test.sh: Adapted some OpenSSL tests to modified OpenSSL behaviour

This commit is contained in:
Gerhard Rieger 2020-10-13 21:02:59 +02:00
parent c6c8ff784c
commit f2d17f0949
2 changed files with 21 additions and 8 deletions

View file

@ -6,6 +6,10 @@ Testing:
OpenSSL s_server appearently started to neglect TCPs half close feature. OpenSSL s_server appearently started to neglect TCPs half close feature.
Test OPENSSL_TCP4 has been changed to tolerate this. Test OPENSSL_TCP4 has been changed to tolerate this.
OpenSSL changed its behaviour when connection is rejected. Tests
OPENSSLCERTSERVER, OPENSSL_CN_CLIENT_SECURITY, and
OPENSSL_CN_SERVER_SECURITY now tolerate this.
####################### V 1.7.3.4: ####################### V 1.7.3.4:
Corrections: Corrections:

25
test.sh
View file

@ -5538,7 +5538,7 @@ testserversec () {
local ipvers="$8" # IP version, for check of listen port local ipvers="$8" # IP version, for check of listen port
local proto="$9" # protocol, for check of listen port local proto="$9" # protocol, for check of listen port
local port="${10}" # start client when this port is listening local port="${10}" # start client when this port is listening
local expect="${11}" # expected behaviour of client: 0..empty output; -1..error local expect="${11}" # expected behaviour of client: 0..empty output; -1..error; *: any of these
local T="${12}"; [ -z "$T" ] && T=0 local T="${12}"; [ -z "$T" ] && T=0
local tf="$td/test$N.stdout" local tf="$td/test$N.stdout"
local te="$td/test$N.stderr" local te="$td/test$N.stderr"
@ -5635,7 +5635,16 @@ testserversec () {
else else
result=2; # output differs from input result=2; # output differs from input
fi fi
if [ X$result != X$expect ]; then if [ "$expect" != '1' -a "$result" -eq 1 ]; then
$PRINTF "$FAILED: SECURITY BROKEN\n"
echo "$TRACE $SOCAT $opts $arg echo"
cat "${te}3"
echo "$TRACE $SOCAT $opts - $arg2"
cat "${te}4"
cat "$tdiff2"
numFAIL=$((numFAIL+1))
listFAIL="$listFAIL $N"
elif [ "X$expect" != 'X*' -a X$result != X$expect ]; then
case X$result in case X$result in
X-1) $PRINTF "$NO_RESULT (ph.2 client error): $TRACE $SOCAT:\n" X-1) $PRINTF "$NO_RESULT (ph.2 client error): $TRACE $SOCAT:\n"
echo "$TRACE $SOCAT $opts $arg echo" echo "$TRACE $SOCAT $opts $arg echo"
@ -5650,7 +5659,7 @@ testserversec () {
cat "${te}3" cat "${te}3"
echo "$TRACE $SOCAT $opts - $arg2" echo "$TRACE $SOCAT $opts - $arg2"
cat "${te}4" cat "${te}4"
cat "$tdiff2" 2>/dev/stderr cat "$tdiff2"
numCANT=$((numCANT+1)) numCANT=$((numCANT+1))
listCANT="$listCANT $N" listCANT="$listCANT $N"
;; ;;
@ -5659,7 +5668,7 @@ testserversec () {
cat "${te}3" cat "${te}3"
echo "$TRACE $SOCAT $opts - $arg2" echo "$TRACE $SOCAT $opts - $arg2"
cat "${te}4" cat "${te}4"
