From 70c7373f81452c3b1f0bbd4b3c15636c1271ba90 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Sep 2019 09:03:53 +0100 Subject: [PATCH] compat.sh: Introduce env variable for CRTs, CAs and keys This commit introduces environment variables - SRV_ECDSA_CRT - SRV_ECDSA_KEY - CLI_ECDSA_CRT - CLI_ECDSA_KEY - SRV_RSA_CRT - SRV_RSA_KEY - CLI_RSA_CRT - CLI_RSA_KEY - CA_FILE to tests/compat.sh which hold the path of the CA, client and server certificate and key files to use by the script. This is a preparatory step towards switching to a different set of certificates and keys in case the configuration doesn't match the certificates in use so far (e.g.: the ECDSA certificates use Secp384r1, so if that's disabled, ECDSA tests will fail). --- tests/compat.sh | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 54bc0b7d1..52448604a 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -32,6 +32,16 @@ SRVMEM=0 : ${GNUTLS_CLI:=gnutls-cli} : ${GNUTLS_SERV:=gnutls-serv} +: ${SRV_ECDSA_CRT:="data_files/server5.crt"} +: ${SRV_ECDSA_KEY:="data_files/server5.key"} +: ${CLI_ECDSA_CRT:="data_files/server6.crt"} +: ${CLI_ECDSA_KEY:="data_files/server6.key"} +: ${SRV_RSA_CRT:="data_files/server2.crt"} +: ${SRV_RSA_KEY:="data_files/server2.key"} +: ${CLI_RSA_CRT:="data_files/server1.crt"} +: ${CLI_RSA_KEY:="data_files/server1.key"} +: ${CA_FILE:="data_files/test-ca_cat12.crt"} + # do we have a recent enough GnuTLS? if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then G_VER="$( $GNUTLS_CLI --version | head -n1 )" @@ -912,13 +922,13 @@ setup_arguments() if [ "X$VERIFY" = "XYES" ]; then - M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" - O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10" - G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert" + M_SERVER_ARGS="$M_SERVER_ARGS ca_file=$CA_FILE auth_mode=required" + O_SERVER_ARGS="$O_SERVER_ARGS -CAfile $CA_FILE -Verify 10" + G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile $CA_FILE --require-client-cert" - M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" - O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt" + M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=$CA_FILE auth_mode=required" + O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile $CA_FILE -verify 10" + G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile $CA_FILE" else # don't request a client cert at all M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none" @@ -931,28 +941,28 @@ setup_arguments() case $TYPE in "ECDSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" + M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$SRV_ECDSA_CRT key_file=$SRV_ECDSA_KEY" + O_SERVER_ARGS="$O_SERVER_ARGS -cert $SRV_ECDSA_CRT -key $SRV_ECDSA_KEY" + G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $SRV_ECDSA_CRT --x509keyfile $SRV_ECDSA_KEY" if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$CLI_ECDSA_CRT key_file=$CLI_ECDSA_KEY" + O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $CLI_ECDSA_CRT -key $CLI_ECDSA_KEY" + G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $CLI_ECDSA_CRT --x509keyfile $CLI_ECDSA_KEY" else M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi ;; "RSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS crt_file=$SRV_RSA_CRT key_file=$SRV_RSA_KEY" + O_SERVER_ARGS="$O_SERVER_ARGS -cert $SRV_RSA_CRT -key $SRV_RSA_KEY" + G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile $SRV_RSA_CRT --x509keyfile $SRV_RSA_KEY" if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=$CLI_RSA_CRT key_file=$CLI_RSA_KEY" + O_CLIENT_ARGS="$O_CLIENT_ARGS -cert $CLI_RSA_CRT -key $CLI_RSA_KEY" + G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile $CLI_RSA_CRT --x509keyfile $CLI_RSA_KEY" else M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi