Changeset 89f863f in mod_gnutls for test


Ignore:
Timestamp:
Oct 19, 2015, 9:07:40 PM (5 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, upstream
Children:
02c8e54, 24c6c16
Parents:
4addf74 (diff), 71cac80 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Imported Upstream version 0.7.1

Location:
test
Files:
29 edited
1 moved

Legend:

Unmodified
Added
Removed
  • test/Makefile.am

    r4addf74 r89f863f  
    3131TESTS = $(dist_check_SCRIPTS)
    3232
     33# Identities in the miniature CA, server, and client environment for
     34# the test suite
     35identities = server authority client imposter rogueca
     36# Append strings after ":=" to each identity to generate a list of
     37# necessary files
     38pgp_tokens = $(identities:=/secring.gpg) $(identities:=/cert.pgp) \
     39        $(identities:=/secret.pgp)
     40x509_keys = $(identities:=/secret.key)
     41x509_certs = $(identities:=/x509.pem)
     42x509_tokens = $(x509_certs) $(x509_keys)
     43tokens = $(x509_tokens) $(pgp_tokens)
     44
     45include $(srcdir)/test_ca.mk
     46
    3347# Test cases trying to create keys and certificates in parallel causes
    3448# race conditions. Ensure that all keys and certificates are generated
     
    4155# running at any time, so test cases actually have to wait for each
    4256# other - just not in any particular order.
    43 check_DATA = setup.done server/crl.pem
     57check_DATA = $(tokens) server/crl.pem
    4458
    45 MOSTLYCLEANFILES = setup.done cache/* logs/* outputs/* server/crl.pem
     59MOSTLYCLEANFILES = cache/* logs/* outputs/* server/crl.pem
    4660
    4761cert_templates = authority.template.in client.template.in \
     
    5064        imposter.template server.template
    5165
     66# Delete X.509 private keys on full clean. Note that unless you need
     67# to generate fresh keys, the "mostlyclean" target should be
     68# sufficient (see below).
     69CLEANFILES = $(x509_keys)
     70
    5271# Delete X.509 certificates and generated templates on "mostlyclean"
    5372# target. Certificates can be rebuilt without generating new key
     
    5574# (e.g. host names) without wasting entropy on new keys (which would
    5675# happen after "clean").
    57 MOSTLYCLEANFILES += */x509.pem $(generated_templates)
     76MOSTLYCLEANFILES += */x509.pem $(generated_templates) *.uid
     77
    5878
    5979# Delete PGP keyrings on "mostlyclean" target. They are created from
     
