mbedtls/tests/compat.sh

killall -q openssl ssl_server

openssl s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL &
PROCESS_ID=$!

sleep 1

CIPHERS="                               \
    SSL-EDH-RSA-AES-128-SHA             \
    SSL-EDH-RSA-AES-256-SHA             \
    SSL-EDH-RSA-CAMELLIA-128-SHA        \
    SSL-EDH-RSA-CAMELLIA-256-SHA        \
    SSL-EDH-RSA-DES-168-SHA             \
    SSL-RSA-AES-256-SHA                 \
    SSL-RSA-CAMELLIA-256-SHA            \
    SSL-RSA-AES-128-SHA                 \
    SSL-RSA-CAMELLIA-128-SHA            \
    SSL-RSA-DES-168-SHA                 \
    SSL-RSA-RC4-128-SHA                 \
    SSL-RSA-RC4-128-MD5                 \
    SSL-RSA-NULL-MD5                    \
    SSL-RSA-NULL-SHA                    \
    SSL-RSA-DES-SHA                     \
    SSL-EDH-RSA-DES-SHA                 \
    "

#    Not supported by OpenSSL: SSL-RSA-NULL-SHA256
for i in $CIPHERS;
do
    RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
    EXIT=$?
    echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "
    if [ "$EXIT" = "2" ];
    then
        echo Ciphersuite not supported in client
    elif [ "$EXIT" != "0" ];
    then
        echo Failed
        echo $RESULT
    else
        echo Success
    fi
done
kill $PROCESS_ID

../programs/ssl/ssl_server > /dev/null &
PROCESS_ID=$!

sleep 1

CIPHERS="                           \
    DHE-RSA-AES128-SHA              \
    DHE-RSA-AES256-SHA              \
    DHE-RSA-CAMELLIA128-SHA         \
    DHE-RSA-CAMELLIA256-SHA         \
    EDH-RSA-DES-CBC3-SHA            \
    AES256-SHA                      \
    CAMELLIA256-SHA                 \
    AES128-SHA                      \
    CAMELLIA128-SHA                 \
    DES-CBC3-SHA                    \
    RC4-SHA                         \
    RC4-MD5                         \
    NULL-MD5                        \
    NULL-SHA                        \
    DES-CBC-SHA                     \
    EDH-RSA-DES-CBC-SHA             \
    "

#    Not supported by OpenSSL: NULL-SHA256
for i in $CIPHERS;
do
    RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | openssl s_client -cipher $i 2>&1)"
    EXIT=$?
    echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "

    if [ "$EXIT" != "0" ];
    then
        SUPPORTED="$( echo $RESULT | grep 'Cipher is (NONE)' )"
        if [ "X$SUPPORTED" != "X" ]
        then
            echo "Ciphersuite not supported in server"
        else
            echo Failed
            echo $RESULT
        fi
    else
        echo Success
    fi
done

kill $PROCESS_ID

../programs/ssl/ssl_server > /dev/null &
PROCESS_ID=$!

sleep 1

CIPHERS="                               \
    SSL-RSA-RC4-128-SHA                 \
    SSL-RSA-NULL-MD5                    \
    SSL-EDH-RSA-AES-128-SHA             \
    SSL-EDH-RSA-AES-256-SHA             \
    SSL-EDH-RSA-CAMELLIA-128-SHA        \
    SSL-EDH-RSA-CAMELLIA-256-SHA        \
    SSL-EDH-RSA-DES-168-SHA             \
    SSL-RSA-NULL-SHA                    \
    SSL-RSA-AES-256-SHA                 \
    SSL-RSA-CAMELLIA-256-SHA            \
    SSL-RSA-AES-128-SHA                 \
    SSL-RSA-CAMELLIA-128-SHA            \
    SSL-RSA-DES-168-SHA                 \
    SSL-RSA-RC4-128-MD5                 \
    SSL-RSA-DES-SHA                     \
    SSL-EDH-RSA-DES-SHA                 \
    SSL-RSA-NULL-SHA256                 \
    "

for i in $CIPHERS;
do
    RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"
    EXIT=$?
    echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "
    if [ "$EXIT" = "2" ];
    then
        echo Ciphersuite not supported in client
    elif [ "$EXIT" != "0" ];
    then
        echo Failed
        echo $RESULT
    else
        echo Success
    fi
done
kill $PROCESS_ID
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00			`killall -q openssl ssl_server`

			`openssl s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL &`
			`PROCESS_ID=$!`

