Changeset ea9c699 in mod_gnutls for test


Ignore:
Timestamp:
Jan 28, 2019, 2:50:38 PM (10 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master
Children:
19e80a5
Parents:
8a264b0 (diff), 510764a (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

New upstream version 0.9.0

Location:
test
Files:
53 added
10 deleted
58 edited
2 moved

Legend:

Unmodified
Added
Removed
  • test/Makefile.am

    r8a264b0 rea9c699  
    1515        test-12_cgi_variables.bash \
    1616        test-13_cgi_variables_no_client_cert.bash \
    17         test-14_basic_openpgp.bash
     17        test-14_resume_session.bash
    1818if USE_MSVA
    1919dist_check_SCRIPTS += test-15_basic_msva.bash
     
    2929        test-24_pkcs11_cert.bash \
    3030        test-25_Disable_TLS_1.0.bash \
    31         test-26_redirect_HTTP_to_HTTPS.bash
    32 
     31        test-26_redirect_HTTP_to_HTTPS.bash \
     32        test-27_OCSP_server.bash \
     33        test-28_HTTP2_support.bash \
     34        test-29_force_handshake_vhost.bash \
     35        test-30_ip_based_vhosts.bash \
     36        test-31_vhost_SNI_serveralias_match.bash \
     37        test-32_vhost_SNI_serveralias_mismatch.bash \
     38        test-33_vhost_SNI_serveralias_missinghost.bash \
     39        test-34_TLS_reverse_proxy_h2.bash
     40
     41TEST_EXTENSIONS = .bash
    3342TESTS = $(dist_check_SCRIPTS)
     43
     44check_PROGRAMS = pgpcrc
     45pgpcrc_SOURCES = pgpcrc.c
     46
     47# build OCSP database tool
     48if ENABLE_OCSP_TEST
     49check_PROGRAMS += gen_ocsp_index
     50gen_ocsp_index_SOURCES = gen_ocsp_index.c cert_helper.c
     51gen_ocsp_index_CFLAGS = $(LIBGNUTLS_CFLAGS)
     52gen_ocsp_index_LDFLAGS = $(LIBGNUTLS_LIBS)
     53noinst_HEADERS = cert_helper.h
     54endif
    3455
    3556# Identities in the miniature CA, server, and client environment for
    3657# the test suite
    37 shared_identities = server authority client imposter rogueca
     58shared_identities = authority client
    3859pgp_identities = $(shared_identities)
    39 x509_only_identities = rogueclient
     60x509_only_identities = server rogueca imposter rogueclient
     61if ENABLE_OCSP_TEST
     62x509_only_identities += ocsp-responder
     63endif
    4064x509_identities = $(shared_identities) $(x509_only_identities)
    4165identities = $(shared_identities) $(x509_only_identities)
    4266# Append strings after ":=" to each identity to generate a list of
    4367# necessary files
    44 pgp_tokens = $(pgp_identities:=/secring.gpg) $(pgp_identities:=/cert.pgp) \
     68pgp_tokens = $(pgp_identities:=/cert.pgp) \
    4569        $(pgp_identities:=/secret.pgp)
    4670x509_keys = $(x509_identities:=/secret.key)
    4771x509_certs = $(x509_identities:=/x509.pem)
    4872x509_tokens = $(x509_certs) $(x509_keys)
    49 tokens = $(x509_tokens) $(pgp_tokens)
     73tokens = $(x509_tokens)
     74if USE_MSVA
     75tokens += $(pgp_tokens)
     76endif
    5077
    5178if !DISABLE_FLOCK
    5279# flock command for write access to the authority keyring
    53 GPG_FLOCK = $(FLOCK) authority/lock
     80GPG_FLOCK = @FLOCK@ authority/lock
    5481endif
    5582
     
    7198
    7299cert_templates = authority.template.in client.template.in \
    73         imposter.template.in rogueca.template rogueclient.template.in \
    74         server.template.in
     100        imposter.template.in ocsp-responder.template rogueca.template \
     101        rogueclient.template.in server.template.in
    75102generated_templates = authority.template client.template \
    76103        imposter.template rogueclient.template server.template
     
    93120# one day, so regenerating them is both fast and frequently
    94121# necessary.
    95 MOSTLYCLEANFILES += */*.pgp */*.gpg */*.gpg~ */gpg.conf authority/lock
     122MOSTLYCLEANFILES += */*.pgp */*.pgp.raw */*.gpg */*.gpg~ */gpg.conf \
     123        authority/lock */*.kbx */*.kbx~ */S.gpg-agent */private-keys-v1.d/* \
     124        authority/tofu.db
    96125# GnuPG random pool, no need to regenerate on every build
    97126CLEANFILES += authority/random_seed
     127
     128# GnuPG 2 starts gpg-agent processes per GNUPGHOME (one for every PGP
     129# identity) while creating the PGP certificates. This target is called
     130# by both "check-local" and "mostlyclean-local": The former because
     131# agent processes are started while preparing for "check" and are no
     132# longer needed afterwards, the latter to make sure they are gone
     133# along with their certificates.
     134stop-gnupg-agent:
     135        for id in $(pgp_identities) $(msva_home); do \
     136                GNUPGHOME=$$id/ gpgconf --kill gpg-agent || true; \
     137        done
     138
     139check-local: stop-gnupg-agent
    98140
    99141# Delete lock files for test servers on "mostlyclean" target.
     
    108150        mkdir -p -m 0700 $(dir $@)
    109151        GNUPGHOME=$(dir $@) gpg --import < $<
    110         printf "%s:6:\n" "$$(GNUPGHOME=authority gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
     152        printf "%s:6:\n" "$$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
    111153        GNUPGHOME=$(dir $@) gpg --import < client/cert.pgp
    112154        printf "keyserver does-not-exist.example\n" > $(msva_home)/gpg.conf
    113155endif
    114156
    115 # SoftHSM files
    116 check_DATA += server/softhsm.db
    117 MOSTLYCLEANFILES += tests/24_pkcs11_cert/softhsm.conf server/softhsm.db
    118 
     157if ENABLE_OCSP_TEST
     158# rules to build OCSP database
     159check_DATA += authority/ocsp_index.txt
     160MOSTLYCLEANFILES += authority/ocsp_index.txt authority/ocsp_index.txt.attr
     161authority/ocsp_index.txt: $(x509_tokens) gen_ocsp_index authority/ocsp_index.txt.attr
     162        ./gen_ocsp_index server/x509.pem client/x509.pem > $@
     163
     164authority/ocsp_index.txt.attr: authority/secret.key
     165        echo "unique_subject = no" > $@
     166
     167# build certificate chain file for server
     168check_DATA += server/x509-chain.pem
     169MOSTLYCLEANFILES += server/x509-chain.pem
     170%/x509-chain.pem: %/x509.pem authority/x509.pem
     171        cat $< authority/x509.pem > $@
     172endif
     173
     174# SoftHSM tokens. Note that the SoftHSM 2 token is a directory and
     175# hence has to be treated slightly differently.
     176SOFTHSM_TOKEN = server/softhsm.db
     177SOFTHSM2_TOKEN = server/softhsm2.db
     178
     179# Tokens should be cleaned whether or not the matching SoftHSM version
     180# was detected on the last ./configure run.
     181MOSTLYCLEANFILES += $(SOFTHSM_TOKEN)
     182# included in mostlyclean-local below
     183clean-softhsm2-db:
     184        -rm -rf $(SOFTHSM2_TOKEN)
     185
     186if HAVE_SOFTHSM1
     187check_DATA += $(SOFTHSM_TOKEN)
     188endif HAVE_SOFTHSM1
     189
     190if HAVE_SOFTHSM2
     191check_DATA += $(SOFTHSM2_TOKEN)
     192endif HAVE_SOFTHSM2
    119193
    120194check_DATA += make-test-dirs
     
    122196make-test-dirs:
    123197        mkdir -p $(extra_dirs)
    124 .PHONY: make-test-dirs
    125 
     198
     199.PHONY: make-test-dirs clean-softhsm2-db stop-gnupg-agent
     200
     201
     202mostlyclean-local: clean-softhsm2-db stop-gnupg-agent
     203        -rmdir $(pgp_identities:=/private-keys-v1.d) || true
     204if USE_MSVA
     205        -rmdir $(msva_home)/private-keys-v1.d || true
     206endif
     207
     208# Delete test data directories, and wait for test services to
     209# exit. The reason for the wait is that Apache instances may take some
     210# time to exit and delete their PID files. Occasionally some PID files
     211# where still around during "distcheck" runs by the time the target
     212# checked if the build directory was really empty after "distclean",
     213# breaking the build. Delaying "clean-local" until PID files are gone
     214# avoids this issue, and the timeout will expose actually unclean
     215# stops.
    126216clean-local:
    127217        -rmdir $(identities) || true
     