    6181# one day, so regenerating them is both fast and frequently
    6282# necessary.
    63 MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf
     83MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf authority/lock
     84# GnuPG random pool, no need to regenerate on every build
     85CLEANFILES += authority/random_seed
    6486
    65 clean-local:
    66         $(MAKE) -f $(srcdir)/TestMakefile $(AM_MAKEFLAGS) clean
     87# Delete lock files for test servers on "mostlyclean" target.
     88MOSTLYCLEANFILES += *.lock
     89
     90# rule to build MSVA trust database
     91if USE_MSVA
     92msva_home = msva.gnupghome
     93check_DATA += $(msva_home)/trustdb.gpg client.uid
     94MOSTLYCLEANFILES += $(msva_home)/trustdb.gpg
     95$(msva_home)/trustdb.gpg: authority/minimal.pgp client/cert.pgp
     96        mkdir -p -m 0700 $(dir $@)
     97        GNUPGHOME=$(dir $@) gpg --import < $<
     98        printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
     99        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
     100        printf "keyserver does-not-exist.example\n" > $(msva_home)/gpg.conf
     101endif
    67102
    68103# SoftHSM files
    69104check_DATA += server/softhsm.db
    70 MOSTLYCLEANFILES += tests/24_pkcs11_cert/softhsm.conf
     105MOSTLYCLEANFILES += tests/24_pkcs11_cert/softhsm.conf server/softhsm.db
    71106
    72 # This rule can be used for any TestMakefile target not included in
    73 # setup.done. The dependency on setup.done is used to avoid race
    74 # conditions between multiple calls to TestMakefile for key and
    75 # certificate generation. It is ignored for setup.done itself.
    76 server/crl.pem server/softhsm.db setup.done: setup.done
    77         TEST_HOST="$(TEST_HOST)" TEST_IP="$(TEST_IP)" srcdir=$(srcdir) \
    78         $(MAKE) -f $(srcdir)/TestMakefile $(AM_MAKEFLAGS) $@
    79107
     108check_DATA += make-test-dirs
     109extra_dirs = logs cache outputs
     110make-test-dirs:
     111        mkdir -p $(extra_dirs)
     112.PHONY: make-test-dirs
     113
     114clean-local:
     115        -rmdir $(identities) || true
     116        -rmdir $(extra_dirs) || true
     117if USE_MSVA
     118        -rmdir $(msva_home) || true
     119endif
     120
     121# Apache configuration and data files
    80122apache_data = base_apache.conf cgi_module.conf data/* mime.types proxy_mods.conf
    81123
    82124EXTRA_DIST = $(apache_data) $(cert_templates) *.uid.in proxy_backend.bash \
    83         runtests server-crl.template server-softhsm.conf softhsm.bash \
    84         TestMakefile
     125        runtests server-crl.template server-softhsm.conf softhsm.bash
    85126
     127# Lockfile for the main Apache process
     128test_lockfile = ./test.lock
    86129# Maximum wait time in seconds for flock to aquire instance lock files
    87130lock_wait = 30
    88131
     132# port for the main Apache server
     133TEST_PORT ?= 9932
     134# port for MSVA in test cases that use it
     135MSVA_PORT ?= 9933
     136# maximum time to wait for MSVA startup
     137TEST_MSVA_MAX_WAIT ?= 10
     138# wait loop time for MSVA startup
     139TEST_MSVA_WAIT ?= 0.4
     140# seconds for the HTTP request to be sent and responded to
     141TEST_QUERY_DELAY ?= 30
     142
    89143AM_TESTS_ENVIRONMENT = export APACHE2=$(APACHE2); \
    90144        export AP_LIBEXECDIR=$(AP_LIBEXECDIR); \
    91         export TEST_LOCK_WAIT=$(lock_wait); \
     145        export TEST_LOCK="$(test_lockfile)"; \
     146        export TEST_LOCK_WAIT="$(lock_wait)"; \
    92147        export TEST_HOST="$(TEST_HOST)"; \
    93148        export TEST_IP="$(TEST_IP)"; \
     149        export TEST_PORT="$(TEST_PORT)"; \
     150        export MSVA_PORT="$(MSVA_PORT)"; \
     151        export TEST_MSVA_MAX_WAIT="$(TEST_MSVA_MAX_WAIT)"; \
     152        export TEST_MSVA_WAIT="$(TEST_MSVA_WAIT)"; \
     153        export TEST_QUERY_DELAY="$(TEST_QUERY_DELAY)"; \
    94154        export BACKEND_HOST="$(TEST_HOST)"; \
    95155        export BACKEND_IP="$(TEST_IP)";
     156
     157# Echo AM_TESTS_ENVIRONMENT. This can be useful for debugging, e.g. if
     158# you want to manually run an Apache instance with Valgrind using the
     159# same configuration as a test case.
     160show-test-env: export TEST_ENV=$(AM_TESTS_ENVIRONMENT)
     161show-test-env:
     162        @echo "$${TEST_ENV}"
  • test/Makefile.in

    r4addf74 r89f863f  
    1414
    1515@SET_MAKE@
     16
     17#!/usr/bin/make -f
     18# Authors:
     19# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
     20# Thomas Klute <thomas2.klute@uni-dortmund.de>
     21
     22# General rules to set up a miniature CA & server & client environment
     23# for the test suite
    1624VPATH = @srcdir@
    1725am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
     
    8088target_triplet = @target@
    8189@USE_MSVA_TRUE@am__append_1 = test-15_basic_msva.bash
     90DIST_COMMON = $(srcdir)/test_ca.mk $(srcdir)/Makefile.in \
     91        $(srcdir)/Makefile.am $(am__dist_check_SCRIPTS_DIST) \
     92        $(top_srcdir)/config/test-driver README
     93@USE_MSVA_TRUE@am__append_2 = $(msva_home)/trustdb.gpg client.uid
     94@USE_MSVA_TRUE@am__append_3 = $(msva_home)/trustdb.gpg
    8295subdir = test
    83 DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
    84         $(am__dist_check_SCRIPTS_DIST) \
    85         $(top_srcdir)/config/test-driver README
    8696ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
    8797am__aclocal_m4_deps = $(top_srcdir)/m4/apache.m4 \
     
