diff options
| author |   inoguchi <inoguchi@openbsd.org> | 2020-05-17 01:43:27 +0000 |
|---|---|---|
| committer | inoguchi <inoguchi@openbsd.org> | 2020-05-17 01:43:27 +0000 |
| commit | d2e64ea0466aa2b108dd42683feb5f8b711cf4ea (patch) | |
| tree | a40c9ebd73ae86ae179a27f6985cb22533bed241 /regress | |
| parent | Get memory information from the device tree. (diff) | |
| download | wireguard-openbsd-d2e64ea0466aa2b108dd42683feb5f8b711cf4ea.tar.xz wireguard-openbsd-d2e64ea0466aa2b108dd42683feb5f8b711cf4ea.zip | |
Fix server client test with TLSv1.3 in appstest.sh
Diffstat (limited to 'regress')
| -rwxr-xr-x | regress/usr.bin/openssl/appstest.sh | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/regress/usr.bin/openssl/appstest.sh b/regress/usr.bin/openssl/appstest.sh index 8527401ef08..9fb143d4293 100755 --- a/regress/usr.bin/openssl/appstest.sh +++ b/regress/usr.bin/openssl/appstest.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $OpenBSD: appstest.sh,v 1.37 2020/05/15 15:44:16 inoguchi Exp $ +# $OpenBSD: appstest.sh,v 1.38 2020/05/17 01:43:27 inoguchi Exp $ # # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> # @@ -1340,38 +1340,45 @@ function test_sc_all_cipher { sc=$1 ver=$2 - s_ciph=$server_dir/s_ciph_${sc}_${ver} - cipher_string="" - if [ $s_id = "0" ] ; then - if [ $ver = "tls1_3" ] ; then - cipher_string="TLSv1.3" + copt=cipher + ciphers=$user1_dir/ciphers_${sc}_${ver} + + if [ $ver = "tls1_3" ] ; then + if [ $c_id = "0" ] ; then + echo "AEAD-AES256-GCM-SHA384" > $ciphers + echo "AEAD-CHACHA20-POLY1305-SHA256" >> $ciphers + echo "AEAD-AES128-GCM-SHA256" >> $ciphers else + echo "TLS_AES_256_GCM_SHA384" > $ciphers + echo "TLS_CHACHA20_POLY1305_SHA256" >> $ciphers + echo "TLS_AES_128_GCM_SHA256" >> $ciphers + copt=ciphersuites + fi + else + s_ciph=$server_dir/s_ciph_${sc}_${ver} + cipher_string="" + if [ $s_id = "0" ] ; then if [ $ecdsa_tests = 0 ] ; then cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3" else cipher_string="ECDSA+TLSv1.2:!TLSv1.3" fi fi - fi - $s_bin ciphers -v $cipher_string | awk '{print $1}' > $s_ciph + $s_bin ciphers -v $cipher_string | awk '{print $1}' > $s_ciph - c_ciph=$user1_dir/c_ciph_${sc}_${ver} - cipher_string="" - if [ $c_id = "0" ] ; then - if [ $ver = "tls1_3" ] ; then - cipher_string="TLSv1.3" - else + c_ciph=$user1_dir/c_ciph_${sc}_${ver} + cipher_string="" + if [ $c_id = "0" ] ; then if [ $ecdsa_tests = 0 ] ; then cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3" else cipher_string="ECDSA+TLSv1.2:!TLSv1.3" fi fi - fi - $c_bin ciphers -v $cipher_string | awk '{print $1}' > $c_ciph + $c_bin ciphers -v $cipher_string | awk '{print $1}' > $c_ciph - ciphers=$user1_dir/ciphers_${sc}_${ver} - grep -x -f $s_ciph $c_ciph | sort -R > $ciphers + grep -x -f $s_ciph $c_ciph | sort -R > $ciphers + fi cnum=0 for c in `cat $ciphers` ; do @@ -1382,11 +1389,11 @@ function test_sc_all_cipher { start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $ver $c" sleep $test_pause_sec $c_bin s_client -connect $host:$port -CAfile $ca_cert \ - -$ver -cipher $c \ + -$ver -$copt $c \ -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 check_exit_status $? - grep "Cipher : $c" $s_client_out > /dev/null + grep "Cipher is $c" $s_client_out > /dev/null check_exit_status $? grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null |