    130220        -rmdir $(msva_home) || true
    131221endif
     222        wait=0; \
     223        while ls *.pid && test "$$wait" -lt "@TEST_LOCK_WAIT@"; do \
     224                wait=$$(($$wait + 1)); \
     225                echo "waiting for test services to exit ($$wait seconds)"; \
     226                sleep 1; \
     227        done
    132228
    133229# Apache configuration and data files
    134 apache_data = base_apache.conf cgi_module.conf data/* mime.types proxy_mods.conf
    135 
    136 EXTRA_DIST = $(apache_data) $(cert_templates) *.uid.in common.bash \
    137         proxy_backend.bash runtests server-crl.template server-softhsm.conf \
     230apache_data = base_apache.conf cgi_module.conf data/dump.cgi data/ocsp.cgi \
     231        data/secret.txt data/test.txt ffdhe3072.pem mime.types \
     232        proxy_mods.conf
     233
     234EXTRA_DIST = $(apache_data) $(cert_templates) $(shared_identities:=.uid.in) \
     235        apache_service.bash common.bash runtests server-crl.template \
    138236        softhsm.bash
    139237
     
    142240# Lockfile for the proxy backend Apache process (if any)
    143241backend_lockfile = ./backend.lock
    144 # Maximum wait time in seconds for flock to aquire instance lock
    145 # files, or Apache to remove its PID file
    146 lock_wait = 30
     242# Lockfile for the OCSP server Apache process (if any)
     243ocsp_lockfile = ./ocsp.lock
    147244
    148245# port for the main Apache server
     
    150247# port for MSVA in test cases that use it
    151248MSVA_PORT ?= 9933
     249# port for TLS proxy backend server
     250BACKEND_PORT ?= 9934
     251# port for the OCSP responder
     252if ENABLE_OCSP_TEST
     253OCSP_PORT ?= 9936
     254OCSP_URI_TEMPLATE = ocsp_uri = http://$(TEST_HOST):$(OCSP_PORT)/ocsp/
     255endif
    152256# maximum time to wait for MSVA startup (milliseconds)
    153 TEST_MSVA_MAX_WAIT ?= 10000
     257TEST_SERVICE_MAX_WAIT ?= 10000
    154258# wait loop time for MSVA startup (milliseconds)
    155 TEST_MSVA_WAIT ?= 400
    156 # seconds for the HTTP request to be sent and responded to
    157 TEST_QUERY_DELAY ?= 30
    158 
    159 AM_TESTS_ENVIRONMENT = export APACHE2=$(APACHE2); \
    160         export AP_LIBEXECDIR=$(AP_LIBEXECDIR); \
    161         export TEST_LOCK_WAIT="$(lock_wait)"; \
    162         export TEST_HOST="$(TEST_HOST)"; \
     259TEST_SERVICE_WAIT ?= 400
     260
     261AM_TESTS_ENVIRONMENT = export APACHE2=@APACHE2@; \
     262        export AP_LIBEXECDIR=@AP_LIBEXECDIR@; \
     263        export TEST_LOCK_WAIT="@TEST_LOCK_WAIT@"; \
     264        export TEST_IP="@TEST_IP@"; \
     265        export TEST_HOST="@TEST_HOST@"; \
    163266        export TEST_PORT="$(TEST_PORT)"; \
    164267        export MSVA_PORT="$(MSVA_PORT)"; \
    165         export TEST_MSVA_MAX_WAIT="$(TEST_MSVA_MAX_WAIT)"; \
    166         export TEST_MSVA_WAIT="$(TEST_MSVA_WAIT)"; \
    167         export TEST_QUERY_DELAY="$(TEST_QUERY_DELAY)"; \
    168         export BACKEND_HOST="$(TEST_HOST)"; \
     268        export TEST_SERVICE_MAX_WAIT="$(TEST_SERVICE_MAX_WAIT)"; \
     269        export TEST_SERVICE_WAIT="$(TEST_SERVICE_WAIT)"; \
     270        export TEST_QUERY_TIMEOUT="@TEST_QUERY_TIMEOUT@"; \
     271        export BACKEND_HOST="@TEST_HOST@"; \
     272        export BACKEND_PORT="$(BACKEND_PORT)"; \
    169273        export HTTP_CLI="@HTTP_CLI@";
    170274
     275if HAVE_SOFTHSM
     276AM_TESTS_ENVIRONMENT += export SOFTHSM="@SOFTHSM@"; \
     277        export SOFTHSM_MAJOR_VERSION="@SOFTHSM_MAJOR_VERSION@"; \
     278        export SOFTHSM_LIB="@SOFTHSM_LIB@"
     279endif
     280
     281if ENABLE_OCSP_TEST
     282AM_TESTS_ENVIRONMENT += export OPENSSL="@OPENSSL@"; \
     283        export OCSP_PORT="$(OCSP_PORT)";
     284endif
     285
    171286if ENABLE_NETNS
    172 AM_TESTS_ENVIRONMENT += export UNSHARE="$(UNSHARE)"; \
     287AM_TESTS_ENVIRONMENT += export UNSHARE="@UNSHARE@"; \
    173288        export USE_TEST_NAMESPACE=1;
    174289endif
    175 # Without flock tests must not run in parallel. Otherwise set lock files.
     290# Without flock tests must not run in parallel, and PID files are used
     291# to prevent conflicts between server instances. Otherwise set lock
     292# files for flock.
    176293if DISABLE_FLOCK
     294AM_TESTS_ENVIRONMENT += export TEST_LOCK="apache2.pid"; \
     295        export BACKEND_LOCK="backend.pid"; \
     296        export OCSP_LOCK="ocsp.pid";
    177297.NOTPARALLEL:
    178298else
    179 AM_TESTS_ENVIRONMENT += export FLOCK="$(FLOCK)"; \
     299AM_TESTS_ENVIRONMENT += export FLOCK="@FLOCK@"; \
    180300        export TEST_LOCK="$(test_lockfile)"; \
    181         export BACKEND_LOCK="$(backend_lockfile)";
     301        export BACKEND_LOCK="$(backend_lockfile)"; \
     302        export OCSP_LOCK="$(ocsp_lockfile)";
    182303endif
    183304
  • test/README

    r8a264b0 rea9c699  
    33
    44Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    5          Thomas Klute <thomas2.klute@uni-dortmund.de>
     5         Fiona Klute <fiona.klute@gmx.de>
    66
    77There are a lot of ways that a TLS-capable web server can go wrong.  I
     
    130130 * If a machine is particularly slow or under heavy load, it's
    131131   possible that these tests will fail for timing
    132    reasons. [TEST_QUERY_DELAY (seconds for the HTTP request to be sent
    133    and responded to)]
     132   reasons. [TEST_QUERY_TIMEOUT (timeout for the HTTPS request in
     133   seconds)]
    134134
    135135The first two of these issues are avoided when the tests are isolated
  • test/apache-conf/netns.conf.in

    r8a264b0 rea9c699  
    11# This file contains options that are different depending on whether
    22# tests use namespaces or not.
    3 Mutex   @MUTEX_TYPE@    default
     3@MUTEX_CONF@
    44PidFile apache2@PID_AFFIX@.pid
  • test/base_apache.conf

    r8a264b0 rea9c699  
    11ServerRoot ${PWD}
     2DefaultRuntimeDir cache/
    23
    34LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
    4 CustomLog logs/${TEST_NAME}.access.log combined
     5<IfDefine !BACKEND_PORT>
     6        # Proxy backend servers have their own access log, prevent
     7        # them from writing to the default one.
     8        CustomLog       logs/${TEST_NAME}.access.log combined
     9</IfDefine>
    510ErrorLog logs/${TEST_NAME}.error.log
    611HostnameLookups Off
     
    1116LoadModule      authz_core_module       ${AP_LIBEXECDIR}/mod_authz_core.so
    1217LoadModule      mime_module             ${AP_LIBEXECDIR}/mod_mime.so
     18
     19LoadModule      socache_shmcb_module    ${AP_LIBEXECDIR}/mod_socache_shmcb.so
     20Define          DEFAULT_CACHE   shmcb:cache/gnutls_cache_${TEST_NAME}(65536)
     21
    1322TypesConfig ${srcdir}/mime.types
    1423
     
