# Start OpenSSL TLS server
#
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${OPENSSL}" s_server -cert ${SERVER_CERT_FILE} -key ${SERVER_KEY_FILE} \
-CAfile ${CA_FILE} -port ${PORT} -Verify 1 -verify_return_error -www
SERVER_PID="${!}"
skip_if_no_datefudge
-datefudge "2017-2-28" \
+gnutls_timewrapper_standalone "2017-2-28" \
${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-root.pem
rc=$?
exit 1
fi
-datefudge "2017-2-28" \
+gnutls_timewrapper_standalone "2017-2-28" \
${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-endcert.pem
rc=$?
exit 1
fi
-datefudge "2017-2-28" \
+gnutls_timewrapper_standalone "2017-2-28" \
${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-intermediate.pem
rc=$?
skip_if_no_datefudge
# Test certificate chain using Ed25519
-datefudge "2017-7-6" \
+gnutls_timewrapper_standalone "2017-7-6" \
${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-eddsa.pem
if test $? != 0; then
skip_if_no_datefudge
-datefudge "2012-11-22" \
+gnutls_timewrapper_standalone "2012-11-22" \
${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-rsa-pss.pem" --infile "${srcdir}/data/cert-rsa-pss.pem"
rc=$?
skip_if_no_datefudge
-cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \
+cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|gnutls_timewrapper_standalone "2012-11-22" \
${VALGRIND} "${CERTTOOL}" --verify-chain
rc=$?
fi
# Note that in rare cases this test may fail because the
-# time set using datefudge could have changed since the generation
+# time set using faketime/datefudge could have changed since the generation
# (if example the system was busy)
gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
skip_if_no_datefudge
# Note that in rare cases this test may fail because the
-# time set using datefudge could have changed since the generation
+# time set using faketime/datefudge could have changed since the generation
# (if example the system was busy)
gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
EXPECT1=2002
-datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1
-datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1
+gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1
+gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1
out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "`
out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "`
EXPECT2=2002
-datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1
-datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1
+gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1
+gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1
out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "`
out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "`
# by Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann.
-datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1
+gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1
out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "`
out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "`
skip_if_no_datefudge
# Note that in rare cases this test may fail because the
-# time set using datefudge could have changed since the generation
+# time set using faketime/datefudge could have changed since the generation
# (if example the system was busy)
# Test PSS signatures on certificate
skip_if_no_datefudge
# Note that in rare cases this test may fail because the
-# time set using datefudge could have changed since the generation
+# time set using faketime/datefudge could have changed since the generation
# (if example the system was busy)
# Test SHA3 signatures
echo "Running test for ${ac_cv_sizeof_time_t}-byte time_t"
# Note that in rare cases this test may fail because the
-# time set using datefudge could have changed since the generation
+# time set using faketime/datefudge could have changed since the generation
# (if example the system was busy)
gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \
PID=$!
wait_server ${PID}
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!"
kill ${PID}
PID=$!
wait_server ${PID}
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!"
kill ${PID}
PID=$!
wait_server ${PID}
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!"
kill ${PID}
_EOF_
GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" \
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!"
kill ${PID}
PID=$!
wait_server ${PID}
- timeout 1800 datefudge "2017-08-9" \
+ gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!"
kill ${PID}
PID=$!
wait_server ${PID}
-datefudge "2018-9-19" \
+gnutls_timewrapper_standalone "2018-9-19" \
${VALGRIND} "${CLI}" -p "${PORT}" localhost --x509crlfile ${CRLFILE} --x509cafile ${CAFILE} >${TMPFILE} 2>&1 </dev/null && \
fail ${PID} "1. handshake should have failed!"
PID=$!
wait_server ${PID}
-datefudge "2018-1-1" \
+gnutls_timewrapper_standalone "2018-1-1" \
${VALGRIND} "${CLI}" -p "${PORT}" localhost >${TMPFILE} 2>&1 </dev/null && \
fail ${PID} "1. handshake should have failed!"
# SO_REUSEADDR usage.
PORT=${OCSP_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${OPENSSL}" ocsp -index "${INDEXFILE}" -text \
-port "${OCSP_PORT}" \
-rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \
t=0
while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do
# Run a test request to make sure the server works
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
${VALGRIND} "${OCSPTOOL}" --ask \
--load-cert "${SERVER_CERT_FILE}" \
--load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" \
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
TLS_SERVER_PORT=$PORT
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
TLS_SERVER_PORT=$PORT
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
TLS_SERVER_PORT=$PORT
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
echo "=== Test 5.1: Server with valid certificate - expired staple (ignoring errors) ==="
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
TLS_SERVER_PORT=$PORT
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
TLS_SERVER_PORT=$PORT
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
TLS_SERVER_PORT=$PORT
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_NO_EXT_FILE}" \
TLS_SERVER_PORT=$PORT
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
skip_if_no_datefudge
# Note that in rare cases this test may fail because the
-# time set using datefudge could have changed since the generation
+# time set using faketime/datefudge could have changed since the generation
# (if example the system was busy)
gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \
# SO_REUSEADDR usage.
PORT=${OCSP_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${OPENSSL}" ocsp -index "${srcdir}/ocsp-tests/certs/ocsp_index.txt" -text \
-port "${OCSP_PORT}" \
-rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \
t=0
while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do
# Run a test request to make sure the server works
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
${VALGRIND} "${OCSPTOOL}" --ask \
--load-cert "${SERVER_CERT_FILE}" \
--load-issuer "${srcdir}/ocsp-tests/certs/ca.pem"
PORT=${TLS_SERVER_PORT}
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
--x509certfile="${SERVER_CERT_FILE}" \
TLS_SERVER_PORT=$PORT
launch_bare_server \
- datefudge "${TESTDATE}" \
+ gnutls_timewrapper_standalone "${TESTDATE}" \
"${SERV}" --echo --disable-client-cert \
--x509keyfile="${srcdir}/ocsp-tests/certs/server_bad.key" \
--x509certfile="${SERVER_CERT_FILE}" \
PID=$!
