[tlsproxy/tlsproxy.git] / tests / tests-passthrough.sh

#!/bin/sh

# tlsproxy tests for the -u option.
#
# Copyright (C) 2011-2013  Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


test "x$srcdir" = x && srcdir=.
. "$srcdir/common.sh"


# Create necessary files.
cleanup
"$srcdir/../src/tlsproxy-setup" >/dev/null 2>/dev/null

# Normal tests.
../src/tlsproxy -d2 -u 4711 >/dev/null &
server --x509certfile "$srcdir/server.pem" \
       --x509keyfile "$srcdir/server-key.pem"
sleep 1


echo invalid hostname
client unknown-host 80 - && abort 'client unknown-host 80 -'
test_proxy_failure
test_no_invalid_certificate

echo missing proxy and server certificate
client localhost 4712 'test server' || abort 'client localhost 4712 test server'
test_proxy_successful
test_invalid_certificate

# Create the proxy certificate.
"$srcdir/../src/tlsproxy-add" localhost "$srcdir/server.pem" \
    >/dev/null 2>/dev/null

echo missing server certificate
mv certificate-localhost-server.pem .pem
client localhost 4712 'test server' || abort 'client localhost 4712 test server'
mv .pem certificate-localhost-server.pem
test_proxy_successful
test_invalid_certificate

echo missing proxy certificate
mv certificate-localhost-proxy.pem .pem
# "invalid" to prevent user error if the proxy certificate gets deleted (but
# the server certificate is still readable).
client localhost 4712 invalid || abort 'client localhost 4712 invalid'
mv .pem certificate-localhost-proxy.pem
test_proxy_successful
test_invalid_certificate

echo normal connection
# 'localhost' is the CN of tlsproxy's certificate.
client localhost 4712 localhost || abort 'client localhost 4712 localhost'
test_proxy_successful
test_no_invalid_certificate


# Stop server and try a "MITM" with a bad certificate.
echo
pkill -n gnutls-serv
server --x509certfile "$srcdir/server-bad.pem" \
       --x509keyfile "$srcdir/server-key.pem"
sleep 1
rm -f certificate-localhost-proxy.pem certificate-localhost-server.pem


echo mitm invalid hostname
client unknown-host 80 - && abort 'client unknown-host 80 -'
test_proxy_failure
test_no_invalid_certificate

echo mitm missing proxy and server certificate
client localhost 4712 'test server bad' || abort 'client localhost 4712 test server bad'
test_proxy_successful
test_invalid_certificate

# Create the proxy certificate.
"$srcdir/../src/tlsproxy-add" localhost "$srcdir/server.pem" \
    >/dev/null 2>/dev/null

echo mitm missing server certificate
mv certificate-localhost-server.pem .pem
client localhost 4712 'test server bad' || abort 'client localhost 4712 test server bad'
mv .pem certificate-localhost-server.pem
test_proxy_successful
test_invalid_certificate

echo mitm missing proxy certificate
mv certificate-localhost-proxy.pem .pem
# "invalid" to prevent user error if the proxy certificate gets deleted (but
# the server certificate is still readable).
client localhost 4712 invalid || abort 'client localhost 4712 invalid'
mv .pem certificate-localhost-proxy.pem
test_proxy_successful
test_invalid_certificate

echo mitm normal connection
client localhost 4712 invalid || abort 'client localhost 4712 invalid'
test_proxy_successful
test_invalid_certificate


stop_servers
cleanup
rm -f tmp

exit 0