mirror of
git://git.acid.vegas/unrealircd.git
synced 2024-11-30 11:56:40 +00:00
91 lines
2.7 KiB
Plaintext
91 lines
2.7 KiB
Plaintext
|
#!/bin/bash
|
||
|
# We assume we are executed from extras/tests/tls
|
||
|
|
||
|
function fail()
|
||
|
{
|
||
|
echo "TLS TEST ERROR: $*"
|
||
|
exit 1
|
||
|
}
|
||
|
|
||
|
CIPHERSCAN="cipherscan"
|
||
|
OPENSSL="openssl"
|
||
|
if [ -x ~/cipherscan ]; then
|
||
|
CIPHERSCAN="$HOME/cipherscan/cipherscan"
|
||
|
OPENSSL="$HOME/cipherscan/openssl"
|
||
|
elif [ -x /home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan ]; then
|
||
|
CIPHERSCAN="/home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan"
|
||
|
OPENSSL="/home/travis/build/unrealircd/unrealircd/cipherscan/openssl"
|
||
|
elif [ -x ../../../cipherscan/ ]; then
|
||
|
CIPHERSCAN="`readlink -f ../../../cipherscan/cipherscan`"
|
||
|
OPENSSL="`readlink -f ../../../cipherscan/openssl`"
|
||
|
fi
|
||
|
|
||
|
$CIPHERSCAN --help >/dev/null || exit 1
|
||
|
|
||
|
|
||
|
# This is the basic cipherscan test.
|
||
|
# It compares the output against a reference .txt file and alarms us if there
|
||
|
# are any changes. These changes may not always be harmful, but at least we
|
||
|
# will get warned on any possible changes.
|
||
|
$CIPHERSCAN --no-colors 127.0.0.1:5901|grep -vF '.....' >cipherscan.test.txt
|
||
|
|
||
|
# Now check if profile matches, if so.. everything is ok.
|
||
|
# We have 1 or more baseline profiles
|
||
|
# And you can optionally add profile-specific, eg openssl-102.txt
|
||
|
# Yeah that was a great idea but maintaining that is a bit of a hassle.
|
||
|
# TODO: reintroduce it though, see below.
|
||
|
##for f in cipherscan_profiles/baseline*txt cipherscan_profiles/$BUILDCONFIG.txt
|
||
|
FAILED=1
|
||
|
for f in cipherscan_profiles/*.txt
|
||
|
do
|
||
|
diff -uab $f cipherscan.test.txt 1>/dev/null 2>&1
|
||
|
if [ "$?" -eq 0 ]; then
|
||
|
FAILED=0
|
||
|
echo "Cipherscan profile $f matched."
|
||
|
break
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
if [ "$FAILED" -eq 1 ]; then
|
||
|
echo "*** Differences found between cipherscan scan and expected output ***"
|
||
|
if [ -f cipherscan_profiles/$BUILDCONFIG.txt ]; then
|
||
|
COMPARE_PROFILE="cipherscan_profiles/$BUILDCONFIG.txt"
|
||
|
else
|
||
|
COMPARE_PROFILE="cipherscan_profiles/baseline.txt"
|
||
|
fi
|
||
|
echo "== EXPECTED OUTPUT ($COMPARE_PROFILE) =="
|
||
|
cat $COMPARE_PROFILE
|
||
|
echo
|
||
|
echo "== ACTUAL TEST OUTPUT =="
|
||
|
cat cipherscan.test.txt
|
||
|
echo
|
||
|
echo "== DIFF =="
|
||
|
diff -uab $COMPARE_PROFILE cipherscan.test.txt
|
||
|
echo
|
||
|
echo "cipherscan test failed."
|
||
|
exit 1
|
||
|
else
|
||
|
echo "*** Cipherscan output was good ***"
|
||
|
cat cipherscan.test.txt
|
||
|
fi
|
||
|
|
||
|
# This checks for a couple of old ciphers that should never work:
|
||
|
for cipher in 3DES RC4
|
||
|
do
|
||
|
echo "Testing cipher $cipher (MUST FAIL!).."
|
||
|
(echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5901 -cipher $cipher) &&
|
||
|
fail "UnrealIRCd allowed us to connect with cipher $cipher, BAD!"
|
||
|
done
|
||
|
|
||
|
# This checks older SSL/TLS versions that should not work:
|
||
|
for protocol in ssl2 ssl3
|
||
|
do
|
||
|
echo "Testing protocol $protocol (MUST FAIL!).."
|
||
|
(echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5901 -$protocol) &&
|
||
|
fail "UnrealIRCd allowed us to connect with protocol $protocol, BAD!"
|
||
|
done
|
||
|
|
||
|
echo
|
||
|
echo "TLS tests ended (no issues)."
|
||
|
exit 0
|