    1625
    1726DocumentRoot ${srcdir}/data
    18 LoadModule gnutls_module ../src/.libs/libmod_gnutls.so
     27LoadModule gnutls_module ../src/.libs/mod_gnutls.so
  • test/client.template.in

    r8a264b0 rea9c699  
    55signing_key
    66encryption_key
     7### ocsp_uri=http://__HOSTNAME__:__OCSP_PORT__/ocsp/
  • test/common.bash

    r8a264b0 rea9c699  
    1515        sleep 1
    1616    done
     17}
     18
     19
     20
     21# Usage: verbose_log [...]
     22#
     23# If VERBOSE is not empty, write a log message prefixed with the name
     24# of the calling function. The function is defined to a no-op
     25# otherwise.
     26if [ -n "${VERBOSE}" ]; then
     27    function verbose_log
     28    {
     29        echo "${FUNCNAME[1]}: ${@}"
     30    }
     31else
     32    function verbose_log
     33    {
     34        return
     35    }
     36fi
     37
     38
     39
     40# Usage: wait_ready COMMAND [TIMEOUT] [STEP]
     41#
     42# Wait until COMMAND terminates with success (zero exit code), or
     43# until the TIMEOUT (in milliseconds) expires. TIMEOUT defaults to
     44# $TEST_SERVICE_MAX_WAIT if unset. A TIMEOUT of zero means to try
     45# once.
     46#
     47# COMMAND is retried every STEP milliseconds, the default is
     48# $TEST_SERVICE_WAIT. Note that the last try may happen a little after
     49# TIMEOUT expires if STEP does not evenly divide it.
     50function wait_ready
     51{
     52    local command="${1}"
     53    if [ -z "${2}" ]; then
     54        local -i timeout="${TEST_SERVICE_MAX_WAIT}"
     55    else
     56        local -i timeout="${2}"
     57    fi
     58    local -i step="${3}"
     59    [ ${step} -gt 0 ] || step="${TEST_SERVICE_WAIT}"
     60    # convert step to seconds because that's what "sleep" needs
     61    local sec_step="$((${step} / 1000)).$((${step} % 1000))"
     62
     63    verbose_log "Waiting for \"${command}\" ..."
     64    local -i waited=0
     65    until eval "${command}"; do
     66        if [ "${waited}" -ge "${timeout}" ]; then
     67            echo "${FUNCNAME[0]}: Timed out waiting for \"${command}\"" \
     68                 "to succeed (waited ${waited} ms)." >&2
     69            return 1
     70        fi
     71        waited=$((waited + step));
     72        sleep "${sec_step}"
     73        verbose_log "waiting (${waited} ms)"
     74    done
     75    verbose_log "done (waited ${waited} ms)"
    1776}
    1877
     
    3796{
    3897    if [ -n "${USE_TEST_NAMESPACE}" ] && [ -z "${MGS_NETNS_ACTIVE}" ]; then
    39         exec "${UNSHARE}" --net -r /bin/bash -c \
     98        exec "${UNSHARE}" --net --ipc -r /bin/bash -c \
    4099             "export MGS_NETNS_ACTIVE=1; ip link set up lo; exec ${UNSHARE} --user ${0} ${@}"
    41100    fi
    42101    return 0
    43102}
     103
     104# Usage: require_gnutls_cli ${REQUIRED_VERSION_NUMBER} || exit ${ERROR_CODE}
     105# Require the gnutls-cli binary to be of a given version or newer.
     106# Return error code 1 if older, 2 if not found.
     107function require_gnutls_cli
     108{
     109    local required_version=(${1//./ })
     110
     111    if [[ $(gnutls-cli --version) =~ gnutls-cli[[:space:]]([[:digit:]]+)\.([[:digit:]]+)\.([[:digit:]]+) ]]
     112    then
     113        for i in {0..2}
     114        do
     115            if [ ${BASH_REMATCH[i+1]} -gt ${required_version[i]} ]
     116            then
     117                break;
     118            elif [ ${BASH_REMATCH[i+1]} -lt ${required_version[i]} ]
     119            then
     120                return 1
     121            fi
     122        done
     123        return 0
     124    else
     125        return 2
     126    fi
     127}
  • test/data/dump.cgi

    r8a264b0 rea9c699  
    1212$SSL_CLIENT_S_AN0
    1313
    14 DH prime bits: $SSL_DH_PRIME_BITS
    1514EOF
  • test/proxy_backend.conf.in

    r8a264b0 rea9c699  
     1# redefine TEST_PORT before loading the base config
     2Define  TEST_PORT       ${BACKEND_PORT}
     3Include ${srcdir}/base_apache.conf
     4
     5Define  BACKEND_CACHE   shmcb:cache/gnutls_cache_${TEST_NAME}_backend(65536)
     6
    17# common options for proxy backend servers
    28CustomLog       logs/${TEST_NAME}.backend.access.log combined
  • test/runtests

    r8a264b0 rea9c699  
    33# Authors:
    44# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    5 # Thomas Klute <thomas2.klute@uni-dortmund.de>
     5# Fiona Klute <fiona.klute@gmx.de>
    66
    77set -e
    88. ${srcdir}/common.bash
     9. ${srcdir}/apache_service.bash
    910netns_reexec ${@}
    1011
     
    1718    testid=${srcdir}/tests/"$(printf "%02d" "$testid")"_*
    1819fi
     20testdir="$(realpath ${testid})"
    1921
    2022BADVARS=0
    21 for v in APACHE2 TEST_HOST TEST_PORT TEST_QUERY_DELAY TEST_MSVA_WAIT \
     23for v in APACHE2 TEST_HOST TEST_PORT TEST_QUERY_TIMEOUT TEST_SERVICE_WAIT \
    2224                 MSVA_PORT; do
    2325    if [ ! -v "$v" ]; then
     
    3436function pinpoint_error()
    3537{
    36     echo "${1} failed at line ${2}!" >&2
    37 }
    38 trap 'pinpoint_error ${BASH_SOURCE} ${LINENO}' ERR
     38    echo "Command \"${BASH_COMMAND}\" failed. Call trace:" >&2
     39    local stack=0
     40    while caller $((stack++)) >&2; do true; done
     41}
     42trap 'pinpoint_error' ERR
    3943
    4044function stop_msva()
     
    8993        if [ -n "${pid}" ] && ps -p "${pid}"; then
    9094            kill "${pid}"
     95        else
     96            echo "No running process with PID ${pid} (${pidfile})."
    9197        fi
    9298        rm "${pidfile}"
     
    96102function apache_down_err() {
    97103    printf "FAILURE: %s\n" "$TEST_NAME"
    98     ${APACHE2} -f "${t}/apache.conf" -k stop || true
     104    ${APACHE2} -f "${testdir}/apache.conf" -k stop || true
    99105    if [ -e output ]; then
    100106        printf "\ngnutls-cli outputs:\n"
    101107        diff_output_filter_headers "output" "$output" || true
     108    fi
     109
     110    if [ -r "${testdir}/backend.conf" ]; then
     111        apache_service "${testdir}" "backend.conf" stop || true
     112    fi
     113
     114    if [ -r "${testdir}/ocsp.conf" ]; then
     115        apache_service "${testdir}" "ocsp.conf" stop || true
    102116    fi
    103117
     
    123137
    124138    printf "TESTING: initial MSVA verification\n"
    125     # set to 0 if MSVA is up
    126     ret=1
    127139    export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
    128140
    129     # convert TEST_MSVA_WAIT to seconds because that's what "sleep" expects
    130     TEST_MSVA_SLEEP="$((${TEST_MSVA_WAIT} / 1000)).$((${TEST_MSVA_WAIT} % 1000))"
    131     # wait at most TEST_MSVA_MAX_WAIT milliseconds for MSVA to get ready
    132     waited=0
    133     until [ ${ret} -eq 0 ] \
    134               || [ ${waited} -ge ${TEST_MSVA_MAX_WAIT} ]; do
    135         if msva-query-agent https "$(cat client.uid)" x509pem client < client/x509.pem
    136         then
    137             ret=0
    138         else
    139             echo "MSVA not ready yet"
    140         fi
    141         sleep "${TEST_MSVA_SLEEP}"
    142         waited=$((${waited} + ${TEST_MSVA_WAIT}))
    143     done
    144 
     141    msva_test_cmd="msva-query-agent https \"$(cat client.uid)\" x509pem client < client/x509.pem"
    145142    # check if MSVA is up, fail if not
    146     if [ ${ret} -eq 0 ]; then
     143    if wait_ready "${msva_test_cmd}"; then
    147144        printf "\nSUCCESS: initial MSVA verification\n"
    148145    else
     