wait_server ${PID}
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA" </dev/null || \
fail ${PID} "1. handshake with RSA should have succeeded!"
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-ECDSA" </dev/null || \
fail ${PID} "2. handshake with ECC should have succeeded!"
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-SHA256" --save-cert ${TMPFILE} </dev/null || \
fail ${PID} "3. handshake with RSA should have succeeded!"
fail ${PID} "3. the certificate used by server was not the expected"
fi
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA:+SIGN-RSA-SHA256:+SIGN-RSA-PSS-RSAE-SHA256" --save-cert ${TMPFILE} </dev/null || \
fail ${PID} "4. handshake with RSA should have succeeded!"
# check whether the server used the RSA-PSS certificate when we asked for RSA-PSS signature
-timeout 1800 datefudge "2017-08-9" \
+gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \
"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256" --save-cert ${TMPFILE} </dev/null || \
fail ${PID} "4. handshake with RSA-PSS and SHA256 should have succeeded!"
PID=$!
wait_server ${PID}
-timeout 1800 datefudge "2019-12-20" \
+gnutls_timewrapper_standalone "2019-12-20" timeout 1800 \
"${CLI}" -d 4 -p "${PORT}" localhost --x509cafile ${CERT1} --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 </dev/null && \
fail ${PID} "1. handshake with RSA should have failed!"
-timeout 1800 datefudge "2019-12-20" \
+gnutls_timewrapper_standalone "2019-12-20" timeout 1800 \
"${CLI}" -d 4 -p "${PORT}" localhost --x509cafile ${CERT1} --priority NORMAL </dev/null && \
fail ${PID} "2. handshake with RSA should have failed!"
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-cli-common.sh" ":%COMPAT"
ret=$?
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-cli-common.sh" ":%NO_ETM"
ret=$?
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-cli-common.sh"
ret=$?
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-serv-common.sh" ":%COMPAT"
ret=$?
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_ETM"
ret=$?
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-serv-common.sh" ":%DISABLE_SAFE_RENEGOTIATION"
ret=$?
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_TICKETS"
ret=$?
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-serv-common.sh" ":%SAFE_RENEGOTIATION"
ret=$?
export TZ="UTC"
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-openssl-serv-common.sh"
ret=$?
exit 77
fi
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
exit 77
fi
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-polarssl-serv-common.sh" ":%COMPAT"
ret=$?
exit 77
fi
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
exit 77
fi
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-polarssl-serv-common.sh" ":%NO_ETM"
ret=$?
exit 77
fi
-# Check for datefudge
+# Check for faketime/datefudge
. "${srcdir}/../scripts/common.sh"
skip_if_no_datefudge
exit 77
fi
-timeout 1800 datefudge "2012-09-02" \
+gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \
"${srcdir}/testcompat-polarssl-serv-common.sh"
ret=$?
export GNUTLS_DEBUG_LEVEL=3
unset GNUTLS_SYSTEM_PRIORITY_FILE
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null ||
fail "expected connection to succeed (1)"
export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null ||
fail "expected connection to succeed (2)"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null ||
fail "expected connection to succeed (3)"
unset GNUTLS_SYSTEM_PRIORITY_FILE
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null ||
fail "expected connection to succeed (1)"
export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null &&
fail "expected connection to fail (1)"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null &&
fail "expected connection to fail (2)"
#successful case, test whether the ciphers we disable below work
echo "Sanity testing"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null ||
fail ${PID} "stage1: expected connection to succeed (1)"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null ||
fail ${PID} "stage1: expected connection to succeed (2)"
echo "Testing TLS1.3"
echo " * sanity"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null ||
fail ${PID} "stage2: expected connection to succeed (1)"
echo " * fallback to good options"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null ||
fail ${PID} "stage2: expected connection to succeed (2)"
echo " * disabled cipher"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null && #>/dev/null &&
fail ${PID} "stage2: expected connection to fail (1)"
echo " * disabled group"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null &&
fail ${PID} "stage2: expected connection to fail (2)"
echo "Testing TLS1.2"
echo " * sanity"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null ||
fail ${PID} "stage3: expected connection to succeed (1)"
echo " * fallback to good options"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:+AES-256-GCM:-MAC-ALL:+SHA1:+AEAD --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null ||
fail ${PID} "stage3: expected connection to succeed (2)"
echo " * disabled cipher"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null &&
fail ${PID} "stage3: expected connection to fail (1)"
echo " * disabled MAC"
-datefudge "2017-11-22" \
+gnutls_timewrapper_standalone "2017-11-22" \
"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null &&
fail ${PID} "stage3: expected connection to fail (2)"
projects / thirdparty / gnutls.git / commitdiff
