mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-12 01:46:59 +08:00
Regenerated expired certificates and updated scripts for new ones
Also added rules and templates to regenerate certificates when needed. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -44,7 +44,8 @@ EXTRA_DIST = certs/ca-key.pem certs/ca.pem ns.sh common.sh certs/server-cert.pem
|
||||
data/disconnect-user2.config data/ping-leases.config data/haproxy-proxyproto.config \
|
||||
data/haproxy-proxyproto.cfg scripts/proxy-connectscript data/haproxy-proxyproto-v1.config \
|
||||
data/haproxy-proxyproto-v1.cfg scripts/proxy-connectscript-v1 data/test-multiple-client-ip.config \
|
||||
data/test-client-bypass-protocol.config asan.supp
|
||||
data/test-client-bypass-protocol.config asan.supp certs/ca.tmpl certs/server-cert.tmpl \
|
||||
certs/user-cert.tmpl
|
||||
|
||||
xfail_scripts =
|
||||
dist_check_SCRIPTS = ocpasswd-test
|
||||
@@ -176,6 +177,25 @@ gen_oidc_test_data_CPPFLAGS = $(AM_CPPFLAGS)
|
||||
gen_oidc_test_data_SOURCES = generate_oidc_test_data.c
|
||||
gen_oidc_test_data_LDADD = $(LDADD) $(CJOSE_LIBS) $(JANSSON_LIBS)
|
||||
|
||||
certs/ca.pem: certs/ca-key.pem certs/ca.tmpl
|
||||
certtool --generate-self-signed --template certs/ca.tmpl --load-privkey certs/ca-key.pem --outfile certs/ca.pem
|
||||
|
||||
certs/server-cert-ca.pem: certs/ca.pem certs/server-cert.pem
|
||||
cat certs/server-cert.pem certs/ca.pem > certs/server-cert-ca.pem
|
||||
|
||||
certs/server-cert.pem: certs/server-cert.tmpl certs/ca.pem certs/server-key.pem certs/ca-key.pem
|
||||
certtool --generate-certificate --template certs/server-cert.tmpl --load-privkey certs/server-key.pem --load-ca-certificate certs/ca.pem --load-ca-privkey certs/ca-key.pem --outfile certs/server-cert.pem
|
||||
|
||||
certs/user-cert.pem: certs/user-cert.tmpl certs/ca.pem certs/user-key.pem certs/ca-key.pem
|
||||
certtool --generate-certificate --template certs/user-cert.tmpl --load-privkey certs/user-key.pem --load-ca-certificate certs/ca.pem --load-ca-privkey certs/ca-key.pem --outfile certs/user-cert.pem
|
||||
|
||||
# make the user certificate invalid by signing it with another CA
|
||||
certs/user-cert-invalid.pem: certs/user-cert.tmpl
|
||||
certtool --generate-privkey --outfile ca-key.tmp
|
||||
certtool --generate-self-signed --template certs/ca.tmpl --load-privkey ca-key.tmp --outfile ca.tmp
|
||||
certtool --generate-certificate --template certs/user-cert.tmpl --load-privkey certs/user-key.pem --load-ca-certificate ca.tmp --load-ca-privkey ca-key.tmp --outfile certs/user-cert-invalid.pem
|
||||
rm -f ca-key.tmp ca.tmp
|
||||
|
||||
if ENABLE_OIDC_AUTH_TESTS
|
||||
check_PROGRAMS += gen_oidc_test_data
|
||||
dist_check_SCRIPTS += test-oidc
|
||||
|
||||
@@ -54,11 +54,11 @@ wait_server $PID
|
||||
sleep 2
|
||||
|
||||
echo " * Connecting to obtain cookie... "
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null ) ||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo " * Re-connect to force script run with platform... "
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
||||
|
||||
sleep 5
|
||||
|
||||
@@ -87,7 +87,7 @@ fi
|
||||
rm -f ${TMPFILE}
|
||||
|
||||
echo " * Re-connecting to force script run with user agent... "
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose --useragent="Cisco AnyConnect VPN Agent for Apple" localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose --useragent="Cisco AnyConnect VPN Agent for Apple" localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
||||
|
||||
sleep 5
|
||||
|
||||
@@ -114,7 +114,7 @@ fi
|
||||
sleep 5
|
||||
echo " - Check server status"
|
||||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo " - Killing server"
|
||||
|
||||
@@ -50,7 +50,7 @@ wait_server $PID
|
||||
sleep 3
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >${TMPFILE} 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >${TMPFILE} 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
grep "${BANNER}" ${TMPFILE} >/dev/null
|
||||
@@ -61,7 +61,7 @@ if test $? != 0;then
|
||||
fi
|
||||
|
||||
echo "Connecting to obtain cookie with wrong password... "
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >${TMPFILE} 2>&1 ) &&
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >${TMPFILE} 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
grep "${BANNER}" ${TMPFILE} >/dev/null
|
||||
|
||||
@@ -31,25 +31,3 @@ y1hvTfWRAoGZALNT3AbF9EDnJmZlS30MWtBggw83UhszC8XN2tY30AsvsDOS6a0F
|
||||
UVhyNvBTKo6lPqXqUsVxp16TKeeQKF+DuYuuNZN3pXXsHTiHkRMDCRVEqz7UnZEc
|
||||
/Bq/Kh2aOkelkX2S27QzTZGL
|
||||
-----END RSA PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H
|
||||
bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x
|
||||
LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC
|
||||
AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D
|
||||
hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh
|
||||
ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq
|
||||
58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB
|
||||
VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03
|
||||
U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L
|
||||
xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC
|
||||
AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT
|
||||
BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2
|
||||
B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T
|
||||
AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH
|
||||
gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3
|
||||
LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE
|
||||
/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD
|
||||
5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h
|
||||
h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc
|
||||
w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
@@ -1,20 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD
|
||||
EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw
|
||||
fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ
|
||||
l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW
|
||||
DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh
|
||||
zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt
|
||||
c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b
|
||||
7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep
|
||||
n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
|
||||
MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC
|
||||
ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT
|
||||
z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP
|
||||
g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX
|
||||
ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk
|
||||
x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH
|
||||
yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg
|
||||
fJbi9Ui2FmXEeKkX34f1ONNj9Q==
|
||||
MIIDPDCCAfSgAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzAyMTMxNTMyMTJaGA85OTk5MTIzMTIzNTk1OVowDTELMAkGA1UEAxMC
|
