You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2309 lines
140 KiB
2309 lines
140 KiB
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
|
index d965eae..ecc417c 100644
|
|
--- a/tests/Makefile.am
|
|
+++ b/tests/Makefile.am
|
|
@@ -44,7 +44,8 @@ EXTRA_DIST = certs/ca-key.pem certs/ca.pem ns.sh common.sh certs/server-cert.pem
|
|
data/disconnect-user2.config data/ping-leases.config data/haproxy-proxyproto.config \
|
|
data/haproxy-proxyproto.cfg scripts/proxy-connectscript data/haproxy-proxyproto-v1.config \
|
|
data/haproxy-proxyproto-v1.cfg scripts/proxy-connectscript-v1 data/test-multiple-client-ip.config \
|
|
- data/test-client-bypass-protocol.config asan.supp
|
|
+ data/test-client-bypass-protocol.config asan.supp certs/ca.tmpl certs/server-cert.tmpl \
|
|
+ certs/user-cert.tmpl
|
|
|
|
xfail_scripts =
|
|
dist_check_SCRIPTS = ocpasswd-test
|
|
@@ -176,6 +177,25 @@ gen_oidc_test_data_CPPFLAGS = $(AM_CPPFLAGS)
|
|
gen_oidc_test_data_SOURCES = generate_oidc_test_data.c
|
|
gen_oidc_test_data_LDADD = $(LDADD) $(CJOSE_LIBS) $(JANSSON_LIBS)
|
|
|
|
+certs/ca.pem: certs/ca-key.pem certs/ca.tmpl
|
|
+ certtool --generate-self-signed --template certs/ca.tmpl --load-privkey certs/ca-key.pem --outfile certs/ca.pem
|
|
+
|
|
+certs/server-cert-ca.pem: certs/ca.pem certs/server-cert.pem
|
|
+ cat certs/server-cert.pem certs/ca.pem > certs/server-cert-ca.pem
|
|
+
|
|
+certs/server-cert.pem: certs/server-cert.tmpl certs/ca.pem certs/server-key.pem certs/ca-key.pem
|
|
+ certtool --generate-certificate --template certs/server-cert.tmpl --load-privkey certs/server-key.pem --load-ca-certificate certs/ca.pem --load-ca-privkey certs/ca-key.pem --outfile certs/server-cert.pem
|
|
+
|
|
+certs/user-cert.pem: certs/user-cert.tmpl certs/ca.pem certs/user-key.pem certs/ca-key.pem
|
|
+ certtool --generate-certificate --template certs/user-cert.tmpl --load-privkey certs/user-key.pem --load-ca-certificate certs/ca.pem --load-ca-privkey certs/ca-key.pem --outfile certs/user-cert.pem
|
|
+
|
|
+# make the user certificate invalid by signing it with another CA
|
|
+certs/user-cert-invalid.pem: certs/user-cert.tmpl
|
|
+ certtool --generate-privkey --outfile ca-key.tmp
|
|
+ certtool --generate-self-signed --template certs/ca.tmpl --load-privkey ca-key.tmp --outfile ca.tmp
|
|
+ certtool --generate-certificate --template certs/user-cert.tmpl --load-privkey certs/user-key.pem --load-ca-certificate ca.tmp --load-ca-privkey ca-key.tmp --outfile certs/user-cert-invalid.pem
|
|
+ rm -f ca-key.tmp ca.tmp
|
|
+
|
|
if ENABLE_OIDC_AUTH_TESTS
|
|
check_PROGRAMS += gen_oidc_test_data
|
|
dist_check_SCRIPTS += test-oidc
|
|
diff --git a/tests/apple-ios b/tests/apple-ios
|
|
index 897d823..45b0cd3 100755
|
|
--- a/tests/apple-ios
|
|
+++ b/tests/apple-ios
|
|
@@ -54,11 +54,11 @@ wait_server $PID
|
|
sleep 2
|
|
|
|
echo " * Connecting to obtain cookie... "
|
|
-( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null ) ||
|
|
+( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo " * Re-connect to force script run with platform... "
|
|
-echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
|
+echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
|
|
|
sleep 5
|
|
|
|
@@ -87,7 +87,7 @@ fi
|
|
rm -f ${TMPFILE}
|
|
|
|
echo " * Re-connecting to force script run with user agent... "
|
|
-echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose --useragent="Cisco AnyConnect VPN Agent for Apple" localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
|
+echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT --verbose --useragent="Cisco AnyConnect VPN Agent for Apple" localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
|
|
|
sleep 5
|
|
|
|
@@ -114,7 +114,7 @@ fi
|
|
sleep 5
|
|
echo " - Check server status"
|
|
|
|
-( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "!@#$%^&*()<>" | $OPENCONNECT localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo " - Killing server"
|
|
diff --git a/tests/banner b/tests/banner
|
|
index 44954e2..08f8f19 100755
|
|
--- a/tests/banner
|
|
+++ b/tests/banner
|
|
@@ -50,7 +50,7 @@ wait_server $PID
|
|
sleep 3
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >${TMPFILE} 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >${TMPFILE} 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
grep "${BANNER}" ${TMPFILE} >/dev/null
|
|
@@ -61,7 +61,7 @@ if test $? != 0;then
|
|
fi
|
|
|
|
echo "Connecting to obtain cookie with wrong password... "
|
|
-( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >${TMPFILE} 2>&1 ) &&
|
|
+( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >${TMPFILE} 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
grep "${BANNER}" ${TMPFILE} >/dev/null
|
|
diff --git a/tests/certs/ca-key.pem b/tests/certs/ca-key.pem
|
|
index 9bd0754..ee5599c 100644
|
|
--- a/tests/certs/ca-key.pem
|
|
+++ b/tests/certs/ca-key.pem
|
|
@@ -31,25 +31,3 @@ y1hvTfWRAoGZALNT3AbF9EDnJmZlS30MWtBggw83UhszC8XN2tY30AsvsDOS6a0F
|
|
UVhyNvBTKo6lPqXqUsVxp16TKeeQKF+DuYuuNZN3pXXsHTiHkRMDCRVEqz7UnZEc
|
|
/Bq/Kh2aOkelkX2S27QzTZGL
|
|
-----END RSA PRIVATE KEY-----
|
|
------BEGIN CERTIFICATE-----
|
|
-MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H
|
|
-bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x
|
|
-LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC
|
|
-AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D
|
|
-hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh
|
|
-ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq
|
|
-58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB
|
|
-VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03
|
|
-U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L
|
|
-xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC
|
|
-AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT
|
|
-BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2
|
|
-B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T
|
|
-AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH
|
|
-gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3
|
|
-LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE
|
|
-/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD
|
|
-5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h
|
|
-h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc
|
|
-w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg==
|
|
------END CERTIFICATE-----
|
|
diff --git a/tests/certs/ca.pem b/tests/certs/ca.pem
|
|
index c4058ee..02f0b76 100644
|
|
--- a/tests/certs/ca.pem
|
|
+++ b/tests/certs/ca.pem
|
|
@@ -1,20 +1,20 @@
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
-QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD
|
|
-EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw
|
|
-fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ
|
|
-l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW
|
|
-DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh
|
|
-zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt
|
|
-c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b
|
|
-7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep
|
|
-n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
|
|
-MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC
|
|
-ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT
|
|
-z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP
|
|
-g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX
|
|
-ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk
|
|
-x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH
|
|
-yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg
|
|
-fJbi9Ui2FmXEeKkX34f1ONNj9Q==
|
|
+MIIDPDCCAfSgAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
+QTAgFw0xMzAyMTMxNTMyMTJaGA85OTk5MTIzMTIzNTk1OVowDTELMAkGA1UEAxMC
|
|
+Q0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7KsH70
|
|
+2LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8WyZdV
|
|
+NRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITclg6y
|
|
+bBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7oc0l
|
|
+YpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLyrXPl
|
|
+GQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+G+3r
|
|
+o22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjehKZ+A
|
|
+eap1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0G
|
|
+A1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOCATEA
|
|
+foqPGdiyJYHih4J5YHwFPQxmkOzPHSa13K/q8sDvobE+HFTzrlTbAFC8bS38Bv2f
|
|
+9ZrPME4JvnsGdRGYwxS3LUmNdHHWR8LkvGXBE3u/TZsJfPtOR8JwdulQXpRw7hhL
|
|
+ew/mR5IEHZrUZgnnI4dg1kJhE1JPTvmtgqcE1CsikVQ14NvG/ehJbJyPgKTq/Zxm
|
|
+Ru4B5N+Jef/LaOqZvK4xK8x2ZaZ/L/ANou+7EY4DoWAkOEEoCU8DQHLAFgf6B7La
|
|
+oemLQGNHcBpba81jlS5EXXGJccOvfbw0MJTP3ZvyVIlEYu/X4roC7EJP/UkCZUJG
|
|
+f79Nc28q2/2D8tuFOqG7UbP7r2cWSa8OO3cI/V1W1k3iWZ63WltqDwFC0c8iqYFL
|
|
+9xKfQ96Q7wrYOCjmuaCLbw==
|
|
-----END CERTIFICATE-----
|
|
diff --git a/tests/certs/ca.tmpl b/tests/certs/ca.tmpl
|
|
new file mode 100644
|
|
index 0000000..da5cc3f
|
|
--- /dev/null
|
|
+++ b/tests/certs/ca.tmpl
|
|
@@ -0,0 +1,6 @@
|
|
+cn = CA
|
|
+ca
|
|
+cert_signing_key
|
|
+expiration_days = -1
|
|
+activation_date = "2013-02-13 16:32:12"
|
|
+serial = 0x51d82ecc
|
|
diff --git a/tests/certs/server-cert-ca.pem b/tests/certs/server-cert-ca.pem
|
|
index 818101a..8ffaad3 100644
|
|
--- a/tests/certs/server-cert-ca.pem
|
|
+++ b/tests/certs/server-cert-ca.pem
|
|
@@ -1,42 +1,42 @@
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
-QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD
|
|
-Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs
|
|
-PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8
