A rough little self-test for tunala. This runs through all cipher-suite /
authorGeoff Thorpe <geoff@openssl.org>
Wed, 20 Feb 2002 05:12:45 +0000 (05:12 +0000)
committerGeoff Thorpe <geoff@openssl.org>
Wed, 20 Feb 2002 05:12:45 +0000 (05:12 +0000)
SSL/TLS version combinations looking for mishaps.

demos/tunala/test.sh [new file with mode: 0755]

diff --git a/demos/tunala/test.sh b/demos/tunala/test.sh
new file mode 100755 (executable)
index 0000000..105b447
--- /dev/null
@@ -0,0 +1,107 @@
+#!/bin/sh
+
+HTTP="localhost:8080"
+CLIENT_PORT="9020"
+SERVER_PORT="9021"
+
+sub_test ()
+{
+       echo "STARTING - $VER $CIPHER"
+       ./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \
+               -cacert CA.pem -cert A-client.pem -server 0 \
+               -dh_special standard -v_peer -v_strict \
+               $VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt &
+       ./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \
+               -cacert CA.pem -cert A-server.pem -server 1 \
+               -dh_special standard -v_peer -v_strict \
+               $VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt &
+       # Wait for the servers to be listening before starting the wget test
+       DONE="no"
+       while [ "$DONE" != "yes" ]; do
+               L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
+               L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
+               if [ "x$L1" != "x" ]; then
+                       DONE="yes"
+               elif [ "x$L2" != "x" ]; then
+                       DONE="yes"
+               else
+                       sleep 1
+               fi
+       done
+       HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep "<HTML>"`
+       if [ "x$HTML" != "x" ]; then
+               echo "OK - $CIPHER ($VER)"
+       else
+               echo "FAIL - $CIPHER ($VER)"
+               killall tunala
+               exit 1
+       fi
+       killall tunala
+       # Wait for the servers to stop before returning - otherwise the next
+       # test my fail to start ... (fscking race conditions)
+       DONE="yes"
+       while [ "$DONE" != "no" ]; do
+               L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
+               L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
+               if [ "x$L1" != "x" ]; then
+                       DONE="yes"
+               elif [ "x$L2" != "x" ]; then
+                       DONE="yes"
+               else
+                       DONE="no"
+               fi
+       done
+       exit 0
+}
+
+run_test ()
+{
+       (sub_test 1> /dev/null) || exit 1
+}
+
+run_ssl_test ()
+{
+killall tunala 1> /dev/null 2> /dev/null
+echo ""
+echo "Starting all $PRETTY tests"
+if [ "$PRETTY" != "SSLv2" ]; then
+       if [ "$PRETTY" != "SSLv3" ]; then
+               export VER="-no_ssl2 -no_ssl3"
+               export OSSL="-tls1"
+       else
+               export VER="-no_ssl2 -no_tls1"
+               export OSSL="-ssl3"
+       fi
+else
+       export VER="-no_ssl3 -no_tls1"
+       export OSSL="-ssl2"
+fi
+LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`"
+#echo "$LIST"
+for i in $LIST; do \
+       DSS=`echo "$i" | grep "DSS"`
+       if [ "x$DSS" != "x" ]; then
+               echo "---- skipping $i (no DSA cert/keys) ----"
+       else
+               export CIPHER=$i
+               run_test
+               echo "SUCCESS: $i"
+       fi
+done;
+}
+
+# Welcome the user
+echo "Tests will assume an http server running at $HTTP"
+
+# TLSv1 test
+export PRETTY="TLSv1"
+run_ssl_test
+
+# SSLv3 test
+export PRETTY="SSLv3"
+run_ssl_test
+
+# SSLv2 test
+export PRETTY="SSLv2"
+run_ssl_test
+