Changeset 4addf74 in mod_gnutls for test


Ignore:
Timestamp:
Aug 22, 2015, 3:30:24 PM (5 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, upstream
Children:
71e9a5c, 89f863f
Parents:
ae29683 (diff), a1c4c2d (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Imported Upstream version 0.7

Location:
test
Files:
89 added
70 moved

Legend:

Unmodified
Added
Removed
  • test/README

    rae29683 r4addf74  
    22==================================
    33
    4 Initial Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
     4Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
     5         Thomas Klute <thomas2.klute@uni-dortmund.de>
    56
    67There are a lot of ways that a TLS-capable web server can go wrong.  I
     
    1112=================
    1213
    13 from the top level of the source, just run:
     14from the top level of the source, or from test/ (where this README is),
     15just run:
    1416
    1517 make check
    1618
    17 from t/ (where this README is), just run:
     19from test/ you can also run specific tests by passing their script
     20names to make in the TESTS variable:
    1821
    19  make
    20 
    21 also from t/ you can also run specific tests (identified by number)
    22 with:
    23 
    24  make t-3
     22 TESTS="test-03_cachetimeout_in_vhost.bash" make -e check
    2523
    2624This should be handy when you're just trying to experiment with a new
    2725test and don't want to wait for the full test suite to run.
    2826
     27The default configuration assumes that an IPv6 loopback device is
     28available (TEST_IP=[::1]) and that TEST_HOST="localhost" resolves to
     29the IPv6 loopback address [::1]. If this does not apply to your
     30system, you can pass different values to ./configure, e.g. to use IPv4
     31instead:
     32
     33  TEST_HOST="localhost" TEST_IP="127.0.0.1" ./configure
    2934
    3035Adding a Test
     
    3338Please add more tests!
    3439
    35 The simplest way to add a test is (from t/):
     40The simplest way to add a test is (from test/):
    3641
    3742 ./newtest
    3843
    39 This will prompt you for a simple name for the test and then copy a starting
    40 set of files from tests/00_basic.
     44This will prompt you for a simple name for the test and then copy a
     45starting set of files from tests/00_basic, and create a script which
     46you can add to TESTS in Makefile.am when your test is ready for
     47inclusion in the test suite.
    4148
    4249
     
    4451==============
    4552
    46 Each test consists of a directory in t/tests/, which will cause the
     53Each test consists of a directory in test/tests/, which will cause the
    4754test suite to spin up an isolated apache instance and try to connect
    4855to it with gnutls-cli and make a simple HTTP 1.1 request.
     
    8289check" to adjust them):
    8390
    84  * they need a functioning loopback device and expect (by default) to
    85    have IPv6 functionality. [TEST_IP]
     91 * they need a functioning loopback device.
    8692
    87  * they expect (by default) the IPv6 loopback to have port 9932
     93 * they expect (by default) the TEST_IP to have port 9932
    8894   open. [TEST_PORT]
    8995
     
    9298   reasons. [TEST_QUERY_DELAY (seconds for the http request to be sent
    9399   and responded to)] and [TEST_GAP (seconds to wait between tests)]
    94 
    95  * they assume that the name "localhost" is associated with the IPv6
    96    loopback address [TEST_HOST]
  • test/TestMakefile

    rae29683 r4addf74  
    66# simple configuration choices.
    77
     8export srcdir ?= .
     9# If the Apache binary is not set, try to find apache2 in default PATH
     10# (should only happen when the test script is run manually)
     11export APACHE2 ?= apache2
     12
    813export TEST_HOST ?= localhost
    914export TEST_IP ?= ::1
     
    1217export MSVA_PORT ?= 9933
    1318
    14 export TEST_GAP ?= 1.5
    15 export TEST_QUERY_DELAY ?= 2
     19export TEST_GAP ?= 0.4
     20export TEST_MSVA_MAX_WAIT ?= 10
     21export TEST_QUERY_DELAY ?= 30
     22export TEST_LOCK_WAIT ?= 30
     23
     24TEST_LOCK := ./test.lock
    1625
    1726all: setup.done
    18         ./runtests
     27        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests
    1928
    2029t-%: setup.done
    21         ./runtests $@
     30        TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests $@
    2231
    2332
     
    3039all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
    3140
    32 %.template: %.template.in
     41%.template: $(srcdir)/%.template.in
    3342        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
    3443
    35 server.uid: server.uid.in
     44%.uid: $(srcdir)/%.uid.in
    3645        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
    3746
     
    5564        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
    5665
     66# Import and signing modify the shared keyring, which leads to race
     67# conditions with parallel make. Locking avoids this problem.
    5768%/cert.pgp: %/minimal.pgp authority/gpg.conf
    58         GNUPGHOME=authority gpg --import $<
    59         GNUPGHOME=authority gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
     69        GNUPGHOME=authority flock authority/lock gpg --import $<
     70        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    6071        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
    6172
    6273# special cases for the authorities' root certs:
    6374authority/x509.pem: authority.template authority/secret.key
    64         certtool --generate-self-signed --load-privkey=authority/secret.key --template=authority.template > $@
    65 rogueca/x509.pem: rogueca.template rogueca/secret.key
    66         certtool --generate-self-signed --load-privkey=rogueca/secret.key --template=rogueca.template > $@
     75        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
     76rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
     77        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
    6778
    6879%/cert-request: %.template %/secret.key
    69         certtool --generate-request --load-privkey=$(dir $@)secret.key --template=$< > $@
     80        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
    7081
    7182%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
    72         certtool --generate-certificate --load-ca-certificate=authority/x509.pem --load-ca-privkey=authority/secret.key --load-request=$(dir $@)cert-request --template=$< > $@
     83        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
     84
     85%/softhsm.db: %/x509.pem %/secret.key
     86        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
     87
     88# Generate CRL revoking a certain certificate. Currently used to
     89# revoke the server certificate and check if setting the CRL as
     90# GnuTLSProxyCRLFile causes the connection to the back end server to
     91# fail.
     92%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
     93        certtool --generate-crl \
     94                --load-ca-privkey authority/secret.key \
     95                --load-ca-certificate authority/x509.pem \
     96                --load-certificate $< \
     97                --template "${srcdir}/$(*)-crl.template" \
     98                > $@
    7399
    74100msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp
     