    584594TESTS = $(dist_check_SCRIPTS)
    585595
     596# Identities in the miniature CA, server, and client environment for
     597# the test suite
     598identities = server authority client imposter rogueca
     599# Append strings after ":=" to each identity to generate a list of
     600# necessary files
     601pgp_tokens = $(identities:=/secring.gpg) $(identities:=/cert.pgp) \
     602        $(identities:=/secret.pgp)
     603
     604x509_keys = $(identities:=/secret.key)
     605x509_certs = $(identities:=/x509.pem)
     606x509_tokens = $(x509_certs) $(x509_keys)
     607tokens = $(x509_tokens) $(pgp_tokens)
     608
    586609# Test cases trying to create keys and certificates in parallel causes
    587610# race conditions. Ensure that all keys and certificates are generated
     
    596619
    597620# SoftHSM files
    598 check_DATA = setup.done server/crl.pem server/softhsm.db
     621check_DATA = $(tokens) server/crl.pem $(am__append_2) \
     622        server/softhsm.db make-test-dirs
    599623
    600624# Delete X.509 certificates and generated templates on "mostlyclean"
     
    608632# one day, so regenerating them is both fast and frequently
    609633# necessary.
    610 MOSTLYCLEANFILES = setup.done cache/* logs/* outputs/* server/crl.pem \
    611         */x509.pem $(generated_templates) */*.pgp */*.gpg */*.gpg~ \
    612         */gpg.conf tests/24_pkcs11_cert/softhsm.conf
     634
     635# Delete lock files for test servers on "mostlyclean" target.
     636MOSTLYCLEANFILES = cache/* logs/* outputs/* server/crl.pem */x509.pem \
     637        $(generated_templates) *.uid */*.pgp */*.gpg */*.gpg~ \
     638        */gpg.conf authority/lock *.lock $(am__append_3) \
     639        tests/24_pkcs11_cert/softhsm.conf server/softhsm.db
    613640cert_templates = authority.template.in client.template.in \
    614641        imposter.template.in rogueca.template server.template.in
     
    617644        imposter.template server.template
    618645
     646
     647# Delete X.509 private keys on full clean. Note that unless you need
     648# to generate fresh keys, the "mostlyclean" target should be
     649# sufficient (see below).
     650# GnuPG random pool, no need to regenerate on every build
     651CLEANFILES = $(x509_keys) authority/random_seed
     652
     653# rule to build MSVA trust database
     654@USE_MSVA_TRUE@msva_home = msva.gnupghome
     655extra_dirs = logs cache outputs
     656
     657# Apache configuration and data files
    619658apache_data = base_apache.conf cgi_module.conf data/* mime.types proxy_mods.conf
    620659EXTRA_DIST = $(apache_data) $(cert_templates) *.uid.in proxy_backend.bash \
    621         runtests server-crl.template server-softhsm.conf softhsm.bash \
    622         TestMakefile
    623 
    624 
     660        runtests server-crl.template server-softhsm.conf softhsm.bash
     661
     662
     663# Lockfile for the main Apache process
     664test_lockfile = ./test.lock
    625665# Maximum wait time in seconds for flock to aquire instance lock files
    626666lock_wait = 30
    627667AM_TESTS_ENVIRONMENT = export APACHE2=$(APACHE2); \
    628668        export AP_LIBEXECDIR=$(AP_LIBEXECDIR); \
    629         export TEST_LOCK_WAIT=$(lock_wait); \
     669        export TEST_LOCK="$(test_lockfile)"; \
     670        export TEST_LOCK_WAIT="$(lock_wait)"; \
    630671        export TEST_HOST="$(TEST_HOST)"; \
    631672        export TEST_IP="$(TEST_IP)"; \
     673        export TEST_PORT="$(TEST_PORT)"; \
     674        export MSVA_PORT="$(MSVA_PORT)"; \
     675        export TEST_MSVA_MAX_WAIT="$(TEST_MSVA_MAX_WAIT)"; \
     676        export TEST_MSVA_WAIT="$(TEST_MSVA_WAIT)"; \
     677        export TEST_QUERY_DELAY="$(TEST_QUERY_DELAY)"; \
    632678        export BACKEND_HOST="$(TEST_HOST)"; \
    633679        export BACKEND_IP="$(TEST_IP)";
     