|
|
-u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd
|
|
-YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ
|
|
-IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759
|
|
-KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5
|
|
-7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU
|
|
-yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL
|
|
-gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg
|
|
-ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0
|
|
-UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s
|
|
-9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9
|
|
-GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C
|
|
-zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/
|
|
-eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF
|
|
-FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j
|
|
-LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM
|
|
-zzJKdNg=
|
|
+MIIDjjCCAkagAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
+QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJ
|
|
+bG9jYWxob3N0MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEApzor7D8U
|
|
+sCwZ9vFukB2/jqn26XCECYfzUPNfw5RQ+ixk1leAWOGW/O7QvQQVfl9/pTP4/LuR
|
|
+7zd5w1rb+BntA68i1uk3LOhTwreLKxHwpIeZeeC6zJlm4RYJFZTeX06qGNJZ3WCc
|
|
+dl/FlpXUY3i/vBO5xVHBUrVq4IvQM4DBa47C+Kapfe2AGUV3DKEF1Y20Zs1S2SFb
|
|
+pkMu3PrZexKs/Jcf8Uv+RcfbSEbp6jUuYxFLPDZ+ROhb62gHMvniNIF0xpO+fSjT
|
|
+2IrEqgLhQJprf1w0077zqOnaQLHl6rUdvy42SVjpV3Ymf8ox4OfkSkOXbd3ZOe5Q
|
|
+CFhEfXoCDqP/hgJMnpNGSeRllOlcU7BXCJeqMt0uxLQdDQiDO4b4ct9kKyeWVMjZ
|
|
+3E0n+qjFaHnYHQIDAQABo4GMMIGJMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ
|
|
+bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAd
|
|
+BgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0UwqJ
|
|
+MThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAGQoUMiZVg6+Ibj8kyfq
|
|
+l/vfu4QxlUlqAbm/b9PVdOLrhz+T986HMFhL0b2HUGg5Mb0NZcgHjH4VLkei4AIb
|
|
+g/1nGdJ2I6EcLiQOvO4h2F3CoU6HkEGVEUXFaBd19tSDm7aM+2h7oPb3Vs3YT9QE
|
|
+x7ejmVeA+Qr9+H9xHyModpA1PkKRW31TOYtjUXHdHObT1uar++C1JLHn49ooKDZM
|
|
+5p9a4ExQVYd6WMRXKC83py1V4Ne5kBxC/l+3QkVZnMwByChySP7SEMa9yGv4KFM9
|
|
+FT7XvxQsrkqPi5bCllUyGDrVeyTpyPDrb4BKgAu/Cy4tyDxLzBTZ5TXDH7E1IBps
|
|
+g1k5llFIyGdO5vQrX8vF61tqK5DBhgVvwu0k/m2lP9esLfaF7I5oGAbUKGhRr8mE
|
|
+xs8=
|
|
-----END CERTIFICATE-----
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
-QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD
|
|
-EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw
|
|
-fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ
|
|
-l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW
|
|
-DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh
|
|
-zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt
|
|
-c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b
|
|
-7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep
|
|
-n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
|
|
-MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC
|
|
-ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT
|
|
-z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP
|
|
-g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX
|
|
-ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk
|
|
-x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH
|
|
-yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg
|
|
-fJbi9Ui2FmXEeKkX34f1ONNj9Q==
|
|
+MIIDPDCCAfSgAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
+QTAgFw0xMzAyMTMxNTMyMTJaGA85OTk5MTIzMTIzNTk1OVowDTELMAkGA1UEAxMC
|
|
+Q0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7KsH70
|
|
+2LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8WyZdV
|
|
+NRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITclg6y
|
|
+bBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7oc0l
|
|
+YpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLyrXPl
|
|
+GQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+G+3r
|
|
+o22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjehKZ+A
|
|
+eap1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMB0G
|
|
+A1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOCATEA
|
|
+foqPGdiyJYHih4J5YHwFPQxmkOzPHSa13K/q8sDvobE+HFTzrlTbAFC8bS38Bv2f
|
|
+9ZrPME4JvnsGdRGYwxS3LUmNdHHWR8LkvGXBE3u/TZsJfPtOR8JwdulQXpRw7hhL
|
|
+ew/mR5IEHZrUZgnnI4dg1kJhE1JPTvmtgqcE1CsikVQ14NvG/ehJbJyPgKTq/Zxm
|
|
+Ru4B5N+Jef/LaOqZvK4xK8x2ZaZ/L/ANou+7EY4DoWAkOEEoCU8DQHLAFgf6B7La
|
|
+oemLQGNHcBpba81jlS5EXXGJccOvfbw0MJTP3ZvyVIlEYu/X4roC7EJP/UkCZUJG
|
|
+f79Nc28q2/2D8tuFOqG7UbP7r2cWSa8OO3cI/V1W1k3iWZ63WltqDwFC0c8iqYFL
|
|
+9xKfQ96Q7wrYOCjmuaCLbw==
|
|
-----END CERTIFICATE-----
|
|
diff --git a/tests/certs/server-cert.pem b/tests/certs/server-cert.pem
|
|
index 4acde02..b304b47 100644
|
|
--- a/tests/certs/server-cert.pem
|
|
+++ b/tests/certs/server-cert.pem
|
|
@@ -1,22 +1,22 @@
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
-QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD
|
|
-Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs
|
|
-PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8
|
|
-u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd
|
|
-YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ
|
|
-IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759
|
|
-KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5
|
|
-7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU
|
|
-yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL
|
|
-gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg
|
|
-ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0
|
|
-UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s
|
|
-9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9
|
|
-GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C
|
|
-zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/
|
|
-eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF
|
|
-FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j
|
|
-LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM
|
|
-zzJKdNg=
|
|
+MIIDjjCCAkagAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
+QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJ
|
|
+bG9jYWxob3N0MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEApzor7D8U
|
|
+sCwZ9vFukB2/jqn26XCECYfzUPNfw5RQ+ixk1leAWOGW/O7QvQQVfl9/pTP4/LuR
|
|
+7zd5w1rb+BntA68i1uk3LOhTwreLKxHwpIeZeeC6zJlm4RYJFZTeX06qGNJZ3WCc
|
|
+dl/FlpXUY3i/vBO5xVHBUrVq4IvQM4DBa47C+Kapfe2AGUV3DKEF1Y20Zs1S2SFb
|
|
+pkMu3PrZexKs/Jcf8Uv+RcfbSEbp6jUuYxFLPDZ+ROhb62gHMvniNIF0xpO+fSjT
|
|
+2IrEqgLhQJprf1w0077zqOnaQLHl6rUdvy42SVjpV3Ymf8ox4OfkSkOXbd3ZOe5Q
|
|
+CFhEfXoCDqP/hgJMnpNGSeRllOlcU7BXCJeqMt0uxLQdDQiDO4b4ct9kKyeWVMjZ
|
|
+3E0n+qjFaHnYHQIDAQABo4GMMIGJMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ
|
|
+bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAd
|
|
+BgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0UwqJ
|
|
+MThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAGQoUMiZVg6+Ibj8kyfq
|
|
+l/vfu4QxlUlqAbm/b9PVdOLrhz+T986HMFhL0b2HUGg5Mb0NZcgHjH4VLkei4AIb
|
|
+g/1nGdJ2I6EcLiQOvO4h2F3CoU6HkEGVEUXFaBd19tSDm7aM+2h7oPb3Vs3YT9QE
|
|
+x7ejmVeA+Qr9+H9xHyModpA1PkKRW31TOYtjUXHdHObT1uar++C1JLHn49ooKDZM
|
|
+5p9a4ExQVYd6WMRXKC83py1V4Ne5kBxC/l+3QkVZnMwByChySP7SEMa9yGv4KFM9
|
|
+FT7XvxQsrkqPi5bCllUyGDrVeyTpyPDrb4BKgAu/Cy4tyDxLzBTZ5TXDH7E1IBps
|
|
+g1k5llFIyGdO5vQrX8vF61tqK5DBhgVvwu0k/m2lP9esLfaF7I5oGAbUKGhRr8mE
|
|
+xs8=
|
|
-----END CERTIFICATE-----
|
|
diff --git a/tests/certs/server-cert.tmpl b/tests/certs/server-cert.tmpl
|
|
new file mode 100644
|
|
index 0000000..82e34ca
|
|
--- /dev/null
|
|
+++ b/tests/certs/server-cert.tmpl
|
|
@@ -0,0 +1,8 @@
|
|
+cn = localhost
|
|
+dns_name = localhost
|
|
+tls_www_server
|
|
+signing_key
|
|
+encryption_key
|
|
+expiration_days = -1
|
|
+activation_date = "2013-06-06 14:51:29"
|
|
+serial = 0x51d82ef0
|
|
diff --git a/tests/certs/user-cert-invalid.pem b/tests/certs/user-cert-invalid.pem
|
|
index 0175bdf..4f5dd96 100644
|
|
--- a/tests/certs/user-cert-invalid.pem
|
|
+++ b/tests/certs/user-cert-invalid.pem
|
|
@@ -1,107 +1,23 @@
|
|
-X.509 Certificate Information:
|
|
- Version: 3
|
|
- Serial Number (hex): 51d82f14
|
|
- Issuer: CN=CA
|
|
- Validity:
|
|
- Not Before: Sat Jul 06 14:52:05 UTC 2013
|
|
- Not After: Mon May 15 14:52:05 UTC 2023
|
|
- Subject: CN=A user,UID=test
|
|
- Subject Public Key Algorithm: RSA
|
|
- Algorithm Security Level: Medium (2432 bits)
|
|
- Modulus (bits 2432):
|
|
- 00:ab:54:98:fc:a9:c6:15:95:9d:a6:c1:94:84:94:91
|
|
- 79:1e:78:db:2d:48:51:99:65:01:02:c0:40:52:49:5d
|
|
- eb:70:bc:26:ef:68:39:1e:04:91:e2:db:cb:6f:93:40
|
|
- 45:1e:22:8e:71:5a:58:89:28:79:5e:1a:32:25:3e:8b
|
|
- 9d:3b:34:7f:19:f8:d0:2f:37:b7:62:32:b7:53:a5:43
|
|
- 2c:c5:5d:ec:ac:f9:35:fa:14:2b:34:66:f1:d6:a7:a1
|
|
- d0:83:9a:56:f4:19:83:bc:bf:11:74:30:2d:a8:28:5b
|
|
- a2:ab:7a:c6:cd:9c:5c:f8:51:e9:a9:0c:48:db:71:bb
|
|
- b1:34:77:f7:ee:de:5d:78:c0:48:0a:37:0d:65:1e:3b
|
|
- 2b:14:03:89:72:f2:52:ed:5f:00:c5:06:60:ea:80:20
|
|
- d0:43:ec:66:bc:d2:26:db:f0:29:3e:6a:f9:62:20:be
|
|
- 58:26:44:ba:d7:8c:6f:76:a6:05:20:e4:98:b7:c4:72
|
|
- 7a:5d:df:4f:0d:23:ec:2e:9c:71:ec:30:f9:14:5f:c8
|
|
- 75:0b:ab:67:f6:7d:fb:4d:76:64:4a:a5:d5:fa:b4:08
|
|
- 50:9d:13:c7:8f:c2:79:b0:b4:3e:2f:89:d3:33:27:4d
|
|
- 9f:8b:d3:60:24:07:ab:b2:72:3d:29:a5:c4:4a:ec:3c
|
|
- 04:d2:49:3e:26:1b:ec:7a:10:3d:ca:45:5a:80:8b:4d
|
|
- 2a:96:63:4f:2d:63:28:0f:3b:47:47:ca:7c:2c:15:41
|
|
- 32:d5:e0:c9:be:a5:55:2c:b3:6b:46:2a:56:b1:1b:ed
|
|
- 29
|
|
- Exponent (bits 24):
|
|
- 01:00:01
|
|
- Extensions:
|
|
- Basic Constraints (critical):
|
|
- Certificate Authority (CA): FALSE
|
|
- Key Purpose (not critical):
|
|
- TLS WWW Client.
