Ana Sayfa Keşfet Yardım
Giriş Yap
vimacs
/
openconnect
İzle 1
Yıldızla 0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Dal: h3cssl
Dallar Biçim İmleri
openconnect
/
tests
/
obsolete-server-crypto

obsolete-server-crypto 2.4 KB
Kalıcı Bağlantı Geçmiş Ham

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # Copyright (C) 2020 Daniel Lenski
    4. 

  4. #
    5. 

  5. # This file is part of openconnect.
    6. 

  6. #
    7. 

  7. # This is free software; you can redistribute it and/or
    8. 

  8. # modify it under the terms of the GNU Lesser General Public License
    9. 

  9. # as published by the Free Software Foundation; either version 2.1 of
    10. 

  10. # the License, or (at your option) any later version.
    11. 

  11. #
    12. 

  12. # This library is distributed in the hope that it will be useful, but
    13. 

  13. # WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    15. 

  15. # Lesser General Public License for more details.
    16. 

  16. #
    17. 

  17. # You should have received a copy of the GNU Lesser General Public License
    18. 

  18. # along with this program.  If not, see <http://www.gnu.org/licenses/>
    19. 

  19. 

  20. # This test uses LD_PRELOAD
    21. 

  21. PRELOAD=1
    22. 

  22. SERV="${SERV:-../src/ocserv}"
    23. 

  23. srcdir=${srcdir:-.}
    24. 

  24. top_builddir=${top_builddir:-..}
    25. 

  25. 

  26. . `dirname $0`/common.sh
    27. 

  27. 

  28. ########################################
    29. 

  29. # Verify that we cannot connect to a server offering only obsolete, insecure
    30. 

  30. # crypto UNLESS --allow-insecure-crypto is specified.
    31. 

  31. ########################################
    32. 

  32. 

  33. echo "Testing against server with insecure crypto (3DES and RC4 only)..."
    34. 

  34. 

  35. # Run servers
    36. 

  36. PORT=4568
    37. 

  37. TLS_PRIORITIES="LEGACY:%SERVER_PRECEDENCE:%COMPAT:-VERS-TLS-ALL:+VERS-TLS1.0:-CIPHER-ALL:+3DES-CBC:+ARCFOUR-128:+MD5:+SHA1"
    38. 

  38. update_config test-obsolete-server-crypto.config
    39. 

  39. 

  40. ########################################
    41. 

  41. # Need to override mandatory system-wide crypto policy on Fedora 31+, in
    42. 

  42. # order for ocserv to offer 3DES and RC4.
    43. 

  43. #
    44. 

  44. # However, we want to leave this policy in place for openconnect,
    45. 

  45. # in order to verify the client's ability to disable it on its own.
    46. 

  46. ########################################
    47. 

  47. GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null launch_simple_sr_server -d 1 -f -c $CONFIG
    48. 

  48. 

  49. PID=$!
    50. 

  50. wait_server $PID
    51. 

  51. 

  52. echo -n "Connecting without --allow-insecure-crypto... "
    53. 

  53. ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1) &&
    54. 

  54. 	fail $PID "Connected successfully when we shouldn't"
    55. 

  55. 

  56. echo ok
    57. 

  57. 

  58. echo -n "Connecting with --allow-insecure-crypto... "
    59. 

  59. ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --allow-insecure-crypto --cookieonly >/dev/null 2>&1) ||
    60. 

  60. 	fail $PID "Could not connect and obtain cookie with --allow-insecure-crypto"
    61. 

  61. 

  62. echo ok
    63. 

  63. 

  64. cleanup
    65. 

  65. 

  66. exit 0
    67. 

  67.