    637683.SUFFIXES:
    638684.SUFFIXES: .log .test .test$(EXEEXT) .trs
    639 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
     685$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/test_ca.mk $(am__configure_deps)
    640686        @for dep in $?; do \
    641687          case '$(am__configure_deps)' in \
     
    658704            cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
    659705        esac;
     706$(srcdir)/test_ca.mk:
    660707
    661708$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
     
    11921239
    11931240clean-generic:
     1241        -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
    11941242
    11951243distclean-generic:
     
    12831331
    12841332
     1333%.template: $(srcdir)/%.template.in
     1334        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
     1335
     1336%.uid: $(srcdir)/%.uid.in
     1337        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
     1338
     1339%/secret.key:
     1340        mkdir -p $(dir $@)
     1341        chmod 0700 $(dir $@)
     1342        certtool --generate-privkey > $@
     1343
     1344%/secring.gpg: %.uid %/secret.key
     1345        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
     1346        PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
     1347        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
     1348
     1349%/gpg.conf: %/secring.gpg
     1350        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     1351
     1352%/secret.pgp: %/secring.gpg
     1353        GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     1354
     1355%/minimal.pgp: %/secring.gpg
     1356        GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     1357
     1358# Import and signing modify the shared keyring, which leads to race
     1359# conditions with parallel make. Locking avoids this problem.
     1360%/cert.pgp: %/minimal.pgp authority/gpg.conf
     1361        GNUPGHOME=authority flock authority/lock gpg --import $<
     1362        GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
     1363        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     1364
     1365# special cases for the authorities' root certs:
     1366authority/x509.pem: authority.template authority/secret.key
     1367        certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
     1368rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
     1369        certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
     1370
     1371%/cert-request: %.template %/secret.key
     1372        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
     1373
     1374%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
     1375        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
     1376
     1377%/softhsm.db: %/x509.pem %/secret.key
     1378        SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
     1379
     1380# Generate CRL revoking a certain certificate. Currently used to
     1381# revoke the server certificate and check if setting the CRL as
     1382# GnuTLSProxyCRLFile causes the connection to the back end server to
     1383# fail.
     1384%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
     1385        certtool --generate-crl \
     1386                --load-ca-privkey authority/secret.key \
     1387                --load-ca-certificate authority/x509.pem \
     1388                --load-certificate $< \
     1389                --template "${srcdir}/$(*)-crl.template" \
     1390                > $@
     1391@USE_MSVA_TRUE@$(msva_home)/trustdb.gpg: authority/minimal.pgp client/cert.pgp
     1392@USE_MSVA_TRUE@ mkdir -p -m 0700 $(dir $@)
     1393@USE_MSVA_TRUE@ GNUPGHOME=$(dir $@) gpg --import < $<
     1394@USE_MSVA_TRUE@ printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
     1395@USE_MSVA_TRUE@ GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
     1396@USE_MSVA_TRUE@ printf "keyserver does-not-exist.example\n" > $(msva_home)/gpg.conf
     1397make-test-dirs:
     1398        mkdir -p $(extra_dirs)
     1399.PHONY: make-test-dirs
     1400
    12851401clean-local:
    1286         $(MAKE) -f $(srcdir)/TestMakefile $(AM_MAKEFLAGS) clean
    1287 
    1288 # This rule can be used for any TestMakefile target not included in
    1289 # setup.done. The dependency on setup.done is used to avoid race
    1290 # conditions between multiple calls to TestMakefile for key and
    1291 # certificate generation. It is ignored for setup.done itself.
    1292 server/crl.pem server/softhsm.db setup.done: setup.done
    1293         TEST_HOST="$(TEST_HOST)" TEST_IP="$(TEST_IP)" srcdir=$(srcdir) \
    1294         $(MAKE) -f $(srcdir)/TestMakefile $(AM_MAKEFLAGS) $@
     1402        -rmdir $(identities) || true
     1403        -rmdir $(extra_dirs) || true
     1404@USE_MSVA_TRUE@ -rmdir $(msva_home) || true
     1405
     1406# port for the main Apache server
     1407TEST_PORT ?= 9932
     1408# port for MSVA in test cases that use it
     1409MSVA_PORT ?= 9933
     1410# maximum time to wait for MSVA startup
     1411TEST_MSVA_MAX_WAIT ?= 10
     1412# wait loop time for MSVA startup
     1413TEST_MSVA_WAIT ?= 0.4
     1414# seconds for the HTTP request to be sent and responded to
     1415TEST_QUERY_DELAY ?= 30
     1416
     1417# Echo AM_TESTS_ENVIRONMENT. This can be useful for debugging, e.g. if
     1418# you want to manually run an Apache instance with Valgrind using the
     1419# same configuration as a test case.
     1420show-test-env: export TEST_ENV=$(AM_TESTS_ENVIRONMENT)
     1421show-test-env:
     1422        @echo "$${TEST_ENV}"
    12951423
    12961424# Tell versions [3.59,3.63) of GNU make to not export all variables.
  • test/README