    152149fi
    153150
    154 TEST_PID="apache2.pid"
    155151# configure locking for the Apache process
    156152if [ -n "${USE_TEST_NAMESPACE}" ]; then
    157153    echo "Using namespaces to isolate tests, no need for locking."
    158154    flock_cmd=""
    159 elif [ -n "${TEST_LOCK}" ]; then
     155elif [ -n "${FLOCK}" ]; then
    160156    flock_cmd="${FLOCK} -w ${TEST_LOCK_WAIT} $(realpath ${TEST_LOCK})"
    161157else
    162158    echo "Locking disabled, using wait based on Apache PID file."
    163     wait_pid_gone "${TEST_PID}"
     159    wait_pid_gone "${TEST_LOCK}"
    164160    flock_cmd=""
    165161fi
    166162
    167 t="$(realpath ${testid})"
    168163export srcdir="$(realpath ${srcdir})"
    169 export TEST_NAME="$(basename "$t")"
     164export TEST_NAME="$(basename "${testdir}")"
    170165output="outputs/${TEST_NAME}.output"
    171166rm -f "$output"
    172167
    173 if [ -e ${t}/fail.* ]; then
     168if [ -e ${testdir}/fail.* ]; then
    174169    EXPECTED_FAILURE="$(printf " (expected: %s)" fail.*)"
    175170else
     
    179174trap apache_down_err EXIT
    180175if [ -n "${USE_MSVA}" ]; then
    181     MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" \
    182                                         ${flock_cmd} \
    183                                         ${APACHE2} -f "${t}/apache.conf" -k start \
    184         || [ -e "${t}/fail.server" ]
    185 else
    186     ${flock_cmd} \
    187         ${APACHE2} -f "${t}/apache.conf" -k start \
    188         || [ -e "${t}/fail.server" ]
     176    export MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT"
     177fi
     178
     179# If VERBOSE is enabled, log the HTTPD build configuration
     180if [ -n "${VERBOSE}" ]; then
     181    ${APACHE2} -f "${srcdir}/base_apache.conf" -V
     182fi
     183
     184# Start OCSP responder, if configured
     185if [ -r "${testdir}/ocsp.conf" ]; then
     186    apache_service "${testdir}" "ocsp.conf" start "${OCSP_LOCK}"
     187    CHECK_OCSP_SERVER="true"
     188    if [ -n "${VERBOSE}" ]; then
     189        echo "OCSP index for the test CA:"
     190        cat authority/ocsp_index.txt
     191    fi
     192fi
     193
     194# Start proxy backend server, if configured
     195if [ -r "${testdir}/backend.conf" ]; then
     196    apache_service "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
     197fi
     198
     199if ! ${flock_cmd} ${APACHE2} -f "${testdir}/apache.conf" -k start; then
     200    if [ -e "${testdir}/fail.server" ]; then
     201        echo "Apache HTTPD failed to start as expected."
     202        exit 0
     203    else
     204        echo "Apache HTTPD unexpectedly failed to start."
     205        exit 1
     206    fi
     207fi
     208
     209# check OCSP server
     210if [ -n "${CHECK_OCSP_SERVER}" ]; then
     211    if [ -n "${OCSP_RESPONSE_FILE}" ]; then
     212        store_ocsp="--outfile ${OCSP_RESPONSE_FILE}"
     213    fi
     214    echo "---- Testing OCSP server ----"
     215    wait_ready "ocsptool --ask --nonce --load-issuer authority/x509.pem --load-cert server/x509.pem ${store_ocsp}"
     216    echo "---- OCSP test done ----"
     217fi
     218
     219if [ -n "${TARGET_IP}" ]; then
     220    TARGET="${TARGET_IP}"
     221else
     222    TARGET="${TEST_HOST}"
    189223fi
    190224
     
    198232# case to proceed instead of waiting for it to return. The sleep
    199233# process is stopped after gnutls-cli terminates.
    200 if (sed "s/__HOSTNAME__/${TEST_HOST}/" <${t}/input && \
    201            run_with_pidfile "${sleep_pidfile}" sleep "${TEST_QUERY_DELAY}" &) | \
    202        gnutls-cli -p "${TEST_PORT}" $(cat ${t}/gnutls-cli.args) "${TEST_HOST}" \
    203                   >"$output";
     234#
     235# The line end manipulation in sed guarantees that all header lines
     236# end with CRLF as required by RFC 7230, Section 3.1.1 regardless of
     237# the line ends in the input file.
     238if (sed -r "s/__HOSTNAME__/${TEST_HOST}/;s/\r?$/\r/" <${testdir}/input && \
     239           run_with_pidfile "${sleep_pidfile}" sleep "${TEST_QUERY_TIMEOUT}" &) | \
     240       gnutls-cli -p "${TEST_PORT}" $(cat ${testdir}/gnutls-cli.args) "${TARGET}" \
     241       | tee "$output" && test "${PIPESTATUS[1]}" -eq 0;
    204242then
    205     if [ -e ${t}/fail* ]; then
    206         printf "%s should have failed but succeeded\n" "$(basename "$t")" >&2
     243    if [ -e ${testdir}/fail* ]; then
     244        printf "%s should have failed but succeeded\n" "$(basename "$testdir")" >&2
    207245        exit 1
    208246    fi
    209247else
    210     if [ ! -e ${t}/fail* ]; then
    211         printf "%s should have succeeded but failed\n" "$(basename "$t")" >&2
     248    if [ ! -e ${testdir}/fail* ]; then
     249        printf "%s should have succeeded but failed\n" "$(basename "$testdir")" >&2
    212250        exit 1
    213251    fi
     
    217255unset sleep_pidfile
    218256
    219 if [ -e ${t}/output ] ; then
    220     diff_output_filter_headers "${t}/output" "$output" >&2
     257if [ -e ${testdir}/output ] ; then
     258    diff_output_filter_headers "${testdir}/output" "$output" >&2
    221259fi
    222260if [ -n "${USE_MSVA}" ]; then
     
    225263    trap - EXIT
    226264fi
    227 ${APACHE2} -f "${t}/apache.conf" -k stop || [ -e ${t}/fail.server ]
     265${APACHE2} -f "${testdir}/apache.conf" -k stop || [ -e ${testdir}/fail.server ]
    228266printf "SUCCESS: %s\n" "$TEST_NAME"
     267
     268if [ -r "${testdir}/backend.conf" ]; then
     269    apache_service "${testdir}" "backend.conf" stop || true
     270fi
     271
     272if [ -r "${testdir}/ocsp.conf" ]; then
     273    apache_service "${testdir}" "ocsp.conf" stop || true
     274fi
    229275
    230276if [ -n "${USE_MSVA}" ]; then
  • test/server.template.in

    r8a264b0 rea9c699  
    1 serial=2
     1serial=587198681
    22cn=__HOSTNAME__
    33tls_www_server
     
    55encryption_key
    66dns_name="__HOSTNAME__"
     7__OCSP_URI__
     8__IP_ADDRESSES__
  • test/softhsm.bash

    r8a264b0 rea9c699  
    1717    local label="${3}"
    1818
    19     p11tool --provider=${softhsm_lib} --login --write --label "${label}" \
     19    p11tool --provider=${SOFTHSM_LIB} --login --write --label "${label}" \
    2020            --load-privkey "${keyfile}" "${token}"
    2121}
     
    2828    local label="${3}"
    2929
    30     p11tool --provider=${softhsm_lib} --login --write --no-mark-private \
     30    p11tool --provider=${SOFTHSM_LIB} --login --write --no-mark-private \
    3131            --label "${label}" --load-certificate "${certfile}" "${token}"
    3232}
     
    3636{
    3737    local label="${1}"
    38     p11tool --provider=${softhsm_lib} --list-tokens | \
     38    p11tool --provider=${SOFTHSM_LIB} --list-tokens | \
    3939        grep -o -P "(?<=URL:\s)(.*token=${label}.*)$"
    4040}
     
    4444function get_object_url
    4545{
    46     p11tool --provider=${softhsm_lib} --list-all --login "${1}" | \
     46    p11tool --provider=${SOFTHSM_LIB} --list-all --login "${1}" | \
    4747        grep -o -P "(?<=URL:\s)(.*object=${2}.*)$"
    4848}
     