|
|
- Key Usage (critical):
|
|
- Digital signature.
|
|
- Key encipherment.
|
|
- Subject Key Identifier (not critical):
|
|
- 8b01094b3b91ece321b91dec8d6b4c5d9e40805e
|
|
- Authority Key Identifier (not critical):
|
|
- 482334530a8931384a5aeacab6d2a6dece1d2b18
|
|
- Signature Algorithm: RSA-SHA256
|
|
- Signature:
|
|
- 6b:bd:e2:90:d7:11:cf:6c:0d:e3:bd:f4:61:cd:57:83
|
|
- 41:be:2a:92:46:dd:fa:44:6c:60:1c:ef:3e:1e:2f:e1
|
|
- e2:5b:45:88:6a:1e:50:2d:8d:96:c4:c7:80:75:59:7b
|
|
- 54:6b:fb:86:b0:f1:6d:45:09:db:48:de:20:0a:87:60
|
|
- 30:5e:35:f0:52:c4:55:44:c1:ff:e1:7c:3d:d6:6d:58
|
|
- ca:1c:fd:bf:04:9a:9b:10:35:05:fc:d1:01:3c:af:bb
|
|
- 64:31:5e:59:8f:ef:6f:0d:35:e5:c0:07:77:0e:31:20
|
|
- 8e:e3:2e:f1:a6:4d:f1:be:85:5b:df:04:48:9d:8c:c9
|
|
- c9:c1:b8:e3:e2:d2:4b:55:83:e9:d8:7b:71:2f:8e:89
|
|
- fc:4d:a7:f1:b0:bf:47:9b:97:c4:85:dd:c3:3d:38:15
|
|
- 36:08:73:10:87:08:f6:e6:1c:4e:29:a8:a5:f5:24:b8
|
|
- 0d:e9:d9:b8:19:27:1d:73:35:fe:7b:81:1f:4a:81:6a
|
|
- 93:cd:a2:71:d7:60:0e:08:ee:ea:c8:2b:44:1b:e4:45
|
|
- 6c:fe:44:68:d6:86:ad:89:4f:7e:9f:f9:1a:2a:97:0f
|
|
- 6b:eb:5d:6e:38:b3:5b:13:b9:e3:4a:10:32:5b:dc:a9
|
|
- b4:a1:4e:b3:f9:4f:91:de:bc:cc:36:91:44:ba:e0:34
|
|
- 74:f7:68:b4:7b:0e:db:4e:ec:28:03:01:cf:0a:63:c4
|
|
- 23:75:0b:4b:41:9d:e0:68:b3:cb:bf:b5:5c:3d:52:93
|
|
- 20:ba:ea:b8:f0:8c:f7:a6:ec:cd:a3:aa:4f:2a:ff:20
|
|
-Other Information:
|
|
- SHA1 fingerprint:
|
|
- 5509a76b8738216938cdb3ec25048812737170de
|
|
- SHA256 fingerprint:
|
|
- c93e38ef35f1a9c485a27b161e708f2d45bf8768eb53a23fec841a8f35d6e478
|
|
- Public Key ID:
|
|
- 8b01094b3b91ece321b91dec8d6b4c5d9e40805e
|
|
- Public key's random art:
|
|
- +--[ RSA 2432]----+
|
|
- | o=o |
|
|
- |..oE.. |
|
|
- |.+=.o |
|
|
- |o.*.... |
|
|
- | * B +..S |
|
|
- |. * o oo . |
|
|
- | o . . . |
|
|
- | + |
|
|
- | . |
|
|
- +-----------------+
|
|
-
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIIDjDCCAkSgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
-QTAiGA8yMDEzMDcwNjE0NTIwNVoYDzIwMjMwNTE1MTQ1MjA1WjAnMQ8wDQYDVQQD
|
|
-EwZBIHVzZXIxFDASBgoJkiaJk/IsZAEBEwR0ZXN0MIIBUjANBgkqhkiG9w0BAQEF
|
|
-AAOCAT8AMIIBOgKCATEAq1SY/KnGFZWdpsGUhJSReR542y1IUZllAQLAQFJJXetw
|
|
-vCbvaDkeBJHi28tvk0BFHiKOcVpYiSh5XhoyJT6LnTs0fxn40C83t2Iyt1OlQyzF
|
|
-Xeys+TX6FCs0ZvHWp6HQg5pW9BmDvL8RdDAtqChboqt6xs2cXPhR6akMSNtxu7E0
|
|
-d/fu3l14wEgKNw1lHjsrFAOJcvJS7V8AxQZg6oAg0EPsZrzSJtvwKT5q+WIgvlgm
|
|
-RLrXjG92pgUg5Ji3xHJ6Xd9PDSPsLpxx7DD5FF/IdQurZ/Z9+012ZEql1fq0CFCd
|
|
-E8ePwnmwtD4vidMzJ02fi9NgJAersnI9KaXESuw8BNJJPiYb7HoQPcpFWoCLTSqW
|
|
-Y08tYygPO0dHynwsFUEy1eDJvqVVLLNrRipWsRvtKQIDAQABo3YwdDAMBgNVHRMB
|
|
-Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYD
|
|
-VR0OBBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4
|
|
-SlrqyrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQBrveKQ1xHPbA3jvfRhzVeD
|
|
-Qb4qkkbd+kRsYBzvPh4v4eJbRYhqHlAtjZbEx4B1WXtUa/uGsPFtRQnbSN4gCodg
|
|
-MF418FLEVUTB/+F8PdZtWMoc/b8EmpsQNQX80QE8r7tkMV5Zj+9vDTXlwAd3DjEg
|
|
-juMu8aZN8b6FW98ESJ2MycnBuOPi0ktVg+nYe3Evjon8TafxsL9Hm5fEhd3DPTgV
|
|
-NghzEIcI9uYcTimopfUkuA3p2bgZJx1zNf57gR9KgWqTzaJx12AOCO7qyCtEG+RF
|
|
-bP5EaNaGrYlPfp/5GiqXD2vrXW44s1sTueNKEDJb3Km0oU6z+U+R3rzMNpFEuuA0
|
|
-dPdotHsO207sKAMBzwpjxCN1C0tBneBos8u/tVw9UpMguuq48Iz3puzNo6pPKv8g
|
|
+MIID2TCCAkGgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
+QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowJzEPMA0GA1UEAxMG
|
|
+QSB1c2VyMRQwEgYKCZImiZPyLGQBARMEdGVzdDCCAVIwDQYJKoZIhvcNAQEBBQAD
|
|
+ggE/ADCCAToCggExAKtUmPypxhWVnabBlISUkXkeeNstSFGZZQECwEBSSV3rcLwm
|
|
+72g5HgSR4tvLb5NARR4ijnFaWIkoeV4aMiU+i507NH8Z+NAvN7diMrdTpUMsxV3s
|
|
+rPk1+hQrNGbx1qeh0IOaVvQZg7y/EXQwLagoW6KresbNnFz4UempDEjbcbuxNHf3
|
|
+7t5deMBICjcNZR47KxQDiXLyUu1fAMUGYOqAINBD7Ga80ibb8Ck+avliIL5YJkS6
|
|
+14xvdqYFIOSYt8Ryel3fTw0j7C6cceww+RRfyHULq2f2fftNdmRKpdX6tAhQnRPH
|
|
+j8J5sLQ+L4nTMydNn4vTYCQHq7JyPSmlxErsPATSST4mG+x6ED3KRVqAi00qlmNP
|
|
+LWMoDztHR8p8LBVBMtXgyb6lVSyza0YqVrEb7SkCAwEAAaN1MHMwDAYDVR0TAQH/
|
|
+BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0O
|
|
+BBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFAV+KcZC+G2nf/6V
|
|
+sElx119oZKWUMA0GCSqGSIb3DQEBCwUAA4IBgQCTOjwtK5sDPFdbWWlScDX9xfNf
|
|
+tnqRL22Id6VIRcAiuu6KVAYRNs3Pdv65H9orSaohrBRfWKEqAi51bhvDQvzhbw7u
|
|
+881txF+6s0fauArxAUai3e11eCil3gt0JOQVephmPKw6pVq9mMieho5I2SQ8CXoQ
|
|
+pSrselGaOTp8CK1r90pn8RGiJrZ3xJu5Yezb3AWCs3IOHhRT1Rc5mFnvs9VVR64h
|
|
+Pvlr9yBOf/pBEuylQr00plhsZdLra/nIspsGnOIiuM4eIliP6bQwE06u1LxlCbgB
|
|
+CAGTQ86vbO2xT1i8dZeq8TJ72OatmRboUBncaZNIT3rUTZxZYkYhkNtVTKnv/8qq
|
|
+LZI23qtcWLEAsc1O0Xva22wjkg5QE06AiWdcwK3f/Qpvj5yO9+PL7X4lP47n5D6m
|
|
+t1S6xisKgjo/IP9Wk3mPNaNDN3hZCaFRYEHn4CYrlXHqjg1w7quCKApYzrh5/L1Y
|
|
+b9U/qzwF7SatFovndYtf02bjcrHC/TA53IdiQPA=
|
|
-----END CERTIFICATE-----
|
|
diff --git a/tests/certs/user-cert.pem b/tests/certs/user-cert.pem
|
|
index ef5114c..32ab235 100644
|
|
--- a/tests/certs/user-cert.pem
|
|
+++ b/tests/certs/user-cert.pem
|
|
@@ -1,21 +1,21 @@
|
|
-----BEGIN CERTIFICATE-----
|
|
-MIIDjDCCAkSgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
-QTAiGA8yMDEzMDcwNjE0NTIwNVoYDzIwMjMwNTE1MTQ1MjA1WjAnMQ8wDQYDVQQD
|
|
-EwZBIHVzZXIxFDASBgoJkiaJk/IsZAEBEwR0ZXN0MIIBUjANBgkqhkiG9w0BAQEF
|
|
-AAOCAT8AMIIBOgKCATEAq1SY/KnGFZWdpsGUhJSReR542y1IUZllAQLAQFJJXetw
|
|
-vCbvaDkeBJHi28tvk0BFHiKOcVpYiSh5XhoyJT6LnTs0fxn40C83t2Iyt1OlQyzF
|
|
-Xeys+TX6FCs0ZvHWp6HQg5pW9BmDvL8RdDAtqChboqt6xs2cXPhR6akMSNtxu7E0
|
|
-d/fu3l14wEgKNw1lHjsrFAOJcvJS7V8AxQZg6oAg0EPsZrzSJtvwKT5q+WIgvlgm
|
|
-RLrXjG92pgUg5Ji3xHJ6Xd9PDSPsLpxx7DD5FF/IdQurZ/Z9+012ZEql1fq0CFCd
|
|
-E8ePwnmwtD4vidMzJ02fi9NgJAersnI9KaXESuw8BNJJPiYb7HoQPcpFWoCLTSqW
|
|
-Y08tYygPO0dHynwsFUEy1eDJvqVVLLNrRipWsRvtKQIDAQABo3YwdDAMBgNVHRMB
|
|
-Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYD
|
|
-VR0OBBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4
|
|
-SlrqyrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQBrveOQ1xHPbA3jvfRhzVeD
|
|
-Qb4qkkbd+kRsYBzvPh4v4eJbRYhqHlAtjZbEx4B1WXtUa/uGsPFtRQnbSN4gCodg
|
|
-MF418FLEVUTB/+F8PdZtWMoc/b8EmpsQNQX80QE8r7tkMV5Zj+9vDTXlwAd3DjEg
|
|
-juMu8aZN8b6FW98ESJ2MycnBuOPi0ktVg+nYe3Evjon8TafxsL9Hm5fEhd3DPTgV
|
|
-NghzEIcI9uYcTimopfUkuA3p2bgZJx1zNf57gR9KgWqTzaJx12AOCO7qyCtEG+RF
|
|
-bP5EaNaGrYlPfp/5GiqXD2vrXW44s1sTueNKEDJb3Km0oU6z+U+R3rzMNpFEuuA0
|
|
-dPdotHsO207sKAMBzwpjxCN1C0tBneBos8u/tVw9UpMguuq48Iz3puzNo6pPKv8g
|
|
+MIIDiTCCAkGgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
|
+QTAgFw0xMzA2MDYxMjUxMjlaGA85OTk5MTIzMTIzNTk1OVowJzEPMA0GA1UEAxMG
|
|
+QSB1c2VyMRQwEgYKCZImiZPyLGQBARMEdGVzdDCCAVIwDQYJKoZIhvcNAQEBBQAD
|
|
+ggE/ADCCAToCggExAKtUmPypxhWVnabBlISUkXkeeNstSFGZZQECwEBSSV3rcLwm
|
|
+72g5HgSR4tvLb5NARR4ijnFaWIkoeV4aMiU+i507NH8Z+NAvN7diMrdTpUMsxV3s
|
|
+rPk1+hQrNGbx1qeh0IOaVvQZg7y/EXQwLagoW6KresbNnFz4UempDEjbcbuxNHf3
|
|
+7t5deMBICjcNZR47KxQDiXLyUu1fAMUGYOqAINBD7Ga80ibb8Ck+avliIL5YJkS6
|
|
+14xvdqYFIOSYt8Ryel3fTw0j7C6cceww+RRfyHULq2f2fftNdmRKpdX6tAhQnRPH
|
|
+j8J5sLQ+L4nTMydNn4vTYCQHq7JyPSmlxErsPATSST4mG+x6ED3KRVqAi00qlmNP
|
|
+LWMoDztHR8p8LBVBMtXgyb6lVSyza0YqVrEb7SkCAwEAAaN1MHMwDAYDVR0TAQH/
|
|
+BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0O
|
|
+BBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4Slrq
|
|
+yrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQAp51Ks5DDWVlLB6fMM2NJV80sX
|
|
+Rx6U1g6ovA7N5BDQiF6FYzVZECMH3d9nyZssHbkzb6qyO1m58P0cNkVurEH27+Z2
|
|
+xdkNw5bbcvNDVhfVSjwa6nyTLfhf7vOTWaIxGGmffP72PIe87N6QmyCCGG0IXIkO
|
|
+kcTAE8IgX6k1mEr1Xy2ZtFVgKjPPLxsixIJ7TEktvJR1RqWQfbsOS8f13lvS1Vhh
|
|
+vc+UMbIQnz+jl4qNV/AX7GfpEYiBkbrgcjsggl/KMuwcauhEDdvfIQjcyRbQN36p
|
|
+KcVEXDpnG54sAfXAs9Z+adbvmu0ONAMCDuxKCT2eG1SGVrtiT5+7kCMso1eKz/5A
|
|
+r1XP0RgCKFExIRYb1elFpLc8wmJbN4qof2zisKG8UajFIHzIGateiu53enNn
|
|
-----END CERTIFICATE-----
|
|
diff --git a/tests/certs/user-cert.tmpl b/tests/certs/user-cert.tmpl
|
|
new file mode 100644
|
|
index 0000000..6a60496
|
|
--- /dev/null
|
|
+++ b/tests/certs/user-cert.tmpl
|
|
@@ -0,0 +1,7 @@
|
|
+dn = "uid=test,cn=A user"
|
|
+tls_www_client
|
|
+signing_key
|
|
+encryption_key
|
|
+expiration_days = -1
|
|
+activation_date = "2013-06-06 14:51:29"
|
|
+serial = 0x51d82f14
|
|
diff --git a/tests/cipher-common.sh b/tests/cipher-common.sh
|
|
index fb9e2ac..07443a0 100755
|
|
--- a/tests/cipher-common.sh
|
|
+++ b/tests/cipher-common.sh
|
|
@@ -91,14 +91,14 @@ fi
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= ${CSTR} --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= ${CSTR} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/disconnect-user b/tests/disconnect-user
|
|
index 67a016e..bf4c7ab 100755
|
|
--- a/tests/disconnect-user
|
|
+++ b/tests/disconnect-user
|
|
@@ -77,7 +77,7 @@ sleep 3
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${TMPFILE} )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${TMPFILE} )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
@@ -85,7 +85,7 @@ fi
|
|
|
|
eval $(cat ${TMPFILE})
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
|
+( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