    r4addf74 r89f863f  
    3232
    3333  TEST_HOST="localhost" TEST_IP="127.0.0.1" ./configure
     34
    3435
    3536Adding a Test
     
    9798   possible that these tests will fail for timing
    9899   reasons. [TEST_QUERY_DELAY (seconds for the http request to be sent
    99    and responded to)] and [TEST_GAP (seconds to wait between tests)]
     100   and responded to)]
     101
     102In some situations you may want to see the exact environment as
     103configured by make, e.g. if you want to manually run an Apache
     104instance with Valgrind using the same configuration as a test
     105case. Use "make show-test-env" to dump AM_TESTS_ENVIRONMENT to stdout.
  • test/runtests

    r4addf74 r89f863f  
    77set -e
    88
    9 tests="${1##t-}"
    10 
    11 if [ -n "${TEST_LOCK}" ]; then
    12     TEST_LOCK="$(realpath ${TEST_LOCK})"
    13     flock_cmd="flock -w ${TEST_LOCK_WAIT} ${TEST_LOCK}"
     9testid="${1##t-}"
     10
     11if [ -z "$testid" ] ; then
     12    echo -e "No test case selected.\nUsage: ${0} t-N" >&2
     13    exit 1
     14else
     15    testid=${srcdir}/tests/"$(printf "%02d" "$testid")"_*
    1416fi
    1517
    1618BADVARS=0
    17 for v in APACHE2 TEST_HOST TEST_IP TEST_PORT TEST_QUERY_DELAY TEST_GAP MSVA_PORT; do
     19for v in APACHE2 TEST_HOST TEST_IP TEST_PORT TEST_QUERY_DELAY TEST_MSVA_WAIT \
     20                 MSVA_PORT TEST_LOCK; do
    1821    if [ ! -v "$v" ]; then
    1922        printf "You need to set the %s environment variable\n" "$v" >&2
     
    111114    fi
    112115}
    113 
    114 if [ -z "$tests" ] ; then
    115     tests=${srcdir}/tests/*
    116 else
    117     tests=${srcdir}/tests/"$(printf "%02d" "$tests")"_*
    118 fi
    119116
    120117if [ -n "${USE_MSVA}" ]; then
     
    137134            echo "MSVA not ready yet"
    138135        fi
    139         sleep "${TEST_GAP}"
    140         waited=$(echo "${waited} + ${TEST_GAP}" | bc)
     136        sleep "${TEST_MSVA_WAIT}"
     137        waited=$(echo "${waited} + ${TEST_MSVA_WAIT}" | bc)
    141138    done
    142139
     
