3 # tlsproxy test "suite".
5 # Copyright (C) 2011 Simon Ruderich
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 # Handle empty $srcdir.
22 [ "x$srcdir" = x ] && srcdir=.
31 gnutls-serv --http --port 4712 "$@" >/dev/null 2>/dev/null &
34 ./client ./proxy-ca.pem "$@" > tmp 2>&1
37 test_proxy_failure() {
38 grep 'proxy failure' tmp >/dev/null || abort
39 grep 'response: HTTP/1.0 503 Forwarding failure' tmp >/dev/null \
42 test_proxy_successful() {
43 grep 'response: HTTP/1.0 200 Connection established' tmp >/dev/null \
46 test_invalid_certificate() {
47 grep 'certificate invalid' tmp >/dev/null || abort
49 test_no_invalid_certificate() {
50 grep 'certificate invalid' tmp >/dev/null && abort
54 # Create necessary files.
55 $srcdir/../src/tlsproxy-setup >/dev/null 2>/dev/null
58 ../src/tlsproxy -d2 4711 >/dev/null &
59 server --x509certfile $srcdir/server.pem \
60 --x509keyfile $srcdir/server-key.pem
65 client unknown-host 80 - && abort
67 test_no_invalid_certificate
69 echo missing proxy and server certificate
70 client localhost 4712 invalid || abort
72 test_invalid_certificate
74 # Create the proxy certificate.
75 $srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \
76 >/dev/null 2>/dev/null
77 rm -f certificate-localhost-server.pem
79 echo missing server certificate
80 client localhost 4712 invalid || abort
82 test_invalid_certificate
84 # Create the proxy and server certificate.
85 $srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \
86 >/dev/null 2>/dev/null
88 echo normal connection
89 client localhost 4712 localhost || abort
91 test_no_invalid_certificate
94 # Stop server and try a "MITM" with a bad certificate.
97 server --x509certfile $srcdir/server-bad.pem \
98 --x509keyfile $srcdir/server-key.pem
102 echo mitm invalid hostname
103 client unknown-host 80 - && abort
105 test_no_invalid_certificate
107 echo mitm missing proxy and server certificate
108 client localhost 4712 invalid || abort
109 test_proxy_successful
110 test_invalid_certificate
112 # Create the proxy certificate.
113 $srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \
114 >/dev/null 2>/dev/null
115 rm -f certificate-localhost-server.pem
117 echo mitm missing server certificate
118 client localhost 4712 invalid || abort
119 test_proxy_successful
120 test_invalid_certificate
122 # Create the proxy and server certificate.
123 $srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \
124 >/dev/null 2>/dev/null
126 echo mitm normal connection
127 client localhost 4712 invalid || abort
128 test_proxy_successful
129 test_invalid_certificate
136 certificate-localhost-proxy.pem certificate-localhost-server.pem \
137 proxy-ca-key.pem proxy-ca.pem proxy-invalid.pem proxy-key.pem