3 # Normal tlsproxy tests.
5 # Copyright (C) 2011-2014 Simon Ruderich
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 test "x$srcdir" = x && srcdir=.
25 # Create necessary files.
30 tlsproxy_background 4711
31 server_background --x509certfile "$srcdir/server.pem" \
32 --x509keyfile "$srcdir/server-key.pem"
33 wait_for_ports 4711 4712
37 client unknown-host 80 - && abort 'client unknown-host 80 -'
39 test_no_invalid_certificate
41 echo missing proxy and server certificate
42 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
44 test_invalid_certificate
46 # Create the proxy certificate.
47 tlsproxy_add localhost server.pem
49 echo missing server certificate
50 mv certificate-localhost-server.pem .pem
51 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
52 mv .pem certificate-localhost-server.pem
54 test_invalid_certificate
56 echo missing proxy certificate
57 mv certificate-localhost-proxy.pem certificate-www.localhost-proxy.pem
58 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
59 mv certificate-www.localhost-proxy.pem certificate-localhost-proxy.pem
61 test_invalid_certificate
63 echo normal connection
64 # 'localhost' is the CN of tlsproxy's certificate.
65 client localhost 4712 localhost || abort 'client localhost 4712 localhost'
67 test_no_invalid_certificate
70 # Stop server and try a "MITM" with a bad certificate.
72 kill $pid_server || echo 'failed to kill gnutls-serv'
73 sleep 3 # necessary on some systems like OpenBSD
74 server_background --x509certfile "$srcdir/server-bad.pem" \
75 --x509keyfile "$srcdir/server-key.pem"
77 rm -f certificate-localhost-proxy.pem certificate-localhost-server.pem
80 echo mitm invalid hostname
81 client unknown-host 80 - && abort 'client unknown-host 80 -'
83 test_no_invalid_certificate
85 echo mitm missing proxy and server certificate
86 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
88 test_invalid_certificate
90 # Create the proxy certificate.
91 tlsproxy_add localhost server.pem
93 echo mitm missing server certificate
94 mv certificate-localhost-server.pem certificate-www.localhost-server.pem
95 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
96 mv certificate-www.localhost-server.pem certificate-localhost-server.pem
98 test_invalid_certificate
100 echo mitm missing proxy certificate
101 mv certificate-localhost-proxy.pem certificate-www.localhost-proxy.pem
102 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
103 mv certificate-www.localhost-proxy.pem certificate-localhost-proxy.pem
104 test_proxy_successful
105 test_invalid_certificate
107 echo mitm normal connection
108 client localhost 4712 invalid || abort 'client localhost 4712 invalid'
109 test_proxy_successful
110 test_invalid_certificate
113 # stop_servers in trap-handler