||||
Q0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7KsH70
|
||||
2LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8WyZdV
|
||||
NRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITclg6y
|
||||
bBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7oc0l
|
||||
YpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLyrXPl
|
||||
GQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+G+3r
|
||||
o22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjehKZ+A
|
||||
eap1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0G
|
||||
A1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOCATEA
|
||||
foqPGdiyJYHih4J5YHwFPQxmkOzPHSa13K/q8sDvobE+HFTzrlTbAFC8bS38Bv2f
|
||||
9ZrPME4JvnsGdRGYwxS3LUmNdHHWR8LkvGXBE3u/TZsJfPtOR8JwdulQXpRw7hhL
|
||||
ew/mR5IEHZrUZgnnI4dg1kJhE1JPTvmtgqcE1CsikVQ14NvG/ehJbJyPgKTq/Zxm
|
||||
Ru4B5N+Jef/LaOqZvK4xK8x2ZaZ/L/ANou+7EY4DoWAkOEEoCU8DQHLAFgf6B7La
|
||||
oemLQGNHcBpba81jlS5EXXGJccOvfbw0MJTP3ZvyVIlEYu/X4roC7EJP/UkCZUJG
|
||||
f79Nc28q2/2D8tuFOqG7UbP7r2cWSa8OO3cI/V1W1k3iWZ63WltqDwFC0c8iqYFL
|
||||
9xKfQ96Q7wrYOCjmuaCLbw==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
6
tests/certs/ca.tmpl
Normal file
6
tests/certs/ca.tmpl
Normal file
@@ -0,0 +1,6 @@
|
||||
cn = CA
|
||||
ca
|
||||
cert_signing_key
|
||||
expiration_days = -1
|
||||
activation_date = "2013-02-13 16:32:12"
|
||||
serial = 0x51d82ecc
|
||||
@@ -1,42 +1,42 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD
|
||||
Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs
|
||||
PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8
|
||||
u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd
|
||||
YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ
|
||||
IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759
|
||||
KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5
|
||||
7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU
|
||||
yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL
|
||||
gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg
|
||||
ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0
|
||||
UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s
|
||||
9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9
|
||||
GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C
|
||||
zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/
|
||||
eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF
|
||||
FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j
|
||||
LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM
|
||||
zzJKdNg=
|
||||
MIIDjjCCAkagAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJ
|
||||
bG9jYWxob3N0MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEApzor7D8U
|
||||
sCwZ9vFukB2/jqn26XCECYfzUPNfw5RQ+ixk1leAWOGW/O7QvQQVfl9/pTP4/LuR
|
||||
7zd5w1rb+BntA68i1uk3LOhTwreLKxHwpIeZeeC6zJlm4RYJFZTeX06qGNJZ3WCc
|
||||
dl/FlpXUY3i/vBO5xVHBUrVq4IvQM4DBa47C+Kapfe2AGUV3DKEF1Y20Zs1S2SFb
|
||||
pkMu3PrZexKs/Jcf8Uv+RcfbSEbp6jUuYxFLPDZ+ROhb62gHMvniNIF0xpO+fSjT
|
||||
2IrEqgLhQJprf1w0077zqOnaQLHl6rUdvy42SVjpV3Ymf8ox4OfkSkOXbd3ZOe5Q
|
||||
CFhEfXoCDqP/hgJMnpNGSeRllOlcU7BXCJeqMt0uxLQdDQiDO4b4ct9kKyeWVMjZ
|
||||
3E0n+qjFaHnYHQIDAQABo4GMMIGJMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ
|
||||
bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAd
|
||||
BgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0UwqJ
|
||||
MThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAGQoUMiZVg6+Ibj8kyfq
|
||||
l/vfu4QxlUlqAbm/b9PVdOLrhz+T986HMFhL0b2HUGg5Mb0NZcgHjH4VLkei4AIb
|
||||
g/1nGdJ2I6EcLiQOvO4h2F3CoU6HkEGVEUXFaBd19tSDm7aM+2h7oPb3Vs3YT9QE
|
||||
x7ejmVeA+Qr9+H9xHyModpA1PkKRW31TOYtjUXHdHObT1uar++C1JLHn49ooKDZM
|
||||
5p9a4ExQVYd6WMRXKC83py1V4Ne5kBxC/l+3QkVZnMwByChySP7SEMa9yGv4KFM9
|
||||
FT7XvxQsrkqPi5bCllUyGDrVeyTpyPDrb4BKgAu/Cy4tyDxLzBTZ5TXDH7E1IBps
|
||||
g1k5llFIyGdO5vQrX8vF61tqK5DBhgVvwu0k/m2lP9esLfaF7I5oGAbUKGhRr8mE
|
||||
xs8=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD
|
||||
EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw
|
||||
fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ
|
||||
l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW
|
||||
DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh
|
||||
zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt
|
||||
c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b
|
||||
7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep
|
||||
n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
|
||||
MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC
|
||||
ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT
|
||||
z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP
|
||||
g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX
|
||||
ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk
|
||||
x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH
|
||||
yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg
|
||||
fJbi9Ui2FmXEeKkX34f1ONNj9Q==
|
||||
MIIDPDCCAfSgAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzAyMTMxNTMyMTJaGA85OTk5MTIzMTIzNTk1OVowDTELMAkGA1UEAxMC
|
||||
Q0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7KsH70
|
||||
2LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8WyZdV
|
||||
NRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITclg6y
|
||||
bBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7oc0l
|
||||
YpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLyrXPl
|
||||
GQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+G+3r
|
||||
o22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjehKZ+A
|
||||
eap1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0G
|
||||
A1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOCATEA
|
||||
foqPGdiyJYHih4J5YHwFPQxmkOzPHSa13K/q8sDvobE+HFTzrlTbAFC8bS38Bv2f
|
||||
9ZrPME4JvnsGdRGYwxS3LUmNdHHWR8LkvGXBE3u/TZsJfPtOR8JwdulQXpRw7hhL
|
||||
ew/mR5IEHZrUZgnnI4dg1kJhE1JPTvmtgqcE1CsikVQ14NvG/ehJbJyPgKTq/Zxm
|
||||
Ru4B5N+Jef/LaOqZvK4xK8x2ZaZ/L/ANou+7EY4DoWAkOEEoCU8DQHLAFgf6B7La
|
||||
oemLQGNHcBpba81jlS5EXXGJccOvfbw0MJTP3ZvyVIlEYu/X4roC7EJP/UkCZUJG
|
||||
f79Nc28q2/2D8tuFOqG7UbP7r2cWSa8OO3cI/V1W1k3iWZ63WltqDwFC0c8iqYFL
|
||||
9xKfQ96Q7wrYOCjmuaCLbw==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
@@ -1,22 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD
|
||||
Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs
|
||||
PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8
|
||||
u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd
|
||||
YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ
|
||||
IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759
|
||||
KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5
|
||||
7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU
|
||||
yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL
|
||||
gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg
|
||||
ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0
|
||||
UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s
|
||||
9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9
|
||||
GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C
|
||||
zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/
|
||||
eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF
|
||||
FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j
|
||||
LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM
|
||||
zzJKdNg=
|
||||
MIIDjjCCAkagAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJ
|
||||
bG9jYWxob3N0MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEApzor7D8U
|
||||
sCwZ9vFukB2/jqn26XCECYfzUPNfw5RQ+ixk1leAWOGW/O7QvQQVfl9/pTP4/LuR
|
||||
7zd5w1rb+BntA68i1uk3LOhTwreLKxHwpIeZeeC6zJlm4RYJFZTeX06qGNJZ3WCc
|
||||
dl/FlpXUY3i/vBO5xVHBUrVq4IvQM4DBa47C+Kapfe2AGUV3DKEF1Y20Zs1S2SFb
|
||||
pkMu3PrZexKs/Jcf8Uv+RcfbSEbp6jUuYxFLPDZ+ROhb62gHMvniNIF0xpO+fSjT
|
||||
2IrEqgLhQJprf1w0077zqOnaQLHl6rUdvy42SVjpV3Ymf8ox4OfkSkOXbd3ZOe5Q
|
||||
CFhEfXoCDqP/hgJMnpNGSeRllOlcU7BXCJeqMt0uxLQdDQiDO4b4ct9kKyeWVMjZ
|
||||
3E0n+qjFaHnYHQIDAQABo4GMMIGJMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ
|
||||
bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAd
|
||||
BgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0UwqJ
|
||||
MThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAGQoUMiZVg6+Ibj8kyfq
|
||||
l/vfu4QxlUlqAbm/b9PVdOLrhz+T986HMFhL0b2HUGg5Mb0NZcgHjH4VLkei4AIb
|
||||
g/1nGdJ2I6EcLiQOvO4h2F3CoU6HkEGVEUXFaBd19tSDm7aM+2h7oPb3Vs3YT9QE
|
||||
x7ejmVeA+Qr9+H9xHyModpA1PkKRW31TOYtjUXHdHObT1uar++C1JLHn49ooKDZM
|
||||
5p9a4ExQVYd6WMRXKC83py1V4Ne5kBxC/l+3QkVZnMwByChySP7SEMa9yGv4KFM9
|
||||
FT7XvxQsrkqPi5bCllUyGDrVeyTpyPDrb4BKgAu/Cy4tyDxLzBTZ5TXDH7E1IBps
|
||||
g1k5llFIyGdO5vQrX8vF61tqK5DBhgVvwu0k/m2lP9esLfaF7I5oGAbUKGhRr8mE
|
||||
xs8=
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
8
tests/certs/server-cert.tmpl
Normal file
8
tests/certs/server-cert.tmpl
Normal file
@@ -0,0 +1,8 @@
|
||||
cn = localhost
|
||||
dns_name = localhost
|
||||
tls_www_server
|
||||
signing_key
|
||||
encryption_key
|
||||
expiration_days = -1
|
||||
activation_date = "2013-06-06 14:51:29"
|
||||
serial = 0x51d82ef0
|
||||
@@ -1,107 +1,23 @@
|
||||
X.509 Certificate Information:
|
||||
Version: 3
|
||||
Serial Number (hex): 51d82f14
|
||||
Issuer: CN=CA
|
||||
Validity:
|
||||
Not Before: Sat Jul 06 14:52:05 UTC 2013
|
||||
Not After: Mon May 15 14:52:05 UTC 2023
|
||||
Subject: CN=A user,UID=test
|
||||
Subject Public Key Algorithm: RSA
|
||||
Algorithm Security Level: Medium (2432 bits)
|
||||
Modulus (bits 2432):
|
||||
00:ab:54:98:fc:a9:c6:15:95:9d:a6:c1:94:84:94:91
|
||||
79:1e:78:db:2d:48:51:99:65:01:02:c0:40:52:49:5d
|
||||
eb:70:bc:26:ef:68:39:1e:04:91:e2:db:cb:6f:93:40
|
||||
45:1e:22:8e:71:5a:58:89:28:79:5e:1a:32:25:3e:8b
|
||||
9d:3b:34:7f:19:f8:d0:2f:37:b7:62:32:b7:53:a5:43
|
||||
2c:c5:5d:ec:ac:f9:35:fa:14:2b:34:66:f1:d6:a7:a1
|
||||
d0:83:9a:56:f4:19:83:bc:bf:11:74:30:2d:a8:28:5b
|
||||
a2:ab:7a:c6:cd:9c:5c:f8:51:e9:a9:0c:48:db:71:bb
|
||||
b1:34:77:f7:ee:de:5d:78:c0:48:0a:37:0d:65:1e:3b
|
||||
2b:14:03:89:72:f2:52:ed:5f:00:c5:06:60:ea:80:20
|
||||
d0:43:ec:66:bc:d2:26:db:f0:29:3e:6a:f9:62:20:be
|
||||
58:26:44:ba:d7:8c:6f:76:a6:05:20:e4:98:b7:c4:72
|
||||
7a:5d:df:4f:0d:23:ec:2e:9c:71:ec:30:f9:14:5f:c8
|
||||
75:0b:ab:67:f6:7d:fb:4d:76:64:4a:a5:d5:fa:b4:08
|
||||
50:9d:13:c7:8f:c2:79:b0:b4:3e:2f:89:d3:33:27:4d
|
||||
9f:8b:d3:60:24:07:ab:b2:72:3d:29:a5:c4:4a:ec:3c
|
||||
04:d2:49:3e:26:1b:ec:7a:10:3d:ca:45:5a:80:8b:4d
|
||||
2a:96:63:4f:2d:63:28:0f:3b:47:47:ca:7c:2c:15:41
|
||||
32:d5:e0:c9:be:a5:55:2c:b3:6b:46:2a:56:b1:1b:ed
|
||||
29
|
||||
Exponent (bits 24):
|
||||
01:00:01
|
||||
Extensions:
|
||||
Basic Constraints (critical):
|
||||
Certificate Authority (CA): FALSE
|
||||
Key Purpose (not critical):
|
||||
TLS WWW Client.
|
||||
Key Usage (critical):
|
||||
Digital signature.
|
||||
Key encipherment.
|
||||
Subject Key Identifier (not critical):
|
||||
8b01094b3b91ece321b91dec8d6b4c5d9e40805e
|
||||
Authority Key Identifier (not critical):
|
||||
482334530a8931384a5aeacab6d2a6dece1d2b18
|
||||
Signature Algorithm: RSA-SHA256
|
||||
Signature:
|
||||
6b:bd:e2:90:d7:11:cf:6c:0d:e3:bd:f4:61:cd:57:83
|
||||
41:be:2a:92:46:dd:fa:44:6c:60:1c:ef:3e:1e:2f:e1
|
||||
e2:5b:45:88:6a:1e:50:2d:8d:96:c4:c7:80:75:59:7b
|
||||
54:6b:fb:86:b0:f1:6d:45:09:db:48:de:20:0a:87:60
|
||||
30:5e:35:f0:52:c4:55:44:c1:ff:e1:7c:3d:d6:6d:58
|
||||
ca:1c:fd:bf:04:9a:9b:10:35:05:fc:d1:01:3c:af:bb
|
||||
64:31:5e:59:8f:ef:6f:0d:35:e5:c0:07:77:0e:31:20
|
||||
8e:e3:2e:f1:a6:4d:f1:be:85:5b:df:04:48:9d:8c:c9
|
||||
c9:c1:b8:e3:e2:d2:4b:55:83:e9:d8:7b:71:2f:8e:89
|
||||
fc:4d:a7:f1:b0:bf:47:9b:97:c4:85:dd:c3:3d:38:15
|
||||
36:08:73:10:87:08:f6:e6:1c:4e:29:a8:a5:f5:24:b8
|
||||
0d:e9:d9:b8:19:27:1d:73:35:fe:7b:81:1f:4a:81:6a
|
||||
93:cd:a2:71:d7:60:0e:08:ee:ea:c8:2b:44:1b:e4:45
|
||||
6c:fe:44:68:d6:86:ad:89:4f:7e:9f:f9:1a:2a:97:0f
|
||||
6b:eb:5d:6e:38:b3:5b:13:b9:e3:4a:10:32:5b:dc:a9
|
||||
b4:a1:4e:b3:f9:4f:91:de:bc:cc:36:91:44:ba:e0:34
|
||||
74:f7:68:b4:7b:0e:db:4e:ec:28:03:01:cf:0a:63:c4
|
||||
23:75:0b:4b:41:9d:e0:68:b3:cb:bf:b5:5c:3d:52:93
|
||||
20:ba:ea:b8:f0:8c:f7:a6:ec:cd:a3:aa:4f:2a:ff:20
|
||||
Other Information:
|
||||
SHA1 fingerprint:
|
||||
5509a76b8738216938cdb3ec25048812737170de
|
||||
SHA256 fingerprint:
|
||||
c93e38ef35f1a9c485a27b161e708f2d45bf8768eb53a23fec841a8f35d6e478
|
||||
Public Key ID:
|
||||
8b01094b3b91ece321b91dec8d6b4c5d9e40805e
|
||||
Public key's random art:
|
||||
+--[ RSA 2432]----+
|
||||
| o=o |
|
||||
|..oE.. |
|
||||
|.+=.o |
|
||||
|o.*.... |
|
||||
| * B +..S |
|
||||
|. * o oo . |
|
||||
| o . . . |
|
||||
| + |
|
||||
| . |
|
||||
+-----------------+
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjDCCAkSgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTIwNVoYDzIwMjMwNTE1MTQ1MjA1WjAnMQ8wDQYDVQQD
|
||||
EwZBIHVzZXIxFDASBgoJkiaJk/IsZAEBEwR0ZXN0MIIBUjANBgkqhkiG9w0BAQEF
|
||||
AAOCAT8AMIIBOgKCATEAq1SY/KnGFZWdpsGUhJSReR542y1IUZllAQLAQFJJXetw
|
||||
vCbvaDkeBJHi28tvk0BFHiKOcVpYiSh5XhoyJT6LnTs0fxn40C83t2Iyt1OlQyzF
|
||||
Xeys+TX6FCs0ZvHWp6HQg5pW9BmDvL8RdDAtqChboqt6xs2cXPhR6akMSNtxu7E0
|
||||
d/fu3l14wEgKNw1lHjsrFAOJcvJS7V8AxQZg6oAg0EPsZrzSJtvwKT5q+WIgvlgm
|
||||
RLrXjG92pgUg5Ji3xHJ6Xd9PDSPsLpxx7DD5FF/IdQurZ/Z9+012ZEql1fq0CFCd
|
||||
E8ePwnmwtD4vidMzJ02fi9NgJAersnI9KaXESuw8BNJJPiYb7HoQPcpFWoCLTSqW
|
||||
Y08tYygPO0dHynwsFUEy1eDJvqVVLLNrRipWsRvtKQIDAQABo3YwdDAMBgNVHRMB
|
||||
Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYD
|
||||
VR0OBBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4
|
||||
SlrqyrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQBrveKQ1xHPbA3jvfRhzVeD
|
||||
Qb4qkkbd+kRsYBzvPh4v4eJbRYhqHlAtjZbEx4B1WXtUa/uGsPFtRQnbSN4gCodg
|
||||
MF418FLEVUTB/+F8PdZtWMoc/b8EmpsQNQX80QE8r7tkMV5Zj+9vDTXlwAd3DjEg
|
||||
juMu8aZN8b6FW98ESJ2MycnBuOPi0ktVg+nYe3Evjon8TafxsL9Hm5fEhd3DPTgV
|
||||
NghzEIcI9uYcTimopfUkuA3p2bgZJx1zNf57gR9KgWqTzaJx12AOCO7qyCtEG+RF
|
||||
bP5EaNaGrYlPfp/5GiqXD2vrXW44s1sTueNKEDJb3Km0oU6z+U+R3rzMNpFEuuA0
|
||||
dPdotHsO207sKAMBzwpjxCN1C0tBneBos8u/tVw9UpMguuq48Iz3puzNo6pPKv8g
|
||||
