GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-09 08:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

tests: resumption: enhanced and avoid the use of gnutls-cli insecure option

Browse Source 
This test was improved to test resumption with TLS 1.3 in addition to TLS 1.2
as well as improve fallback on centos10. This patch introduces validation using
the right CA file.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2026-01-04 19:11:15 +01:00
parent 2e91b9b466
commit dd6b579b24
1 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/resumption
View File

@@ -44,14 +44,26 @@ PID=$!
wait_server $PID
echo -n "Connecting to resume... "
( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -r --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 $ADDRESS --port $PORT --insecure > $TMPFILE 2>/dev/null </dev/null ) ||
(cat ${TMPFILE} && fail $PID "Could not connect to resume!" )
echo -n " * Connecting to resume - TLS 1.2... "
( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -d 9999 -r --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA $ADDRESS --port $PORT --sni-hostname localhost --verify-hostname localhost --x509cafile="${srcdir}/certs/ca.pem" > $TMPFILE 2>&1 </dev/null ) ||
{ cat ${TMPFILE} && fail $PID "TLS1.2: Could not connect to resume!"; }
grep "This is a resumed session" ${TMPFILE}
grep "This is a resumed session" ${TMPFILE} >/dev/null
if test $? != 0;then
cat ${TMPFILE}
fail $PID "failed, session was not resumed"
fail $PID "failed, TLS 1.2 session was not resumed"
fi
echo "ok"
echo -n " * Connecting to resume - TLS 1.3... "
( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -d 9999 -r $ADDRESS --port $PORT --sni-hostname localhost --verify-hostname localhost --x509cafile="${srcdir}/certs/ca.pem" > $TMPFILE 2>&1 </dev/null ) ||
{ cat ${TMPFILE} && fail $PID "TLS1.3: Could not connect to resume!"; }
grep "Resume Handshake was completed" ${TMPFILE} >/dev/null
if test $? != 0;then
cat ${TMPFILE}
fail $PID "failed, TLS 1.3 session was not resumed"
fi
echo "ok"