blob: c182da05c20730be97026cb3d508047ea1ee2909 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
|
---> test sslserver + sslclient: four instances of sslserver (ports 50013, 50014, 50015, 50016) are used
---> sslserver @port 50015 requires client certs
++++
---> test sslclient/sslserver behavior with wrong parm (timeout 2 secs)
++++
--- sslclient prints usage message without enough arguments
sslclient: usage: sslclient [ -463hHrRdDiqQveEsSnNxX ] [ -i localip ] [ -p localport ] [ -T timeoutconn ] [ -l localname ] [ -t timeoutinfo ] [ -I interface ] [ -a cafile ] [ -A cadir ] [ -c certfile ] [ -z ciphers ] [ -k keyfile ] [ -V verifydepth ] [ -w progtimeout ] host port program
100
--- sslclient prints error message with unknown port name
sslclient: fatal: (111) unable to figure out port number for nonexistentport
111
--- sslclient prints error message when connection fails
sslclient: drop: (110) unable to connect to: 127.0.0.1 port: 16
110
--- sslclient -q does not print error message when connection fails
110
--- sslclient prints error message with unknown host name
sslclient: error: (111) No IP address for: nonexistent.local.
111
--- sslclient prints error message with unresolvable host name
sslclient: error: (111) No IP address for: thislabelistoolongbecausednshasalimitof63charactersinasinglelabel.
111
--- sslserver prints usage message without enough arguments
sslserver: usage: sslserver [ -1346UXpPhHrRoOdDqQvVIeEsSnNmzZ ] [ -c limit ] [ -x rules.cdb ] [ -B banner ] [ -g gid ] [ -u uid ] [ -b backlog ] [ -l localname ] [ -t timeout ] [ -I interface ] [ -T ssltimeout ] [ -w progtimeout ] host port program
100
--- sslserver prints error message with unknown port name
sslserver: fatal: (111) unable to figure out port number for: nonexistentport
111
--- sslserver prints error message with unknown host name
sslserver: fatal: (111) no IP address for: nonexistent.local.
111
--- sslserver prints error message with unresolvable host name
sslserver: fatal: (111) temporarily unable to figure out IP address for: thislabelistoolongbecausednshasalimitof63charactersinasinglelabel.
111
--- sslserver prints error message with non-local host name
sslserver: fatal: (111) unable to bind to: ...
111
---> test sslclient to connect to sslserver (on different port; note: cert verify will fail on localhost)
++++
--- sslclient sets basic environment variables
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslserver -e also sets TCP environment variables
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslclient recognizes -D, -z, -r, -h, -t (with elective cipher)
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslclient sets basic environment variables
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslclient -e sets TCP environment variables
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslclient -s sets TLS environment variables
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslclient looks up host names properly (localhost. -> ip6-loopback)
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslclient -v works
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslserver -N does not check certificates CN
sslclient: tls connected to: ::1 port: 50014
ok
0
--- sslserver and sslclient print errors for incompatible cipher lists for TLS < 1.3
sslclient: error: (111) unable to set cipher list
111
--- sslclient -X ignores any server certificate
sslclient: tls connected to: ::1 port: 50014
ok
0
--- sslclient -n checks hostname with certificates SAN/CN
sslclient: fatal: (111) unable to bind to: ::1 port: 50027
111
---> test sslclient to connect to sslserver requiring client cert
++++
--- sslserver prints error for no client certificate
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslserver prints error for bad client certificate
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslclient uses certificates
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
---> test sslcat to connect to sslserver@5016
++++
--- sslcat works
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslconnect works
banner0
--- https@ works
0
---> test sslconnect to connect to sslserver@5013
++++
--- sslclient and sslserver handle larger data
sslclient: tls connected to: ::1 port: 50013
0
--- sslserver times out
sslclient: tls connected to: ::1 port: 50013
bannerhereur^M
0
sslclient: tls connected to: ::1 port: 50013
banner0
---> test sslprint@50021
++++
--- sslprint prints usage message without enough arguments
sslprint: usage: sslprint[ -1346UXpPhHrRoOdDqQviIeEsS ] [ -c limit ] [ -x rules.cdb ] [ -B banner ] [ -g gid ] [ -u uid ] [ -b backlog ] [ -l localname ] [ -t timeout ] [ -T ssltimeout ] [ -w progtimeout ] [ -f lockfile ] [ -I interface ] host port program
100
--- sslprint prints error message with unknown port name
sslprint: fatal: (111) unable to figure out port number for: nonexistentport
111
--- sslprint prints error message with unknown host name
sslprint: fatal: (111) no IP address for: nonexistent.local.