@@ -105,7 +105,7 @@ if test $? != 0;then
|
|
fi
|
|
|
|
echo " * Re-connecting to obtain cookie after disconnect... "
|
|
-( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
|
+( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
|
if test $? = 0;then
|
|
echo "Succeeded using the cookie to connect"
|
|
exit 1
|
|
diff --git a/tests/disconnect-user2 b/tests/disconnect-user2
|
|
index ef8c3c1..e00cc67 100755
|
|
--- a/tests/disconnect-user2
|
|
+++ b/tests/disconnect-user2
|
|
@@ -75,7 +75,7 @@ sleep 3
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${TMPFILE} )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${TMPFILE} )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
@@ -83,7 +83,7 @@ fi
|
|
|
|
eval $(cat ${TMPFILE})
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
|
+( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
@@ -103,7 +103,7 @@ if test $? != 0;then
|
|
fi
|
|
|
|
echo " * Re-connecting to obtain cookie after disconnect... "
|
|
-( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
|
+( ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${PORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script -C "${COOKIE}" --pid-file=${CLIPID} -b )
|
|
if test $? = 0;then
|
|
echo "Succeeded using the cookie to connect"
|
|
exit 1
|
|
diff --git a/tests/drain-server b/tests/drain-server
|
|
index be51cd4..808067f 100755
|
|
--- a/tests/drain-server
|
|
+++ b/tests/drain-server
|
|
@@ -35,7 +35,7 @@ launch_sr_server -d 1 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
if ! test -f ${PIDFILE};then
|
|
@@ -48,7 +48,7 @@ kill -15 $(cat $PIDFILE)
|
|
sleep 1
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) &&
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) &&
|
|
fail $PID "Server is still listening"
|
|
|
|
wait
|
|
diff --git a/tests/drain-server-fail b/tests/drain-server-fail
|
|
index d61106e..a2c495d 100755
|
|
--- a/tests/drain-server-fail
|
|
+++ b/tests/drain-server-fail
|
|
@@ -48,7 +48,7 @@ launch_simple_sr_server -d 3 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
if ! test -f ${PIDFILE};then
|
|
diff --git a/tests/flowcontrol b/tests/flowcontrol
|
|
index fb60f67..7ef6b70 100755
|
|
--- a/tests/flowcontrol
|
|
+++ b/tests/flowcontrol
|
|
@@ -37,39 +37,39 @@ launch_sr_server -d 1 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo "Connecting to obtain cookie with wrong password... "
|
|
-( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
echo "Connecting to obtain cookie with empty password... "
|
|
-( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
echo "Connecting to obtain cookie with wrong username... "
|
|
-( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
# test locked account
|
|
|
|
echo "Connecting to obtain cookie with locked account... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
#test special characters
|
|
|
|
echo "Connecting to obtain cookie with special password... "
|
|
-( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo "Connecting to obtain cookie with empty password... "
|
|
-( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
#echo "Normal connection... "
|
|
-#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
|
+#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
|
# fail $PID "Could not connect to server"
|
|
|
|
if ! test -f ${PIDFILE};then
|
|
diff --git a/tests/haproxy-auth b/tests/haproxy-auth
|
|
index b653714..5261860 100755
|
|
--- a/tests/haproxy-auth
|
|
+++ b/tests/haproxy-auth
|
|
@@ -51,7 +51,7 @@ LD_PRELOAD=libsocket_wrapper.so:libuid_wrapper.so UID_WRAPPER=1 UID_WRAPPER_ROOT
|
|
wait_server ${HAPID}
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
kill ${HAPID}
|
|
fail ${PID} "Could not receive cookie from server"
|
|
@@ -66,7 +66,7 @@ LD_PRELOAD=libsocket_wrapper.so:libuid_wrapper.so UID_WRAPPER=1 UID_WRAPPER_ROOT
|
|
wait_server ${HAPID}
|
|
|
|
echo "Re-connecting to obtain cookie after haproxy restart... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
kill ${HAPID}
|
|
fail ${PID} "Could not receive cookie from server"
|
|
diff --git a/tests/haproxy-connect b/tests/haproxy-connect
|
|
index c42b76c..662c08f 100755
|
|
--- a/tests/haproxy-connect
|
|
+++ b/tests/haproxy-connect
|
|
@@ -91,14 +91,14 @@ sleep 3
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
@@ -135,7 +135,7 @@ set +e
|
|
sleep 3
|
|
|
|
echo " * Re-connecting to obtain cookie after haproxy restart... "
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not receive cookie from server on reconnection"
|
|
exit 1
|
|
diff --git a/tests/haproxy-proxyproto b/tests/haproxy-proxyproto
|
|
index 70c1390..54e413c 100755
|
|
--- a/tests/haproxy-proxyproto
|
|
+++ b/tests/haproxy-proxyproto
|
|
@@ -94,14 +94,14 @@ sleep 3
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/haproxy-proxyproto-v1 b/tests/haproxy-proxyproto-v1
|
|
index d274575..f767581 100755
|
|
--- a/tests/haproxy-proxyproto-v1
|
|
+++ b/tests/haproxy-proxyproto-v1
|
|
@@ -94,14 +94,14 @@ sleep 3
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${HAPORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} -q ${ADDRESS}:${HAPORT} -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/ipv6-iface b/tests/ipv6-iface
|
|
index d5262e5..9b78d5e 100755
|
|
--- a/tests/ipv6-iface
|
|
+++ b/tests/ipv6-iface
|
|
@@ -70,7 +70,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to setup interface... "
|
|
-echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
|
+echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/ipv6-small-net b/tests/ipv6-small-net
|
|
index 4fc7260..c87b429 100755
|
|
--- a/tests/ipv6-small-net
|
|
+++ b/tests/ipv6-small-net
|
|
@@ -70,7 +70,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to setup interface... "
|
|
-echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
|
+echo "test" | ${CMDNS1} $OPENCONNECT -q $ADDRESS:$PORT -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/json b/tests/json
|
|
index 72dd4bf..24c66d8 100755
|
|
--- a/tests/json
|
|
+++ b/tests/json
|
|
@@ -78,7 +78,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
|
sleep 4
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/lz4-compression b/tests/lz4-compression
|
|
index 76478cf..405b2a2 100755
|
|
--- a/tests/lz4-compression
|
|
+++ b/tests/lz4-compression
|
|
@@ -81,14 +81,14 @@ sleep 4
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/lzs-compression b/tests/lzs-compression
|
|
index c485df2..eef55f0 100755
|
|
--- a/tests/lzs-compression
|
|
+++ b/tests/lzs-compression
|
|
@@ -81,14 +81,14 @@ sleep 4
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/multiple-routes b/tests/multiple-routes
|
|
index b6cc0c5..63c7614 100755
|
|
--- a/tests/multiple-routes
|
|
+++ b/tests/multiple-routes
|
|
@@ -39,13 +39,13 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null ) ||
|
|
+( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Re-connecting to get routes... "
|
|
-timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
|
+timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
|
|
|
echo ok
|
|
|
|
diff --git a/tests/no-route-default b/tests/no-route-default
|
|
index 0c6f4f2..6cc68f0 100755
|
|
--- a/tests/no-route-default
|
|
+++ b/tests/no-route-default
|
|
@@ -43,7 +43,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to get routes... "
|
|
-timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
+timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
|
|
echo ok
|
|
|
|
@@ -68,7 +68,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to get routes... "
|
|
-timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
+timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
|
|
echo ok
|
|
|
|
diff --git a/tests/no-route-group b/tests/no-route-group
|
|
index 59ec2f0..25cfaa6 100755
|
|
--- a/tests/no-route-group
|
|
+++ b/tests/no-route-group
|
|
@@ -43,7 +43,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to get routes... "
|
|
-echo "test" | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 -u test --passwd-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
|
+echo "test" | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 -u test --passwd-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
|
|
|
echo ok
|
|
|
|
@@ -68,7 +68,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to get routes... "
|
|
-echo test | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 --passwd-on-stdin -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${TMPFILE} 2>&1
|
|
+echo test | timeout 15s $OPENCONNECT -v localhost:$PORT --authgroup group1 --passwd-on-stdin -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${TMPFILE} 2>&1
|
|
|
|
echo ok
|
|
|
|
diff --git a/tests/ping-leases b/tests/ping-leases
|
|
index d97012e..3a43ac5 100755
|
|
--- a/tests/ping-leases
|
|
+++ b/tests/ping-leases
|
|
@@ -52,12 +52,12 @@ fi
|
|
echo "Server started with PID $PID..."