    6565
    6666# try to find SoftHSM
    67 softhsm="$(which softhsm)"
     67softhsm="$(basename ${SOFTHSM})"
     68
     69if [ "${softhsm}" = "softhsm" ]; then
     70    softhsm_libname="libsofthsm.so"
     71    # fail if SOFTHSM_CONF is not set
     72    if [ -z "${SOFTHSM_CONF}" ]; then
     73        echo "ERROR: SOFTHSM_CONF not set!" 1>&2
     74        exit 1
     75    else
     76        export SOFTHSM_CONF
     77    fi
     78    echo "using SOFTHSM_CONF=\"${SOFTHSM_CONF}\""
     79elif [ "${softhsm}" = "softhsm2-util" ]; then
     80    softhsm_libname="libsofthsm2.so"
     81    # fail if SOFTHSM2_CONF is not set
     82    if [ -z "${SOFTHSM2_CONF}" ]; then
     83        echo "ERROR: SOFTHSM2_CONF not set!" 1>&2
     84        exit 1
     85    else
     86        export SOFTHSM2_CONF
     87    fi
     88else
     89    # no SoftHSM
     90    echo "No SoftHSM!" >&2
     91    exit 77
     92fi
     93
     94if [ -z "${SOFTHSM_LIB}" ]; then
     95    # Try to find the libsofthsm[2] module in some common locations.
     96    softhsm_searchpath=(/usr/lib64/pkcs11 /usr/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm)
     97    for i in ${softhsm_searchpath[@]} ""; do
     98        SOFTHSM_LIB="${i}/${softhsm_libname}"
     99        echo "checking ${SOFTHSM_LIB} ..."
     100        if [ -f "${SOFTHSM_LIB}" ]; then
     101            echo "found!"
     102            export SOFTHSM_LIB
     103            break;
     104        fi
     105    done
     106else
     107    echo "using ${SOFTHSM_LIB} (set by user)"
     108fi
     109
     110if [ ! -f "${SOFTHSM_LIB}" ]; then
     111    echo "${softhsm_libname} not found!" >&2
     112    exit 77
     113fi
    68114
    69115case "${1}" in
     
    88134set -e
    89135
    90 # Guess location of libsofthsm based on softhsm binary. The path
    91 # matches SoftHSM upstream, but this might fail if someone changes the
    92 # libdir or bindir of the SoftHSM installation independently of its
    93 # general prefix.
    94 softhsm_prefix="$(realpath $(dirname ${softhsm})/..)"
    95 softhsm_lib="${softhsm_prefix}/lib/softhsm/libsofthsm.so"
    96 
    97 # fail if SOFTHSM_CONF is not set
    98 if [ -z "${SOFTHSM_CONF}" ]; then
    99     echo "ERROR: SOFTHSM_CONF not set!" 1>&2
    100     exit 1
    101 else
    102     export SOFTHSM_CONF
    103 fi
    104 echo "using SOFTHSM_CONF=\"${SOFTHSM_CONF}\""
    105 
    106136# variables for token configuration
    107137token_label="mod_gnutls-test"
  • test/test-16_view-status.bash

    r8a264b0 rea9c699  
    11#!/bin/bash
     2set -e
    23${srcdir}/runtests t-16
     4
     5# expected output file
     6output="outputs/16_view-status.output"
     7# get the cipher suite reported by gnutls-cli
     8cli_suite="$(grep -o -P '(?<=^-\sDescription:\s).*$' "${output}")" || true
     9# extract cipher suite from the server status output
     10status_suite="$(grep -o -P '(?<=^Current TLS session:\s).*$' "${output}")" \
     11    || true
     12
     13echo
     14if [[ -n "${cli_suite}" && "${status_suite}" = "${cli_suite}" ]]; then
     15    echo "Server and client report matching cipher suite: ${status_suite}"
     16else
     17    echo "ERROR: Cipher suites mismatching or missing!"
     18    echo "Server: '${status_suite}'"
     19    echo "Client: '${cli_suite}'"
     20    exit 1
     21fi
  • test/test-19_TLS_reverse_proxy.bash

    r8a264b0 rea9c699  
    11#!/bin/bash
    2 
    3 set -e
    4 : ${srcdir:="."}
    5 . ${srcdir}/common.bash
    6 netns_reexec ${@}
    7 
    8 testdir="${srcdir}/tests/19_TLS_reverse_proxy"
    9 . $(dirname ${0})/proxy_backend.bash
    10 
    11 function stop_backend
    12 {
    13     backend_apache "${testdir}" "backend.conf" stop
    14 }
    15 backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
    16 trap stop_backend EXIT
    17 
    182${srcdir}/runtests t-19
    19 
    20 backend_apache "${testdir}" "backend.conf" stop
    21 trap - EXIT
  • test/test-20_TLS_reverse_proxy_client_auth.bash

    r8a264b0 rea9c699  
    11#!/bin/bash
    2 
    3 set -e
    4 : ${srcdir:="."}
    5 . ${srcdir}/common.bash
    6 netns_reexec ${@}
    7 
    8 testdir="${srcdir}/tests/20_TLS_reverse_proxy_client_auth"
    9 . $(dirname ${0})/proxy_backend.bash
    10 
    11 function stop_backend
    12 {
    13     backend_apache "${testdir}" "backend.conf" stop
    14 }
    15 backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
    16 trap stop_backend EXIT
    17 
    182${srcdir}/runtests t-20
    19 
    20 backend_apache "${testdir}" "backend.conf" stop
    21 trap - EXIT
  • test/test-21_TLS_reverse_proxy_wrong_cert.bash

    r8a264b0 rea9c699  
    11#!/bin/bash
    2 
    3 set -e
    4 : ${srcdir:="."}
    5 . ${srcdir}/common.bash
    6 netns_reexec ${@}
    7 
    8 testdir="${srcdir}/tests/21_TLS_reverse_proxy_wrong_cert"
    9 . $(dirname ${0})/proxy_backend.bash
    10 
    11 function stop_backend
    12 {
    13     backend_apache "${testdir}" "backend.conf" stop
    14 }
    15 backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
    16 trap stop_backend EXIT
    17 
    182${srcdir}/runtests t-21
    19 
    20 backend_apache "${testdir}" "backend.conf" stop
    21 trap - EXIT
  • test/test-22_TLS_reverse_proxy_crl_revoke.bash

    r8a264b0 rea9c699  
    11#!/bin/bash
    2 
    3 set -e
    4 : ${srcdir:="."}
    5 . ${srcdir}/common.bash
    6 netns_reexec ${@}
    7 
    8 testdir="${srcdir}/tests/22_TLS_reverse_proxy_crl_revoke"
    9 . $(dirname ${0})/proxy_backend.bash
    10 
    11 function stop_backend
    12 {
    13     backend_apache "${testdir}" "backend.conf" stop
    14 }
    15 backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
    16 trap stop_backend EXIT
    17 
    182${srcdir}/runtests t-22
    19 
    20 backend_apache "${testdir}" "backend.conf" stop
    21 trap - EXIT
  • test/test-23_TLS_reverse_proxy_mismatched_priorities.bash

    r8a264b0 rea9c699  
    11#!/bin/bash
    2 
    3 set -e
    4 : ${srcdir:="."}
    5 . ${srcdir}/common.bash
    6 netns_reexec ${@}
    7 
    8 testdir="${srcdir}/tests/23_TLS_reverse_proxy_mismatched_priorities"
    9 . $(dirname ${0})/proxy_backend.bash
    102
    113# This test checks if server and proxy priorities are applied
     
    135# back end server is configured not to use TLS 1.2. The proxy request
    146# must fail and the client must receive an error message to pass.
    15 
    16 function stop_backend
    17 {
    18     backend_apache "${testdir}" "backend.conf" stop
    19 }
    20 backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
    21 trap stop_backend EXIT
    22 
    237${srcdir}/runtests t-23
    24 
    25 backend_apache "${testdir}" "backend.conf" stop
    26 trap - EXIT
  • test/test-24_pkcs11_cert.bash

    r8a264b0 rea9c699  
    33testdir="$(dirname ${0})/tests/24_pkcs11_cert"
    44
    5 # The Apache/SoftHSM configuration mixes up directories, so generate a
    6 # config file with an absolute path to the token database from a
    7 # template. Generating it on every run avoids problems if the source
     5# The Apache/SoftHSM configuration mixes up directories, so generate
     6# config files with absolute paths to the token database from a
     7# template. Generating them on every run avoids problems if the source
    88# tree was moved.
    99tmp_softhsm_conf="$(mktemp mod_gnutls_test-XXXXXX.conf)"
     