111
--- sslprint prints error message with unresolvable host name
sslprint: fatal: (111) temporarily unable to figure out IP address for: thislabelistoolongbecausednshasalimitof63charactersinasinglelabel.
111
--- sslprint prints error message with non-local host name
sslprint: fatal: (111) unable to bind
111
--- sslprint prints error message with used port
sslprint: fatal: (111) unable to bind
111
--- sslprint sets basic environment variables
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslprint exits when environment changes
sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
110
--- sslprint does not lose descriptors
110
--- sslserver -1v prints proper messages
::x1 : 50016
sslserver::x ciphers x
sslserver::x cafile x xxx/rootCA_cert.pem
sslserver::x ccafile x
sslserver::x cadir x xxx/etc
sslserver::x certchainfile x
sslserver::x cert x xxx/::1_cert.pem
sslserver::x key x xxx/::1_key.pem
sslserver::x dhparam x xxx
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_CHACHA20_POLY1305_SHA256
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
::x1 : 50015
sslserver::x ciphers x
sslserver::x cafile x xxx/rootCA_cert.pem
sslserver::x ccafile x xxx/rootCA_cert.pem
sslserver::x cadir x xxx/etc
sslserver::x certchainfile x
sslserver::x cert x xxx/::1_cert.pem
sslserver::x key x xxx/::1_key.pem
sslserver::x dhparam x xxx
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x error: (111) unable to accept TLS for pid: x
sslserver::x ended by x status 28416
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x error: (111) unable to accept TLS for pid: x
sslserver::x ended by x status 28416
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x error: (111) unable to accept TLS for pid: x
sslserver::x ended by x status 28416
sslserver::x status: 0/1/0
::x1 : 50014
sslserver::x ciphers x
sslserver::x cafile x xxx/rootCA_cert.pem
sslserver::x ccafile x
sslserver::x cadir x xxx/etc
sslserver::x certchainfile x
sslserver::x cert x xxx/::1_cert.pem
sslserver::x key x xxx/::1_key.pem
sslserver::x dhparam x xxx
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x error: (111) unable to accept TLS for pid: x
sslserver::x ended by x status 28416
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
::x1 : 50013
sslserver::x ciphers x
sslserver::x cafile x xxx/rootCA_cert.pem
sslserver::x ccafile x
sslserver::x cadir x xxx/etc
sslserver::x certchainfile x
sslserver::x cert x xxx/::1_cert.pem
sslserver::x key x xxx/::1_key.pem
sslserver::x dhparam x xxx
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
sslserver::x status: 1/1/0
sslserver::x pid x from ::1
sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
sslserver::x ended by x status 0
sslserver::x status: 0/1/0
::x1 : 50021
sslprint::x ciphers x
sslprint::x cafile x xxx/rootCA_cert.pem
sslprint::x ccafile x
sslprint::x cadir x xxx/etc
sslprint::x certchainfile x
sslprint::x cert x xxx/::1_cert.pem
sslprint::x key x xxx/::1_key.pem
sslprint::x dhparam x xxx
sslprint::x status: 0/1
sslprint::x status: 1/1
sslprint::x pid x from ::
sslprint::x ok x Localserver:::1:x ip6-localnet:::::x
sslprint::x end x status 13
sslprint::x status: 0/1
sslprint::x status: 1/1
sslprint::x pid x from ::
sslprint::x ok x Localserver:::1:x ip6-localnet:::::x
sslprint::x end x status 13
sslprint::x status: 0/1
sslprint::x status: 1/1
sslprint::x pid x from ::
sslprint::x ok x Localserver:::1:x ip6-localnet:::::x
sslprint::x end x status 13
sslprint::x status: 0/1
sslprint::x status: 1/1
sslprint::x end x status 15
sslprint::x status: 0/1
|
