3 # Normal tlsproxy tests.
5 # Copyright (C) 2011-2013 Simon Ruderich
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 test "x$srcdir" = x && srcdir=.
25 # Create necessary files.
31 server --x509certfile "$srcdir/server.pem" \
32 --x509keyfile "$srcdir/server-key.pem"
33 wait_for_ports 4711 4712
37 client unknown-host 80 - && abort 'client unknown-host 80 -'
39 test_no_invalid_certificate
41 echo missing proxy and server certificate
42 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
44 test_invalid_certificate
46 # Create the proxy certificate.
47 tlsproxy_add localhost server.pem
49 echo missing server certificate
50 mv certificate-localhost-server.pem .pem
51 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
52 mv .pem certificate-localhost-server.pem
54 test_invalid_certificate
56 echo missing proxy certificate
57 mv certificate-localhost-proxy.pem .pem
58 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
59 mv .pem certificate-localhost-proxy.pem
61 test_invalid_certificate
63 echo normal connection
64 # 'localhost' is the CN of tlsproxy's certificate.
65 client localhost 4712 localhost || abort 'client localhost 4712 localhost'
67 test_no_invalid_certificate
70 # Stop server and try a "MITM" with a bad certificate.
72 kill $pid_server || echo 'failed to kill gnutls-serv'
73 server --x509certfile "$srcdir/server-bad.pem" \
74 --x509keyfile "$srcdir/server-key.pem"
76 rm -f certificate-localhost-proxy.pem certificate-localhost-server.pem
79 echo mitm invalid hostname
80 client unknown-host 80 - && abort 'client unknown-host 80 -'
82 test_no_invalid_certificate
84 echo mitm missing proxy and server certificate
85 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
87 test_invalid_certificate
89 # Create the proxy certificate.
90 tlsproxy_add localhost server.pem
92 echo mitm missing server certificate
93 mv certificate-localhost-server.pem .pem
94 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
95 mv .pem certificate-localhost-server.pem
97 test_invalid_certificate
99 echo mitm missing proxy certificate
100 mv certificate-localhost-proxy.pem .pem
101 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
102 mv .pem certificate-localhost-proxy.pem
103 test_proxy_successful
104 test_invalid_certificate
106 echo mitm normal connection
107 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
108 test_proxy_successful
109 test_invalid_certificate