1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
#!/bin/sh
#
# Copyright (C) 2016 Red Hat, Inc.
#
# This file is part of openconnect.
#
# This is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public License
# as published by the Free Software Foundation; either version 2.1 of
# the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
# This test uses LD_PRELOAD
PRELOAD=1
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
top_builddir=${top_builddir:-..}
. `dirname $0`/common.sh
echo "Testing certificate auth..."
launch_simple_sr_server -d 1 -f -c configs/test-user-pass.config
PID=$!
wait_server $PID
expect_cert_fail() {
SERVERCERT=$1
echo -n "Testing with cert fingerprint $SERVERCERT..."
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert $SERVERCERT --cookieonly >/dev/null 2>&1) &&
fail $PID "Accepted wrong fingerprint $SERVERCERT"
echo "ok (rejected)"
}
expect_cert_success() {
SERVERCERT=$1
echo -n "Testing with cert fingerprint $SERVERCERT..."
( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert $SERVERCERT --cookieonly >/dev/null 2>&1) ||
fail $PID "Rejected good fingerprint $SERVERCERT"
echo "ok (accepted)"
}
expect_cert_success e597837de5390ba6eaa0f9d656f035c8be6ec02b
expect_cert_success E597837DE5390BA6EAA0F9D656F035C8BE6EC02B
expect_cert_fail e597837de5390ba6eaa0f9d656f035c8be6ec02b4
expect_cert_fail E597837DE5390BA6EAA0F9D656F035C8BE6EC02B4
expect_cert_fail e597837de5390ba6eaa1f9d656f035c8be6ec02b
expect_cert_fail E597837DE5390BA6EAA1F9D656F035C8BE6EC02B
expect_cert_success e597837de5390ba6e
expect_cert_success E597837DE5390BA6E
expect_cert_fail e59
expect_cert_fail E59
expect_cert_success e597
expect_cert_success E597
expect_cert_success sha1:a82547f68f44d6351bef6cacd1d7b96e84f9dfa3
expect_cert_success sha1:A82547F68F44D6351BEF6CACD1D7B96E84F9DFA3
expect_cert_fail sha1:a82547f68f44d6351bef6cacd1d7b96e84f9dfa34
expect_cert_fail sha1:A82547F68F44D6351BEF6CACD1D7B96E84F9DFA34
expect_cert_fail sha1:a82547f68f44d6352bef6cacd1d7b96e84f9dfa3
expect_cert_fail sha1:A82547F68F44D6352BEF6CACD1D7B96E84F9DFA3
expect_cert_success sha1:a82547f68f44d635
expect_cert_success sha1:A82547F68F44D635
expect_cert_fail sha1:a82
expect_cert_fail sha1:A82
expect_cert_success sha1:a825
expect_cert_success sha1:A825
expect_cert_success sha256:c69dec71fcf2deb390b2ff4d70ebdeffc61556ffa91ebe2a3425c45eb365e6cf
expect_cert_success sha256:C69DEC71FCF2DEB390B2FF4D70EBDEFFC61556FFA91EBE2A3425C45EB365E6CF
expect_cert_fail sha256:c69dec71fcf2deb390b2ff4d70ebdeffc61556ffa91ebe2a3425c45eb365e6cf3
expect_cert_fail sha256:C69DEC71FCF2DEB390B2FF4D70EBDEFFC61556FFA91EBE2A3425C45EB365E6CF3
expect_cert_fail sha256:c69dec71fcf2deb390b2fe4d70ebdeffc61556ffa91ebe2a3425c45eb365e6cf
expect_cert_fail sha256:C69DEC71FCF2DEB390B2FE4D70EBDEFFC61556FFA91EBE2A3425C45EB365E6CF
expect_cert_success sha256:c69dec71fcf2deb390b2f
expect_cert_success sha256:C69DEC71FCF2DEB390B2F
expect_cert_fail sha256:c69
expect_cert_fail sha256:C69
expect_cert_success sha256:c69D
expect_cert_success sha256:C69d
# pin-sha256: is case sensitive.
expect_cert_success pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
expect_cert_fail pin-sha256:xp3scfzy3rOQsv9NcOvE/8YVVv+pHr4qNCXEXrNl5s8=
expect_cert_fail pin-sha256:XP3SCFZY3ROQSV9NCOVE/8YVVV+PHR4QNCXEXRNL5S8=
expect_cert_success pin-sha256:xp3scfzy3rOQsv9NcO
expect_cert_fail pin-sha256:xp3scfzy3rOQsv9NCO
expect_cert_fail pin-sha256:xp3
expect_cert_fail pin-sha256:xp3
expect_cert_success pin-sha256:xp3s
expect_cert_fail pin-sha256:xP3s
cleanup
exit 0
|
