2 lappend auto_path [file dirname [info script]]
4 package require ossltest
7 puts stderr "Usage $argv0 cipher-list-file"
19 get_hosts [lindex $argv 0]
21 start_tests "TLS-соединение от клиента [lindex $argv 0]"
23 set CAhost lynx.lan.cryptocom.ru
24 set CAprefix /cgi-bin/autoca
27 foreach alg [array names hosts] {
28 set alg2 [regsub {(gost\d+)cp} $alg {\1}]
29 set alg_fn [string map {":" "_"} $alg2]
30 set alg_ca [regexp -inline {^[^:]+} $alg]
32 if {[string match gost2001* $alg]} {
33 set alg_cli_list "gost2001_A gost2001_XA"
34 } elseif {[string match gost2012* $alg]} {
35 set alg_cli_list "gost2001_A gost2012_256_A gost2012_256_XA gost2012_512_A gost2012_512_B"
37 set alg_cli_list $alg_ca
41 test -skip {[file exist ca_$alg_ca.pem]} "Получить сертификат $alg_ca CA" {
42 getCAcert $CAhost $CAprefix $alg_ca
45 test -skip {[file exist srv_$alg_fn/cert.pem]} "Получить сертификат $alg для сервера" {
46 getCAAlgParams $CAhost $CAprefix $alg_ca
47 if {![makeUser srv_$alg_fn $alg2 CN [info hostname]]} {
48 error "Request generation failed"
50 registerUserAtCA srv_$alg_fn $CAhost $CAprefix $alg_ca
51 file exists srv_$alg_fn/cert.pem
54 if {[array exists suites]} {array unset suites}
55 array set suites $hosts($alg)
56 foreach suite [array names suites] {
57 if {![regexp {(.+):(.+)} $suite => proto cs]} {
61 if {[info exists suite_map($cs)]} {
62 set mycs $suite_map($cs)
66 set host [lindex [split $suites($suite) :] 0]
67 set host_short [lindex [split $host .] 0]
68 # We assume that CA certificates are already copied into Apache
70 set ca_file "/etc/apache/ssl.crt/${alg_ca}-root.crt"
72 test "Корректный хэндшейк $suite" {
74 set list [client_server [list -connect [info hostname]:4433 \
75 -CAfile $ca_file -state -cipher $cs] \
76 [concat [list -www -cert srv_$alg_fn/cert.pem \
77 -key srv_$alg_fn/seckey.pem -cipher $mycs] $protos($proto)] {}]
78 set cln_exit_code [lindex $list 2]
79 set srv_error [string match "*error*" [lindex $list 4]]
80 if {[regexp -lineanchor \
81 {^\s*Protocol\s*:\s*(\S*)\s*$.*^\s*Cipher\s*:\s*(\S*)\s*$} \
82 [lindex $list 0] -> result_proto result_cipher]} {
83 if {$proto == "default"} {set result_proto "default"}
84 list $cln_exit_code $srv_error $result_proto $result_cipher
88 } 0 [list 0 0 $proto $cs]
91 test "Сервер требует сертификат, сертификата нет $suite" {
93 set list [client_server [list -connect [info hostname]:4433 \
94 -CAfile $ca_file -state -cipher $cs] \
95 [concat [list -www -cert srv_$alg_fn/cert.pem \
96 -key srv_$alg_fn/seckey.pem -cipher $mycs -Verify 3 \
97 -verify_return_error] $protos($proto)] {}]
98 string match "*error*" [lindex $list 4]
102 test "Некорректный клиентский сертфиикат $suite" {
104 set list [client_server [list -connect [info hostname]:4433 \
105 -cert /home/build/client-$alg_ca/cert.pem \
106 -key /home/build/client-$alg_ca/seckey.pem \
107 -CAfile $ca_file -state -cipher $cs] \
108 [concat [list -www -cert srv_$alg_fn/cert.pem \
109 -key srv_$alg_fn/seckey.pem -cipher $mycs -Verify 3 \
110 -verify_return_error] $protos($proto)] {}]
111 string match "*error*" [lindex $list 4]
116 foreach alg_cli $alg_cli_list {
118 test "Клиентский сертификат $alg_cli $suite" {
120 set list [client_server [list -connect [info hostname]:4433 \
121 -cert /home/build/client-$alg_cli/cert.pem \
122 -key /home/build/client-$alg_cli/seckey.pem \
123 -CAfile $ca_file -state -cipher $cs] \
124 [concat [list -www -cert srv_$alg_fn/cert.pem \
125 -key srv_$alg_fn/seckey.pem -CAfile ca_$alg_ca.pem \
126 -cipher $mycs -Verify 3 -verify_return_error] \
128 set cln_exit_code [lindex $list 2]
129 set srv_error [string match "*error*" [lindex $list 4]]
130 if {[regexp -lineanchor \
131 {^\s*Protocol\s*:\s*(\S*)\s*$.*^\s*Cipher\s*:\s*(\S*)\s*$} \
132 [lindex $list 0] -> result_proto result_cipher]} {
133 if {$proto == "default"} {set result_proto "default"}
134 list $cln_exit_code $srv_error $result_proto $result_cipher
138 } 0 [list 0 0 $proto $cs]
projects / openssl-gost / engine.git / blob