3 # tlsproxy tests for the -u option.
5 # Copyright (C) 2011-2013 Simon Ruderich
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 # Handle empty $srcdir.
22 [ "x$srcdir" = x ] && srcdir=.
27 # Create necessary files.
29 "$srcdir/../src/tlsproxy-setup" >/dev/null 2>/dev/null
32 ../src/tlsproxy -d2 -u 4711 >/dev/null &
33 server --x509certfile "$srcdir/server.pem" \
34 --x509keyfile "$srcdir/server-key.pem"
39 client unknown-host 80 - && abort
41 test_no_invalid_certificate
43 echo missing proxy and server certificate
44 client localhost 4712 'test server' || abort
46 test_invalid_certificate
48 # Create the proxy certificate.
49 "$srcdir/../src/tlsproxy-add" localhost "$srcdir/server.pem" \
50 >/dev/null 2>/dev/null
52 echo missing server certificate
53 mv certificate-localhost-server.pem .pem
54 client localhost 4712 'test server' || abort
55 mv .pem certificate-localhost-server.pem
57 test_invalid_certificate
59 echo missing proxy certificate
60 mv certificate-localhost-proxy.pem .pem
61 # "invalid" to prevent user error if the proxy certificate gets deleted (but
62 # the server certificate is still readable).
63 client localhost 4712 invalid || abort
64 mv .pem certificate-localhost-proxy.pem
66 test_invalid_certificate
68 echo normal connection
69 # 'localhost' is the CN of tlsproxy's certificate.
70 client localhost 4712 localhost || abort
72 test_no_invalid_certificate
75 # Stop server and try a "MITM" with a bad certificate.
78 server --x509certfile "$srcdir/server-bad.pem" \
79 --x509keyfile "$srcdir/server-key.pem"
81 rm -f certificate-localhost-proxy.pem certificate-localhost-server.pem
84 echo mitm invalid hostname
85 client unknown-host 80 - && abort
87 test_no_invalid_certificate
89 echo mitm missing proxy and server certificate
90 client localhost 4712 'test server bad' || abort
92 test_invalid_certificate
94 # Create the proxy certificate.
95 "$srcdir/../src/tlsproxy-add" localhost "$srcdir/server.pem" \
96 >/dev/null 2>/dev/null
98 echo mitm missing server certificate
99 mv certificate-localhost-server.pem .pem
100 client localhost 4712 'test server bad' || abort
101 mv .pem certificate-localhost-server.pem
102 test_proxy_successful
103 test_invalid_certificate
105 echo mitm missing proxy certificate
106 mv certificate-localhost-proxy.pem .pem
107 # "invalid" to prevent user error if the proxy certificate gets deleted (but
108 # the server certificate is still readable).
109 client localhost 4712 invalid || abort
110 mv .pem certificate-localhost-proxy.pem
111 test_proxy_successful
112 test_invalid_certificate
114 echo mitm normal connection
115 client localhost 4712 invalid || abort
116 test_proxy_successful
117 test_invalid_certificate