    80106
    81107
    82 setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg
     108setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg client.uid
    83109        mkdir -p logs cache outputs
    84110        touch setup.done
     
    86112
    87113clean:
    88         rm -rf server client authority logs cache outputs setup.done server.template msva.gnupghome
     114        rm -rf server client authority logs cache outputs setup.done \
     115        server.template imposter.template msva.gnupghome \
     116        */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template \
     117        client.template client.uid server.uid *.lock tests/*/*.pem
     118        rmdir imposter rogueca || true
    89119
    90120.PHONY: all clean
  • test/authority.template.in

    rae29683 r4addf74  
    33ca
    44cert_signing_key
     5crl_signing_key
  • test/client.template.in

    rae29683 r4addf74  
    1 serial=2
     1serial=3
    22cn="Test User"
    33email=test0@modgnutls.test
  • test/rogueca.template

    rae29683 r4addf74  
    33ca
    44cert_signing_key
     5crl_signing_key
  • test/tests/00_basic/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/01_serverwide_priorities/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/02_cache_in_vhost/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33<VirtualHost ${TEST_IP}:${TEST_PORT}>
  • test/tests/03_cachetimeout_in_vhost/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33<VirtualHost ${TEST_IP}:${TEST_PORT}>
  • test/tests/04_basic_nosni/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/04_basic_nosni/gnutls-cli.args

    rae29683 r4addf74  
    1 --x509cafile=../../authority/x509.pem
     1--x509cafile=authority/x509.pem
    22--priority=NORMAL
    33--disable-extensions
  • test/tests/05_mismatched-priorities/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/05_mismatched-priorities/gnutls-cli.args

    rae29683 r4addf74  
    1 --x509cafile=../../authority/x509.pem
     1--x509cafile=authority/x509.pem
    22--priority=NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0
  • test/tests/06_verify_sni_a/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/07_verify_sni_b/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/08_verify_no_sni_fallback_to_first_vhost/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/08_verify_no_sni_fallback_to_first_vhost/gnutls-cli.args

    rae29683 r4addf74  
    11--disable-extensions
    2 --x509cafile=../../authority/x509.pem
     2--x509cafile=authority/x509.pem
    33--priority=NORMAL
  • test/tests/09_verify_no_sni_fails_with_wrong_order/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/09_verify_no_sni_fails_with_wrong_order/gnutls-cli.args

    rae29683 r4addf74  
    11--disable-extensions
    2 --x509cafile=../../authority/x509.pem
     2--x509cafile=authority/x509.pem
    33--priority=NORMAL
  • test/tests/10_basic_client_verification/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/11_basic_client_verification_fail/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/12_cgi_variables/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
    2 
    3 LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
    4 
    5 AddHandler cgi-script .cgi
     1Include ${srcdir}/base_apache.conf
     2Include ${srcdir}/cgi_module.conf
    63
    74GnuTLSCache dbm cache/gnutls_cache
    85
    9 <Directory ${PWD}/../../data>
     6<Directory ${srcdir}/data>
    107 Options +ExecCGI
    118</Directory>
  • test/tests/12_cgi_variables/output

    rae29683 r4addf74  
    99
    1010DH prime bits: 2048
    11 
    12 0
    13 
    1411- Peer has closed the GnuTLS connection
  • test/tests/13_cgi_variables_no_client_cert/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
    2 
    3 LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
    4 
    5 AddHandler cgi-script .cgi
     1Include ${srcdir}/base_apache.conf
     2Include ${srcdir}/cgi_module.conf
    63
    74GnuTLSCache dbm cache/gnutls_cache
    85
    9 <Directory ${PWD}/../../data>
     6<Directory ${srcdir}/data>
    107 Options +ExecCGI
    118</Directory>
  • test/tests/13_cgi_variables_no_client_cert/output

    rae29683 r4addf74  
    11Connection: close
    2 Transfer-Encoding: chunked
    32Content-Type: text/plain
    43
    5 64
    64----Certificate:----
    75
     
    1412
    1513DH prime bits:
    16 
    17 0
    18 
    1914- Peer has closed the GnuTLS connection
  • test/tests/14_basic_openpgp/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/14_basic_openpgp/gnutls-cli.args

    rae29683 r4addf74  
    1 --pgpkeyring=../../authority/cert.pgp
     1--pgpkeyring=authority/cert.pgp
    22--priority=NORMAL:-CTYPE-X509:+CTYPE-OPENPGP:+CTYPE-X509
  • test/tests/15_basic_msva/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    33GnuTLSCache dbm cache/gnutls_cache
  • test/tests/16_view-status/apache.conf

    rae29683 r4addf74  
    1 Include ${PWD}/../../base_apache.conf
     1Include ${srcdir}/base_apache.conf
    22
    3 LoadModule status_module /usr/lib/apache2/modules/mod_status.so
     3LoadModule      status_module   ${AP_LIBEXECDIR}/mod_status.so
    44<Location /status>
    55    SetHandler server-status
  • test/tests/16_view-status/gnutls-cli.args

    rae29683 r4addf74  
    1 --x509cafile=../../authority/x509.pem
     1--x509cafile=authority/x509.pem
    22--priority=NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL
Note: See TracChangeset for help on using the changeset viewer.