    150147fi
    151148
    152 for t in $tests; do
    153     if [ -z "${flock_cmd}" ]; then
    154         echo "Warning: no lock file set"
    155         sleep "$TEST_GAP"
    156     fi
    157     t="$(realpath ${t})"
    158     export srcdir="$(realpath ${srcdir})"
    159     export TEST_NAME="$(basename "$t")"
    160     output="outputs/${TEST_NAME}.output"
    161     rm -f "$output"
    162 
    163     if [ -e ${t}/fail.* ]; then
    164         EXPECTED_FAILURE="$(printf " (expected: %s)" fail.*)"
    165     else
    166         unset EXPECTED_FAILURE
    167     fi
    168     printf "TESTING: %s%s\n" "$TEST_NAME" "$EXPECTED_FAILURE"
    169     trap apache_down_err EXIT
    170     if [ -n "${USE_MSVA}" ]; then
    171         MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" \
    172             ${flock_cmd} \
    173             ${APACHE2} -f "${t}/apache.conf" -k start \
    174             || [ -e "${t}/fail.server" ]
    175     else
    176         ${flock_cmd} \
    177             ${APACHE2} -f "${t}/apache.conf" -k start \
    178             || [ -e "${t}/fail.server" ]
    179     fi
    180 
    181     # PID file for sleep command (explanation below)
    182     sleep_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
    183 
    184     # The sleep call keeps the pipe from the subshell to gnutls-cli
    185     # open. Without it gnutls-cli would terminate as soon as sed is
    186     # done, and not wait for a response from the server, leading to
    187     # failing tests. Sending sleep to the background allows the test
    188     # case to proceed instead of waiting for it to return. The sleep
    189     # process is stopped after gnutls-cli terminates.
    190     if (sed "s/__HOSTNAME__/${TEST_HOST}/" <${t}/input && \
    191         run_with_pidfile "${sleep_pidfile}" sleep "${TEST_QUERY_DELAY}" &) | \
    192         gnutls-cli -p "${TEST_PORT}" $(cat ${t}/gnutls-cli.args) "${TEST_HOST}" \
    193         >"$output";
    194     then
    195         if [ -e ${t}/fail* ]; then
    196             printf "%s should have failed but succeeded\n" "$(basename "$t")" >&2
    197             exit 1
    198         fi
    199     else
    200         if [ ! -e ${t}/fail* ]; then
    201             printf "%s should have succeeded but failed\n" "$(basename "$t")" >&2
    202             exit 1
    203         fi
    204     fi
    205 
    206     kill_by_pidfile "${sleep_pidfile}"
    207     unset sleep_pidfile
    208 
    209     if [ -e ${t}/output ] ; then
    210         diff_output_filter_headers "${t}/output" "$output" "-q"
    211     fi
    212     if [ -n "${USE_MSVA}" ]; then
    213         trap stop_msva EXIT
    214     else
    215         trap - EXIT
    216     fi
    217     ${APACHE2} -f "${t}/apache.conf" -k stop || [ -e ${t}/fail.server ]
    218     printf "SUCCESS: %s\n" "$TEST_NAME"
    219 done
     149# configure locking for the Apache process
     150flock_cmd="flock -w ${TEST_LOCK_WAIT} $(realpath ${TEST_LOCK})"
     151
     152t="$(realpath ${testid})"
     153export srcdir="$(realpath ${srcdir})"
     154export TEST_NAME="$(basename "$t")"
     155output="outputs/${TEST_NAME}.output"
     156rm -f "$output"
     157
     158if [ -e ${t}/fail.* ]; then
     159    EXPECTED_FAILURE="$(printf " (expected: %s)" fail.*)"
     160else
     161    unset EXPECTED_FAILURE
     162fi
     163printf "TESTING: %s%s\n" "$TEST_NAME" "$EXPECTED_FAILURE"
     164trap apache_down_err EXIT
     165if [ -n "${USE_MSVA}" ]; then
     166    MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" \
     167                                        ${flock_cmd} \
     168                                        ${APACHE2} -f "${t}/apache.conf" -k start \
     169        || [ -e "${t}/fail.server" ]
     170else
     171    ${flock_cmd} \
     172        ${APACHE2} -f "${t}/apache.conf" -k start \
     173        || [ -e "${t}/fail.server" ]
     174fi
     175
