More expansive testing
This commit is contained in:
Paul Bakker
parent
78ce507988
commit
1eeceaeac8
@ -1,19 +1,22 @@
|
||||
killall -q openssl ssl_server ssl_server2
|
||||
|
||||
MODES="ssl3 tls1 tls1_1 tls1_2"
|
||||
#VERIFY="YES"
|
||||
VERIFY=""
|
||||
VERIFIES="NO YES"
|
||||
OPENSSL=openssl
|
||||
|
||||
for VERIFY in $VERIFIES;
|
||||
do
|
||||
if [ "X$VERIFY" = "XYES" ];
|
||||
then
|
||||
P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
||||
O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt"
|
||||
P_SERVER_ARGS="auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt"
|
||||
P_CLIENT_ARGS="crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt"
|
||||
O_SERVER_ARGS="-verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key"
|
||||
O_CLIENT_ARGS="-cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt"
|
||||
fi
|
||||
|
||||
for MODE in $MODES;
|
||||
do
|
||||
echo "Running for $MODE"
|
||||
echo "Running for $MODE (Verify: $VERIFY)"
|
||||
echo "-----------"
|
||||
|
||||
P_CIPHERS=" \
|
||||
@ -56,7 +59,9 @@ O_CIPHERS=" \
|
||||
|
||||
# Also add SHA256 ciphersuites
|
||||
#
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-RSA-WITH-NULL-SHA256 \
|
||||
TLS-RSA-WITH-AES-128-CBC-SHA256 \
|
||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||
@ -64,7 +69,7 @@ P_CIPHERS="$P_CIPHERS \
|
||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
|
||||
"
|
||||
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
O_CIPHERS="$O_CIPHERS \
|
||||
NULL-SHA256 \
|
||||
AES128-SHA256 \
|
||||
DHE-RSA-AES128-SHA256 \
|
||||
@ -72,8 +77,6 @@ O_CIPHERS="$O_CIPHERS \
|
||||
DHE-RSA-AES256-SHA256 \
|
||||
"
|
||||
|
||||
if [ "$MODE" = "tls1_2" ];
|
||||
then
|
||||
P_CIPHERS="$P_CIPHERS \
|
||||
TLS-RSA-WITH-AES-128-GCM-SHA256 \
|
||||
TLS-RSA-WITH-AES-256-GCM-SHA384 \
|
||||
@ -112,14 +115,14 @@ do
|
||||
done
|
||||
kill $PROCESS_ID
|
||||
|
||||
../programs/ssl/ssl_server2 > /dev/null &
|
||||
../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
|
||||
PROCESS_ID=$!
|
||||
|
||||
sleep 1
|
||||
|
||||
for i in $O_CIPHERS;
|
||||
do
|
||||
RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i 2>&1)"
|
||||
RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )"
|
||||
EXIT=$?
|
||||
echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "
|
||||
|
||||
@ -131,6 +134,8 @@ do
|
||||
echo "Ciphersuite not supported in server"
|
||||
else
|
||||
echo Failed
|
||||
echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS
|
||||
echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS
|
||||
echo $RESULT
|
||||
fi
|
||||
else
|
||||
@ -140,7 +145,7 @@ done
|
||||
|
||||
kill $PROCESS_ID
|
||||
|
||||
../programs/ssl/ssl_server2 > /dev/null &
|
||||
../programs/ssl/ssl_server2 $P_SERVER_ARGS > /dev/null &
|
||||
PROCESS_ID=$!
|
||||
|
||||
sleep 1
|
||||
@ -160,7 +165,7 @@ fi
|
||||
|
||||
for i in $P_CIPHERS;
|
||||
do
|
||||
RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
|
||||
RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i $P_CLIENT_ARGS )"
|
||||
EXIT=$?
|
||||
echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
|
||||
if [ "$EXIT" = "2" ];
|
||||
@ -177,4 +182,4 @@ done
|
||||
kill $PROCESS_ID
|
||||
|
||||
done
|
||||
|
||||
done
|
||||
|
||||
Loading…
Reference in New Issue
Block a user