mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
tests: added tests for anyconnect's DTLS1.2 support
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -58,8 +58,8 @@ dist_check_SCRIPTS += test-iroute test-multi-cookie test-pass-script \
|
||||
#other tests requiring nuttcp for traffic
|
||||
if ENABLE_NUTTCP_TESTS
|
||||
dist_check_SCRIPTS += traffic lz4-compression lzs-compression \
|
||||
aes256-cipher aes128-cipher aes256-gcm-cipher aes128-gcm-cipher \
|
||||
test-config-per-group
|
||||
aes256-cipher aes128-cipher oc-aes256-gcm-cipher oc-aes128-gcm-cipher \
|
||||
test-config-per-group ac-aes128-gcm-cipher ac-aes256-gcm-cipher
|
||||
endif
|
||||
|
||||
endif
|
||||
|
||||
31
tests/ac-aes128-gcm-cipher
Executable file
31
tests/ac-aes128-gcm-cipher
Executable file
@@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright (C) 2019 Nikos Mavrogiannopoulos
|
||||
#
|
||||
# This file is part of ocserv.
|
||||
#
|
||||
# ocserv is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by the
|
||||
# Free Software Foundation; either version 2 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# ocserv is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
# This tests support for anyconnect's DTLS1.2 support
|
||||
|
||||
PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}"
|
||||
CIPHER12_NAME="AES128-GCM-SHA256"
|
||||
GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)"
|
||||
|
||||
${PKG_CONFIG} --atleast-version=8.02 openconnect
|
||||
test $? != 0 && exit 77
|
||||
|
||||
. cipher-common.sh
|
||||
|
||||
33
tests/ac-aes256-gcm-cipher
Executable file
33
tests/ac-aes256-gcm-cipher
Executable file
@@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright (C) 2019 Nikos Mavrogiannopoulos
|
||||
#
|
||||
# This file is part of ocserv.
|
||||
#
|
||||
# ocserv is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by the
|
||||
# Free Software Foundation; either version 2 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# ocserv is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
# This tests support for anyconnect's DTLS1.2 support
|
||||
|
||||
PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}"
|
||||
CIPHER12_NAME="AES256-GCM-SHA384"
|
||||
GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)"
|
||||
|
||||
# There is a bug preventing AES256-GCM-SHA384 to work in openconnect
|
||||
# 8.02.
|
||||
${PKG_CONFIG} --atleast-version=8.03 openconnect
|
||||
test $? != 0 && exit 77
|
||||
|
||||
. cipher-common.sh
|
||||
|
||||
@@ -78,16 +78,22 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
|
||||
sleep 4
|
||||
|
||||
if test -n "${CIPHER12_NAME}";then
|
||||
CSTR="--dtls12-ciphers ${CIPHER12_NAME} --dtls-ciphers UNKNOWN"
|
||||
else
|
||||
CSTR="--dtls-ciphers ${CIPHER_NAME}"
|
||||
fi
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --dtls-ciphers=${CIPHER_NAME} --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --dtls-ciphers=${CIPHER_NAME} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
Reference in New Issue
Block a user