From 4fc35b2d92cfeb453b0f262a46ff50c9506d8ff9 Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Thu, 01 Aug 2019 19:15:47 -0400 Subject: tests/howsmyssl.sh: New test script --- diff --git a/tests/howsmyssl.sh b/tests/howsmyssl.sh new file mode 100755 index 0000000..2f7296d --- /dev/null +++ b/tests/howsmyssl.sh @@ -0,0 +1,67 @@ +# Tests using Jeff Hodges's How's My SSL? Web service +# +# Copyright (C) 2019 Patrick McDermott +# +# This file is part of wolfssl-util. +# +# wolfssl-util is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# wolfssl-util is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with wolfssl-util. If not, see . + +set -eu + +. "${TOP_SRCDIR}/tests/aux/tap-functions.sh" +JSON_SEPARATOR='/' JSON_DEBUG='' . "${TOP_SRCDIR}/tests/aux/json.sh" + +test_grep() +{ + printf '%s\n' "${members}" | grep "${@}" +} + +plan_ 7 + +json="$(printf 'GET /a/check HTTP/1.1\r\n'$(: \ + )'Host: www.howsmyssl.com:443\r\nConnection: close\r\n\r\n' | \ + "${TOP_BUILDDIR}/wolfssl-util" s_client \ + -connect www.howsmyssl.com:443 \ + -servername www.howsmyssl.com | \ + sed -n 's/\r$//; /^{/,$p')" +printf '%s\n' + +IFS=' +' +printf '# JSON:\n' +printf '# %s\n' ${json} +unset IFS + +members="$(printf '%s\n' "${json}" | json)" + +IFS=' +' +printf '# Parsed members:\n' +printf '# %s\n' ${members} +unset IFS + +command_ok_ 'Ephemeral keys supported' -- \ + test_grep -q '^/ephemeral_keys_supported boolean true$' +command_ok_ 'No TLS compression supported' -- \ + test_grep -q '^/tls_compression_supported boolean false$' +command_ok_ 'No unknown cipher suites supported' -- \ + test_grep -q '^/unknown_cipher_suite_supported boolean false$' +command_ok_ 'No BEAST vulnerability' -- \ + test_grep -q '^/beast_vuln boolean false$' +command_ok_ 'No weak cipher suites supported' -- \ + test_grep -vq '^/insecure_cipher_suites/' +command_ok_ 'TLS 1.2' -- \ + test_grep -q '^/tls_version string TLS 1.2$' +command_ok_ 'Probably OK' -- \ + test_grep -q '^/rating string Probably Okay$' diff --git a/tests/local.mk b/tests/local.mk index 288b9ad..5b5be3b 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -1,5 +1,6 @@ TESTS = \ - %reldir%/badssl.sh + %reldir%/badssl.sh \ + %reldir%/howsmyssl.sh TEST_EXTENSIONS = .sh SH_LOG_DRIVER = \ AM_TAP_AWK='$(AWK)' \ -- cgit v0.9.1