|
|
|
|
echo "Connecting to obtain cookie..."
|
|
-( echo "test" | $OPENCONNECT -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
|
+( echo "test" | $OPENCONNECT -q localhost:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
|
|
echo "Connecting to ping lease..."
|
|
-echo "test" | timeout 10 $OPENCONNECT localhost:$PORT -u "test" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true
|
|
+echo "test" | timeout 10 $OPENCONNECT localhost:$PORT -u "test" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true
|
|
|
|
if test $? != 124;then
|
|
fail $PID "Could not connect to server"
|
|
diff --git a/tests/radius b/tests/radius
|
|
index 859671d..7bc705a 100755
|
|
--- a/tests/radius
|
|
+++ b/tests/radius
|
|
@@ -98,21 +98,21 @@ sleep 4
|
|
|
|
# Run clients
|
|
echo " * Testing wrong username at ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u xxx --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u xxx --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? = 0;then
|
|
echo "Connected with incorrect username"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Testing wrong password at ${ADDRESS}:${PORT}..."
|
|
-( echo "xxx" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "xxx" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? = 0;then
|
|
echo "Connected with incorrect password"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
@@ -120,7 +120,7 @@ fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT} with special IP..."
|
|
USERNAME=test-arb
|
|
-( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
@@ -148,7 +148,7 @@ sleep 3
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
USERNAME=test
|
|
-( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/radius-config b/tests/radius-config
|
|
index 7285091..af9d3f7 100755
|
|
--- a/tests/radius-config
|
|
+++ b/tests/radius-config
|
|
@@ -123,7 +123,7 @@ sleep 4
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
USERNAME=testtime
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/radius-group b/tests/radius-group
|
|
index 1f28cda..9b85889 100755
|
|
--- a/tests/radius-group
|
|
+++ b/tests/radius-group
|
|
@@ -100,7 +100,7 @@ sleep 4
|
|
|
|
echo " * Tests the radius group functionality"
|
|
USERNAME=test-class
|
|
-( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group2 -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group2 -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
@@ -137,7 +137,7 @@ sleep 4
|
|
|
|
echo " * Tests the alt radius group functionality"
|
|
USERNAME=test-class
|
|
-( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group1 -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "${USERNAME}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --authgroup group1 -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/radius-otp b/tests/radius-otp
|
|
index 11c3907..9b4fecb 100755
|
|
--- a/tests/radius-otp
|
|
+++ b/tests/radius-otp
|
|
@@ -111,7 +111,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
|
sleep 0.5
|
|
echo "$USERNAME-stage$COUNT"
|
|
done
|
|
-} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b >/dev/null 2>&1)
|
|
+} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b >/dev/null 2>&1)
|
|
if test $? != 0; then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
@@ -151,7 +151,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
|
sleep 0.5
|
|
echo "$USERNAME-stage"
|
|
done
|
|
-} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
+} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
if test $? == 0; then
|
|
echo "Connected with wrong username"
|
|
exit 1
|
|
@@ -173,7 +173,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
|
echo "$USERNAME-stage$COUNT"
|
|
fi
|
|
done
|
|
-} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
+} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
if test $? == 0; then
|
|
echo "Connected with wrong OTP"
|
|
exit 1
|
|
@@ -197,7 +197,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
|
echo "$USERNAME-stage$COUNT"
|
|
fi
|
|
done
|
|
-} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
+} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
if test $? == 0; then
|
|
echo "Connected with wrong OTP"
|
|
exit 1
|
|
@@ -218,7 +218,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
|
echo "$USERNAME-stage$COUNT"
|
|
fi
|
|
done
|
|
-} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
+} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
if test $? == 0; then
|
|
echo "Connected with blank OTP"
|
|
exit 1
|
|
@@ -247,7 +247,7 @@ for (( COUNT=1; COUNT <= 3; COUNT++ )); do
|
|
echo "$USERNAME-stage$COUNT"
|
|
fi
|
|
done
|
|
-} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
+} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
if test $? == 0; then
|
|
echo "Successful connection with the number of OTP retries greater than allowed by the ban system (default 30)."
|
|
${OCCTL} -s ${OCCTL_SOCKET} show ip ban points
|
|
@@ -265,7 +265,7 @@ for (( COUNT=1; COUNT <= 17; COUNT++ )); do
|
|
sleep 0.5
|
|
echo "$USERNAME-stage$COUNT"
|
|
done
|
|
-} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
+} | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} -b --cookieonly >/dev/null 2>&1)
|
|
if test $? == 0; then
|
|
echo "Connected to server - MAX_CHALLENGES test failed"
|
|
exit 1
|
|
diff --git a/tests/test-append-routes b/tests/test-append-routes
|
|
index be71d22..923d0aa 100755
|
|
--- a/tests/test-append-routes
|
|
+++ b/tests/test-append-routes
|
|
@@ -41,7 +41,7 @@ wait_server $PID
|
|
|
|
echo "Checking if routes are appended... "
|
|
|
|
-timeout 15s $OPENCONNECT localhost:$PORT -v --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
|
+timeout 15s $OPENCONNECT localhost:$PORT -v --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1
|
|
|
|
echo "cat"
|
|
cat ${TMPFILE1}
|
|
diff --git a/tests/test-ban b/tests/test-ban
|
|
index eb6a874..be4695a 100755
|
|
--- a/tests/test-ban
|
|
+++ b/tests/test-ban
|
|
@@ -59,15 +59,15 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
|
sleep 4
|
|
|
|
echo "Connecting with wrong password 5 times... "
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
|
|
echo ""
|
|
echo "Connecting with correct password... "
|
|
-eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -n "$COOKIE" ];then
|
|
fail $PID "Obtained cookie although should have been banned"
|
|
@@ -90,7 +90,7 @@ sleep 25
|
|
echo ""
|
|
|
|
echo "Connecting with correct password after ban time... "
|
|
-eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
fail $PID "Could not obtain cookie even though ban should be lifted"
|
|
@@ -99,16 +99,16 @@ fi
|
|
echo ""
|
|
echo "Checking ban reset time... "
|
|
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
sleep 11
|
|
-echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
+echo "notest" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
|
|
echo ""
|
|
echo "Connecting with correct password after ban reset time... "
|
|
-eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | ${CMDNS1} ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
fail $PID "Could not obtain cookie even though ban should be lifted"
|
|
diff --git a/tests/test-ban-local b/tests/test-ban-local
|
|
index d2a4397..fbe0eb2 100755
|
|
--- a/tests/test-ban-local
|
|
+++ b/tests/test-ban-local
|
|
@@ -60,15 +60,15 @@ ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!
|
|
sleep 4
|
|
|
|
echo "Connecting with wrong password 5 times... "
|
|
-echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
-echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
+echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
+echo "notest" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
|
|
echo ""
|
|
echo "Connecting with correct password... "
|
|
-eval `echo "test" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | ${OPENCONNECT} --passwd-on-stdin -q ${ADDRESS}:${PORT} -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
fail $PID "Could not obtain cookie even though client should be exempt"
|
|
diff --git a/tests/test-cert b/tests/test-cert
|
|
index 41362aa..7967193 100755
|
|
--- a/tests/test-cert
|
|
+++ b/tests/test-cert
|
|
@@ -49,19 +49,19 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (without certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected without certificate!"
|
|
|
|
echo "ok (failed as expected)"
|
|
|
|
echo -n "Connecting to obtain cookie (with invalid certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected with invalid certificate!"
|
|
|
|
echo "ok (failed as expected)"
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
@@ -80,7 +80,7 @@ kill -HUP $PID
|
|
sleep 5
|
|
|
|
echo -n "Connecting to obtain cookie (with DER CRL)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
@@ -99,13 +99,13 @@ kill -HUP $PID
|
|
sleep 5
|
|
|
|
echo -n "Connecting to obtain cookie (with revoked certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected with revoked certificate!"