MIID2TCCAkGgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowJzEPMA0GA1UEAxMG
|
||||
QSB1c2VyMRQwEgYKCZImiZPyLGQBARMEdGVzdDCCAVIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggE/ADCCAToCggExAKtUmPypxhWVnabBlISUkXkeeNstSFGZZQECwEBSSV3rcLwm
|
||||
72g5HgSR4tvLb5NARR4ijnFaWIkoeV4aMiU+i507NH8Z+NAvN7diMrdTpUMsxV3s
|
||||
rPk1+hQrNGbx1qeh0IOaVvQZg7y/EXQwLagoW6KresbNnFz4UempDEjbcbuxNHf3
|
||||
7t5deMBICjcNZR47KxQDiXLyUu1fAMUGYOqAINBD7Ga80ibb8Ck+avliIL5YJkS6
|
||||
14xvdqYFIOSYt8Ryel3fTw0j7C6cceww+RRfyHULq2f2fftNdmRKpdX6tAhQnRPH
|
||||
j8J5sLQ+L4nTMydNn4vTYCQHq7JyPSmlxErsPATSST4mG+x6ED3KRVqAi00qlmNP
|
||||
LWMoDztHR8p8LBVBMtXgyb6lVSyza0YqVrEb7SkCAwEAAaN1MHMwDAYDVR0TAQH/
|
||||
BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0O
|
||||
BBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFAV+KcZC+G2nf/6V
|
||||
sElx119oZKWUMA0GCSqGSIb3DQEBCwUAA4IBgQCTOjwtK5sDPFdbWWlScDX9xfNf
|
||||
tnqRL22Id6VIRcAiuu6KVAYRNs3Pdv65H9orSaohrBRfWKEqAi51bhvDQvzhbw7u
|
||||
881txF+6s0fauArxAUai3e11eCil3gt0JOQVephmPKw6pVq9mMieho5I2SQ8CXoQ
|
||||
pSrselGaOTp8CK1r90pn8RGiJrZ3xJu5Yezb3AWCs3IOHhRT1Rc5mFnvs9VVR64h
|
||||
Pvlr9yBOf/pBEuylQr00plhsZdLra/nIspsGnOIiuM4eIliP6bQwE06u1LxlCbgB
|
||||
CAGTQ86vbO2xT1i8dZeq8TJ72OatmRboUBncaZNIT3rUTZxZYkYhkNtVTKnv/8qq
|
||||
LZI23qtcWLEAsc1O0Xva22wjkg5QE06AiWdcwK3f/Qpvj5yO9+PL7X4lP47n5D6m
|
||||
t1S6xisKgjo/IP9Wk3mPNaNDN3hZCaFRYEHn4CYrlXHqjg1w7quCKApYzrh5/L1Y
|
||||
b9U/qzwF7SatFovndYtf02bjcrHC/TA53IdiQPA=
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
@@ -1,21 +1,21 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjDCCAkSgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTIwNVoYDzIwMjMwNTE1MTQ1MjA1WjAnMQ8wDQYDVQQD
|
||||
EwZBIHVzZXIxFDASBgoJkiaJk/IsZAEBEwR0ZXN0MIIBUjANBgkqhkiG9w0BAQEF
|
||||
AAOCAT8AMIIBOgKCATEAq1SY/KnGFZWdpsGUhJSReR542y1IUZllAQLAQFJJXetw
|
||||
vCbvaDkeBJHi28tvk0BFHiKOcVpYiSh5XhoyJT6LnTs0fxn40C83t2Iyt1OlQyzF
|
||||
Xeys+TX6FCs0ZvHWp6HQg5pW9BmDvL8RdDAtqChboqt6xs2cXPhR6akMSNtxu7E0
|
||||
d/fu3l14wEgKNw1lHjsrFAOJcvJS7V8AxQZg6oAg0EPsZrzSJtvwKT5q+WIgvlgm
|
||||
RLrXjG92pgUg5Ji3xHJ6Xd9PDSPsLpxx7DD5FF/IdQurZ/Z9+012ZEql1fq0CFCd
|
||||
E8ePwnmwtD4vidMzJ02fi9NgJAersnI9KaXESuw8BNJJPiYb7HoQPcpFWoCLTSqW
|
||||
Y08tYygPO0dHynwsFUEy1eDJvqVVLLNrRipWsRvtKQIDAQABo3YwdDAMBgNVHRMB
|
||||
Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYD
|
||||
VR0OBBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4
|
||||
SlrqyrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQBrveOQ1xHPbA3jvfRhzVeD
|
||||
Qb4qkkbd+kRsYBzvPh4v4eJbRYhqHlAtjZbEx4B1WXtUa/uGsPFtRQnbSN4gCodg
|
||||
MF418FLEVUTB/+F8PdZtWMoc/b8EmpsQNQX80QE8r7tkMV5Zj+9vDTXlwAd3DjEg
|
||||
juMu8aZN8b6FW98ESJ2MycnBuOPi0ktVg+nYe3Evjon8TafxsL9Hm5fEhd3DPTgV
|
||||
NghzEIcI9uYcTimopfUkuA3p2bgZJx1zNf57gR9KgWqTzaJx12AOCO7qyCtEG+RF
|
||||
bP5EaNaGrYlPfp/5GiqXD2vrXW44s1sTueNKEDJb3Km0oU6z+U+R3rzMNpFEuuA0
|
||||
dPdotHsO207sKAMBzwpjxCN1C0tBneBos8u/tVw9UpMguuq48Iz3puzNo6pPKv8g
|
||||
MIIDiTCCAkGgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowJzEPMA0GA1UEAxMG
|
||||
QSB1c2VyMRQwEgYKCZImiZPyLGQBARMEdGVzdDCCAVIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggE/ADCCAToCggExAKtUmPypxhWVnabBlISUkXkeeNstSFGZZQECwEBSSV3rcLwm
|
||||
72g5HgSR4tvLb5NARR4ijnFaWIkoeV4aMiU+i507NH8Z+NAvN7diMrdTpUMsxV3s
|
||||
rPk1+hQrNGbx1qeh0IOaVvQZg7y/EXQwLagoW6KresbNnFz4UempDEjbcbuxNHf3
|
||||
7t5deMBICjcNZR47KxQDiXLyUu1fAMUGYOqAINBD7Ga80ibb8Ck+avliIL5YJkS6
|
||||
14xvdqYFIOSYt8Ryel3fTw0j7C6cceww+RRfyHULq2f2fftNdmRKpdX6tAhQnRPH
|
||||
j8J5sLQ+L4nTMydNn4vTYCQHq7JyPSmlxErsPATSST4mG+x6ED3KRVqAi00qlmNP
|
||||
LWMoDztHR8p8LBVBMtXgyb6lVSyza0YqVrEb7SkCAwEAAaN1MHMwDAYDVR0TAQH/
|
||||
BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0O
|
||||
BBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4Slrq
|
||||
yrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQAp51Ks5DDWVlLB6fMM2NJV80sX
|
||||
Rx6U1g6ovA7N5BDQiF6FYzVZECMH3d9nyZssHbkzb6qyO1m58P0cNkVurEH27+Z2
|
||||
xdkNw5bbcvNDVhfVSjwa6nyTLfhf7vOTWaIxGGmffP72PIe87N6QmyCCGG0IXIkO
|
||||
kcTAE8IgX6k1mEr1Xy2ZtFVgKjPPLxsixIJ7TEktvJR1RqWQfbsOS8f13lvS1Vhh
|
||||
vc+UMbIQnz+jl4qNV/AX7GfpEYiBkbrgcjsggl/KMuwcauhEDdvfIQjcyRbQN36p
|
||||
KcVEXDpnG54sAfXAs9Z+adbvmu0ONAMCDuxKCT2eG1SGVrtiT5+7kCMso1eKz/5A
|
||||
r1XP0RgCKFExIRYb1elFpLc8wmJbN4qof2zisKG8UajFIHzIGateiu53enNn
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
7
tests/certs/user-cert.tmpl
Normal file
7
tests/certs/user-cert.tmpl
Normal file
@@ -0,0 +1,7 @@
|
||||
dn = "uid=test,cn=A user"
|
||||
tls_www_client
|
||||
signing_key
|
||||
encryption_key
|
||||
expiration_days = -1
|
||||
activation_date = "2013-06-06 14:51:29"
|
||||
serial = 0x51d82f14
|
||||
@@ -91,14 +91,14 @@ fi
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= ${CSTR} --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= ${CSTR} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -77,7 +77,7 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${TMPFILE} )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${TMPFILE} )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
@@ -85,7 +85,7 @@ fi
|
||||
|
||||
eval $(cat ${TMPFILE})
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@@ -105,7 +105,7 @@ if test $? != 0;then
|
||||
fi
|
||||
|
||||
echo " * Re-connecting to obtain cookie after disconnect... "
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
if test $? = 0;then
|
||||
echo "Succeeded using the cookie to connect"
|
||||
exit 1
|
||||
|
||||
@@ -75,7 +75,7 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${TMPFILE} )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${TMPFILE} )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
@@ -83,7 +83,7 @@ fi
|
||||
|
||||
eval $(cat ${TMPFILE})
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@@ -103,7 +103,7 @@ if test $? != 0;then
|
||||
fi
|
||||
|
||||
echo " * Re-connecting to obtain cookie after disconnect... "
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
||||
if test $? = 0;then
|
||||
echo "Succeeded using the cookie to connect"
|
||||
exit 1
|
||||
|
||||
@@ -35,7 +35,7 @@ launch_sr_server -d 1 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
if ! test -f ${PIDFILE};then
|
||||
@@ -48,7 +48,7 @@ kill -15 $(cat $PIDFILE)
|
||||
sleep 1
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) &&
|
||||
fail $PID "Server is still listening"
|
||||
|
||||
wait
|
||||
|
||||
@@ -48,7 +48,7 @@ launch_simple_sr_server -d 3 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
if ! test -f ${PIDFILE};then
|
||||
|
||||
@@ -37,39 +37,39 @@ launch_sr_server -d 1 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie with wrong password... "
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
echo "Connecting to obtain cookie with empty password... "
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
echo "Connecting to obtain cookie with wrong username... "
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
# test locked account
|
||||
|
||||
echo "Connecting to obtain cookie with locked account... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
#test special characters
|
||||