cat "$tdiff2" 2>/dev/stderr cat "$tdiff2"
numFAIL=$((numFAIL+1)) numFAIL=$((numFAIL+1))
listFAIL="$listFAIL $N" listFAIL="$listFAIL $N"
;; ;;
@ -5668,7 +5677,7 @@ testserversec () {
cat "${te}3" cat "${te}3"
echo "$TRACE $SOCAT $opts - $arg2" echo "$TRACE $SOCAT $opts - $arg2"
cat "${te}4" cat "${te}4"
cat "$tdiff2" 2>/dev/stderr cat "$tdiff2"
numFAIL=$((numFAIL+1)) numFAIL=$((numFAIL+1))
listFAIL="$listFAIL $N" listFAIL="$listFAIL $N"
;; ;;
@ -6073,7 +6082,7 @@ elif ! testaddrs openssl >/dev/null; then
else else
gentestcert testsrv gentestcert testsrv
gentestcert testcli gentestcert testcli
testserversec "$N" "$TEST" "$opts -4" "SSL-L:$PORT,pf=ip4,reuseaddr,fork,retry=1,$SOCAT_EGD,verify,cert=testsrv.crt,key=testsrv.key" "cafile=testcli.crt" "cafile=testsrv.crt" "SSL:$LOCALHOST:$PORT,cafile=testsrv.crt,cert=testcli.pem,$SOCAT_EGD" 4 tcp $PORT -1 testserversec "$N" "$TEST" "$opts -4" "SSL-L:$PORT,pf=ip4,reuseaddr,fork,retry=1,$SOCAT_EGD,verify,cert=testsrv.crt,key=testsrv.key" "cafile=testcli.crt" "cafile=testsrv.crt" "SSL:$LOCALHOST:$PORT,cafile=testsrv.crt,cert=testcli.pem,$SOCAT_EGD" 4 tcp $PORT '*'
fi ;; # NUMCOND, feats fi ;; # NUMCOND, feats
esac esac
PORT=$((PORT+1)) PORT=$((PORT+1))
@ -6202,7 +6211,7 @@ elif ! testaddrs listen tcp ip4 >/dev/null || ! runsip4 >/dev/null; then
else else
gentestcert testsrv gentestcert testsrv
gentestcert testcli gentestcert testcli
testserversec "$N" "$TEST" "$opts -t 0.5 -4" "SSL:127.0.0.1:$PORT,fork,retry=2,verify,cafile=testsrv.crt" "commonname=$LOCALHOST" "" "SSL-L:$PORT,pf=ip4,$REUSEADDR,cert=testsrv.crt,key=testsrv.key,verify=0" 4 tcp "" 0 testserversec "$N" "$TEST" "$opts -t 0.5 -4" "SSL:127.0.0.1:$PORT,fork,retry=2,verify,cafile=testsrv.crt" "commonname=$LOCALHOST" "" "SSL-L:$PORT,pf=ip4,$REUSEADDR,cert=testsrv.crt,key=testsrv.key,verify=0" 4 tcp "" '*'
fi ;; # testaddrs, NUMCOND fi ;; # testaddrs, NUMCOND
esac esac
PORT=$((PORT+1)) PORT=$((PORT+1))
@ -6228,7 +6237,7 @@ elif ! testaddrs listen tcp ip4 >/dev/null || ! runsip4 >/dev/null; then
else else
gentestcert testsrv gentestcert testsrv
gentestcert testcli gentestcert testcli
testserversec "$N" "$TEST" "$opts -4" "SSL-L:$PORT,pf=ip4,reuseaddr,cert=testsrv.crt,key=testsrv.key,cafile=testcli.crt" "" "commonname=onlyyou" "SSL:$LOCALHOST:$PORT,$REUSEADDR,verify=0,cafile=testsrv.crt,cert=testcli.crt,key=testcli.key" 4 tcp "$PORT" 0 testserversec "$N" "$TEST" "$opts -4" "SSL-L:$PORT,pf=ip4,reuseaddr,cert=testsrv.crt,key=testsrv.key,cafile=testcli.crt" "" "commonname=onlyyou" "SSL:$LOCALHOST:$PORT,$REUSEADDR,verify=0,cafile=testsrv.crt,cert=testcli.crt,key=testcli.key" 4 tcp "$PORT" '*'
fi ;; # testaddrs, NUMCOND fi ;; # testaddrs, NUMCOND
esac esac
PORT=$((PORT+1)) PORT=$((PORT+1))