    1414trap cleanup_tmpconf EXIT
    1515
    16 cat - >"${tmp_softhsm_conf}" <<EOF
     16if [ "${SOFTHSM_MAJOR_VERSION}" = "1" ]; then
     17    cat - >"${tmp_softhsm_conf}" <<EOF
    17180:$(realpath $(pwd))/server/softhsm.db
    1819EOF
    19 export SOFTHSM_CONF="${tmp_softhsm_conf}"
     20    export SOFTHSM_CONF="${tmp_softhsm_conf}"
     21elif [ "${SOFTHSM_MAJOR_VERSION}" = "2" ]; then
     22    cat - >"${tmp_softhsm_conf}" <<EOF
     23objectstore.backend = file
     24directories.tokendir = $(realpath $(pwd))/server/softhsm2.db
     25EOF
     26    export SOFTHSM2_CONF="${tmp_softhsm_conf}"
     27fi
     28
    2029echo "Generated temporary SoftHSM config ${tmp_softhsm_conf}:"
    2130cat "${tmp_softhsm_conf}"
  • test/test-26_redirect_HTTP_to_HTTPS.bash

    r8a264b0 rea9c699  
    1111testdir="${srcdir}/tests/26_redirect_HTTP_to_HTTPS"
    1212TEST_NAME="$(basename ${testdir})"
    13 . $(dirname ${0})/proxy_backend.bash
     13. $(dirname ${0})/apache_service.bash
    1414
    1515: ${TEST_HTTP_PORT:="9935"}
    1616export TEST_HTTP_PORT
    1717
    18 # "Proxy backend" functions are used to start the only instance needed
    19 # here without "runtests". We have to override BACKEND_PID and
    20 # BACKEND_PORT to make them match what a runtests-based test would
    21 # use.
    22 export BACKEND_PID="apache2.pid"
    23 export BACKEND_PORT="${TEST_PORT}"
    24 function stop_backend
     18function stop_server
    2519{
    26     backend_apache "${testdir}" "apache.conf" stop
     20    apache_service "${testdir}" "apache.conf" stop
    2721}
    28 backend_apache "${testdir}" "apache.conf" start "${TEST_LOCK}"
    29 trap stop_backend EXIT
     22apache_service "${testdir}" "apache.conf" start "${TEST_LOCK}"
     23trap stop_server EXIT
    3024
    3125output="outputs/${TEST_NAME}.output"
     
    3529URL="http://${TEST_HOST}:${TEST_HTTP_PORT}/status?auto"
    3630if [ "$(basename ${HTTP_CLI})" = "curl" ]; then
    37     ${HTTP_CLI} --location --cacert authority/x509.pem "${URL}" >"${output}"
     31    ${HTTP_CLI} --location --verbose --cacert authority/x509.pem "${URL}" \
     32                >"${output}"
    3833elif [ "$(basename ${HTTP_CLI})" = "wget" ]; then
    3934    ${HTTP_CLI} --ca-certificate=authority/x509.pem -O "${output}" "${URL}"
     
    4742grep "Current TLS session: (TLS" "${output}"
    4843
    49 backend_apache "${testdir}" "apache.conf" stop
     44stop_server
    5045trap - EXIT
  • test/test_ca.mk

    r8a264b0 rea9c699  
    22# Authors:
    33# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    4 # Thomas Klute <thomas2.klute@uni-dortmund.de>
     4# Fiona Klute <fiona.klute@gmx.de>
    55
    66# General rules to set up a miniature CA & server & client environment
     
    99%.template: $(srcdir)/%.template.in
    1010        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
     11        sed -i -e "s,__OCSP_URI__,$(OCSP_URI_TEMPLATE)," $@
     12        for i in $(patsubst [%],%,$(TEST_IP)); do \
     13                IP_ADDRS="$${IP_ADDRS}\nip_address = $${i}"; \
     14        done; \
     15        sed -i -e "s,__IP_ADDRESSES__,$${IP_ADDRS#\\n}," $@
    1116
    1217%.uid: $(srcdir)/%.uid.in
     
    1621        mkdir -p $(dir $@)
    1722        chmod 0700 $(dir $@)
    18         certtool --generate-privkey > $@
     23        certtool --outfile $@ --generate-privkey
    1924
    20 %/secring.gpg: %.uid %/secret.key
    21         rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg
    22         PEM2OPENPGP_EXPIRATION=86400 PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key | GNUPGHOME=$(dir $@) gpg --import
     25.PRECIOUS: %/secret.key
     26
     27%/secret.pgp.raw: %.uid %/secret.key
     28        PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$$(cat $<)" < $(dir $@)secret.key > $@
     29
     30%/secret.pgp: %/secret.pgp.raw pgpcrc
     31        (printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \
     32        base64 < $< && \
     33        printf -- '=' && \
     34        ./pgpcrc < $< | base64 && \
     35        printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > $@
     36
     37%/gpg.conf: %/secret.pgp
     38        rm -f $(dir $@)pubring.gpg $(dir $@)secring.gpg $(dir $@)trustdb.gpg $(dir $@)pubring.kbx $(dir $@)private-keys-v1.d/*.key
     39        GNUPGHOME=$(dir $@) gpg --import $<
    2340        printf "%s:6:\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=$(dir $@) gpg --import-ownertrust
    24 
    25 %/gpg.conf: %/secring.gpg
    2641        printf "default-key %s\n" "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
    2742
    28 %/secret.pgp: %/secring.gpg
    29         GNUPGHOME=$(dir $@) gpg --armor --batch --no-tty --yes --export-secret-key "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
    30 
    31 %/minimal.pgp: %/secring.gpg
    32         GNUPGHOME=$(dir $@) gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     43%/minimal.pgp: %/gpg.conf
     44        if test -r $@; then rm $@; fi
     45        GNUPGHOME=$(dir $@) gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    3346
    3447# Import and signing modify the shared keyring, which leads to race
    35 # conditions with parallel make. Locking avoids this problem.
    36 %/cert.pgp: %/minimal.pgp authority/gpg.conf
    37         GNUPGHOME=authority $(GPG_FLOCK) gpg --import $<
    38         GNUPGHOME=authority $(GPG_FLOCK) gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    39         GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
     48# conditions with parallel make. Locking avoids this problem. Building
     49# authority/minimal.pgp (instead of just authority/gpg.conf) before
     50# */cert.pgp avoids having to lock for all */minimal.pgp, too.
     51%/cert.pgp: %/minimal.pgp authority/minimal.pgp
     52        if test -r $@; then rm $@; fi
     53        GNUPGHOME=authority/ $(GPG_FLOCK) gpg --import $<
     54        GNUPGHOME=authority/ $(GPG_FLOCK) gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
     55        GNUPGHOME=authority/ $(GPG_FLOCK) gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    4056
    4157# special cases for the authorities' root certs:
    4258authority/x509.pem: authority.template authority/secret.key
    43         certtool --generate-self-signed --load-privkey authority/secret.key --template authority.template > $@
     59        certtool --outfile $@ --generate-self-signed --load-privkey authority/secret.key --template authority.template
    4460rogueca/x509.pem: $(srcdir)/rogueca.template rogueca/secret.key
    45         certtool --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template > $@
     61        certtool --outfile $@ --generate-self-signed --load-privkey rogueca/secret.key --template $(srcdir)/rogueca.template
    4662
    4763%/cert-request: %.template %/secret.key
    48         certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
     64        certtool --outfile $@ --generate-request --load-privkey $(dir $@)secret.key --template $<
    4965
    5066# normal case: certificates signed by test CA
    5167%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
    52         certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
     68        certtool --outfile $@ --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $<
    5369
    5470# error case: certificates signed by rogue CA
    5571rogue%/x509.pem: rogue%.template rogue%/cert-request rogueca/x509.pem
    56         certtool --generate-certificate --load-ca-certificate rogueca/x509.pem --load-ca-privkey rogueca/secret.key --load-request $(dir $@)cert-request --template $< > $@
     72        certtool --outfile $@ --generate-certificate --load-ca-certificate rogueca/x509.pem --load-ca-privkey rogueca/secret.key --load-request $(dir $@)cert-request --template $<
    5773
    58 %/softhsm.db: %/x509.pem %/secret.key
    59         SOFTHSM_CONF="$(srcdir)/$(*)-softhsm.conf" $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
     74%/softhsm.conf: %/secret.key
     75        echo "0:$(dir $@)softhsm.db" > $@
     76
     77%/softhsm.db: %/x509.pem %/secret.key %/softhsm.conf
     78        SOFTHSM="$(SOFTHSM)" \
     79        SOFTHSM_CONF="$(dir $@)softhsm.conf" \
     80        $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
     81
     82%/softhsm2.conf: %/secret.key
     83        echo "objectstore.backend = file" > $@
     84        echo "directories.tokendir = $(dir $@)softhsm2.db" >> $@
     85
     86%/softhsm2.db: %/x509.pem %/secret.key %/softhsm2.conf
     87        rm -rf $@
     88        mkdir -p $@
     89        SOFTHSM="$(SOFTHSM)" \
     90        SOFTHSM2_CONF="$(dir $@)softhsm2.conf" \
     91        $(srcdir)/softhsm.bash init $(dir $@)secret.key $(dir $@)x509.pem
    6092
    6193# Generate CRL revoking a certain certificate. Currently used to
     
