diff options
Diffstat (limited to 'src/rts.base')
| -rw-r--r-- | src/rts.base | 329 |
1 files changed, 0 insertions, 329 deletions
diff --git a/src/rts.base b/src/rts.base deleted file mode 100644 index 0096007..0000000 --- a/src/rts.base +++ /dev/null @@ -1,329 +0,0 @@ -#!/bin/sh -# Assumptions: -# ucspi-tcp -# available TCP ports on ::1: 50013--50021 -# 127.0.0.1 is resolved as 'localhost' -# ::1/128 is resolved as 'ip6-loopback' -# 0.0.0.0 and ::/128 is resolved as 'localnet' -# -# $here is ucspi-ssl current directory -# -# Not tested: -# setting UID or GID -# rules -# write timeout - -echo '---> test sslserver + sslclient: four instances of sslserver (ports 50013, 50014, 50015, 50016) are used' -echo '---> sslserver @port 50015 requires client certs' -echo '++++' - -sslserver -w 2 \ --s -E -c 1 -Bbanner -Vo -D -1 -3 -Xx rules.cdb -Rt5 -h -l Localserver -b 2 \ -::1 50016 ./print 3< $CADIR/::1.pw > log.50016 2>&1 & -pid_50016=$! - -sslserver -w 2 \ --s -e -c 1 -Bbanner -Vo -D -1 -3 -Xx rules.cdb -Rt5 -h -l Localserver -b 2 -m \ -::1 50015 ./print 3< $CADIR/::1.pw > log.50015 2>&1 & -pid_50015=$! - -CIPHERS='' sslserver -w 2 \ --s -e -c 1 -Bbanner -Vo -D -1 -3 -Xx rules.cdb -Rt5 -h -l Localserver -b 2 \ -::1 50014 ./print >log.50014 3< $CADIR/::1.pw 2>&1 & -pid_50014=$! -sleep 1 - -sslserver -w 2 \ --s -e -c 1 -Bbanner -Vo -D -1 -3 -Xx rules.cdb -Rt5 -h -l Localserver -b 2 \ -::1 50013 cat - >log.50013 3< $CADIR/::1.pw 2>&1 & -pid_50013=$! -sleep 1 - -echo '---> test sslclient/sslserver behavior with wrong parm (timeout 2 secs)' -echo '++++' - -echo '--- sslclient prints usage message without enough arguments' -sslclient -T2 0 0; echo $? - -echo '--- sslclient prints error message with unknown port name' -sslclient -T2 0 nonexistentport echo wrong; echo $? - -echo '--- sslclient prints error message when connection fails' -sslclient -T2 0 016 echo wrong; echo $? - -echo '--- sslclient -q does not print error message when connection fails' -sslclient -T2 -q 0 016 echo wrong; echo $? - -echo '--- sslclient prints error message with unknown host name' -sslclient nonexistent.local. 016 echo wrong; echo $? - -echo '--- sslclient prints error message with unresolvable host name' -sslclient thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 50016 echo wrong; echo $? - -echo '--- sslserver prints usage message without enough arguments' -sslserver 0 0; echo $? - -echo '--- sslserver prints error message with unknown port name' -sslserver 0 nonexistentport echo wrong; echo $? - -echo '--- sslserver prints error message with unknown host name' -sslserver nonexistent.local. 016 echo wrong; echo $? - -echo '--- sslserver prints error message with unresolvable host name' -sslserver thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 50016 echo wrong; echo $? - -echo '--- sslserver prints error message with non-local host name' -( sslserver 1.2.3.4 016 echo wrong 2>&1 - echo $? -) | sed -e 's/unable to bind to: .*/unable to bind to: .../' - - -echo '---> test sslclient to connect to sslserver (on different port; note: cert verify will fail on localhost)' -echo '++++' - -echo '--- sslclient sets basic environment variables' -{ - sslclient -p 50017 -R -N -H -T 10 -l Local -a "$CAFILE" ::1 50016 sh -c 'cat <&6' - echo $? -} | sed -e 's/unable to bind to: .