     176# PID file for sleep command (explanation below)
     177sleep_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
     178
     179# The sleep call keeps the pipe from the subshell to gnutls-cli
     180# open. Without it gnutls-cli would terminate as soon as sed is
     181# done, and not wait for a response from the server, leading to
     182# failing tests. Sending sleep to the background allows the test
     183# case to proceed instead of waiting for it to return. The sleep
     184# process is stopped after gnutls-cli terminates.
     185if (sed "s/__HOSTNAME__/${TEST_HOST}/" <${t}/input && \
     186           run_with_pidfile "${sleep_pidfile}" sleep "${TEST_QUERY_DELAY}" &) | \
     187       gnutls-cli -p "${TEST_PORT}" $(cat ${t}/gnutls-cli.args) "${TEST_HOST}" \
     188                  >"$output";
     189then
     190    if [ -e ${t}/fail* ]; then
     191        printf "%s should have failed but succeeded\n" "$(basename "$t")" >&2
     192        exit 1
     193    fi
     194else
     195    if [ ! -e ${t}/fail* ]; then
     196        printf "%s should have succeeded but failed\n" "$(basename "$t")" >&2
     197        exit 1
     198    fi
     199fi
     200
     201kill_by_pidfile "${sleep_pidfile}"
     202unset sleep_pidfile
     203
     204if [ -e ${t}/output ] ; then
     205    diff_output_filter_headers "${t}/output" "$output" "-q"
     206fi
     207if [ -n "${USE_MSVA}" ]; then
     208    trap stop_msva EXIT
     209else
     210    trap - EXIT
     211fi
     212${APACHE2} -f "${t}/apache.conf" -k stop || [ -e ${t}/fail.server ]
     213printf "SUCCESS: %s\n" "$TEST_NAME"
    220214
    221215if [ -n "${USE_MSVA}" ]; then
  • test/test-00_basic.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-0
     2${srcdir}/runtests t-0
  • test/test-01_serverwide_priorities.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-1
     2${srcdir}/runtests t-1
  • test/test-02_cache_in_vhost.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-2
     2${srcdir}/runtests t-2
  • test/test-03_cachetimeout_in_vhost.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-3
     2${srcdir}/runtests t-3
  • test/test-04_basic_nosni.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-4
     2${srcdir}/runtests t-4
  • test/test-05_mismatched-priorities.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-5
     2${srcdir}/runtests t-5
  • test/test-06_verify_sni_a.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-6
     2${srcdir}/runtests t-6
  • test/test-07_verify_sni_b.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-7
     2${srcdir}/runtests t-7
  • test/test-08_verify_no_sni_fallback_to_first_vhost.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-8
     2${srcdir}/runtests t-8
  • test/test-09_verify_no_sni_fails_with_wrong_order.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-9
     2${srcdir}/runtests t-9
  • test/test-10_basic_client_verification.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-10
     2${srcdir}/runtests t-10
  • test/test-11_basic_client_verification_fail.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-11
     2${srcdir}/runtests t-11
  • test/test-12_cgi_variables.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-12
     2${srcdir}/runtests t-12
  • test/test-13_cgi_variables_no_client_cert.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-13
     2${srcdir}/runtests t-13
  • test/test-14_basic_openpgp.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-14
     2${srcdir}/runtests t-14
  • test/test-15_basic_msva.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 USE_MSVA="yes" make -f $(dirname ${0})/TestMakefile t-15
     2USE_MSVA="yes" ${srcdir}/runtests t-15
  • test/test-16_view-status.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-16
     2${srcdir}/runtests t-16
  • test/test-17_cgi_vars_large_cert.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-17
     2${srcdir}/runtests t-17
  • test/test-18_client_verification_wrong_cert.bash

