X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=tests%2Ftests-passthrough.sh;h=fd0c37848cade581031cb5c78a1fe7d5d16f5ada;hb=772b48529c4ed7b7e81846c3b56075aaf97e9ea6;hp=4c6d63c4fc01089330dfdf5ebceffde8fcb1a202;hpb=cb3745997fd431ff7bf303c20ed0e8a62cb8bd80;p=tlsproxy%2Ftlsproxy.git diff --git a/tests/tests-passthrough.sh b/tests/tests-passthrough.sh index 4c6d63c..fd0c378 100755 --- a/tests/tests-passthrough.sh +++ b/tests/tests-passthrough.sh @@ -2,7 +2,7 @@ # tlsproxy tests for the -u option. # -# Copyright (C) 2011 Simon Ruderich +# Copyright (C) 2011-2013 Simon Ruderich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,20 +18,18 @@ # along with this program. If not, see . -# Handle empty $srcdir. -[ "x$srcdir" = x ] && srcdir=. - -. $srcdir/common.sh +test "x$srcdir" = x && srcdir=. +. "$srcdir/common.sh" # Create necessary files. cleanup -$srcdir/../src/tlsproxy-setup >/dev/null 2>/dev/null +"$srcdir/../src/tlsproxy-setup" >/dev/null 2>/dev/null # Normal tests. ../src/tlsproxy -d2 -u 4711 >/dev/null & -server --x509certfile $srcdir/server.pem \ - --x509keyfile $srcdir/server-key.pem +server --x509certfile "$srcdir/server.pem" \ + --x509keyfile "$srcdir/server-key.pem" sleep 1 @@ -46,18 +44,24 @@ test_proxy_successful test_invalid_certificate # Create the proxy certificate. -$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \ +"$srcdir/../src/tlsproxy-add" localhost "$srcdir/server.pem" \ >/dev/null 2>/dev/null -rm -f certificate-localhost-server.pem echo missing server certificate +mv certificate-localhost-server.pem .pem client localhost 4712 'test server' || abort +mv .pem certificate-localhost-server.pem test_proxy_successful test_invalid_certificate -# Create the proxy and server certificate. -$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \ - >/dev/null 2>/dev/null +echo missing proxy certificate +mv certificate-localhost-proxy.pem .pem +# "invalid" to prevent user error if the proxy certificate gets deleted (but +# the server certificate is still readable). +client localhost 4712 invalid || abort +mv .pem certificate-localhost-proxy.pem +test_proxy_successful +test_invalid_certificate echo normal connection # 'localhost' is the CN of tlsproxy's certificate. @@ -69,8 +73,8 @@ test_no_invalid_certificate # Stop server and try a "MITM" with a bad certificate. echo pkill -n gnutls-serv -server --x509certfile $srcdir/server-bad.pem \ - --x509keyfile $srcdir/server-key.pem +server --x509certfile "$srcdir/server-bad.pem" \ + --x509keyfile "$srcdir/server-key.pem" sleep 1 rm -f certificate-localhost-proxy.pem certificate-localhost-server.pem @@ -86,18 +90,24 @@ test_proxy_successful test_invalid_certificate # Create the proxy certificate. -$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \ +"$srcdir/../src/tlsproxy-add" localhost "$srcdir/server.pem" \ >/dev/null 2>/dev/null -rm -f certificate-localhost-server.pem echo mitm missing server certificate +mv certificate-localhost-server.pem .pem client localhost 4712 'test server bad' || abort +mv .pem certificate-localhost-server.pem test_proxy_successful test_invalid_certificate -# Create the proxy and server certificate. -$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \ - >/dev/null 2>/dev/null +echo mitm missing proxy certificate +mv certificate-localhost-proxy.pem .pem +# "invalid" to prevent user error if the proxy certificate gets deleted (but +# the server certificate is still readable). +client localhost 4712 invalid || abort +mv .pem certificate-localhost-proxy.pem +test_proxy_successful +test_invalid_certificate echo mitm normal connection client localhost 4712 invalid || abort @@ -105,9 +115,7 @@ test_proxy_successful test_invalid_certificate -pkill -n gnutls-serv -pkill -n tlsproxy - +stop_servers cleanup rm -f tmp