*/unable to bind to: .../' - - -echo '--- sslserver -e also sets TCP environment variables' -{ - sslclient -p 50018 -e -S -R -N -H -T 10 -l Local -a "$CAFILE" ::1 50016 sh -c 'cat <&6' - echo $? -} | sanitize - -echo '--- sslclient recognizes -D, -z, -r, -h, -t (with elective cipher)' -{ - sslclient -p 50019 -N -D -r -t1 -l Local -a "$CAFILE" \ - -z 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256' \ - ::1 50016 sh -c 'cat <&6' - echo $? -} -#} | sanitize - -echo '--- sslclient sets basic environment variables' -{ - sslclient -p 50020 -R -N -H -l Local -a "$CAFILE" ::1 50016 ./print - echo $? -} | sanitize - -echo '--- sslclient -e sets TCP environment variables' -{ - sslclient -p 50021 -e -R -N -H -l Local -a "$CAFILE" ::1 50016 ./print - echo $? -} | sanitize - -echo '--- sslclient -s sets TLS environment variables' -{ - sslclient -p 50022 -s -R -N -H -l Local -a "$CAFILE" ::1 50016 ./print - echo $? -} | sanitize - -echo '--- sslclient looks up host names properly (localhost. -> ip6-loopback)' -{ - sslclient -p 50023 -R -N -a "$CAFILE" localhost. 50016 ./print - echo $? -} | sanitize - -echo '--- sslclient -v works' -sslclient -p 50024 -v -R -N -H -l Local -a "$CAFILE" ::1 50016 echo ok -echo $? - -echo '--- sslserver -N does not check certificates CN' -( exec 2>&1 - sslclient -p 50025 -v -R -H -N -l ip6-localhost -a "$CAFILE" -X ::1 50014 sh -c 'sleep 1; echo ok' - echo $? -) | sanitize - -echo '--- sslserver and sslclient print errors for incompatible cipher lists for TLS < 1.3' -( exec 2>&1 - sslclient -p 50026 -v -R -H -N -l ip6-localhost -z 'FOOBAR' -a "$CAFILE" ::1 50014 \ - sh -c 'sleep 1; echo ok' - echo $? -) | sanitize - -echo '--- sslclient -X ignores any server certificate' -( exec 2>&1 - sslclient -p 50027 -v -R -H -l ip6-localhost -X ::1 50014 \ - sh -c 'sleep 1; echo ok' - echo $? -) | sanitize - -echo '--- sslclient -n checks hostname with certificates SAN/CN' -( exec 2>&1 - sslclient -p 50027 -v -R -H -l ip6-localhost -a "$CAFILE" ::1 50014 \ - sh -c 'sleep 1; echo ok' - echo $? -) | sanitize - -echo '---> test sslclient to connect to sslserver requiring client cert' -echo '++++' - -echo '--- sslserver prints error for no client certificate' -( exec 2>&1 - sslclient -p 50028 -v -R -N -h -l ip6-localhost -a "$CAFILE" ::1 50015 \ - sh -c 'sleep 1; echo ok' - echo $? -) | sanitize - -echo '--- sslserver prints error for bad client certificate' -( exec 2>&1 - exec 3< $CADIR/::1.pw - sslclient -p 50029 -v -R -h -l ip6-localhost -a "$CAFILE" -c "$CERTFILE" -k "$KEYFILE" -3 \ - ::1 50015 sh -c 'sleep 1; echo ok' - echo $? -) | sanitize - -echo '--- sslclient uses certificates' -( exec 2>&1 - exec 3< $CADIR/localhost.pw - sslclient -p 50030 -v -s -R -N -h -l ip6-localhost -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 \ - ::1 50015 sh -c 'cat <&6; ./print' - echo $? -) | sanitize - -echo '---> test sslcat to connect to sslserver@5016' -echo '++++' - -echo '--- sslcat works' -{ - sslcat ::1 50013 -N -a "$CAFILE" -N - echo $? -} | sanitize - -echo '--- sslconnect works' -{ - sslconnect ::1 50013 -N -a "$CAFILE" </dev/null - echo $? -} | sanitize - -echo '--- https@ works' -https@ ::1 somefile 50013 -X -a "$CAFILE" -echo $? - - -echo '---> test sslconnect to connect to sslserver@5013' -echo '++++' - - -echo '--- sslclient and sslserver handle larger data' -( exec 2>&1 - exec 3< $CADIR/localhost.pw - { for i in 0 1 2 3 