167 lines
4.2 KiB
Bash
Executable file
167 lines
4.2 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# psk.test
|
|
# copyright wolfSSL 2016
|
|
|
|
# if we can, isolate the network namespace to eliminate port collisions.
|
|
if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
|
|
if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
|
|
export NETWORK_UNSHARE_HELPER_CALLED=yes
|
|
exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
|
|
fi
|
|
elif [ "${AM_BWRAPPED-}" != "yes" ]; then
|
|
bwrap_path="$(command -v bwrap)"
|
|
if [ -n "$bwrap_path" ]; then
|
|
export AM_BWRAPPED=yes
|
|
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
|
|
fi
|
|
unset AM_BWRAPPED
|
|
fi
|
|
|
|
# getting unique port is modeled after resume.test script
|
|
# need a unique port since may run the same time as testsuite
|
|
# use server port zero hack to get one
|
|
port=0
|
|
no_pid=-1
|
|
server_pid=$no_pid
|
|
counter=0
|
|
# let's use absolute path to a local dir (make distcheck may be in sub dir)
|
|
# also let's add some randomness by adding pid in case multiple 'make check's
|
|
# per source tree
|
|
ready_file=`pwd`/wolfssl_psk_ready$$
|
|
|
|
echo "ready file \"$ready_file\""
|
|
|
|
create_port() {
|
|
while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
|
|
echo -e "waiting for ready file..."
|
|
sleep 0.1
|
|
counter=$((counter+ 1))
|
|
done
|
|
|
|
if test -e "$ready_file"; then
|
|
echo -e "found ready file, starting client..."
|
|
|
|
# sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
|
|
sleep 0.1
|
|
|
|
# get created port 0 ephemeral port
|
|
port=`cat "$ready_file"`
|
|
else
|
|
echo -e "NO ready file ending test..."
|
|
do_cleanup
|
|
fi
|
|
}
|
|
|
|
remove_ready_file() {
|
|
if test -e "$ready_file"; then
|
|
echo -e "removing existing ready file"
|
|
rm "$ready_file"
|
|
fi
|
|
}
|
|
|
|
do_cleanup() {
|
|
echo "in cleanup"
|
|
|
|
if [ $server_pid != $no_pid ]
|
|
then
|
|
echo "killing server"
|
|
kill -9 $server_pid
|
|
fi
|
|
remove_ready_file
|
|
}
|
|
|
|
do_trap() {
|
|
echo "got trap"
|
|
do_cleanup
|
|
exit 1
|
|
}
|
|
|
|
trap do_trap INT TERM
|
|
|
|
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
|
|
./examples/client/client '-?' 2>&1 | grep -- 'Client not compiled in!'
|
|
if [ $? -eq 0 ]; then
|
|
exit 0
|
|
fi
|
|
./examples/server/server '-?' 2>&1 | grep -- 'Server not compiled in!'
|
|
if [ $? -eq 0 ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Usual psk server / psk client. This use case is tested in
|
|
# tests/unit.test and is used here for just checking if PSK is enabled
|
|
port=0
|
|
./examples/server/server -s -R "$ready_file" -p $port &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -s -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
# if fail here then is a settings issue so return 0
|
|
if [ $RESULT -ne 0 ]; then
|
|
echo -e "\n\nPSK not enabled"
|
|
do_cleanup
|
|
exit 0
|
|
fi
|
|
echo ""
|
|
|
|
# client test against the server
|
|
###############################
|
|
|
|
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
|
|
if [ $? -ne 0 ]; then
|
|
# Usual server / client. This use case is tested in
|
|
# tests/unit.test and is used here for just checking if cipher suite
|
|
# is available (one case for example is with disable-asn)
|
|
port=0
|
|
./examples/server/server -R "$ready_file" -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
# if fail here then is a settings issue so return 0
|
|
if [ $RESULT -ne 0 ]; then
|
|
echo -e "\n\nIssue with chosen non PSK suites"
|
|
do_cleanup
|
|
exit 0
|
|
fi
|
|
echo ""
|
|
|
|
# psk server with non psk client
|
|
port=0
|
|
./examples/server/server -j -R "$ready_file" -p $port &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
if [ $RESULT -ne 0 ]; then
|
|
echo -e "\n\nClient connection failed"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
|
|
# check fail if no auth, psk server with non psk client
|
|
echo "Checking fail when not sending peer cert"
|
|
port=0
|
|
./examples/server/server -j -R "$ready_file" -p $port &
|
|
server_pid=$!
|
|
create_port
|
|
./examples/client/client -x -p $port
|
|
RESULT=$?
|
|
remove_ready_file
|
|
if [ $RESULT -eq 0 ]; then
|
|
echo -e "\n\nClient connected when supposed to fail"
|
|
do_cleanup
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
echo -e "\nALL Tests Passed"
|
|
|
|
exit 0
|
|
|