From e8da1fd83d84ec8063d6cde2010933a633f887be Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 6 Dec 2016 13:00:27 +0100 Subject: [PATCH] tests: added check for operation under different --servercert parameters Signed-off-by: Nikos Mavrogiannopoulos Signed-off-by: David Woodhouse --- tests/Makefile.am | 2 +- tests/id-test | 64 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100755 tests/id-test diff --git a/tests/Makefile.am b/tests/Makefile.am index b08b3adc..d79bb84a 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -42,7 +42,7 @@ EXTRA_DIST = certs/ca.pem certs/ca-key.pem certs/user-cert.pem $(USER_KEYS) $(US dist_check_SCRIPTS = if HAVE_CWRAP -dist_check_SCRIPTS += auth-username-pass auth-certificate +dist_check_SCRIPTS += auth-username-pass auth-certificate id-test if TEST_PKCS11 dist_check_SCRIPTS += auth-pkcs11 diff --git a/tests/id-test b/tests/id-test new file mode 100755 index 00000000..38d0931f --- /dev/null +++ b/tests/id-test @@ -0,0 +1,64 @@ +#!/bin/sh +# +# Copyright © 2016 Red Hat, Inc. +# +# This file is part of openconnect. +# +# This is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public License +# as published by the Free Software Foundation; either version 2.1 of +# the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +SERV="${SERV:-../src/ocserv}" +srcdir=${srcdir:-.} +top_builddir=${top_builddir:-..} + +. `dirname $0`/common.sh + +echo "Testing certificate auth... " + +launch_simple_sr_server -d 1 -f -c configs/test-user-pass.config >/dev/null 2>&1 +PID=$! +wait_server $PID + +echo -n "Connecting with legacy hash... " +( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1) || + fail $PID "Could not receive cookie from server" + +echo ok + +echo -n "Connecting with SHA1 ID... " +( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert=sha1:a82547f68f44d6351bef6cacd1d7b96e84f9dfa3 --cookieonly >/dev/null 2>&1) || + fail $PID "Could not receive cookie from server" + +echo ok + +echo -n "Connecting with SHA256 ID... " +( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert=sha256:c69dec71fcf2deb390b2ff4d70ebdeffc61556ffa91ebe2a3425c45eb365e6cf --cookieonly >/dev/null 2>&1) || + fail $PID "Could not receive cookie from server" + +echo ok + +echo -n "Connecting with SHA256 partial ID... " +( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert=sha256:c69dec --cookieonly >/dev/null 2>&1) || + fail $PID "Could not receive cookie from server" + +echo ok + +echo -n "Connecting with wrong SHA256 ID... " +( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert=sha256:c69ded --cookieonly >/dev/null 2>&1) && + fail $PID "Did connect to the server with wrong ID" + +echo ok + +cleanup + +exit 0 -- 2.49.0