4 5 6 7 8 9 - do - for j in 0 1 2 3 4 5 6 7 8 9 - do - for k in 0 1 2 3 4 5 6 7 8 9 - do - echo "abcdefghijklmnopqrstuvwxyz" - echo "abcdefghijklmnopqrstuvwxyz" - echo "abcdefghijklmnopqrstuvwxyz" - echo "abcdefghijklmnopqrstuvwxyz" - done - done - done - } | sslconnect ::1 50013 -v -s -N \ - -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 > /dev/null - echo $? -) | sanitize - -echo '--- sslserver times out' -( exec 2>&1 - exec 3< $CADIR/localhost.pw - ( exec echo hereur ) | sslconnect ::1 50013 -v -s -N \ - -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 - echo $? -) | sanitize - -( exec 2>&1 - exec 3< $CADIR/localhost.pw - ( sleep 6; exec echo hereur; ) | sslconnect ::1 50013 -v -s -N \ - -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 - echo $? -) | sanitize - -## Kill all sslserver processes - -kill -TERM $pid_50013 -kill -TERM $pid_50014 -kill -TERM $pid_50015 -kill -TERM $pid_50016 -wait $pid_50013 -wait $pid_50014 -wait $pid_50015 -wait $pid_50016 - -echo '---> test sslprint@50021' -echo '++++' - - -sslprint \ --s -c 1 -Bsslprint -vo -D -e -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \ -::1 50021 3< $CADIR/::1.pw > log.sslprint 2>&1 & -pid_50021=$! -sleep 2 - -echo '--- sslprint prints usage message without enough arguments' -sslprint 0; echo $? - -echo '--- sslprint prints error message with unknown port name' -sslprint 0 nonexistentport; echo $? - -echo '--- sslprint prints error message with unknown host name' -sslprint nonexistent.local. 016; echo $? - -echo '--- sslprint prints error message with unresolvable host name' -sslprint thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 016; echo $? - -echo '--- sslprint prints error message with non-local host name' -( sslprint 1.2.3.4 16 2>&1 - echo $? -) | sed -e 's/unable to bind to: .*/unable to bind to: .../' - - -echo '--- sslprint prints error message with used port' -sslprint -R -H -l Localserver ::1 50021 echo wrong -echo $? - -echo '--- sslprint sets basic environment variables' -{ sslclient -R -H -T 5 -l Local -a "$CAFILE" -N ::1 50021 sh -c 'cat <&6' - echo $? -} | sanitize - -echo '--- sslprint exits when environment changes' -{ sslclient -R -H -T 5 -l Local -a "$CAFILE" -N ::1 50021 sh -c 'cat <&6' - echo $? -} | sanitize - -echo '--- sslprint does not lose descriptors' -{ sslclient -R -H -T 5 -l Local -a "$CAFILE" -N ::1 50021 sh -c 'cat <&6' \ - 0<&- 2<&- - echo $? -} | sanitize - -sleep 1 -kill -TERM $pid_50021 -wait $pid_50021 - - -echo '--- sslserver -1v prints proper messages' -cat log.50016 log.50015 log.50014 log.50013 log.sslprint | \ -sed -e 's/::*/::x/' \ - -e 's} [0-9]* } x }g' \ - -e 's} ip6-loopback:::1::[0-9]*} ip6-loopback:::1::x}' \ - -e 's} :::1:[0-9]*} :::1:x}' \ - -e 's} cafile x .*/\([^/]*\)} cafile x xxx/\1}' \ - -e 's} ccafile x .*/\([^/]*\)} ccafile x xxx/\1}' \ - -e 's} cadir x .*/\([^/]*\)} cadir x xxx/\1}' \ - -e 's} cert x .*/\([^/]*\)} cert x xxx/\1}' \ - -e 's} key x .*/\([^/]*\)} key x xxx/\1}' \ - -e 's} dhparam x .*} dhparam x xxx}' \ - -e 's} speak TLS: .*} speak TLS: ...}' \ - -e 's} accept TLS: .*} accept TLS: ...}' \ - -e 's} done [0-9]*$} done ...}' \ - -e 's} Localserver:::1:[0-9]*} Localserver:::1:x}' \ - -e 's} ip6-localnet:::::[0-9]*} ip6-localnet:::::x}' \ - -e 's} valid client cert received for pid: .*} valid client cert received for pid: ...}' - |