unrealircd- supernets unrealircd source & configuration |
git clone git://git.acid.vegas/unrealircd.git |
Log | Files | Refs | Archive | README | LICENSE |
tls-tests (2784B)
1 #!/bin/bash 2 # We assume we are executed from extras/tests/tls 3 4 function fail() 5 { 6 echo "TLS TEST ERROR: $*" 7 exit 1 8 } 9 10 CIPHERSCAN="cipherscan" 11 OPENSSL="openssl" 12 if [ -x ~/cipherscan ]; then 13 CIPHERSCAN="$HOME/cipherscan/cipherscan" 14 OPENSSL="$HOME/cipherscan/openssl" 15 elif [ -x /home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan ]; then 16 CIPHERSCAN="/home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan" 17 OPENSSL="/home/travis/build/unrealircd/unrealircd/cipherscan/openssl" 18 elif [ -x ../../../cipherscan/ ]; then 19 CIPHERSCAN="`readlink -f ../../../cipherscan/cipherscan`" 20 OPENSSL="`readlink -f ../../../cipherscan/openssl`" 21 fi 22 23 $CIPHERSCAN --help >/dev/null || exit 1 24 25 26 # This is the basic cipherscan test. 27 # It compares the output against a reference .txt file and alarms us if there 28 # are any changes. These changes may not always be harmful, but at least we 29 # will get warned on any possible changes. 30 $CIPHERSCAN --no-colors 127.0.0.1:5901|grep -vF '.....' >cipherscan.test.txt 31 32 # Now check if profile matches, if so.. everything is ok. 33 # We have 1 or more baseline profiles 34 # And you can optionally add profile-specific, eg openssl-102.txt 35 # Yeah that was a great idea but maintaining that is a bit of a hassle. 36 # TODO: reintroduce it though, see below. 37 ##for f in cipherscan_profiles/baseline*txt cipherscan_profiles/$BUILDCONFIG.txt 38 FAILED=1 39 for f in cipherscan_profiles/*.txt 40 do 41 diff -uab $f cipherscan.test.txt 1>/dev/null 2>&1 42 if [ "$?" -eq 0 ]; then 43 FAILED=0 44 echo "Cipherscan profile $f matched." 45 break 46 fi 47 done 48 49 if [ "$FAILED" -eq 1 ]; then 50 echo "*** Differences found between cipherscan scan and expected output ***" 51 if [ -f cipherscan_profiles/$BUILDCONFIG.txt ]; then 52 COMPARE_PROFILE="cipherscan_profiles/$BUILDCONFIG.txt" 53 else 54 COMPARE_PROFILE="cipherscan_profiles/baseline.txt" 55 fi 56 echo "== EXPECTED OUTPUT ($COMPARE_PROFILE) ==" 57 cat $COMPARE_PROFILE 58 echo 59 echo "== ACTUAL TEST OUTPUT ==" 60 cat cipherscan.test.txt 61 echo 62 echo "== DIFF ==" 63 diff -uab $COMPARE_PROFILE cipherscan.test.txt 64 echo 65 echo "cipherscan test failed." 66 exit 1 67 else 68 echo "*** Cipherscan output was good ***" 69 cat cipherscan.test.txt 70 fi 71 72 # This checks for a couple of old ciphers that should never work: 73 for cipher in 3DES RC4 74 do 75 echo "Testing cipher $cipher (MUST FAIL!).." 76 (echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5901 -cipher $cipher) && 77 fail "UnrealIRCd allowed us to connect with cipher $cipher, BAD!" 78 done 79 80 # This checks older SSL/TLS versions that should not work: 81 for protocol in ssl2 ssl3 82 do 83 echo "Testing protocol $protocol (MUST FAIL!).." 84 (echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5901 -$protocol) && 85 fail "UnrealIRCd allowed us to connect with protocol $protocol, BAD!" 86 done 87 88 echo 89 echo "TLS tests ended (no issues)." 90 exit 0