#!/bin/sh . ../.function ## tsa_https.test -- Test TSA feature start_msg tsa_https #UTRACE="0 5M -1" #UTRACE_SIGNAL="0 5M -1" #UOBJDUMP="0 1M 100" #USIMERR="error.sim" #VALGRIND=valgrind export UTRACE UTRACE_SIGNAL UOBJDUMP USIMERR VALGRIND DOC_ROOT=TSA rm -rf $DOC_ROOT/*log \ out/userver_ssl.out err/userver_ssl.err \ trace.*userver_*.[0-9]* object.*userver_*.[0-9]* stack.*userver_*.[0-9]* mempool.*userver_*.[0-9]* \ $DOC_ROOT/trace.*userver_*.[0-9]* $DOC_ROOT/object.*userver_*.[0-9]* $DOC_ROOT/stack.*userver_*.[0-9]* $DOC_ROOT/mempool.*userver_*.[0-9]* # usage: openssl s_client args # ---------------------------------------------------------------- # -host host - use -connect instead # -port port - use -connect instead # -connect host:port - who to connect to (default is 10.30.1.131:4433) # -verify arg - turn on peer certificate verification # -cert arg - certificate file to use, PEM format assumed # -key arg - Private key file to use, PEM format assumed, in cert file if not specified but cert file is. # -CApath arg - PEM format directory of CA's # -CAfile arg - PEM format file of CA's # -reconnect - Drop and re-make the connection with the same Session-ID # -pause - sleep(1) after each read(2) and write(2) system call # -showcerts - show all certificates in the chain # -debug - extra output # -msg - Show protocol messages # -nbio_test - more ssl protocol testing # -state - print the 'ssl' states # -nbio - Run with non-blocking IO # -crlf - convert LF from terminal into CRLF # -quiet - no s_client output # -ign_eof - ignore input eof (default when -quiet) # -ssl2 - just use SSLv2 # -ssl3 - just use SSLv3 # -tls1 - just use TLSv1 # -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol # -bugs - Switch on all SSL implementation bug workarounds # -serverpref - Use server's cipher preferences (only SSLv2) # -cipher - preferred cipher to use, use the 'openssl ciphers' command to see what is available # -starttls prot - use the STARTTLS command before starting TLS for those protocols that support it, where 'prot' # defines which one to assume. Currently, only "smtp" and "pop3" are supported. # -engine id - Initialise and use the specified engine # -rand file:file:... # ---------------------------------------------------------------- CAPATH="../ulib/CA/CApath" CACERT="../ulib/CA/username.crt" USER_KEY="../ulib/CA/username.key" LCMD="$OPENSSL s_client -quiet -cert $CACERT -key $USER_KEY -pass pass:caciucco -CApath $CAPATH -connect localhost:443" creat_link . $DOC_ROOT/$DOC_ROOT cat <inp/webserver.cfg userver { REQ_TIMEOUT 5 MAX_KEEP_ALIVE 256 LOG_FILE tsa_https.log LOG_FILE_SZ 1M DOCUMENT_ROOT TSA PLUGIN "tsa http" PLUGIN_DIR ../../../src/ulib/net/server/plugin/.libs ORM_DRIVER_DIR ../../../src/ulib/orm/driver/.libs CERT_FILE ../../ulib/CA/server.crt KEY_FILE ../../ulib/CA/server.key PASSWORD caciucco CA_PATH ../../ulib/CA/CApath CA_FILE ../../ulib/CA/cacert.pem VERIFY_MODE 1 } http { #include "http.cfg" CACHE_FILE_MASK _off_ } #include "tsa.cfg" EOF DIR_CMD="../../examples/userver" rm -f TSA/response/response* #STRACE=$TRUSS start_prg_background userver_ssl -c inp/webserver.cfg wait_server_ready localhost 443 #../../tmp/openssl/ssl/misc/tsget -h https://localhost:443/tsa -C TSA/request/cacert.pem TSA/request/tsq.req TIMEOUT 5 $LCMD TSA/response/response 2>>err/userver_ssl.err tail -c +155 TSA/response/response > TSA/response/response.tsr TSA/bin/openssl ts -verify -queryfile TSA/request/tsq.req \ -in TSA/response/response.tsr -CApath TSA/CA/CApath > out/tsa_https.out rm -f TSA/response/response* #../../tmp/openssl/ssl/misc/tsget -h https://localhost:443/tsa -C TSA/request/cacert.pem TSA/request/tsq.req TIMEOUT 5 $LCMD TSA/response/response 2>>err/tsa_https.err tail -c +155 TSA/response/response > TSA/response/response.tsr kill_server userver_ssl mv err/userver_ssl.err err/tsa_https.err TSA/bin/openssl ts -verify -queryfile TSA/request/tsq.req \ -in TSA/response/response.tsr -CApath TSA/CA/CApath >> out/tsa_https.out rm -f $DOC_ROOT/$DOC_ROOT # Test against expected output test_output_diff tsa_https