    6597%/crl.pem: %/x509.pem ${srcdir}/%-crl.template
    6698        certtool --generate-crl \
     99                --outfile $@ \
    67100                --load-ca-privkey authority/secret.key \
    68101                --load-ca-certificate authority/x509.pem \
    69102                --load-certificate $< \
    70                 --template "${srcdir}/$(*)-crl.template" \
    71                 > $@
     103                --template "${srcdir}/$(*)-crl.template"
  • test/tests/00_basic/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55<VirtualHost _default_:${TEST_PORT}>
     
    88 GnuTLSCertificateFile server/x509.pem
    99 GnuTLSKeyFile server/secret.key
    10  GnuTLSPriorities NORMAL
    1110</VirtualHost>
  • test/tests/01_serverwide_priorities/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55GnuTLSPriorities NORMAL
  • test/tests/02_cache_in_vhost/apache.conf

    r8a264b0 rea9c699  
    33<VirtualHost _default_:${TEST_PORT}>
    44 # Cache configuration not allowed in here:
    5  GnuTLSCache dbm cache/gnutls_cache
     5 GnuTLSCache ${DEFAULT_CACHE}
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/03_cachetimeout_in_vhost/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
     2GnuTLSCache ${DEFAULT_CACHE}
    23
    34<VirtualHost _default_:${TEST_PORT}>
    4  # Cache configuration not allowed in here:
    55 GnuTLSCacheTimeout 200
    66 ServerName ${TEST_HOST}
  • test/tests/04_basic_nosni/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55<VirtualHost _default_:${TEST_PORT}>
  • test/tests/05_mismatched-priorities/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55<VirtualHost _default_:${TEST_PORT}>
  • test/tests/06_verify_sni_a/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
    4 
    5 NameVirtualHost _default_:${TEST_PORT}
     3GnuTLSCache ${DEFAULT_CACHE}
    64
    75<VirtualHost _default_:${TEST_PORT}>
  • test/tests/07_verify_sni_b/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
    4 
    5 NameVirtualHost _default_:${TEST_PORT}
     3GnuTLSCache ${DEFAULT_CACHE}
    64
    75# trying in a different order from 06_verify_sni_a
  • test/tests/08_verify_no_sni_fallback_to_first_vhost/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
    4 
    5 NameVirtualHost _default_:${TEST_PORT}
     3GnuTLSCache ${DEFAULT_CACHE}
    64
    75<VirtualHost _default_:${TEST_PORT}>
  • test/tests/09_verify_no_sni_fails_with_wrong_order/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
    4 
    5 NameVirtualHost _default_:${TEST_PORT}
     3GnuTLSCache ${DEFAULT_CACHE}
    64
    75# In this order, clients with no SNI should get the imposter's key
  • test/tests/10_basic_client_verification/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55<VirtualHost _default_:${TEST_PORT}>
  • test/tests/11_basic_client_verification_fail/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55<VirtualHost _default_:${TEST_PORT}>
  • test/tests/12_cgi_variables/apache.conf

    r8a264b0 rea9c699  
    22Include ${srcdir}/cgi_module.conf
    33
    4 GnuTLSCache dbm cache/gnutls_cache
     4GnuTLSCache ${DEFAULT_CACHE}
    55
    66<Directory ${srcdir}/data>
     
    1313 GnuTLSCertificateFile server/x509.pem
    1414 GnuTLSKeyFile server/secret.key
     15 GnuTLSDHFile ${srcdir}/ffdhe3072.pem
    1516 GnuTLSPriorities NORMAL
    1617 GnuTLSClientCAFile authority/x509.pem
  • test/tests/12_cgi_variables/output

    r8a264b0 rea9c699  
    88RFC822NAME:test0@modgnutls.test
    99
    10 DH prime bits: 2048
    1110- Peer has closed the GnuTLS connection
  • test/tests/13_cgi_variables_no_client_cert/apache.conf

    r8a264b0 rea9c699  
    22Include ${srcdir}/cgi_module.conf
    33
    4 GnuTLSCache dbm cache/gnutls_cache
     4GnuTLSCache ${DEFAULT_CACHE}
    55
    66<Directory ${srcdir}/data>
  • test/tests/13_cgi_variables_no_client_cert/output

    r8a264b0 rea9c699  
    1111
    1212
    13 DH prime bits:
    1413- Peer has closed the GnuTLS connection
  • test/tests/15_basic_msva/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55<VirtualHost _default_:${TEST_PORT}>
  • test/tests/16_view-status/apache.conf

    r8a264b0 rea9c699  
    77ExtendedStatus On
    88
    9 GnuTLSCache dbm cache/gnutls_cache
     9GnuTLSCache ${DEFAULT_CACHE}
    1010
    1111<VirtualHost _default_:${TEST_PORT}>
  • test/tests/16_view-status/gnutls-cli.args

    r8a264b0 rea9c699  
    11--x509cafile=authority/x509.pem
    2 --priority=NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA256:+RSA:+COMP-NULL:+SIGN-RSA-SHA256
     2--priority=NORMAL
  • test/tests/16_view-status/input

    r8a264b0 rea9c699  
    1 GET /status HTTP/1.0
     1GET /status?auto HTTP/1.0
    22Host: __HOSTNAME__
    33
  • test/tests/17_cgi_vars_large_cert/apache.conf

    r8a264b0 rea9c699  
    22Include ${srcdir}/cgi_module.conf
    33
    4 GnuTLSCache dbm cache/gnutls_cache
     4GnuTLSCache ${DEFAULT_CACHE}
    55
    66<Directory ${srcdir}/data>
     
    1313 GnuTLSCertificateFile server/x509.pem
    1414 GnuTLSKeyFile server/secret.key
     15 GnuTLSDHFile ${srcdir}/ffdhe3072.pem
    1516 GnuTLSPriorities NORMAL
    1617 GnuTLSClientCAFile authority/x509.pem
  • test/tests/17_cgi_vars_large_cert/output

    r8a264b0 rea9c699  
    88RFC822NAME:test0@modgnutls.test
    99
    10 DH prime bits: 2048
    1110- Peer has closed the GnuTLS connection
  • test/tests/18_client_verification_wrong_cert/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55<VirtualHost _default_:${TEST_PORT}>
  • test/tests/19_TLS_reverse_proxy/apache.conf

    r8a264b0 rea9c699  
    22Include ${srcdir}/proxy_mods.conf
    33
    4 GnuTLSCache dbm cache/gnutls_cache
     4GnuTLSCache ${DEFAULT_CACHE}
    55
    66<VirtualHost _default_:${TEST_PORT}>
     
    99 GnuTLSCertificateFile server/x509.pem
    1010 GnuTLSKeyFile server/secret.key
    11  GnuTLSPriorities NORMAL
    1211
    1312 GnuTLSProxyEngine      On
    1413 GnuTLSProxyCAFile      authority/x509.pem
    15  GnuTLSProxyPriorities  NORMAL
    1614 ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
    1715 ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
  • test/tests/19_TLS_reverse_proxy/backend.conf

    r8a264b0 rea9c699  
    1 Include ${srcdir}/base_apache.conf
    2 Include proxy_backend.conf
     1Include ${PWD}/proxy_backend.conf
    32
    4 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${BACKEND_CACHE}
    54
    65<VirtualHost _default_:${BACKEND_PORT}>
     