|
||||
echo "Connecting to obtain cookie with special password... "
|
||||
( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie with empty password... "
|
||||
( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
#echo "Normal connection... "
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
||||
# fail $PID "Could not connect to server"
|
||||
|
||||
if ! test -f ${PIDFILE};then
|
||||
|
||||
@@ -51,7 +51,7 @@ LD_PRELOAD=libsocket_wrapper.so:libuid_wrapper.so UID_WRAPPER=1 UID_WRAPPER_ROOT
|
||||
wait_server ${HAPID}
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
kill ${HAPID}
|
||||
fail ${PID} "Could not receive cookie from server"
|
||||
@@ -66,7 +66,7 @@ LD_PRELOAD=libsocket_wrapper.so:libuid_wrapper.so UID_WRAPPER=1 UID_WRAPPER_ROOT
|
||||
wait_server ${HAPID}
|
||||
|
||||
echo "Re-connecting to obtain cookie after haproxy restart... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
kill ${HAPID}
|
||||
fail ${PID} "Could not receive cookie from server"
|
||||
|
||||
@@ -91,14 +91,14 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@@ -135,7 +135,7 @@ set +e
|
||||
sleep 3
|
||||
|
||||
echo " * Re-connecting to obtain cookie after haproxy restart... "
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not receive cookie from server on reconnection"
|
||||
exit 1
|
||||
|
||||
@@ -94,14 +94,14 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -94,14 +94,14 @@ sleep 3
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -70,7 +70,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to setup interface... "
|
||||
echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
||||
echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -70,7 +70,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to setup interface... "
|
||||
echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
||||
echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -78,7 +78,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
sleep 4
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -81,14 +81,14 @@ sleep 4
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -81,14 +81,14 @@ sleep 4
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -39,13 +39,13 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null ) ||
|
||||
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Re-connecting to get routes... "
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
|
||||
@@ -43,7 +43,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to get routes... "
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -68,7 +68,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to get routes... "
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
|
||||
@@ -43,7 +43,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to get routes... "
|
||||
echo "test" | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
||||
echo "test" | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 -u test --passwd-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -68,7 +68,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to get routes... "
|
||||
echo test | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 --passwd-on-stdin -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
||||
echo test | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 --passwd-on-stdin -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
|
||||
@@ -52,12 +52,12 @@ fi
|
||||
echo "Server started with PID $PID..."
|
||||
|
||||
echo "Connecting to obtain cookie..."
|
||||
( echo "test" | $OPENCONNECT -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | $OPENCONNECT -q localhost:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
|
||||
echo "Connecting to ping lease..."
|
||||
echo "test" | timeout 10 $OPENCONNECT localhost:$PORT -u "test" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true
|
||||
echo "test" | timeout 10 $OPENCONNECT localhost:$PORT -u "test" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true
|
||||
|
||||
if test $? != 124;then
|
||||
fail $PID "Could not connect to server"
|
||||
|
||||
10
tests/radius
10
tests/radius
@@ -98,21 +98,21 @@ sleep 4
|
||||
|
||||
# Run clients
|
||||
echo " * Testing wrong username at ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u xxx --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u xxx --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? = 0;then
|
||||
echo "Connected with incorrect username"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Testing wrong password at ${ADDRESS}:${PORT}..."
|
||||
( echo "xxx" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "xxx" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? = 0;then
|
||||
echo "Connected with incorrect password"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
@@ -120,7 +120,7 @@ fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT} with special IP..."
|
||||
USERNAME=test-arb
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@@ -148,7 +148,7 @@ sleep 3
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
USERNAME=test
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -123,7 +123,7 @@ sleep 4
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
USERNAME=testtime
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -100,7 +100,7 @@ sleep 4
|
||||
|
||||
echo " * Tests the radius group functionality"
|
||||
USERNAME=test-class
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group2 -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group2 -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@@ -137,7 +137,7 @@ sleep 4
|
||||
|
||||
echo " * Tests the alt radius group functionality"
|
||||
USERNAME=test-class
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group1 -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group1 -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -111,7 +111,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
sleep 0.5
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b >/dev/null 2>&1)
|
||||
if test $? != 0; then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@@ -151,7 +151,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
sleep 0.5
|
||||
echo "$USERNAME-stage"
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected with wrong username"
|
||||
exit 1
|
||||
@@ -173,7 +173,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
fi
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected with wrong OTP"
|
||||
exit 1
|
||||
@@ -197,7 +197,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
fi
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected with wrong OTP"
|
||||
exit 1
|
||||
@@ -218,7 +218,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
fi
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected with blank OTP"
|
||||
exit 1
|
||||
@@ -247,7 +247,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
fi
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Successful connection with the number of OTP retries greater than allowed by the ban system (default 30)."
