#!/bin/sh # Copyright (C) 2010 Free Software Foundation, Inc. # # Author: Nikos Mavrogiannopoulos # # This file is part of GnuTLS. # # GnuTLS is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 3 of the License, or (at # your option) any later version. # # GnuTLS is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" SERV="${SERV:-../../src/gnutls-serv} -q" CLI="${CLI:-../../src/gnutls-cli}" PORT="${PORT:-5557}" DEBUG="" unset RETCODE if test "${WINDIR}" != "";then exit 77 fi fail() { echo "Failure: $1" >&2 RETCODE=${RETCODE:-${2:-1}} } echo "Checking OpenPGP certificate verification" $SERV -p $PORT --pgpcertfile $srcdir/srv-public-127.0.0.1-signed.gpg --pgpkeyfile $srcdir/srv-secret.gpg >/dev/null 2>&1 & PID=$! trap "kill $PID" 1 15 2 # give the server a chance to initialize sleep 2 #gnutls currently only considers PGP certificates verified only if #all user IDs in the certificate were signed. #$CLI -p $PORT 127.0.0.1 --pgpkeyring ca-public.gpg /dev/null || \ # fail "Connection to verified IP address should have succeeded! (error code $?)" $? $CLI $DEBUG -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg /dev/null 2>&1 && \ fail "Connection to unrecognized IP address should have failed!" $CLI $DEBUG -p $PORT localhost --pgpkeyring $srcdir/ca-public.gpg /dev/null 2>&1 && \ fail "Connection to unverified (but present) 'localhost' should have failed!" kill $PID wait $SERV -p $PORT --pgpcertfile $srcdir/srv-public-localhost-signed.gpg --pgpkeyfile $srcdir/srv-secret.gpg >/dev/null 2>&1 & PID=$! trap "kill $PID" 1 15 2 # give the server a chance to initialize sleep 2 echo | $CLI $DEBUG -p $PORT 127.0.0.1 --pgpkeyring $srcdir/ca-public.gpg /dev/null 2>&1 && \ fail "Connection to unverified IP address should have failed! (error code $?)" $? $CLI $DEBUG -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg /dev/null 2>&1 && \ fail "Connection to unrecognized IP address should have failed!" #see reason above #$CLI -p $PORT localhost --pgpkeyring ca-public.gpg /dev/null || \ # fail "Connection to verified 'localhost' should have succeded! (error code $?)" $? kill $PID wait $SERV -p $PORT --pgpcertfile $srcdir/srv-public-all-signed.gpg --pgpkeyfile $srcdir/srv-secret.gpg >/dev/null 2>&1 & PID=$! trap "kill $PID" 1 15 2 # give the server a chance to initialize sleep 2 echo | $CLI $DEBUG -p $PORT 127.0.0.1 --pgpkeyring $srcdir/ca-public.gpg /dev/null || \ fail "Connection to signed PGP certificate should have succeeded! (error code $?)" $? $CLI $DEBUG -p $PORT 127.0.0.2 --pgpkeyring $srcdir/ca-public.gpg /dev/null && \ fail "Connection to unrecognized IP address should have failed!" kill $PID wait exit ${RETCODE:-0}