X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=tests%2Ftests-passthrough.sh;h=fd0c37848cade581031cb5c78a1fe7d5d16f5ada;hb=772b48529c4ed7b7e81846c3b56075aaf97e9ea6;hp=0407d411c9e41852a1360b7e93cac74cf02ca03a;hpb=580b6777a6a264dc18ecb1810b3472307d6106a4;p=tlsproxy%2Ftlsproxy.git diff --git a/tests/tests-passthrough.sh b/tests/tests-passthrough.sh index 0407d41..fd0c378 100755 --- a/tests/tests-passthrough.sh +++ b/tests/tests-passthrough.sh @@ -2,7 +2,7 @@ # tlsproxy tests for the -u option. # -# Copyright (C) 2011 Simon Ruderich +# Copyright (C) 2011-2013 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,20 +18,18 @@ # along with this program. If not, see . -# Handle empty $srcdir. -[ "x$srcdir" = x ] && srcdir=. - -. $srcdir/common.sh +test "x$srcdir" = x && srcdir=. +. "$srcdir/common.sh" # Create necessary files. cleanup -$srcdir/../src/tlsproxy-setup >/dev/null 2>/dev/null +"$srcdir/../src/tlsproxy-setup" >/dev/null 2>/dev/null # Normal tests. ../src/tlsproxy -d2 -u 4711 >/dev/null & -server --x509certfile $srcdir/server.pem \ - --x509keyfile $srcdir/server-key.pem +server --x509certfile "$srcdir/server.pem" \ + --x509keyfile "$srcdir/server-key.pem" sleep 1 @@ -46,7 +44,7 @@ test_proxy_successful test_invalid_certificate # Create the proxy certificate. -$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \ +"$srcdir/../src/tlsproxy-add" localhost "$srcdir/server.pem" \ >/dev/null 2>/dev/null echo missing server certificate @@ -56,6 +54,15 @@ mv .pem certificate-localhost-server.pem test_proxy_successful test_invalid_certificate +echo missing proxy certificate +mv certificate-localhost-proxy.pem .pem +# "invalid" to prevent user error if the proxy certificate gets deleted (but +# the server certificate is still readable). +client localhost 4712 invalid || abort +mv .pem certificate-localhost-proxy.pem +test_proxy_successful +test_invalid_certificate + echo normal connection # 'localhost' is the CN of tlsproxy's certificate. client localhost 4712 localhost || abort @@ -66,8 +73,8 @@ test_no_invalid_certificate # Stop server and try a "MITM" with a bad certificate. echo pkill -n gnutls-serv -server --x509certfile $srcdir/server-bad.pem \ - --x509keyfile $srcdir/server-key.pem +server --x509certfile "$srcdir/server-bad.pem" \ + --x509keyfile "$srcdir/server-key.pem" sleep 1 rm -f certificate-localhost-proxy.pem certificate-localhost-server.pem @@ -83,7 +90,7 @@ test_proxy_successful test_invalid_certificate # Create the proxy certificate. -$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \ +"$srcdir/../src/tlsproxy-add" localhost "$srcdir/server.pem" \ >/dev/null 2>/dev/null echo mitm missing server certificate @@ -93,15 +100,22 @@ mv .pem certificate-localhost-server.pem test_proxy_successful test_invalid_certificate -echo mitm normal connection +echo mitm missing proxy certificate +mv certificate-localhost-proxy.pem .pem +# "invalid" to prevent user error if the proxy certificate gets deleted (but +# the server certificate is still readable). client localhost 4712 invalid || abort +mv .pem certificate-localhost-proxy.pem test_proxy_successful test_invalid_certificate +echo mitm normal connection +client localhost 4712 invalid || abort +test_proxy_successful +test_invalid_certificate -pkill -n gnutls-serv -pkill -n tlsproxy +stop_servers cleanup rm -f tmp