|
||||
${OCCTL} -s ${OCCTL_SOCKET} show ip ban points
|
||||
@@ -265,7 +265,7 @@ for (( COUNT=1; COUNT <= 17; COUNT++ )); do
|
||||
sleep 0.5
|
||||
echo "$USERNAME-stage$COUNT"
|
||||
done
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
||||
if test $? == 0; then
|
||||
echo "Connected to server - MAX_CHALLENGES test failed"
|
||||
exit 1
|
||||
|
||||
@@ -41,7 +41,7 @@ wait_server $PID
|
||||
|
||||
echo "Checking if routes are appended... "
|
||||
|
||||
timeout 15s $OPENCONNECT localhost:$PORT -v --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
||||
timeout 15s $OPENCONNECT localhost:$PORT -v --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
||||
|
||||
echo "cat"
|
||||
cat ${TMPFILE1}
|
||||
|
||||
@@ -59,15 +59,15 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
sleep 4
|
||||
|
||||
echo "Connecting with wrong password 5 times... "
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
|
||||
echo ""
|
||||
echo "Connecting with correct password... "
|
||||
eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -n "$COOKIE" ];then
|
||||
fail $PID "Obtained cookie although should have been banned"
|
||||
@@ -90,7 +90,7 @@ sleep 25
|
||||
echo ""
|
||||
|
||||
echo "Connecting with correct password after ban time... "
|
||||
eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
fail $PID "Could not obtain cookie even though ban should be lifted"
|
||||
@@ -99,16 +99,16 @@ fi
|
||||
echo ""
|
||||
echo "Checking ban reset time... "
|
||||
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
sleep 11
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
|
||||
echo ""
|
||||
echo "Connecting with correct password after ban reset time... "
|
||||
eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
fail $PID "Could not obtain cookie even though ban should be lifted"
|
||||
|
||||
@@ -60,15 +60,15 @@ ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
||||
sleep 4
|
||||
|
||||
echo "Connecting with wrong password 5 times... "
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
|
||||
echo ""
|
||||
echo "Connecting with correct password... "
|
||||
eval `echo "test" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
fail $PID "Could not obtain cookie even though client should be exempt"
|
||||
|
||||
@@ -49,19 +49,19 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected without certificate!"
|
||||
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
echo -n "Connecting to obtain cookie (with invalid certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected with invalid certificate!"
|
||||
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
@@ -80,7 +80,7 @@ kill -HUP $PID
|
||||
sleep 5
|
||||
|
||||
echo -n "Connecting to obtain cookie (with DER CRL)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
@@ -99,13 +99,13 @@ kill -HUP $PID
|
||||
sleep 5
|
||||
|
||||
echo -n "Connecting to obtain cookie (with revoked certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected with revoked certificate!"
|
||||
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
#echo "Normal connection... "
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
||||
# fail $PID "Could not connect to server"
|
||||
|
||||
rm -f "${CRLNAME}" "${CRLTMPLNAME}"
|
||||
|
||||
@@ -34,7 +34,7 @@ opts=$1
|
||||
pass=$2
|
||||
rm -f ${OUTFILE}
|
||||
|
||||
echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${OUTFILE} 2>&1
|
||||
echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${OUTFILE} 2>&1
|
||||
if test $? != 0;then
|
||||
cat ${OUTFILE}
|
||||
return 1
|
||||
|
||||
@@ -43,7 +43,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting... "
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -68,7 +68,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Reconnecting..."
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
||||
|
||||
echo ok
|
||||
|
||||
|
||||
@@ -81,7 +81,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} &
|
||||
sleep 4
|
||||
|
||||
echo " * Connecting with user NOT in group..."
|
||||
( echo "${PASSWORD}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${PASSWORD}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@@ -129,7 +129,7 @@ sleep 2
|
||||
USERNAME=test
|
||||
PASSWORD=test
|
||||
echo " * Connecting with user in group to ${ADDRESS}:${PORT}..."
|
||||
( echo "${PASSWORD}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "${PASSWORD}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -35,7 +35,7 @@ launch_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
fail $PID "Could not obtain cookie"
|
||||
@@ -44,7 +44,7 @@ fi
|
||||
#echo "Cookie: $COOKIE"
|
||||
|
||||
echo "Connecting with cookie... "
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background >/dev/null 2>&1
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background >/dev/null 2>&1
|
||||
|
||||
sleep 4
|
||||
|
||||
@@ -58,9 +58,9 @@ if test $? != 0;then
|
||||
fi
|
||||
|
||||
echo "Terminating and connecting again with same cookie... "
|
||||
#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
# fail $PID "Could not connect to server"
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1
|
||||
|
||||
sleep 4
|
||||
|
||||
@@ -82,9 +82,9 @@ rm -f "${PIDFILE2}"
|
||||
sleep 18
|
||||
|
||||
echo "Proper termination and connecting again with same (invalidated) cookie... "
|
||||
#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
# fail $PID "Could not connect to server"
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1
|
||||
|
||||
sleep 4
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ launch_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
fail $PID "Could not obtain cookie"
|
||||
@@ -44,7 +44,7 @@ fi
|
||||
sleep 16
|
||||
echo ""
|
||||
echo "Connecting with cookie... "
|
||||
echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
||||
echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
@@ -59,7 +59,7 @@ rm -f "${PIDFILE}"
|
||||
sleep 16
|
||||
echo ""
|
||||
echo "Connecting again with cookie... "
|
||||
echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
||||
echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
@@ -74,7 +74,7 @@ rm -f "${PIDFILE}"
|
||||
sleep 16
|
||||
echo ""
|
||||
echo "Connecting after forced kill with cookie... "
|
||||
echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
||||
echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
@@ -90,7 +90,7 @@ rm -f "${PIDFILE}"
|
||||
sleep 45
|
||||
echo ""
|
||||
echo "Connecting with cookie after expiration... "
|
||||
echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
||||
echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
@@ -104,7 +104,7 @@ fi
|
||||
# test cookie verification after cookie verification failure. That is to verify whether
|
||||
# the channel between main and sec-mod is in consistent state.
|
||||
echo "Connecting (again) to obtain cookie... "
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
||||
|
||||
if test $? != 0;then
|
||||
fail $PID "Could not obtain cookie"
|
||||
|
||||
@@ -33,7 +33,7 @@ launch_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
fail $PID "Could not obtain cookie"
|
||||
@@ -43,7 +43,7 @@ fi
|
||||
sleep 10
|
||||
echo ""
|
||||
echo "Connecting with cookie... "
|
||||
echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file ${srcdir}/pid.$$ --background
|
||||
echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pid.$$ --background
|
||||
|
||||
sleep 4
|
||||
|
||||
@@ -58,7 +58,7 @@ rm -f "${srcdir}/pid2.$$"
|
||||
sleep 30
|
||||
echo ""
|
||||
echo "Connecting again with cookie (overriding first session)... "
|
||||
echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file ${srcdir}/pid2.$$ --background
|
||||
echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pid2.$$ --background
|
||||
|
||||
sleep 6
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
cleanup
|
||||
@@ -48,7 +48,7 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
cleanup
|
||||
|
||||
@@ -31,13 +31,13 @@ connect()
|
||||
opts=$1
|
||||
pass=$2
|
||||
COOKIE=''
|
||||
eval `echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate`
|
||||
eval `echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate`
|
||||
if [ -z "$COOKIE" ];then
|
||||
return 1
|
||||
fi
|
||||
|
||||
rm -f $TMPFILE
|
||||
echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file ${srcdir}/pidx >$TMPFILE 2>&1 &
|
||||
echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pidx >$TMPFILE 2>&1 &
|
||||
CPID=$!
|
||||
|
||||
sleep 3
|
||||
|
||||
@@ -42,7 +42,7 @@ fi
|
||||
echo "Server started with PID $PID..."
|
||||
|
||||
echo "Connecting to obtain cookie..."