|
|
|
|
echo "ok (failed as expected)"
|
|
|
|
#echo "Normal connection... "
|
|
-#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
|
+#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
|
# fail $PID "Could not connect to server"
|
|
|
|
rm -f "${CRLNAME}" "${CRLTMPLNAME}"
|
|
diff --git a/tests/test-cert-opt-pass b/tests/test-cert-opt-pass
|
|
index 18893d3..0109ef2 100755
|
|
--- a/tests/test-cert-opt-pass
|
|
+++ b/tests/test-cert-opt-pass
|
|
@@ -34,7 +34,7 @@ opts=$1
|
|
pass=$2
|
|
rm -f ${OUTFILE}
|
|
|
|
-echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${OUTFILE} 2>&1
|
|
+echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${OUTFILE} 2>&1
|
|
if test $? != 0;then
|
|
cat ${OUTFILE}
|
|
return 1
|
|
diff --git a/tests/test-client-bypass-protocol b/tests/test-client-bypass-protocol
|
|
index 09f3cb2..14cb5a5 100755
|
|
--- a/tests/test-client-bypass-protocol
|
|
+++ b/tests/test-client-bypass-protocol
|
|
@@ -43,7 +43,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting... "
|
|
-timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
+timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
|
|
echo ok
|
|
|
|
@@ -68,7 +68,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Reconnecting..."
|
|
-timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
+timeout 15s $OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE} 2>&1
|
|
|
|
echo ok
|
|
|
|
diff --git a/tests/test-config-per-group b/tests/test-config-per-group
|
|
index 4a8bd60..6b8929a 100755
|
|
--- a/tests/test-config-per-group
|
|
+++ b/tests/test-config-per-group
|
|
@@ -81,7 +81,7 @@ ${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} &
|
|
sleep 4
|
|
|
|
echo " * Connecting with user NOT in group..."
|
|
-( echo "${PASSWORD}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "${PASSWORD}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
@@ -129,7 +129,7 @@ sleep 2
|
|
USERNAME=test
|
|
PASSWORD=test
|
|
echo " * Connecting with user in group to ${ADDRESS}:${PORT}..."
|
|
-( echo "${PASSWORD}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "${PASSWORD}" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/test-cookie-invalidation b/tests/test-cookie-invalidation
|
|
index 5f77afa..a6f8cea 100755
|
|
--- a/tests/test-cookie-invalidation
|
|
+++ b/tests/test-cookie-invalidation
|
|
@@ -35,7 +35,7 @@ launch_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
fail $PID "Could not obtain cookie"
|
|
@@ -44,7 +44,7 @@ fi
|
|
#echo "Cookie: $COOKIE"
|
|
|
|
echo "Connecting with cookie... "
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background >/dev/null 2>&1
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background >/dev/null 2>&1
|
|
|
|
sleep 4
|
|
|
|
@@ -58,9 +58,9 @@ if test $? != 0;then
|
|
fi
|
|
|
|
echo "Terminating and connecting again with same cookie... "
|
|
-#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
# fail $PID "Could not connect to server"
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1
|
|
|
|
sleep 4
|
|
|
|
@@ -82,9 +82,9 @@ rm -f "${PIDFILE2}"
|
|
sleep 18
|
|
|
|
echo "Proper termination and connecting again with same (invalidated) cookie... "
|
|
-#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+#( echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
# fail $PID "Could not connect to server"
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background >/dev/null 2>&1
|
|
|
|
sleep 4
|
|
|
|
diff --git a/tests/test-cookie-timeout b/tests/test-cookie-timeout
|
|
index 08081b2..b8b4dda 100755
|
|
--- a/tests/test-cookie-timeout
|
|
+++ b/tests/test-cookie-timeout
|
|
@@ -34,7 +34,7 @@ launch_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
fail $PID "Could not obtain cookie"
|
|
@@ -44,7 +44,7 @@ fi
|
|
sleep 16
|
|
echo ""
|
|
echo "Connecting with cookie... "
|
|
-echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
|
+echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
|
|
|
sleep 4
|
|
|
|
@@ -59,7 +59,7 @@ rm -f "${PIDFILE}"
|
|
sleep 16
|
|
echo ""
|
|
echo "Connecting again with cookie... "
|
|
-echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
|
+echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
|
|
|
sleep 4
|
|
|
|
@@ -74,7 +74,7 @@ rm -f "${PIDFILE}"
|
|
sleep 16
|
|
echo ""
|
|
echo "Connecting after forced kill with cookie... "
|
|
-echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
|
+echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
|
|
|
sleep 4
|
|
|
|
@@ -90,7 +90,7 @@ rm -f "${PIDFILE}"
|
|
sleep 45
|
|
echo ""
|
|
echo "Connecting with cookie after expiration... "
|
|
-echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
|
+echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE}" --background
|
|
|
|
sleep 4
|
|
|
|
@@ -104,7 +104,7 @@ fi
|
|
# test cookie verification after cookie verification failure. That is to verify whether
|
|
# the channel between main and sec-mod is in consistent state.
|
|
echo "Connecting (again) to obtain cookie... "
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
|
|
|
|
if test $? != 0;then
|
|
fail $PID "Could not obtain cookie"
|
|
diff --git a/tests/test-cookie-timeout-2 b/tests/test-cookie-timeout-2
|
|
index fbeba81..4161eb6 100755
|
|
--- a/tests/test-cookie-timeout-2
|
|
+++ b/tests/test-cookie-timeout-2
|
|
@@ -33,7 +33,7 @@ launch_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
fail $PID "Could not obtain cookie"
|
|
@@ -43,7 +43,7 @@ fi
|
|
sleep 10
|
|
echo ""
|
|
echo "Connecting with cookie... "
|
|
-echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file ${srcdir}/pid.$$ --background
|
|
+echo "test" | $OPENCONNECT -q -b localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pid.$$ --background
|
|
|
|
sleep 4
|
|
|
|
@@ -58,7 +58,7 @@ rm -f "${srcdir}/pid2.$$"
|
|
sleep 30
|
|
echo ""
|
|
echo "Connecting again with cookie (overriding first session)... "
|
|
-echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file ${srcdir}/pid2.$$ --background
|
|
+echo "test" | $OPENCONNECT -b -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pid2.$$ --background
|
|
|
|
sleep 6
|
|
|
|
diff --git a/tests/test-enc-key b/tests/test-enc-key
|
|
index 0ca6249..5d65b62 100755
|
|
--- a/tests/test-enc-key
|
|
+++ b/tests/test-enc-key
|
|
@@ -33,7 +33,7 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
cleanup
|
|
@@ -48,7 +48,7 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
cleanup
|
|
diff --git a/tests/test-explicit-ip b/tests/test-explicit-ip
|
|
index bfd1a9d..41d4665 100755
|
|
--- a/tests/test-explicit-ip
|
|
+++ b/tests/test-explicit-ip
|
|
@@ -31,13 +31,13 @@ connect()
|
|
opts=$1
|
|
pass=$2
|
|
COOKIE=''
|
|
-eval `echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate`
|
|
+eval `echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate`
|
|
if [ -z "$COOKIE" ];then
|
|
return 1
|
|
fi
|
|
|
|
rm -f $TMPFILE
|
|
-echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file ${srcdir}/pidx >$TMPFILE 2>&1 &
|
|
+echo "$pass" | $OPENCONNECT -q localhost:$PORT $opts -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file ${srcdir}/pidx >$TMPFILE 2>&1 &
|
|
CPID=$!
|
|
|
|
sleep 3
|
|
diff --git a/tests/test-group-pass b/tests/test-group-pass
|
|
index 1530f43..7a78237 100755
|
|
--- a/tests/test-group-pass
|
|
+++ b/tests/test-group-pass
|
|
@@ -33,19 +33,19 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group1 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group1 --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group2 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group2 --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group2 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group2 --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo "Connecting to obtain cookie with wrong groupname... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group4 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --authgroup group4 --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
cleanup
|
|
diff --git a/tests/test-gssapi-opt-cert b/tests/test-gssapi-opt-cert
|
|
index 0ef2d55..5cf1105 100755
|
|
--- a/tests/test-gssapi-opt-cert
|
|
+++ b/tests/test-gssapi-opt-cert
|
|
@@ -29,7 +29,7 @@ opts=$1
|
|
pass=$2
|
|
rm -f ${OUTFILE}
|
|
|
|
-echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${OUTFILE} 2>&1
|
|
+echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${OUTFILE} 2>&1
|
|
if test $? != 0;then
|
|
cat ${OUTFILE}
|
|
return 1
|
|
diff --git a/tests/test-gssapi-opt-pass b/tests/test-gssapi-opt-pass
|
|
index 8999d30..b6ebd11 100755
|
|
--- a/tests/test-gssapi-opt-pass
|
|
+++ b/tests/test-gssapi-opt-pass
|
|
@@ -29,7 +29,7 @@ opts=$1
|
|
pass=$2
|
|
rm -f ${OUTFILE}
|
|
|
|
-echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --authenticate >${OUTFILE} 2>&1
|
|
+echo "$pass" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --authenticate >${OUTFILE} 2>&1
|
|
if test $? != 0;then
|
|
cat ${OUTFILE}
|
|
return 1
|
|
diff --git a/tests/test-iroute b/tests/test-iroute
|
|
index d7b5f52..caf0a92 100755
|
|
--- a/tests/test-iroute
|
|
+++ b/tests/test-iroute
|
|
@@ -34,13 +34,13 @@ launch_server -d 1 -f -c "${CONFIG}" & PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null ) ||
|
|
+( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Re-connecting to force script run... "
|
|
-$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null &
|
|
+$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null &
|
|
kpid=$!
|
|
echo ok
|
|
|
|
diff --git a/tests/test-maintenance b/tests/test-maintenance
|
|
index 208a30b..ec162e9 100755
|
|
--- a/tests/test-maintenance
|
|
+++ b/tests/test-maintenance
|
|
@@ -34,7 +34,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
@@ -47,7 +47,7 @@ kill -USR2 $PID
|
|
sleep 5
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
@@ -58,7 +58,7 @@ kill -USR2 $PID
|
|
sleep 5
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
diff --git a/tests/test-max-same-1 b/tests/test-max-same-1
|
|
index 5146483..ec19c0d 100755
|
|
--- a/tests/test-max-same-1
|
|
+++ b/tests/test-max-same-1
|
|
@@ -47,7 +47,7 @@ launch_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
echo "Could not obtain cookie"
|
|
@@ -57,12 +57,12 @@ fi
|
|
#echo "Cookie: $COOKIE"
|
|
|
|
echo "Connecting with cookie... "
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background
|
|
|
|
sleep 4
|
|
|
|
echo "Connecting again with same cookie... "
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background
|
|
|
|
sleep 4
|
|
|
|
diff --git a/tests/test-multi-cookie b/tests/test-multi-cookie
|
|
index 83c9cb5..7581f9c 100755
|
|
--- a/tests/test-multi-cookie
|
|
+++ b/tests/test-multi-cookie
|
|
@@ -47,7 +47,7 @@ launch_server -d 1 -f -c "${CONFIG}" & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
echo "Could not obtain cookie"
|
|
@@ -57,12 +57,12 @@ fi
|
|
#echo "Cookie: $COOKIE"
|
|
|
|
echo "Connecting with cookie... "
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE1}" --background
|
|
|
|
sleep 4
|
|
|
|
echo "Connecting again with same cookie... "
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -b -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${PIDFILE2}" --background
|
|
|
|
sleep 4
|
|
|
|
diff --git a/tests/test-multiple-client-ip b/tests/test-multiple-client-ip
|
|
index 0e799e0..76099fe 100755
|
|
--- a/tests/test-multiple-client-ip
|
|
+++ b/tests/test-multiple-client-ip
|
|
@@ -84,14 +84,14 @@ sleep 4
|
|
|
|
# Run client 1
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
@@ -99,14 +99,14 @@ fi
|
|
|
|
# Run client 2
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS3} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS3} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS3} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID2} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS3} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID2} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|
|
diff --git a/tests/test-namespace-listen b/tests/test-namespace-listen
|
|
index 9691b28..81c3e86 100755
|
|
--- a/tests/test-namespace-listen
|
|
+++ b/tests/test-namespace-listen
|
|
@@ -77,7 +77,7 @@ if test $? != 0; then
|
|
fi
|
|
|
|
echo " connecting to server"
|
|
-(echo "test" | ${CMDNS3} $OPENCONNECT $ADDRESS:$PORT -u "test" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --pid-file=${CLIPID} -b) ||
|
|
+(echo "test" | ${CMDNS3} $OPENCONNECT $ADDRESS:$PORT -u "test" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --pid-file=${CLIPID} -b) ||
|
|
fail $PID "could not connect to server"
|
|
sleep 5
|
|
|
|
diff --git a/tests/test-otp b/tests/test-otp
|
|
index 5209b0a..ed1fe94 100755
|
|
--- a/tests/test-otp
|
|
+++ b/tests/test-otp
|
|
@@ -45,27 +45,27 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting with wrong username... "
|
|
-( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u falsetest --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u falsetest --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected with wrong username!"
