From 877b2fbd3c9d2ca38b6a15b55846f33b0dece9e8 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 20 Feb 2002 05:12:45 +0000 Subject: [PATCH] A rough little self-test for tunala. This runs through all cipher-suite / SSL/TLS version combinations looking for mishaps. --- demos/tunala/test.sh | 107 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100755 demos/tunala/test.sh diff --git a/demos/tunala/test.sh b/demos/tunala/test.sh new file mode 100755 index 0000000000..105b447333 --- /dev/null +++ b/demos/tunala/test.sh @@ -0,0 +1,107 @@ +#!/bin/sh + +HTTP="localhost:8080" +CLIENT_PORT="9020" +SERVER_PORT="9021" + +sub_test () +{ + echo "STARTING - $VER $CIPHER" + ./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \ + -cacert CA.pem -cert A-client.pem -server 0 \ + -dh_special standard -v_peer -v_strict \ + $VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt & + ./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \ + -cacert CA.pem -cert A-server.pem -server 1 \ + -dh_special standard -v_peer -v_strict \ + $VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt & + # Wait for the servers to be listening before starting the wget test + DONE="no" + while [ "$DONE" != "yes" ]; do + L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"` + L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"` + if [ "x$L1" != "x" ]; then + DONE="yes" + elif [ "x$L2" != "x" ]; then + DONE="yes" + else + sleep 1 + fi + done + HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep ""` + if [ "x$HTML" != "x" ]; then + echo "OK - $CIPHER ($VER)" + else + echo "FAIL - $CIPHER ($VER)" + killall tunala + exit 1 + fi + killall tunala + # Wait for the servers to stop before returning - otherwise the next + # test my fail to start ... (fscking race conditions) + DONE="yes" + while [ "$DONE" != "no" ]; do + L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"` + L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"` + if [ "x$L1" != "x" ]; then + DONE="yes" + elif [ "x$L2" != "x" ]; then + DONE="yes" + else + DONE="no" + fi + done + exit 0 +} + +run_test () +{ + (sub_test 1> /dev/null) || exit 1 +} + +run_ssl_test () +{ +killall tunala 1> /dev/null 2> /dev/null +echo "" +echo "Starting all $PRETTY tests" +if [ "$PRETTY" != "SSLv2" ]; then + if [ "$PRETTY" != "SSLv3" ]; then + export VER="-no_ssl2 -no_ssl3" + export OSSL="-tls1" + else + export VER="-no_ssl2 -no_tls1" + export OSSL="-ssl3" + fi +else + export VER="-no_ssl3 -no_tls1" + export OSSL="-ssl2" +fi +LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`" +#echo "$LIST" +for i in $LIST; do \ + DSS=`echo "$i" | grep "DSS"` + if [ "x$DSS" != "x" ]; then + echo "---- skipping $i (no DSA cert/keys) ----" + else + export CIPHER=$i + run_test + echo "SUCCESS: $i" + fi +done; +} + +# Welcome the user +echo "Tests will assume an http server running at $HTTP" + +# TLSv1 test +export PRETTY="TLSv1" +run_ssl_test + +# SSLv3 test +export PRETTY="SSLv3" +run_ssl_test + +# SSLv2 test +export PRETTY="SSLv2" +run_ssl_test + -- 2.25.1