#!/bin/sh . ../.function ## tsa_ssoap.test -- Test TSA feature start_msg tsa_ssoap #UTRACE="0 130M 0" #UOBJDUMP="0 100k 10" #USIMERR="error.sim" export UTRACE UOBJDUMP USIMERR DOC_ROOT=TSA rm -rf $DOC_ROOT/*log \ out/userver_ssl.out err/userver_ssl.err \ trace.*userver_*.[0-9]* object.*userver_*.[0-9]* stack.*userver_*.[0-9]* mempool.*userver_*.[0-9]* \ $DOC_ROOT/trace.*userver_*.[0-9]* $DOC_ROOT/object.*userver_*.[0-9]* $DOC_ROOT/stack.*userver_*.[0-9]* $DOC_ROOT/mempool.*userver_*.[0-9]* # ---------------------------------------------------------------- # usage: openssl s_client args # ---------------------------------------------------------------- # -host host - use -connect instead # -port port - use -connect instead # -connect host:port - who to connect to (default is localhost:433) # -verify arg - turn on peer certificate verification # -cert arg - certificate file to use, PEM format assumed # -key arg - Private key file to use, PEM format assumed, in cert file if not specified but cert file is. # -CApath arg - PEM format directory of CA's # -CAfile arg - PEM format file of CA's # -reconnect - Drop and re-make the connection with the same Session-ID # -pause - sleep(1) after each read(2) and write(2) system call # -showcerts - show all certificates in the chain # -debug - extra output # -msg - Show protocol messages # -nbio_test - more ssl protocol testing # -state - print the 'ssl' states # -nbio - Run with non-blocking IO # -crlf - convert LF from terminal into CRLF # -quiet - no s_client output # -ign_eof - ignore input eof (default when -quiet) # -ssl2 - just use SSLv2 # -ssl3 - just use SSLv3 # -tls1 - just use TLSv1 # -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol # -bugs - Switch on all SSL implementation bug workarounds # -serverpref - Use server's cipher preferences (only SSLv2) # -cipher - preferred cipher to use, use the 'openssl ciphers' command to see what is available # -starttls prot - use the STARTTLS command before starting TLS for those protocols that support it, where 'prot' # defines which one to assume. Currently, only "smtp" and "pop3" are supported. # -engine id - Initialise and use the specified engine # -rand file:file:... # ---------------------------------------------------------------- CAPATH="../ulib/CA/CApath" CACERT="../ulib/CA/username.crt" USER_KEY="../ulib/CA/username.key" LCMD="$OPENSSL s_client -quiet -cert $CACERT -key $USER_KEY -pass pass:caciucco -CApath $CAPATH -connect localhost:443" creat_link . $DOC_ROOT/$DOC_ROOT cat <inp/webserver.cfg userver { REQ_TIMEOUT 5 MAX_KEEP_ALIVE 256 LOG_FILE tsa_ssoap.log LOG_FILE_SZ 1M DOCUMENT_ROOT TSA PLUGIN "soap http" PLUGIN_DIR ../../../src/ulib/net/server/plugin/.libs ORM_DRIVER_DIR ../../../src/ulib/orm/driver/.libs CERT_FILE ../../ulib/CA/server.crt KEY_FILE ../../ulib/CA/server.key PASSWORD caciucco CA_PATH ../../ulib/CA/CApath CA_FILE ../../ulib/CA/cacert.pem VERIFY_MODE 1 } http { #include "http.cfg" CACHE_FILE_MASK _off_ } soap { #include "soap_or_rpc_tsa.cfg" } EOF DIR_CMD="../../examples/userver" rm -f TSA/response/response* start_prg_background userver_ssl -c inp/webserver.cfg wait_server_ready localhost 443 TIMEOUT 6 $LCMD TSA/response/soap.res 2>>err/userver_ssl.err tail -c +471 TSA/response/soap.res | cut -d'<' -f1 | $WINELOADER ../base/crypto_base64$SUFFIX -d > TSA/response/soap.tsr #tail -c +471 TSA/response/soap.res > TSA/response/soap.tsr kill_server userver_ssl mv err/userver_ssl.err err/tsa_ssoap.err TSA/bin/openssl ts -verify -queryfile TSA/request/tsq.req \ -in TSA/response/soap.tsr -CApath TSA/CA/CApath > out/tsa_ssoap.out rm -f $DOC_ROOT/$DOC_ROOT # Test against expected output test_output_diff tsa_ssoap