|
|
echo ok
|
|
|
|
echo -n "Connecting with wrong OTP... "
|
|
-( echo -e "test\n999482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "test\n999482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Should not have connected with wrong OTP!"
|
|
echo ok
|
|
|
|
echo -n "Connecting with correct password and OTP... "
|
|
-( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with OTP!"
|
|
echo ok
|
|
|
|
echo -n "Connecting with empty password and wrong OTP... "
|
|
-( echo -e "999999\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "999999\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Should have not connected with wrong OTP!"
|
|
echo ok
|
|
|
|
echo -n "Connecting with empty password and OTP... "
|
|
-( echo -e "328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo -e "328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with OTP-only!"
|
|
echo ok
|
|
|
|
diff --git a/tests/test-otp-cert b/tests/test-otp-cert
|
|
index c8dc12c..61a71db 100755
|
|
--- a/tests/test-otp-cert
|
|
+++ b/tests/test-otp-cert
|
|
@@ -45,22 +45,22 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (without certificate)... "
|
|
-( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected without certificate!"
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie (with incorrect certificate)... "
|
|
-( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Should not have connected with wrong certificate!"
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo -e "test\n328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie (with no pass and certificate)... "
|
|
-( echo -e "328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo -e "328482\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
echo ok
|
|
|
|
diff --git a/tests/test-pam b/tests/test-pam
|
|
index 8ec787a..561a140 100755
|
|
--- a/tests/test-pam
|
|
+++ b/tests/test-pam
|
|
@@ -37,22 +37,22 @@ wait_server $PID
|
|
|
|
echo ""
|
|
echo "Connecting with wrong password... "
|
|
-( echo -e "testuser\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "testuser\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie with wrong cred"
|
|
|
|
echo ""
|
|
echo "Connecting with empty password... "
|
|
-( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie with wrong cred"
|
|
|
|
echo ""
|
|
echo "Connecting with wrong username... "
|
|
-( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie with wrong cred"
|
|
|
|
echo ""
|
|
echo "Connecting with correct password... "
|
|
-( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||#>/dev/null 2>&1 ) ||
|
|
+( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -v $ADDRESS:$PORT --authgroup group2 -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||#>/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
cleanup
|
|
diff --git a/tests/test-pam-noauth b/tests/test-pam-noauth
|
|
index dc8dd3d..1f67371 100755
|
|
--- a/tests/test-pam-noauth
|
|
+++ b/tests/test-pam-noauth
|
|
@@ -35,19 +35,19 @@ launch_sr_pam_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting with correct password but no PAM user... "
|
|
-( echo -e "test\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u xtest --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "test\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u xtest --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie with non existing user"
|
|
|
|
echo "Connecting with incorrect password (correct in PAM) and existing user... "
|
|
-( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "testuser123\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie with non existing user"
|
|
|
|
echo "Connecting with empty password (correct in PAM) and existing user... "
|
|
-( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie with non existing user"
|
|
|
|
echo "Connecting with correct password and existing user... "
|
|
-( echo -e "test\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||#>/dev/null 2>&1 ) ||
|
|
+( echo -e "test\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u testuser --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||#>/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
cleanup
|
|
diff --git a/tests/test-pass b/tests/test-pass
|
|
index 9d5484a..5aaaf48 100755
|
|
--- a/tests/test-pass
|
|
+++ b/tests/test-pass
|
|
@@ -34,39 +34,39 @@ launch_sr_server -d 1 -p ${PIDFILE} -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo "Connecting to obtain cookie with wrong password... "
|
|
-( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
echo "Connecting to obtain cookie with empty password... "
|
|
-( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo -e "\n" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
echo "Connecting to obtain cookie with wrong username... "
|
|
-( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "tost" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u tost --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
# test locked account
|
|
|
|
echo "Connecting to obtain cookie with locked account... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u locked --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
#test special characters
|
|
|
|
echo "Connecting to obtain cookie with special password... "
|
|
-( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "!@#$%^&*()<>" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo "Connecting to obtain cookie with empty password... "
|
|
-( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u "empty" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
#echo "Normal connection... "
|
|
-#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
|
+#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
|
# fail $PID "Could not connect to server"
|
|
|
|
if ! test -f ${PIDFILE};then
|
|
diff --git a/tests/test-pass-cert b/tests/test-pass-cert
|
|
index 8050788..8d284b8 100755
|
|
--- a/tests/test-pass-cert
|
|
+++ b/tests/test-pass-cert
|
|
@@ -34,26 +34,26 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (without certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected without certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie (with incorrect certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-wrong.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Should not have connected with wrong certificate!"
|
|
|
|
echo ok
|
|
|
|
|
|
#echo "Normal connection... "
|
|
-#( echo "test" | $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
|
+#( echo "test" | $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true ) ||
|
|
# fail $PID "Could not connect to server"
|
|
|
|
cleanup
|
|
diff --git a/tests/test-pass-group-cert b/tests/test-pass-group-cert
|
|
index ff64993..e559ac6 100755
|
|
--- a/tests/test-pass-group-cert
|
|
+++ b/tests/test-pass-group-cert
|
|
@@ -33,37 +33,37 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (without certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected without certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie - group1 (with certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie - DEFAULT (with certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup DEFAULT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup DEFAULT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie - group2 (with certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie - group4 (with certificate)... "
|
|
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group4 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Got cookie when it shouldn't!"
|
|
|
|
echo ok
|
|
diff --git a/tests/test-pass-group-cert-no-pass b/tests/test-pass-group-cert-no-pass
|
|
index bc39b45..401b24f 100755
|
|
--- a/tests/test-pass-group-cert-no-pass
|
|
+++ b/tests/test-pass-group-cert-no-pass
|
|
@@ -33,25 +33,25 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (without certificate)... "
|
|
-LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 &&
|
|
+LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 &&
|
|
fail $PID "Connected without certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie - group1 (with certificate)... "
|
|
-LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ||
|
|
+LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group1 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie - group2 (with certificate)... "
|
|
-LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ||
|
|
+LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group2 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
|
|
-LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ||
|
|
+LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --authgroup group3 -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-group-key.pem -c ${srcdir}/certs/user-group-cert.pem -u test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
diff --git a/tests/test-pass-opt-cert b/tests/test-pass-opt-cert
|
|
index ac9adc1..1836538 100755
|
|
--- a/tests/test-pass-opt-cert
|
|
+++ b/tests/test-pass-opt-cert
|
|
@@ -38,7 +38,7 @@ connect()
|
|
{
|
|
opts=$1
|
|
pass=$2
|
|
-echo ${pass} | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --passwd-on-stdin --authenticate >${TMPFILE}
|
|
+echo ${pass} | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT $opts --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --passwd-on-stdin --authenticate >${TMPFILE}
|
|
if test $? != 0;then
|
|
cat ${TMPFILE}
|
|
return 1
|
|
diff --git a/tests/test-pass-script b/tests/test-pass-script
|
|
index 89a4094..0f18551 100755
|
|
--- a/tests/test-pass-script
|
|
+++ b/tests/test-pass-script
|
|
@@ -67,7 +67,7 @@ launch_server -d 1 -f -c "${CONFIG}" & PID=$!
