unrealircd

- supernets unrealircd source & configuration
git clone git://git.acid.vegas/unrealircd.git
Log | Files | Refs | Archive | README | LICENSE

tls-tests (2784B)

      1 #!/bin/bash
      2 # We assume we are executed from extras/tests/tls
      3 
      4 function fail()
      5 {
      6 	echo "TLS TEST ERROR: $*"
      7 	exit 1
      8 }
      9 
     10 CIPHERSCAN="cipherscan"
     11 OPENSSL="openssl"
     12 if [ -x ~/cipherscan ]; then
     13 	CIPHERSCAN="$HOME/cipherscan/cipherscan"
     14 	OPENSSL="$HOME/cipherscan/openssl"
     15 elif [ -x /home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan ]; then
     16 	CIPHERSCAN="/home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan"
     17 	OPENSSL="/home/travis/build/unrealircd/unrealircd/cipherscan/openssl"
     18 elif [ -x ../../../cipherscan/ ]; then
     19 	CIPHERSCAN="`readlink -f ../../../cipherscan/cipherscan`"
     20 	OPENSSL="`readlink -f ../../../cipherscan/openssl`"
     21 fi
     22 
     23 $CIPHERSCAN --help >/dev/null || exit 1
     24 
     25 
     26 # This is the basic cipherscan test.
     27 # It compares the output against a reference .txt file and alarms us if there
     28 # are any changes. These changes may not always be harmful, but at least we
     29 # will get warned on any possible changes.
     30 $CIPHERSCAN --no-colors 127.0.0.1:5901|grep -vF '.....' >cipherscan.test.txt
     31 
     32 # Now check if profile matches, if so.. everything is ok.
     33 # We have 1 or more baseline profiles
     34 # And you can optionally add profile-specific, eg openssl-102.txt
     35 # Yeah that was a great idea but maintaining that is a bit of a hassle.
     36 # TODO: reintroduce it though, see below.
     37 ##for f in cipherscan_profiles/baseline*txt cipherscan_profiles/$BUILDCONFIG.txt
     38 FAILED=1
     39 for f in cipherscan_profiles/*.txt
     40 do
     41 	diff -uab $f cipherscan.test.txt 1>/dev/null 2>&1
     42 	if [ "$?" -eq 0 ]; then
     43 		FAILED=0
     44 		echo "Cipherscan profile $f matched."
     45 		break
     46 	fi
     47 done
     48 
     49 if [ "$FAILED" -eq 1 ]; then
     50 	echo "*** Differences found between cipherscan scan and expected output ***"
     51 	if [ -f cipherscan_profiles/$BUILDCONFIG.txt ]; then
     52 		COMPARE_PROFILE="cipherscan_profiles/$BUILDCONFIG.txt"
     53 	else
     54 		COMPARE_PROFILE="cipherscan_profiles/baseline.txt"
     55 	fi
     56 	echo "== EXPECTED OUTPUT ($COMPARE_PROFILE) =="
     57 	cat $COMPARE_PROFILE
     58 	echo
     59 	echo "== ACTUAL TEST OUTPUT =="
     60 	cat cipherscan.test.txt
     61 	echo
     62 	echo "== DIFF =="
     63 	diff -uab $COMPARE_PROFILE cipherscan.test.txt
     64 	echo
     65 	echo "cipherscan test failed."
     66 	exit 1
     67 else
     68 	echo "*** Cipherscan output was good ***"
     69 	cat cipherscan.test.txt
     70 fi
     71 
     72 # This checks for a couple of old ciphers that should never work:
     73 for cipher in 3DES RC4
     74 do
     75 	echo "Testing cipher $cipher (MUST FAIL!).."
     76 	(echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5901 -cipher $cipher) &&
     77 	fail "UnrealIRCd allowed us to connect with cipher $cipher, BAD!"
     78 done
     79 
     80 # This checks older SSL/TLS versions that should not work:
     81 for protocol in ssl2 ssl3
     82 do
     83 	echo "Testing protocol $protocol (MUST FAIL!).."
     84 	(echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5901 -$protocol) &&
     85 	fail "UnrealIRCd allowed us to connect with protocol $protocol, BAD!"
     86 done
     87 
     88 echo
     89 echo "TLS tests ended (no issues)."
     90 exit 0