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
if ! test -f ${PIDFILE};then
|
||||
|
||||
@@ -32,31 +32,31 @@ launch_sr_server -d 1 -f -c data/test-group-cert.config & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected without certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group1 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group2 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group4 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -33,19 +33,19 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group1 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group1 --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group2 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group2 --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group2 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group2 --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie with wrong groupname... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group4 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group4 --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
cleanup
|
||||
|
||||
@@ -29,7 +29,7 @@ opts=$1
|
||||
pass=$2
|
||||
rm -f ${OUTFILE}
|
||||
|
||||
echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${OUTFILE} 2>&1
|
||||
echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${OUTFILE} 2>&1
|
||||
if test $? != 0;then
|
||||
cat ${OUTFILE}
|
||||
return 1
|
||||
|
||||
@@ -29,7 +29,7 @@ opts=$1
|
||||
pass=$2
|
||||
rm -f ${OUTFILE}
|
||||
|
||||
echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${OUTFILE} 2>&1
|
||||
echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${OUTFILE} 2>&1
|
||||
if test $? != 0;then
|
||||
cat ${OUTFILE}
|
||||
return 1
|
||||
|
||||
@@ -34,13 +34,13 @@ launch_server -d 1 -f -c "${CONFIG}" & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null ) ||
|
||||
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Re-connecting to force script run... "
|
||||
$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null &
|
||||
$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null &
|
||||
kpid=$!
|
||||
echo ok
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
@@ -47,7 +47,7 @@ kill -USR2 $PID
|
||||
sleep 5
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
@@ -58,7 +58,7 @@ kill -USR2 $PID
|
||||
sleep 5
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -47,7 +47,7 @@ launch_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
echo "Could not obtain cookie"
|
||||
@@ -57,12 +57,12 @@ fi
|
||||
#echo "Cookie: $COOKIE"
|
||||
|
||||
echo "Connecting with cookie... "
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
echo "Connecting again with same cookie... "
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@ launch_server -d 1 -f -c "${CONFIG}" & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
echo "Could not obtain cookie"
|
||||
@@ -57,12 +57,12 @@ fi
|
||||
#echo "Cookie: $COOKIE"
|
||||
|
||||
echo "Connecting with cookie... "
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
echo "Connecting again with same cookie... "
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
|
||||
@@ -84,14 +84,14 @@ sleep 4
|
||||
|
||||
# Run client 1
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
@@ -99,14 +99,14 @@ fi
|
||||
|
||||
# Run client 2
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS3} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS3} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS3} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID2} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS3} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID2} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -77,7 +77,7 @@ if test $? != 0; then
|
||||
fi
|
||||
|
||||
echo " connecting to server"
|
||||
(echo "test" | ${CMDNS3} $OPENCONNECT $ADDRESS:$PORT -u "test" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --pid-file=${CLIPID} -b) ||
|
||||
(echo "test" | ${CMDNS3} $OPENCONNECT $ADDRESS:$PORT -u "test" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --pid-file=${CLIPID} -b) ||
|
||||
fail $PID "could not connect to server"
|
||||
sleep 5
|
||||
|
||||
|
||||
@@ -45,27 +45,27 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting with wrong username... "
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u falsetest --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u falsetest --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected with wrong username!"
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting with wrong OTP... "
|
||||
( echo -e "test\n999482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "test\n999482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Should not have connected with wrong OTP!"
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting with correct password and OTP... "
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with OTP!"
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting with empty password and wrong OTP... "
|
||||
( echo -e "999999\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "999999\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Should have not connected with wrong OTP!"
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting with empty password and OTP... "
|
||||
( echo -e "328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo -e "328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with OTP-only!"
|
||||
echo ok
|
||||
|
||||
|
||||
@@ -45,22 +45,22 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected without certificate!"
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie (with incorrect certificate)... "
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Should not have connected with wrong certificate!"
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie (with no pass and certificate)... "
|
||||
( echo -e "328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo -e "328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
echo ok
|
||||
|
||||
|
||||
@@ -37,22 +37,22 @@ wait_server $PID
|
||||
|
||||
echo ""
|
||||
echo "Connecting with wrong password... "
|
||||
( echo -e "testuser\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "testuser\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie with wrong cred"
|
||||
|
||||
echo ""
|
||||
echo "Connecting with empty password... "
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie with wrong cred"
|
||||
|
||||
echo ""
|
||||
echo "Connecting with wrong username... "
|
||||
( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie with wrong cred"
|
||||
|
||||
echo ""
|
||||
echo "Connecting with correct password... "
|
||||
( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||#>/dev/null 2>&1 ) ||
|
||||
( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||#>/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
cleanup
|
||||
|
||||
@@ -35,19 +35,19 @@ launch_sr_pam_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting with correct password but no PAM user... "
|
||||
( echo -e "test\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u xtest --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "test\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u xtest --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie with non existing user"
|
||||
|
||||
echo "Connecting with incorrect password (correct in PAM) and existing user... "
|
||||
( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie with non existing user"
|
||||
|
||||
echo "Connecting with empty password (correct in PAM) and existing user... "
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie with non existing user"
|
||||
|
||||
echo "Connecting with correct password and existing user... "
|
||||
( echo -e "test\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||#>/dev/null 2>&1 ) ||
|
||||
( echo -e "test\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||#>/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
cleanup
|
||||
|
||||
@@ -34,39 +34,39 @@ launch_sr_server -d 1 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie with wrong password... "
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
echo "Connecting to obtain cookie with empty password... "
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
echo "Connecting to obtain cookie with wrong username... "
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
# test locked account
|
||||
|
||||
echo "Connecting to obtain cookie with locked account... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
#test special characters
|
||||
|
||||
echo "Connecting to obtain cookie with special password... "
|
||||
( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting to obtain cookie with empty password... "
|
||||
( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
#echo "Normal connection... "
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
||||
# fail $PID "Could not connect to server"
|
||||
|
||||
if ! test -f ${PIDFILE};then
|
||||
|
||||
@@ -34,26 +34,26 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected without certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie (with incorrect certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Should not have connected with wrong certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
|
||||
#echo "Normal connection... "
|
||||
#( echo "test" | $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
||||
#( echo "test" | $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
||||
# fail $PID "Could not connect to server"
|
||||
|
||||
cleanup
|
||||
|
||||
@@ -33,37 +33,37 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected without certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group1 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - DEFAULT (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup DEFAULT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup DEFAULT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group2 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group4 (with certificate)... "
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Got cookie when it shouldn't!"
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -33,25 +33,25 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 &&
|
||||
LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 &&
|
||||
fail $PID "Connected without certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group1 (with certificate)... "
|
||||
LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ||
|
||||
LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group2 (with certificate)... "
|
||||
LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ||
|
||||
LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
|
||||
LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ||
|
||||
LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -38,7 +38,7 @@ connect()
|
||||
{
|
||||
opts=$1
|
||||
pass=$2
|
||||
echo ${pass} | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --passwd-on-stdin --authenticate >${TMPFILE}
|
||||
echo ${pass} | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --passwd-on-stdin --authenticate >${TMPFILE}
|
||||
if test $? != 0;then
|
||||
cat ${TMPFILE}
|
||||
return 1
|
||||
|
||||
@@ -67,7 +67,7 @@ launch_server -d 1 -f -c "${CONFIG}" & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo " * Connecting to obtain cookie with wrong username... "
|
||||
( echo "tost" | $OPENCONNECT -q localhost:$PORT -u tost --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
||||
( echo "tost" | $OPENCONNECT -q localhost:$PORT -u tost --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
||||
fail $PID "Received cookie when we shouldn't"
|
||||
|
||||
rm -f ${builddir}/connect.ok
|
||||
@@ -76,11 +76,11 @@ rm -f ${builddir}/host-update.ok
|
||||
#test special characters
|
||||
|
||||
echo " * Connecting to obtain cookie... "
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo " * Re-connecting to force script run... "
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true
|
||||
echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true
|
||||
|
||||
TIMEOUT=5
|
||||
while ! test -f ${builddir}/disconnect.ok; do
|
||||
@@ -112,7 +112,7 @@ rm -f ${builddir}/disconnect.ok
|
||||
rm -f ${builddir}/host-update.ok
|
||||
|
||||
echo " * Re-connecting to get cookie... "
|
||||
echo "test2" | $OPENCONNECT -q localhost:$PORT -u "test2" --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${PARAMSFILE}
|
||||
echo "test2" | $OPENCONNECT -q localhost:$PORT -u "test2" --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${PARAMSFILE}
|
||||
if test $? != 0;then
|
||||
echo "Could not connect"
|
||||
cat ${PARAMSFILE}
|
||||
@@ -127,7 +127,7 @@ fi
|
||||
|
||||
echo " * Re-connecting to force session stealing... "
|
||||
eval "$(grep COOKIE ${PARAMSFILE})"
|
||||
echo ${COOKIE}| $OPENCONNECT --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b
|
||||
echo ${COOKIE}| $OPENCONNECT --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true --pid-file=${OPIDFILE} -b
|
||||
|
||||
echo " - Pausing client"
|
||||
TIMEOUT=4
|
||||
@@ -156,7 +156,7 @@ rm -f ${builddir}/connect.ok
|
||||
rm -f ${builddir}/disconnect.ok
|
||||
|
||||
echo " * Re-connecting to steal previous IP address... "
|
||||
echo ${COOKIE} | $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE2} -b
|
||||
echo ${COOKIE} | $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true --pid-file=${OPIDFILE2} -b
|
||||
|
||||
echo " - Resuming (disconnected) client"
|
||||
kill -s CONT $(cat ${OPIDFILE})
|
||||
@@ -205,7 +205,7 @@ done
|
||||
sleep 5
|
||||
echo " - Check server status"
|
||||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT --local-hostname='mylocalname' -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "!@#$%^&*()<>" | $OPENCONNECT --local-hostname='mylocalname' -q localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo " - Killing server"
|
||||
|
||||
@@ -60,7 +60,7 @@ launch_server -d 9999 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
||||
eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
||||
|
||||
if [ -z "$COOKIE" ];then
|
||||
echo "Could not obtain cookie"
|
||||
@@ -70,7 +70,7 @@ fi
|
||||
#echo "Cookie: $COOKIE"
|
||||
|
||||
echo "Connecting with cookie... "
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --verbose --pid-file "${PIDFILE1}" --background
|
||||
echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --verbose --pid-file "${PIDFILE1}" --background
|
||||
|
||||
sleep 4
|
||||
|
||||
|
||||
@@ -49,25 +49,25 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected without certificate!"