    r4addf74 r89f863f  
    11#!/bin/bash
    2 make -f $(dirname ${0})/TestMakefile t-18
     2${srcdir}/runtests t-18
  • test/test-19_TLS_reverse_proxy.bash

    r4addf74 r89f863f  
    1414trap stop_backend EXIT
    1515
    16 make -f $(dirname ${0})/TestMakefile t-19
     16${srcdir}/runtests t-19
    1717
    1818backend_apache "${testdir}" "backend.conf" stop
  • test/test-20_TLS_reverse_proxy_client_auth.bash

    r4addf74 r89f863f  
    1414trap stop_backend EXIT
    1515
    16 make -f $(dirname ${0})/TestMakefile t-20
     16${srcdir}/runtests t-20
    1717
    1818backend_apache "${testdir}" "backend.conf" stop
  • test/test-21_TLS_reverse_proxy_wrong_cert.bash

    r4addf74 r89f863f  
    1414trap stop_backend EXIT
    1515
    16 make -f $(dirname ${0})/TestMakefile t-21
     16${srcdir}/runtests t-21
    1717
    1818backend_apache "${testdir}" "backend.conf" stop
  • test/test-22_TLS_reverse_proxy_crl_revoke.bash

    r4addf74 r89f863f  
    1414trap stop_backend EXIT
    1515
    16 make -f $(dirname ${0})/TestMakefile t-22
     16${srcdir}/runtests t-22
    1717
    1818backend_apache "${testdir}" "backend.conf" stop
  • test/test-23_TLS_reverse_proxy_mismatched_priorities.bash

    r4addf74 r89f863f  
    1919trap stop_backend EXIT
    2020
    21 make -f $(dirname ${0})/TestMakefile t-23
     21${srcdir}/runtests t-23
    2222
    2323backend_apache "${testdir}" "backend.conf" stop
  • test/test-24_pkcs11_cert.bash

    r4addf74 r89f863f  
    2525set -e
    2626
    27 make -f $(dirname ${0})/TestMakefile t-24
     27${srcdir}/runtests t-24
    2828
    2929cleanup_tmpconf
  • test/test_ca.mk

    r4addf74 r89f863f  
    11#!/usr/bin/make -f
     2# Authors:
     3# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
     4# Thomas Klute <thomas2.klute@uni-dortmund.de>
    25
    3 # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    4 
    5 # run these tests to ensure that mod_gnutls can handle a range of
    6 # simple configuration choices.
    7 
    8 export srcdir ?= .
    9 # If the Apache binary is not set, try to find apache2 in default PATH
    10 # (should only happen when the test script is run manually)
    11 export APACHE2 ?= apache2
    12 
    13 export TEST_HOST ?= localhost
    14 export TEST_IP ?= ::1
    15 # chosen at random:
    16 export TEST_PORT ?= 9932
    17 export MSVA_PORT ?= 9933
    18 
    19 export TEST_GAP ?= 0.4
    20 export TEST_MSVA_MAX_WAIT ?= 10
    21 export TEST_QUERY_DELAY ?= 30
    22 export TEST_LOCK_WAIT ?= 30
    23 
    24 TEST_LOCK := ./test.lock
    25 
    26 all: setup.done
    27         TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests
    28 
    29 t-%: setup.done
    30         TEST_LOCK=$(TEST_LOCK) $(srcdir)/runtests $@
    31 
    32 
    33 
    34 
    35 
    36 ### for setting up a little miniature CA + server + client environment:
    37 identities := server authority client imposter rogueca
    38 tokens := x509.pem secring.gpg secret.key cert.pgp secret.pgp
    39 all_tokens := $(foreach id,$(identities),$(foreach token,$(tokens),$(id)/$(token)))
     6# General rules to set up a miniature CA & server & client environment
     7# for the test suite
    408
    419%.template: $(srcdir)/%.template.in
     
    9765                --template "${srcdir}/$(*)-crl.template" \
    9866                > $@
    99 
    100 msva.gnupghome/trustdb.gpg: authority/minimal.pgp client/cert.pgp
    101         mkdir -p -m 0700 $(dir $@)
    102         GNUPGHOME=$(dir $@) gpg --import < $<
    103         printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
    104         GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
    105         printf "keyserver does-not-exist.example\n" > msva.gnupghome/gpg.conf
    106 
    107 
    108 setup.done: $(all_tokens) msva.gnupghome/trustdb.gpg client.uid
    109         mkdir -p logs cache outputs
    110         touch setup.done
    111 
    112 
    113 clean:
    114         rm -rf server client authority logs cache outputs setup.done \
    115         server.template imposter.template msva.gnupghome \
    116         */*.pgp */*.gpg */*.gpg~ */*.pem */*.key authority.template \
    117         client.template client.uid server.uid *.lock tests/*/*.pem
    118         rmdir imposter rogueca || true
    119 
    120 .PHONY: all clean
Note: See TracChangeset for help on using the changeset viewer.