test.sh 2.38 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
#!/bin/sh

HTTP="localhost:8080"
CLIENT_PORT="9020"
SERVER_PORT="9021"

sub_test ()
{
	echo "STARTING - $VER $CIPHER"
	./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \
		-cacert CA.pem -cert A-client.pem -server 0 \
		-dh_special standard -v_peer -v_strict \
		$VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt &
	./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \
		-cacert CA.pem -cert A-server.pem -server 1 \
		-dh_special standard -v_peer -v_strict \
		$VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt &
	# Wait for the servers to be listening before starting the wget test
	DONE="no"
	while [ "$DONE" != "yes" ]; do
		L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
		L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
		if [ "x$L1" != "x" ]; then
			DONE="yes"
		elif [ "x$L2" != "x" ]; then
			DONE="yes"
		else
			sleep 1
		fi
	done
	HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep "<HTML>"`
	if [ "x$HTML" != "x" ]; then
		echo "OK - $CIPHER ($VER)"
	else
		echo "FAIL - $CIPHER ($VER)"
		killall tunala
		exit 1
	fi
	killall tunala
	# Wait for the servers to stop before returning - otherwise the next
	# test my fail to start ... (fscking race conditions)
	DONE="yes"
	while [ "$DONE" != "no" ]; do
		L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
		L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
		if [ "x$L1" != "x" ]; then
			DONE="yes"
		elif [ "x$L2" != "x" ]; then
			DONE="yes"
		else
			DONE="no"
		fi
	done
	exit 0
}

run_test ()
{
	(sub_test 1> /dev/null) || exit 1
}

run_ssl_test ()
{
killall tunala 1> /dev/null 2> /dev/null
echo ""
echo "Starting all $PRETTY tests"
if [ "$PRETTY" != "SSLv2" ]; then
	if [ "$PRETTY" != "SSLv3" ]; then
		export VER="-no_ssl2 -no_ssl3"
		export OSSL="-tls1"
	else
		export VER="-no_ssl2 -no_tls1"
		export OSSL="-ssl3"
	fi
else
	export VER="-no_ssl3 -no_tls1"
	export OSSL="-ssl2"
fi
LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`"
#echo "$LIST"
for i in $LIST; do \
	DSS=`echo "$i" | grep "DSS"`
	if [ "x$DSS" != "x" ]; then
		echo "---- skipping $i (no DSA cert/keys) ----"
	else
		export CIPHER=$i
		run_test
		echo "SUCCESS: $i"
	fi
done;
}

# Welcome the user
echo "Tests will assume an http server running at $HTTP"

# TLSv1 test
export PRETTY="TLSv1"
run_ssl_test

# SSLv3 test
export PRETTY="SSLv3"
run_ssl_test

# SSLv2 test
export PRETTY="SSLv2"
run_ssl_test