File: external.test

package info (click to toggle)
wolfssl 5.8.4-1
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 117,604 kB
  • sloc: ansic: 1,584,954; asm: 481,206; sh: 11,586; cs: 6,596; xml: 3,878; perl: 3,291; makefile: 2,058; ada: 1,891; javascript: 748; python: 636; cpp: 131; ruby: 118; objc: 80; tcl: 73
file content (63 lines) | stat: -rwxr-xr-x 2,116 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
#!/usr/bin/env bash

# external.test

SCRIPT_DIR="$(dirname "$0")"

server=www.wolfssl.com
ca=./certs/wolfssl-website-ca.pem

[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1

# www.wolfssl.com isn't using RFC 8446 yet but the draft instead.
if ! ./examples/client/client -V | grep -q 3; then
    echo 'skipping external.test because TLS1.2 is not available.' 1>&2
    exit 77
fi

# cloudflare seems to change CAs quickly, disabled by default
if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then
    echo "WOLFSSL_EXTERNAL_TEST not set, won't run"
    exit 77
fi
if test "$WOLFSSL_EXTERNAL_TEST" == "0"; then
    echo "WOLFSSL_EXTERNAL_TEST is defined to zero, won't run"
    exit 77
fi


BUILD_FLAGS="$(./examples/client/client '-#')"
if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
    echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
    exit 77
fi

if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
    echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
    exit 77
fi

echo "WOLFSSL_EXTERNAL_TEST set, running test..."

# is our desired server there?
"${SCRIPT_DIR}"/ping.test $server 2
RESULT=$?
[ $RESULT -ne 0 ] && exit 0

# client test against the server
./examples/client/client -X -C -h $server -p 443 -g -A $ca
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1

# test again, but using system CA certs to verify the server if support is enabled.
# We don't want to use --sys-ca-certs with static memory, as we don't know how
# much memory will be required to store an unbounded number of certs
BUILD_FLAGS="$(./examples/client/client '-#')"
if echo "$BUILD_FLAGS" | grep -q "WOLFSSL_SYS_CA_CERTS" && ! echo "$BUILD_FLAGS" | grep -q "WOLFSSL_STATIC_MEMORY"; then
    echo -e "\nConnecting using WOLFSSL_SYS_CA_CERTS..."
    ./examples/client/client -X -C -h $server -p 443 -g --sys-ca-certs
    RESULT=$?
    [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed when using WOLFSSL_SYS_CA_CERTS" && exit 1
fi

exit 0