mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-03-27 07:18:04 +08:00
29786781ed
This test was improved to test resumption with TLS 1.3 in addition to TLS 1.2 as well as improve fallback on centos10. This patch introduces validation using the right CA file. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
74 lines
2.2 KiB
Bash
Executable File
74 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright (C) 2020 Nikos Mavrogiannopoulos
|
|
#
|
|
# This file is part of ocserv.
|
|
#
|
|
# ocserv is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by the
|
|
# Free Software Foundation; either version 2 of the License, or (at
|
|
# your option) any later version.
|
|
#
|
|
# ocserv is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with GnuTLS; if not, write to the Free Software Foundation,
|
|
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
SERV="${SERV:-../src/ocserv}"
|
|
srcdir=${srcdir:-.}
|
|
NO_NEED_ROOT=1
|
|
|
|
TMPFILE=resume.$$.tmp
|
|
|
|
. `dirname $0`/common.sh
|
|
|
|
eval "${GETPORT}"
|
|
|
|
echo "Testing ocserv session resumption... "
|
|
|
|
function finish {
|
|
echo " * Cleaning up..."
|
|
test -n "${PID}" && kill ${PID} >/dev/null 2>&1
|
|
rm -f ${TMPFILE}
|
|
rm -f ${CONFIG}
|
|
}
|
|
trap finish EXIT
|
|
|
|
update_config test1.config
|
|
launch_simple_sr_server -d 1 -f -c ${CONFIG}
|
|
PID=$!
|
|
|
|
wait_server $PID
|
|
|
|
echo -n " * Connecting to resume - TLS 1.2... "
|
|
( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -d 9999 -r --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA $ADDRESS --port $PORT --sni-hostname localhost --verify-hostname localhost --x509cafile="${srcdir}/certs/ca.pem" > $TMPFILE 2>&1 </dev/null ) ||
|
|
{ cat ${TMPFILE} && fail $PID "TLS1.2: Could not connect to resume!"; }
|
|
|
|
grep "This is a resumed session" ${TMPFILE} >/dev/null
|
|
if test $? != 0;then
|
|
cat ${TMPFILE}
|
|
fail $PID "failed, TLS 1.2 session was not resumed"
|
|
fi
|
|
|
|
echo "ok"
|
|
|
|
echo -n " * Connecting to resume - TLS 1.3... "
|
|
( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -d 9999 -r $ADDRESS --port $PORT --sni-hostname localhost --verify-hostname localhost --x509cafile="${srcdir}/certs/ca.pem" > $TMPFILE 2>&1 </dev/null ) ||
|
|
{ cat ${TMPFILE} && fail $PID "TLS1.3: Could not connect to resume!"; }
|
|
|
|
grep "Resume Handshake was completed" ${TMPFILE} >/dev/null
|
|
if test $? != 0;then
|
|
cat ${TMPFILE}
|
|
fail $PID "failed, TLS 1.3 session was not resumed"
|
|
fi
|
|
|
|
echo "ok"
|
|
|
|
rm -f "$TMPFILE"
|
|
|
|
exit 0
|