mirror of
https://github.com/stefanocasazza/ULib.git
synced 2025-09-28 19:05:55 +08:00
123 lines
4.3 KiB
Bash
Executable File
123 lines
4.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
. ../.function
|
|
|
|
## tsa_https.test -- Test TSA feature
|
|
|
|
start_msg tsa_https
|
|
|
|
#UTRACE="0 5M -1"
|
|
#UTRACE_SIGNAL="0 5M -1"
|
|
#UOBJDUMP="0 1M 100"
|
|
#USIMERR="error.sim"
|
|
#VALGRIND=valgrind
|
|
export UTRACE UTRACE_SIGNAL UOBJDUMP USIMERR VALGRIND
|
|
|
|
DOC_ROOT=TSA
|
|
|
|
rm -rf $DOC_ROOT/*log \
|
|
out/userver_ssl.out err/userver_ssl.err \
|
|
trace.*userver_*.[0-9]* object.*userver_*.[0-9]* stack.*userver_*.[0-9]* mempool.*userver_*.[0-9]* \
|
|
$DOC_ROOT/trace.*userver_*.[0-9]* $DOC_ROOT/object.*userver_*.[0-9]* $DOC_ROOT/stack.*userver_*.[0-9]* $DOC_ROOT/mempool.*userver_*.[0-9]*
|
|
|
|
# usage: openssl s_client args
|
|
# ----------------------------------------------------------------
|
|
# -host host - use -connect instead
|
|
# -port port - use -connect instead
|
|
# -connect host:port - who to connect to (default is 10.30.1.131:4433)
|
|
# -verify arg - turn on peer certificate verification
|
|
# -cert arg - certificate file to use, PEM format assumed
|
|
# -key arg - Private key file to use, PEM format assumed, in cert file if not specified but cert file is.
|
|
# -CApath arg - PEM format directory of CA's
|
|
# -CAfile arg - PEM format file of CA's
|
|
# -reconnect - Drop and re-make the connection with the same Session-ID
|
|
# -pause - sleep(1) after each read(2) and write(2) system call
|
|
# -showcerts - show all certificates in the chain
|
|
# -debug - extra output
|
|
# -msg - Show protocol messages
|
|
# -nbio_test - more ssl protocol testing
|
|
# -state - print the 'ssl' states
|
|
# -nbio - Run with non-blocking IO
|
|
# -crlf - convert LF from terminal into CRLF
|
|
# -quiet - no s_client output
|
|
# -ign_eof - ignore input eof (default when -quiet)
|
|
# -ssl2 - just use SSLv2
|
|
# -ssl3 - just use SSLv3
|
|
# -tls1 - just use TLSv1
|
|
# -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
|
|
# -bugs - Switch on all SSL implementation bug workarounds
|
|
# -serverpref - Use server's cipher preferences (only SSLv2)
|
|
# -cipher - preferred cipher to use, use the 'openssl ciphers' command to see what is available
|
|
# -starttls prot - use the STARTTLS command before starting TLS for those protocols that support it, where 'prot'
|
|
# defines which one to assume. Currently, only "smtp" and "pop3" are supported.
|
|
# -engine id - Initialise and use the specified engine
|
|
# -rand file:file:...
|
|
# ----------------------------------------------------------------
|
|
|
|
CAPATH="../ulib/CA/CApath"
|
|
CACERT="../ulib/CA/username.crt"
|
|
USER_KEY="../ulib/CA/username.key"
|
|
LCMD="$OPENSSL s_client -quiet -cert $CACERT -key $USER_KEY -pass pass:caciucco -CApath $CAPATH -connect localhost:443"
|
|
|
|
creat_link . $DOC_ROOT/$DOC_ROOT
|
|
|
|
cat <<EOF >inp/webserver.cfg
|
|
userver {
|
|
REQ_TIMEOUT 5
|
|
MAX_KEEP_ALIVE 256
|
|
LOG_FILE tsa_https.log
|
|
LOG_FILE_SZ 1M
|
|
DOCUMENT_ROOT TSA
|
|
PLUGIN "tsa http"
|
|
PLUGIN_DIR ../../../src/ulib/net/server/plugin/.libs
|
|
ORM_DRIVER_DIR ../../../src/ulib/orm/driver/.libs
|
|
CERT_FILE ../../ulib/CA/server.crt
|
|
KEY_FILE ../../ulib/CA/server.key
|
|
PASSWORD caciucco
|
|
CA_PATH ../../ulib/CA/CApath
|
|
CA_FILE ../../ulib/CA/cacert.pem
|
|
VERIFY_MODE 1
|
|
}
|
|
http {
|
|
#include "http.cfg"
|
|
CACHE_FILE_MASK _off_
|
|
}
|
|
#include "tsa.cfg"
|
|
EOF
|
|
|
|
DIR_CMD="../../examples/userver"
|
|
|
|
rm -f TSA/response/response*
|
|
|
|
#STRACE=$TRUSS
|
|
start_prg_background userver_ssl -c inp/webserver.cfg
|
|
|
|
wait_server_ready localhost 443
|
|
|
|
#../../tmp/openssl/ssl/misc/tsget -h https://localhost:443/tsa -C TSA/request/cacert.pem TSA/request/tsq.req
|
|
TIMEOUT 5 $LCMD <TSA/request/http.req >TSA/response/response 2>>err/userver_ssl.err
|
|
|
|
tail -c +155 TSA/response/response > TSA/response/response.tsr
|
|
|
|
TSA/bin/openssl ts -verify -queryfile TSA/request/tsq.req \
|
|
-in TSA/response/response.tsr -CApath TSA/CA/CApath > out/tsa_https.out
|
|
|
|
rm -f TSA/response/response*
|
|
|
|
#../../tmp/openssl/ssl/misc/tsget -h https://localhost:443/tsa -C TSA/request/cacert.pem TSA/request/tsq.req
|
|
TIMEOUT 5 $LCMD <TSA/request/http.req >TSA/response/response 2>>err/tsa_https.err
|
|
|
|
tail -c +155 TSA/response/response > TSA/response/response.tsr
|
|
|
|
kill_server userver_ssl
|
|
|
|
mv err/userver_ssl.err err/tsa_https.err
|
|
|
|
TSA/bin/openssl ts -verify -queryfile TSA/request/tsq.req \
|
|
-in TSA/response/response.tsr -CApath TSA/CA/CApath >> out/tsa_https.out
|
|
|
|
rm -f $DOC_ROOT/$DOC_ROOT
|
|
|
|
# Test against expected output
|
|
test_output_diff tsa_https
|