			`sleep 1`

			`CIPHERS=" \`
			`SSL-EDH-RSA-AES-128-SHA \`
			`SSL-EDH-RSA-AES-256-SHA \`
			`SSL-EDH-RSA-CAMELLIA-128-SHA \`
			`SSL-EDH-RSA-CAMELLIA-256-SHA \`
			`SSL-EDH-RSA-DES-168-SHA \`
			`SSL-RSA-AES-256-SHA \`
			`SSL-RSA-CAMELLIA-256-SHA \`
			`SSL-RSA-AES-128-SHA \`
			`SSL-RSA-CAMELLIA-128-SHA \`
			`SSL-RSA-DES-168-SHA \`
			`SSL-RSA-RC4-128-SHA \`
			`SSL-RSA-RC4-128-MD5 \`
			`SSL-RSA-NULL-MD5 \`
			`SSL-RSA-NULL-SHA \`
			`SSL-RSA-DES-SHA \`
			`SSL-EDH-RSA-DES-SHA \`
			`"`

			`# Not supported by OpenSSL: SSL-RSA-NULL-SHA256`
			`for i in $CIPHERS;`
			`do`
			`RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"`
			`EXIT=$?`
			`echo -n "OpenSSL Server - PolarSSL Client - $i : $EXIT - "`
			`if [ "$EXIT" = "2" ];`
			`then`
			`echo Ciphersuite not supported in client`
			`elif [ "$EXIT" != "0" ];`
			`then`
			`echo Failed`
			`echo $RESULT`
			`else`
			`echo Success`
			`fi`
			`done`
			`kill $PROCESS_ID`

			`../programs/ssl/ssl_server > /dev/null &`
			`PROCESS_ID=$!`

			`sleep 1`

			`CIPHERS=" \`
			`DHE-RSA-AES128-SHA \`
			`DHE-RSA-AES256-SHA \`
			`DHE-RSA-CAMELLIA128-SHA \`
			`DHE-RSA-CAMELLIA256-SHA \`
			`EDH-RSA-DES-CBC3-SHA \`
			`AES256-SHA \`
			`CAMELLIA256-SHA \`
			`AES128-SHA \`
			`CAMELLIA128-SHA \`
			`DES-CBC3-SHA \`
			`RC4-SHA \`
			`RC4-MD5 \`
			`NULL-MD5 \`
			`NULL-SHA \`
			`DES-CBC-SHA \`
			`EDH-RSA-DES-CBC-SHA \`
			`"`

			`# Not supported by OpenSSL: NULL-SHA256`
			`for i in $CIPHERS;`
			`do`
			`RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) \| openssl s_client -cipher $i 2>&1)"`
			`EXIT=$?`
			`echo -n "PolarSSL Server - OpenSSL Client - $i : $EXIT - "`

			`if [ "$EXIT" != "0" ];`
			`then`
			`SUPPORTED="$( echo $RESULT \| grep 'Cipher is (NONE)' )"`
			`if [ "X$SUPPORTED" != "X" ]`
			`then`
			`echo "Ciphersuite not supported in server"`
			`else`
			`echo Failed`
			`echo $RESULT`
			`fi`
			`else`
			`echo Success`
			`fi`
			`done`

			`kill $PROCESS_ID`

			`../programs/ssl/ssl_server > /dev/null &`
			`PROCESS_ID=$!`

			`sleep 1`

			`CIPHERS=" \`
			`SSL-RSA-RC4-128-SHA \`
			`SSL-RSA-NULL-MD5 \`
			`SSL-EDH-RSA-AES-128-SHA \`
			`SSL-EDH-RSA-AES-256-SHA \`
			`SSL-EDH-RSA-CAMELLIA-128-SHA \`
			`SSL-EDH-RSA-CAMELLIA-256-SHA \`
			`SSL-EDH-RSA-DES-168-SHA \`
			`SSL-RSA-NULL-SHA \`
			`SSL-RSA-AES-256-SHA \`
			`SSL-RSA-CAMELLIA-256-SHA \`
			`SSL-RSA-AES-128-SHA \`
			`SSL-RSA-CAMELLIA-128-SHA \`
			`SSL-RSA-DES-168-SHA \`
			`SSL-RSA-RC4-128-MD5 \`
			`SSL-RSA-DES-SHA \`
			`SSL-EDH-RSA-DES-SHA \`
			`SSL-RSA-NULL-SHA256 \`
			`"`

			`for i in $CIPHERS;`
			`do`
			`RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i )"`
			`EXIT=$?`
			`echo -n "PolarSSL Server - PolarSSL Client - $i : $EXIT - "`
			`if [ "$EXIT" = "2" ];`
			`then`
			`echo Ciphersuite not supported in client`
			`elif [ "$EXIT" != "0" ];`
			`then`
			`echo Failed`
			`echo $RESULT`
			`else`
			`echo Success`
			`fi`
			`done`
			`kill $PROCESS_ID`