|
|
wait_server $PID
|
|
|
|
echo " * Connecting to obtain cookie with wrong username... "
|
|
-( echo "tost" | $OPENCONNECT -q localhost:$PORT -u tost --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
|
|
+( echo "tost" | $OPENCONNECT -q localhost:$PORT -u tost --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) &&
|
|
fail $PID "Received cookie when we shouldn't"
|
|
|
|
rm -f ${builddir}/connect.ok
|
|
@@ -76,11 +76,11 @@ rm -f ${builddir}/host-update.ok
|
|
#test special characters
|
|
|
|
echo " * Connecting to obtain cookie... "
|
|
-( echo "!@#$%^&*()<>" | $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "!@#$%^&*()<>" | $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo " * Re-connecting to force script run... "
|
|
-echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true
|
|
+echo "!@#$%^&*()<>" | timeout 7 $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true
|
|
|
|
TIMEOUT=5
|
|
while ! test -f ${builddir}/disconnect.ok; do
|
|
@@ -112,7 +112,7 @@ rm -f ${builddir}/disconnect.ok
|
|
rm -f ${builddir}/host-update.ok
|
|
|
|
echo " * Re-connecting to get cookie... "
|
|
-echo "test2" | $OPENCONNECT -q localhost:$PORT -u "test2" --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >${PARAMSFILE}
|
|
+echo "test2" | $OPENCONNECT -q localhost:$PORT -u "test2" --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >${PARAMSFILE}
|
|
if test $? != 0;then
|
|
echo "Could not connect"
|
|
cat ${PARAMSFILE}
|
|
@@ -127,7 +127,7 @@ fi
|
|
|
|
echo " * Re-connecting to force session stealing... "
|
|
eval "$(grep COOKIE ${PARAMSFILE})"
|
|
-echo ${COOKIE}| $OPENCONNECT --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE} -b
|
|
+echo ${COOKIE}| $OPENCONNECT --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true --pid-file=${OPIDFILE} -b
|
|
|
|
echo " - Pausing client"
|
|
TIMEOUT=4
|
|
@@ -156,7 +156,7 @@ rm -f ${builddir}/connect.ok
|
|
rm -f ${builddir}/disconnect.ok
|
|
|
|
echo " * Re-connecting to steal previous IP address... "
|
|
-echo ${COOKIE} | $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true --pid-file=${OPIDFILE2} -b
|
|
+echo ${COOKIE} | $OPENCONNECT -q --local-hostname='mylocalname' localhost:$PORT -u "test2" --reconnect-timeout 0 --cookie-on-stdin --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true --pid-file=${OPIDFILE2} -b
|
|
|
|
echo " - Resuming (disconnected) client"
|
|
kill -s CONT $(cat ${OPIDFILE})
|
|
@@ -205,7 +205,7 @@ done
|
|
sleep 5
|
|
echo " - Check server status"
|
|
|
|
-( echo "!@#$%^&*()<>" | $OPENCONNECT --local-hostname='mylocalname' -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "!@#$%^&*()<>" | $OPENCONNECT --local-hostname='mylocalname' -q localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo " - Killing server"
|
|
diff --git a/tests/test-replay b/tests/test-replay
|
|
index b8aa848..0533893 100755
|
|
--- a/tests/test-replay
|
|
+++ b/tests/test-replay
|
|
@@ -60,7 +60,7 @@ launch_server -d 9999 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3`
|
|
+eval `echo "test" | $OPENCONNECT -q localhost:$PORT -u test --authenticate --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=`
|
|
|
|
if [ -z "$COOKIE" ];then
|
|
echo "Could not obtain cookie"
|
|
@@ -70,7 +70,7 @@ fi
|
|
#echo "Cookie: $COOKIE"
|
|
|
|
echo "Connecting with cookie... "
|
|
-echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --verbose --pid-file "${PIDFILE1}" --background
|
|
+echo "test" | $OPENCONNECT -q localhost:$PORT -u test -C "$COOKIE" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --verbose --pid-file "${PIDFILE1}" --background
|
|
|
|
sleep 4
|
|
|
|
diff --git a/tests/test-san-cert b/tests/test-san-cert
|
|
index a5040ae..a41c331 100755
|
|
--- a/tests/test-san-cert
|
|
+++ b/tests/test-san-cert
|
|
@@ -49,25 +49,25 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (without certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected without certificate!"
|
|
|
|
echo "ok (failed as expected)"
|
|
|
|
echo -n "Connecting to obtain cookie (with invalid certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-invalid.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected with invalid certificate!"
|
|
|
|
echo "ok (failed as expected)"
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate - no SAN)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
fail $PID "Connected with invalid certificate!"
|
|
|
|
echo "ok (failed as expected)"
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate - SAN)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-san-cert.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-san-cert.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
fail $PID "Failed to connect with certificate!"
|
|
|
|
echo ok
|
|
diff --git a/tests/test-script-multi-user b/tests/test-script-multi-user
|
|
index 6327a26..c0bfa3d 100755
|
|
--- a/tests/test-script-multi-user
|
|
+++ b/tests/test-script-multi-user
|
|
@@ -47,16 +47,16 @@ launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
|
wait_server $PID
|
|
|
|
echo "Connecting to force script block... "
|
|
-echo "!@#$%^&*()<>" | timeout 60 $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true &
|
|
+echo "!@#$%^&*()<>" | timeout 60 $OPENCONNECT -q localhost:$PORT -u "sp@c/al" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true &
|
|
|
|
sleep 3
|
|
|
|
echo "Connecting to obtain cookie... "
|
|
-( echo "${USERNAME}" | $OPENCONNECT -q localhost:$PORT -u "${USERNAME}" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
|
|
+( echo "${USERNAME}" | $OPENCONNECT -q localhost:$PORT -u "${USERNAME}" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not receive cookie from server"
|
|
|
|
echo "Connecting in background... "
|
|
-( echo "${USERNAME}" | timeout 15 $OPENCONNECT -q localhost:$PORT -u "${USERNAME}" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --background >/dev/null 2>&1 ) ||
|
|
+( echo "${USERNAME}" | timeout 15 $OPENCONNECT -q localhost:$PORT -u "${USERNAME}" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --background >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect to server; probably blocked"
|
|
|
|
sleep 3
|
|
diff --git a/tests/test-sighup b/tests/test-sighup
|
|
index add538f..dd424e5 100755
|
|
--- a/tests/test-sighup
|
|
+++ b/tests/test-sighup
|
|
@@ -34,7 +34,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
@@ -44,7 +44,7 @@ kill -HUP $PID
|
|
sleep 5
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
@@ -57,7 +57,7 @@ kill -HUP $PID
|
|
sleep 5
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
+( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
diff --git a/tests/test-stress b/tests/test-stress
|
|
index 3816604..a2db96e 100755
|
|
--- a/tests/test-stress
|
|
+++ b/tests/test-stress
|
|
@@ -33,7 +33,7 @@ run_client() {
|
|
PASS=$1;
|
|
shift;
|
|
|
|
- ( echo $PASS | $OPENCONNECT -q $HOST -u $USER --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true >/dev/null 2>&1 ) ||
|
|
+ ( echo $PASS | $OPENCONNECT -q $HOST -u $USER --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true >/dev/null 2>&1 ) ||
|
|
echo "$USER: Could not connect to server"
|
|
}
|
|
|
|
diff --git a/tests/test-udp-listen-host b/tests/test-udp-listen-host
|
|
index f3e6623..956938b 100755
|
|
--- a/tests/test-udp-listen-host
|
|
+++ b/tests/test-udp-listen-host
|
|
@@ -111,7 +111,7 @@ ${CMDNS2} ${HAPROXY} -f ${HACONFIG} -d & HAPID=$!
|
|
sleep 3
|
|
|
|
echo " * Connecting to haproxy and using dtls ... "
|
|
-echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} --user test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${CLIPID}" --background
|
|
+echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} --user test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${CLIPID}" --background
|
|
|
|
wait_file "${CLIPID}" 11
|
|
|
|
@@ -134,7 +134,7 @@ echo "restart ocsev with udp-listen-host set to 127.0.0.1"
|
|
${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG_UDP_LISTEN_LOCAL} ${DEBUG} & PID=$!
|
|
|
|
echo " * Connecting to haproxy and using dtls again ... "
|
|
-echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} --user test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true --verbose --pid-file "${CLIPID2}" --background
|
|
+echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${HAPORT} --user test --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --script=/bin/true --verbose --pid-file "${CLIPID2}" --background
|
|
|
|
wait_file "${CLIPID2}" 11
|
|
|
|
diff --git a/tests/test-user-config b/tests/test-user-config
|
|
index 1c7f518..f8573ce 100755
|
|
--- a/tests/test-user-config
|
|
+++ b/tests/test-user-config
|
|
@@ -42,20 +42,20 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to obtain cookie (with certificate)... "
|
|
-( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null ) ||
|
|
+( $OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly </dev/null >/dev/null ) ||
|
|
fail $PID "Could not connect with certificate!"
|
|
|
|
echo ok
|
|
|
|
echo -n "Re-connecting to force script run... "
|
|
-$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >/dev/null &
|
|
+$OPENCONNECT -q localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >/dev/null &
|
|
kpid1=$!
|
|
echo ok
|
|
|
|
sleep 2
|
|
|
|
echo -n "Re-connecting to check the iroutes... "
|
|
-$OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1 &
|
|
+$OPENCONNECT -v localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1 &
|
|
kpid2=$!
|
|
|
|
echo ok
|
|
@@ -63,7 +63,7 @@ sleep 3
|
|
|
|
echo -n "Checking if max-same-clients is considered... "
|
|
|
|
-timeout 15s $OPENCONNECT localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE2} 2>&1
|
|
+timeout 15s $OPENCONNECT localhost:$PORT --sslkey ${srcdir}/certs/user-key.pem -c ${srcdir}/certs/user-cert-testuser.pem --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE2} 2>&1
|
|
if test $? = 124;then
|
|
fail $PID "Max-same-clients directive was ignored"
|
|
fi
|
|
@@ -155,7 +155,7 @@ rm -f ${TMPFILE1}
|
|
rm -f ${TMPFILE2}
|
|
|
|
echo -n "Re-connecting to check the ipv4-network... "
|
|
-$OPENCONNECT -v localhost:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-testipnet.pem" --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s /bin/true </dev/null >${TMPFILE1} 2>&1 & kpid3=$!
|
|
+$OPENCONNECT -v localhost:$PORT --sslkey "${srcdir}/certs/user-key.pem" -c "${srcdir}/certs/user-cert-testipnet.pem" --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s /bin/true </dev/null >${TMPFILE1} 2>&1 & kpid3=$!
|
|
|
|
echo ok
|
|
sleep 3
|
|
diff --git a/tests/test-vhost b/tests/test-vhost
|
|
index 902f011..1a57e60 100755
|
|
--- a/tests/test-vhost
|
|
+++ b/tests/test-vhost
|
|
@@ -62,7 +62,7 @@ PID=$!
|
|
wait_server $PID
|
|
|
|
echo -n "Connecting to default host to obtain cookie (user without certificate)... "
|
|
-connect "default.example.com" "-u test" "test" "d66b507ae074d03b02eafca40d35f87dd81049d3"
|
|
+connect "default.example.com" "-u test" "test" "pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8="
|
|
if test $? != 0;then
|
|
fail $PID "Failed to connect with user without certificate!"
|
|
fi
|
|
@@ -111,7 +111,7 @@ fi
|
|
echo ok
|
|
|
|
echo -n "Connecting to default host to obtain cookie (with certificate)... "
|
|
-connect "default.example.com" "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem" "" "d66b507ae074d03b02eafca40d35f87dd81049d3"
|
|
+connect "default.example.com" "-u test --sslkey ./certs/user-key.pem -c ./certs/user-cert.pem" "" "pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8="
|
|
if test $? = 0;then
|
|
fail $PID "Connected to wrong host with certificate!"
|
|
fi
|
|
@@ -136,7 +136,7 @@ kill -HUP $PID
|
|
sleep 5
|
|
|
|
echo -n "Sanity check to default host..."
|
|
-connect "default.example.com" "-u test" "test" "d66b507ae074d03b02eafca40d35f87dd81049d3"
|
|
+connect "default.example.com" "-u test" "test" "pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8="
|
|
if test $? != 0;then
|
|
fail $PID "Failed to connect with user without certificate!"
|
|
fi
|
|
diff --git a/tests/traffic b/tests/traffic
|
|
index 3ea962f..1f0fcaf 100755
|
|
--- a/tests/traffic
|
|
+++ b/tests/traffic
|
|
@@ -79,14 +79,14 @@ sleep 4
|
|
|
|
# Run clients
|
|
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= --cookieonly )
|
|
if test $? != 0;then
|
|
echo "Could not get cookie from server"
|
|
exit 1
|
|
fi
|
|
|
|
echo " * Connecting to ${ADDRESS}:${PORT}..."
|
|
-( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
+( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8= -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b )
|
|
if test $? != 0;then
|
|
echo "Could not connect to server"
|
|
exit 1
|