    98 GnuTLSCertificateFile server/x509.pem
    109 GnuTLSKeyFile server/secret.key
    11  GnuTLSPriorities NORMAL
    1210</VirtualHost>
  • test/tests/20_TLS_reverse_proxy_client_auth/apache.conf

    r8a264b0 rea9c699  
    22Include ${srcdir}/proxy_mods.conf
    33
    4 GnuTLSCache dbm cache/gnutls_cache
     4GnuTLSCache ${DEFAULT_CACHE}
    55
    66<VirtualHost _default_:${TEST_PORT}>
  • test/tests/20_TLS_reverse_proxy_client_auth/backend.conf

    r8a264b0 rea9c699  
    1 Include ${srcdir}/base_apache.conf
    2 Include proxy_backend.conf
     1Include ${PWD}/proxy_backend.conf
    32
    4 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${BACKEND_CACHE}
    54
    65<VirtualHost _default_:${BACKEND_PORT}>
  • test/tests/21_TLS_reverse_proxy_wrong_cert/apache.conf

    r8a264b0 rea9c699  
    22Include ${srcdir}/proxy_mods.conf
    33
    4 GnuTLSCache dbm cache/gnutls_cache
     4GnuTLSCache ${DEFAULT_CACHE}
    55
    66<VirtualHost _default_:${TEST_PORT}>
  • test/tests/21_TLS_reverse_proxy_wrong_cert/backend.conf

    r8a264b0 rea9c699  
    1 Include ${srcdir}/base_apache.conf
    2 Include proxy_backend.conf
     1Include ${PWD}/proxy_backend.conf
    32
    4 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${BACKEND_CACHE}
    54
    65<VirtualHost _default_:${BACKEND_PORT}>
  • test/tests/22_TLS_reverse_proxy_crl_revoke/apache.conf

    r8a264b0 rea9c699  
    22Include ${srcdir}/proxy_mods.conf
    33
    4 GnuTLSCache dbm cache/gnutls_cache
     4GnuTLSCache ${DEFAULT_CACHE}
    55
    66<VirtualHost _default_:${TEST_PORT}>
  • test/tests/22_TLS_reverse_proxy_crl_revoke/backend.conf

    r8a264b0 rea9c699  
    1 Include ${srcdir}/base_apache.conf
    2 Include proxy_backend.conf
     1Include ${PWD}/proxy_backend.conf
    32
    4 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${BACKEND_CACHE}
    54
    65<VirtualHost _default_:${BACKEND_PORT}>
  • test/tests/23_TLS_reverse_proxy_mismatched_priorities/apache.conf

    r8a264b0 rea9c699  
    22Include ${srcdir}/proxy_mods.conf
    33
    4 GnuTLSCache dbm cache/gnutls_cache
     4GnuTLSCache ${DEFAULT_CACHE}
    55
    66<VirtualHost _default_:${TEST_PORT}>
     
    1313 GnuTLSProxyEngine      On
    1414 GnuTLSProxyCAFile      authority/x509.pem
    15  GnuTLSProxyPriorities  NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2
     15 GnuTLSProxyPriorities  NORMAL:-CIPHER-ALL:+AES-256-GCM
    1616 ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
    1717 ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
  • test/tests/23_TLS_reverse_proxy_mismatched_priorities/backend.conf

    r8a264b0 rea9c699  
    1 Include ${srcdir}/base_apache.conf
    2 Include proxy_backend.conf
     1Include ${PWD}/proxy_backend.conf
    32
    4 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${BACKEND_CACHE}
    54
    65<VirtualHost _default_:${BACKEND_PORT}>
     
    98 GnuTLSCertificateFile server/x509.pem
    109 GnuTLSKeyFile server/secret.key
    11  GnuTLSPriorities NORMAL:-VERS-TLS1.2
     10 GnuTLSPriorities       NORMAL:-AES-256-GCM
    1211</VirtualHost>
  • test/tests/24_pkcs11_cert/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    5 GnuTLSP11Module /usr/lib/softhsm/libsofthsm.so
     5GnuTLSP11Module ${SOFTHSM_LIB}
    66
    77<VirtualHost _default_:${TEST_PORT}>
  • test/tests/25_Disable_TLS_1.0/apache.conf

    r8a264b0 rea9c699  
    11Include ${srcdir}/base_apache.conf
    22
    3 GnuTLSCache dbm cache/gnutls_cache
     3GnuTLSCache ${DEFAULT_CACHE}
    44
    55<VirtualHost _default_:${TEST_PORT}>
  • test/tests/25_Disable_TLS_1.0/gnutls-cli.args

    r8a264b0 rea9c699  
    11--x509cafile=authority/x509.pem
    2 --priority=NORMAL:-VERS-TLS1.2:-VERS-TLS1.1
     2--priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0
  • test/tests/26_redirect_HTTP_to_HTTPS/apache.conf

    r8a264b0 rea9c699  
    33
    44Include ${srcdir}/base_apache.conf
    5 GnuTLSCache dbm cache/gnutls_cache
     5GnuTLSCache ${DEFAULT_CACHE}
    66
    77# mod_status offers an easy way to check if we were actually
  • test/tests/Makefile.am

    r8a264b0 rea9c699  
    33        01_serverwide_priorities/apache.conf 01_serverwide_priorities/gnutls-cli.args 01_serverwide_priorities/input 01_serverwide_priorities/output \
    44        02_cache_in_vhost/apache.conf 02_cache_in_vhost/fail.server 02_cache_in_vhost/gnutls-cli.args 02_cache_in_vhost/input \
    5         03_cachetimeout_in_vhost/apache.conf 03_cachetimeout_in_vhost/fail.server 03_cachetimeout_in_vhost/gnutls-cli.args 03_cachetimeout_in_vhost/input \
     5        03_cachetimeout_in_vhost/apache.conf 03_cachetimeout_in_vhost/gnutls-cli.args 03_cachetimeout_in_vhost/input 03_cachetimeout_in_vhost/output \
    66        04_basic_nosni/apache.conf 04_basic_nosni/gnutls-cli.args 04_basic_nosni/input 04_basic_nosni/output \
    77        05_mismatched-priorities/apache.conf 05_mismatched-priorities/fail.client 05_mismatched-priorities/gnutls-cli.args 05_mismatched-priorities/input \
     
    1414        12_cgi_variables/apache.conf 12_cgi_variables/gnutls-cli.args 12_cgi_variables/input 12_cgi_variables/output \
    1515        13_cgi_variables_no_client_cert/apache.conf 13_cgi_variables_no_client_cert/gnutls-cli.args 13_cgi_variables_no_client_cert/input 13_cgi_variables_no_client_cert/output \
    16         14_basic_openpgp/apache.conf 14_basic_openpgp/gnutls-cli.args 14_basic_openpgp/input 14_basic_openpgp/output \
     16        14_resume_session/apache.conf 14_resume_session/gnutls-cli.args 14_resume_session/input 14_resume_session/output \
    1717        15_basic_msva/apache.conf 15_basic_msva/gnutls-cli.args 15_basic_msva/input 15_basic_msva/output \
    18         16_view-status/apache.conf 16_view-status/gnutls-cli.args 16_view-status/input 16_view-status/output \
     18        16_view-status/apache.conf 16_view-status/gnutls-cli.args 16_view-status/input \
    1919        17_cgi_vars_large_cert/apache.conf 17_cgi_vars_large_cert/gnutls-cli.args 17_cgi_vars_large_cert/input 17_cgi_vars_large_cert/output \
    2020        18_client_verification_wrong_cert/apache.conf 18_client_verification_wrong_cert/gnutls-cli.args 18_client_verification_wrong_cert/input 18_client_verification_wrong_cert/output \
     
    2626        24_pkcs11_cert/apache.conf 24_pkcs11_cert/gnutls-cli.args 24_pkcs11_cert/input 24_pkcs11_cert/output \
    2727        25_Disable_TLS_1.0/apache.conf 25_Disable_TLS_1.0/fail.client 25_Disable_TLS_1.0/gnutls-cli.args 25_Disable_TLS_1.0/input \
    28         26_redirect_HTTP_to_HTTPS/apache.conf
     28        26_redirect_HTTP_to_HTTPS/apache.conf \
     29        27_OCSP_server/apache.conf 27_OCSP_server/gnutls-cli.args 27_OCSP_server/input 27_OCSP_server/ocsp.conf 27_OCSP_server/output \
     30        28_HTTP2_support/apache.conf \
     31        29_force_handshake_vhost/apache.conf 29_force_handshake_vhost/gnutls-cli.args 29_force_handshake_vhost/input 29_force_handshake_vhost/output \
     32        30_ip_based_vhosts/apache.conf 30_ip_based_vhosts/gnutls-cli.args 30_ip_based_vhosts/input 30_ip_based_vhosts/output 31_vhost_SNI_serveralias_match \
     33        31_vhost_SNI_serveralias_match/gnutls-cli.args 31_vhost_SNI_serveralias_match/input 31_vhost_SNI_serveralias_match/apache.conf 31_vhost_SNI_serveralias_match/output \
     34        32_vhost_SNI_serveralias_mismatch/gnutls-cli.args 32_vhost_SNI_serveralias_mismatch/input 32_vhost_SNI_serveralias_mismatch/apache.conf 32_vhost_SNI_serveralias_mismatch/output \
     35        33_vhost_SNI_serveralias_missinghost/gnutls-cli.args 33_vhost_SNI_serveralias_missinghost/input 33_vhost_SNI_serveralias_missinghost/apache.conf 33_vhost_SNI_serveralias_missinghost/output \
     36        34_TLS_reverse_proxy_h2/apache.conf 34_TLS_reverse_proxy_h2/backend.conf 34_TLS_reverse_proxy_h2/gnutls-cli.args 34_TLS_reverse_proxy_h2/input 34_TLS_reverse_proxy_h2/output
Note: See TracChangeset for help on using the changeset viewer.