Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1485989, integrate tlsfuzzer interop tests with Taskcluster, r=mt
Summary: As a start, it only tests TLS 1.3 so far; 8 out of 18 are skipped because of failures. Reviewers: franziskus, HubertKario, mt Reviewed By: mt Subscribers: mt Bug #: 1485989 Differential Revision: https://phabricator.services.mozilla.com/D4217 --HG-- extra : amend_source : e657ab9197f0696fb3a85d86c85d3005362d65a0
- Loading branch information
Showing
7 changed files
with
312 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
# Generate input to certutil | ||
certscript() { | ||
ca=n | ||
while [ $# -gt 0 ]; do | ||
case $1 in | ||
sign) echo 0 ;; | ||
kex) echo 2 ;; | ||
ca) echo 5;echo 6;ca=y ;; | ||
esac; shift | ||
done; | ||
echo 9 | ||
echo n | ||
echo $ca | ||
echo | ||
echo n | ||
} | ||
|
||
# $1: name | ||
# $2: type | ||
# $3+: usages: sign or kex | ||
make_cert() { | ||
name=$1 | ||
type=$2 | ||
|
||
# defaults | ||
type_args=() | ||
trust=',,' | ||
sign=(-x) | ||
sighash=(-Z SHA256) | ||
|
||
case $type in | ||
dsa) type_args=(-g 1024) ;; | ||
rsa) type_args=(-g 1024) ;; | ||
rsa2048) type_args=(-g 2048);type=rsa ;; | ||
rsa8192) type_args=(-g 8192);type=rsa ;; | ||
rsapss) type_args=(-g 1024 --pss);type=rsa ;; | ||
rsapss384) type_args=(-g 1024 --pss);type=rsa;sighash=(-Z SHA384) ;; | ||
rsapss512) type_args=(-g 2048 --pss);type=rsa;sighash=(-Z SHA512) ;; | ||
rsapss_noparam) type_args=(-g 2048 --pss);type=rsa;sighash=() ;; | ||
p256) type_args=(-q nistp256);type=ec ;; | ||
p384) type_args=(-q secp384r1);type=ec ;; | ||
p521) type_args=(-q secp521r1);type=ec ;; | ||
rsa_ca) type_args=(-g 1024);trust='CT,CT,CT';type=rsa ;; | ||
rsa_chain) type_args=(-g 1024);sign=(-c rsa_ca);type=rsa;; | ||
rsapss_ca) type_args=(-g 1024 --pss);trust='CT,CT,CT';type=rsa ;; | ||
rsapss_chain) type_args=(-g 1024);sign=(-c rsa_pss_ca);type=rsa;; | ||
rsa_ca_rsapss_chain) type_args=(-g 1024 --pss-sign);sign=(-c rsa_ca);type=rsa;; | ||
ecdh_rsa) type_args=(-q nistp256);sign=(-c rsa_ca);type=ec ;; | ||
esac | ||
shift 2 | ||
counter=$(($counter + 1)) | ||
certscript $@ | ${BINDIR}/certutil -S \ | ||
-z ${R_NOISE_FILE} -d "${PROFILEDIR}" \ | ||
-n $name -s "CN=$name" -t "$trust" "${sign[@]}" -m "$counter" \ | ||
-w -2 -v 120 -k "$type" "${type_args[@]}" "${sighash[@]}" -1 -2 | ||
html_msg $? 0 "create certificate: $@" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
[ | ||
{ | ||
"server_command": [ | ||
"@SELFSERV@", "-w", "nss", "-d", "@SERVERDIR@", | ||
"-V", "tls1.0:", "-H", "1", | ||
"-n", "rsa", | ||
"-n", "rsa-pss", | ||
"-J", "rsa_pss_rsae_sha256,rsa_pss_rsae_sha384,rsa_pss_rsae_sha512,rsa_pss_pss_sha256", | ||
"-u", "-Z", "-p", "@PORT@" | ||
], | ||
"server_hostname": "@HOSTADDR@", | ||
"server_port": @PORT@, | ||
"tests" : [ | ||
{ | ||
"name" : "test-tls13-conversation.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-count-tickets.py", | ||
"arguments": [ | ||
"-p", "@PORT@", "-t", "1" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-empty-alert.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
], | ||
"comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1471656", | ||
"exp_pass": false | ||
}, | ||
{ | ||
"name" : "test-tls13-finished.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
], | ||
"comment" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1472747", | ||
"exp_pass": false | ||
}, | ||
{ | ||
"name" : "test-tls13-0rtt-garbage.py", | ||
"comment": "the disabled test timeouts because of https://bugzilla.mozilla.org/show_bug.cgi?id=1472747", | ||
"arguments": [ | ||
"-p", "@PORT@", "--cookie", | ||
"-e", "undecryptable record later in handshake together with early_data" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-hrr.py", | ||
"arguments": [ | ||
"-p", "@PORT@", "--cookie" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-legacy-version.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
], | ||
"comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1490006", | ||
"exp_pass": false | ||
}, | ||
{ | ||
"name" : "test-tls13-nociphers.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-pkcs-signature.py", | ||
"comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1489997", | ||
"arguments": [ | ||
"-p", "@PORT@", | ||
"-e", "rsa_pkcs1_sha256 signature", | ||
"-e", "rsa_pkcs1_sha384 signature", | ||
"-e", "rsa_pkcs1_sha512 signature" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-rsa-signatures.py", | ||
"comment": "selfserv can be set up to use multiple certs, but only one for each auth type", | ||
"arguments": [ | ||
"-p", "@PORT@", "-b", | ||
"-e", "tls13 signature rsa_pss_pss_sha384", | ||
"-e", "tls13 signature rsa_pss_pss_sha512" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-rsapss-signatures.py", | ||
"comment": "selfserv can be set up to use multiple certs, but only one to each auth type", | ||
"arguments": [ | ||
"-p", "@PORT@", "-b", | ||
"-e", "tls13 signature rsa_pss_pss_sha384", | ||
"-e", "tls13 signature rsa_pss_pss_sha512" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-record-padding.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-session-resumption.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-signature-algorithms.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
], | ||
"comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1482386", | ||
"exp_pass": false | ||
}, | ||
{ | ||
"name" : "test-tls13-version-negotiation.py", | ||
"comment": "the disabled test timeouts because of https://github.com/tomato42/tlsfuzzer/issues/452", | ||
"arguments": [ | ||
"-p", "@PORT@", | ||
"-e", "SSL 2.0 ClientHello with TLS 1.3 version and TLS 1.3 only ciphersuites" | ||
] | ||
}, | ||
{ | ||
"name" : "test-tls13-zero-length-data.py", | ||
"arguments": [ | ||
"-p", "@PORT@" | ||
] | ||
} | ||
] | ||
} | ||
] |
Oops, something went wrong.