_udp_server ${PID}
-
-
-       ${OPENSSL} s_client -host localhost -port "${PORT}" -cipher 'ALL:@SECLEVEL=1' -sigalgs "$SIGALGS" -dtls1 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-               fail ${PID} "Failed"
-
-       kill ${PID}
-       wait
-fi
-
-echo "${PREFIX}Check DTLS 1.2 with AES-CBC"
-eval "${GETPORT}"
-launch_server --priority "NONE:+AES-128-CBC:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-PID=$!
-wait_udp_server ${PID}
-
-${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-echo "${PREFIX}Check DTLS 1.2 with RSA ciphersuite"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-PID=$!
-wait_udp_server ${PID}
-
-${OPENSSL} s_client -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-
-echo "${PREFIX}Check DTLS 1.2 with DHE-RSA ciphersuite"
-eval "${GETPORT}"
-launch_server --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+DHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" --dhparams "${DH_PARAMS}"
-PID=$!
-wait_udp_server ${PID}
-
-
-${OPENSSL} s_client -cipher DHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
-
-echo "${PREFIX}Check DTLS 1.2 with ECDHE-RSA"
-eval "${GETPORT}"
-launch_server --priority "NONE:+GROUP-ALL:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.2:+ECDHE-RSA${ADD}" --udp --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
-PID=$!
-wait_udp_server ${PID}
-
-
-${OPENSSL} s_client -cipher ECDHE -host localhost -port "${PORT}" -dtls1_2 -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \
-       fail ${PID} "Failed"
-
-kill ${PID}
-wait
diff --git a/tests/suite/testcompat-openssl-serv-compat.sh b/tests/suite/testcompat-openssl-serv-compat.sh

deleted file mode 100755 (executable)

index b587ddd..0000000
--- a/tests/suite/testcompat-openssl-serv-compat.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-serv-common.sh" ":%COMPAT"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-no-etm.sh b/tests/suite/testcompat-openssl-serv-no-etm.sh

deleted file mode 100755 (executable)

index f7291ab..0000000
--- a/tests/suite/testcompat-openssl-serv-no-etm.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_ETM"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh b/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh

deleted file mode 100755 (executable)

index 5ac1b12..0000000
--- a/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-serv-common.sh" ":%DISABLE_SAFE_RENEGOTIATION"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-no-tickets.sh b/tests/suite/testcompat-openssl-serv-no-tickets.sh

deleted file mode 100755 (executable)

index 33716f2..0000000
--- a/tests/suite/testcompat-openssl-serv-no-tickets.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_TICKETS"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
diff --git a/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh b/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh

deleted file mode 100755 (executable)

index 1acc188..0000000
--- a/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-serv-common.sh" ":%SAFE_RENEGOTIATION"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
diff --git a/tests/suite/testcompat-openssl-serv.sh b/tests/suite/testcompat-openssl-serv.sh

deleted file mode 100755 (executable)

index ed24271..0000000
--- a/tests/suite/testcompat-openssl-serv.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2010-2015, Free Software Foundation, Inc.
-# Copyright (c) 2012-2015, Nikos Mavrogiannopoulos
-# All rights reserved.
-#
-# Author: Nikos Mavrogiannopoulos
-#
-# This file is part of GnuTLS.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this 
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice, 
-# this list of conditions and the following disclaimer in the documentation and/or
-# other materials provided with the distribution.
-# 3. Neither the name of the copyright holder nor the names of its contributors may
-# be used to endorse or promote products derived from this software without specific
-# prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
-# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-: ${srcdir=.}
-
-if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
-       echo "Cannot run in FIPS140-2 mode"
-       exit 77
-fi
-
-if ! test -x /usr/bin/openssl; then
-       echo "You need openssl to run this test"
-       exit 77
-fi
-
-/usr/bin/openssl version|grep fips >/dev/null 2>&1
-if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-       export FIPS_CURVES=1
-else
-       export FIPS_CURVES=0
-fi
-
-export TZ="UTC"
-
-# Check for faketime/datefudge
-. "${srcdir}/../scripts/common.sh"
-
-skip_if_no_datefudge
-
-"$FAKETIME" "2012-09-02" timeout 1800 \
-"${srcdir}/testcompat-openssl-serv-common.sh"
-
-ret=$?
-test $ret = 124 && exit 77
-
-exit $ret
author	Stanislav Zidek <szidek@redhat.com>
	Fri, 31 May 2024 08:50:42 +0000 (10:50 +0200)
committer	Stanislav Zidek <szidek@redhat.com>
	Tue, 11 Jun 2024 08:10:56 +0000 (10:10 +0200)
configure.ac		patch \| blob \| blame \| history
tests/suite/Makefile.am		patch \| blob \| blame \| history
tests/suite/testcompat-openssl-cli-common.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-cli-compat.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-cli-no-etm.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-cli.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-serv-common.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-serv-compat.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-serv-no-etm.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-serv-no-tickets.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-serv-safe-renegotiation.sh	[deleted file]	patch \| blob \| blame \| history
tests/suite/testcompat-openssl-serv.sh	[deleted file]	patch \| blob \| blame \| history