|
||||
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
echo -n "Connecting to obtain cookie (with invalid certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected with invalid certificate!"
|
||||
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate - no SAN)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected with invalid certificate!"
|
||||
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate - SAN)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-san-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-san-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
fail $PID "Failed to connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -47,16 +47,16 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo "Connecting to force script block... "
|
||||
echo "!@#$%^&*()<>" | timeout 60 $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true &
|
||||
echo "!@#$%^&*()<>" | timeout 60 $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true &
|
||||
|
||||
sleep 3
|
||||
|
||||
echo "Connecting to obtain cookie... "
|
||||
( echo "${USERNAME}" | $OPENCONNECT -q localhost:$PORT -u "${USERNAME}" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
||||
( echo "${USERNAME}" | $OPENCONNECT -q localhost:$PORT -u "${USERNAME}" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not receive cookie from server"
|
||||
|
||||
echo "Connecting in background... "
|
||||
( echo "${USERNAME}" | timeout 15 $OPENCONNECT -q localhost:$PORT -u "${USERNAME}" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --background >/dev/null 2>&1 ) ||
|
||||
( echo "${USERNAME}" | timeout 15 $OPENCONNECT -q localhost:$PORT -u "${USERNAME}" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --background >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect to server; probably blocked"
|
||||
|
||||
sleep 3
|
||||
|
||||
@@ -34,7 +34,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
@@ -44,7 +44,7 @@ kill -HUP $PID
|
||||
sleep 5
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
@@ -57,7 +57,7 @@ kill -HUP $PID
|
||||
sleep 5
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -33,7 +33,7 @@ run_client() {
|
||||
PASS=$1;
|
||||
shift;
|
||||
|
||||
( echo $PASS | $OPENCONNECT -q $HOST -u $USER --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >/dev/null 2>&1 ) ||
|
||||
( echo $PASS | $OPENCONNECT -q $HOST -u $USER --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >/dev/null 2>&1 ) ||
|
||||
echo "$USER: Could not connect to server"
|
||||
}
|
||||
|
||||
|
||||
@@ -111,7 +111,7 @@ ${CMDNS2} ${HAPROXY} -f ${HACONFIG} -d & HAPID=$!
|
||||
sleep 3
|
||||
|
||||
echo " * Connecting to haproxy and using dtls ... "
|
||||
echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} --user test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${CLIPID}" --background
|
||||
echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} --user test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${CLIPID}" --background
|
||||
|
||||
wait_file "${CLIPID}" 11
|
||||
|
||||
@@ -134,7 +134,7 @@ echo "restart ocsev with udp-listen-host set to 127.0.0.1"
|
||||
${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG_UDP_LISTEN_LOCAL} ${DEBUG} & PID=$!
|
||||
|
||||
echo " * Connecting to haproxy and using dtls again ... "
|
||||
echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} --user test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${CLIPID2}" --background
|
||||
echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} --user test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${CLIPID2}" --background
|
||||
|
||||
wait_file "${CLIPID2}" 11
|
||||
|
||||
|
||||
@@ -42,20 +42,20 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null ) ||
|
||||
( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null ) ||
|
||||
fail $PID "Could not connect with certificate!"
|
||||
|
||||
echo ok
|
||||
|
||||
echo -n "Re-connecting to force script run... "
|
||||
$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >/dev/null &
|
||||
$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >/dev/null &
|
||||
kpid1=$!
|
||||
echo ok
|
||||
|
||||
sleep 2
|
||||
|
||||
echo -n "Re-connecting to check the iroutes... "
|
||||
$OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1 &
|
||||
$OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1 &
|
||||
kpid2=$!
|
||||
|
||||
echo ok
|
||||
@@ -63,7 +63,7 @@ sleep 3
|
||||
|
||||
echo -n "Checking if max-same-clients is considered... "
|
||||
|
||||
timeout 15s $OPENCONNECT localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE2} 2>&1
|
||||
timeout 15s $OPENCONNECT localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE2} 2>&1
|
||||
if test $? = 124;then
|
||||
fail $PID "Max-same-clients directive was ignored"
|
||||
fi
|
||||
@@ -155,7 +155,7 @@ rm -f ${TMPFILE1}
|
||||
rm -f ${TMPFILE2}
|
||||
|
||||
echo -n "Re-connecting to check the ipv4-network... "
|
||||
$OPENCONNECT -v localhost:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-testipnet.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1 & kpid3=$!
|
||||
$OPENCONNECT -v localhost:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-testipnet.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1 & kpid3=$!
|
||||
|
||||
echo ok
|
||||
sleep 3
|
||||
|
||||
@@ -62,7 +62,7 @@ PID=$!
|
||||
wait_server $PID
|
||||
|
||||
echo -n "Connecting to default host to obtain cookie (user without certificate)... "
|
||||
connect "default.example.com" "-u test" "test" "d66b507ae074d03b02eafca40d35f87dd81049d3"
|
||||
connect "default.example.com" "-u test" "test" "pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8="
|
||||
if test $? != 0;then
|
||||
fail $PID "Failed to connect with user without certificate!"
|
||||
fi
|
||||
@@ -111,7 +111,7 @@ fi
|
||||
echo ok
|
||||
|
||||
echo -n "Connecting to default host to obtain cookie (with certificate)... "
|
||||
connect "default.example.com" "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem" "" "d66b507ae074d03b02eafca40d35f87dd81049d3"
|
||||
connect "default.example.com" "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem" "" "pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8="
|
||||
if test $? = 0;then
|
||||
fail $PID "Connected to wrong host with certificate!"
|
||||
fi
|
||||
@@ -136,7 +136,7 @@ kill -HUP $PID
|
||||
sleep 5
|
||||
|
||||
echo -n "Sanity check to default host..."
|
||||
connect "default.example.com" "-u test" "test" "d66b507ae074d03b02eafca40d35f87dd81049d3"
|
||||
connect "default.example.com" "-u test" "test" "pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8="
|
||||
if test $? != 0;then
|
||||
fail $PID "Failed to connect with user without certificate!"
|
||||
fi
|
||||
|
||||
@@ -79,14 +79,14 @@ sleep 4
|
||||
|
||||
# Run clients
|
||||
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
||||
if test $? != 0;then
|
||||
echo "Could not get cookie from server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
||||
if test $? != 0;then
|
||||
echo "Could not connect to server"
|
||||
exit 1
|
||||
|
||||
@@ -54,7 +54,7 @@ if test ! -z "$QUIT_ON_INIT";then
|
||||
fi
|
||||
|
||||
$ECHO_E "test\ntest" >pass$TMP
|
||||
$OPENCONNECT $IP:6551 -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 < pass$TMP &
|
||||
$OPENCONNECT $IP:6551 -u test --passwd-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= < pass$TMP &
|
||||
PID=$!
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user