[Openvpn-devel] [S] Change in openvpn[master]: t_server_null_default.rc: Add some tests with --data-ciphers

Wed, 26 Mar 2025 04:42:12 -0700 

Attention is currently required from: mattock.

Hello mattock,

I'd like you to reexamine a change. Please visit

    http://gerrit.openvpn.net/c/openvpn/+/847?usp=email

to look at the new patch set (#2).


Change subject: t_server_null_default.rc: Add some tests with --data-ciphers
......................................................................

t_server_null_default.rc: Add some tests with --data-ciphers

Trying to verify some of the negotiation parts.

Change-Id: I47d95eee8a00b9878331fd6cd6a7db12665f5537
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
---
M tests/t_server_null_default.rc
1 file changed, 30 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/47/847/2

diff --git a/tests/t_server_null_default.rc b/tests/t_server_null_default.rc
index e7bf5bc..ca8004a 100755
--- a/tests/t_server_null_default.rc
+++ b/tests/t_server_null_default.rc
@@ -1,3 +1,4 @@
+# -*- shell-script -*-
 # Notes regarding --dev null server and client configurations:
 #
 # The t_server_null_server.sh exits when all client pid files have gone
@@ -42,7 +43,7 @@
 SERVER_CERT_OPTS="--ca ${CA} --dh ${DH} --cert ${SERVER_CERT} --key 
${SERVER_KEY} --tls-auth ${TA} 0"
 SERVER_CONF_BASE="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} 
${SERVER_CERT_OPTS}"

-TEST_SERVER_LIST="1 2"
+TEST_SERVER_LIST="1 2 3"

 SERVER_NAME_1="t_server_null_server-1194_udp"
 SERVER_SERVER_1="--server 10.29.41.0 255.255.255.0"
@@ -56,6 +57,12 @@
 SERVER_EXEC_2="${SERVER_EXEC}"
 SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp 
--management 127.0.0.1 ${SERVER_MGMT_PORT_2}"

+SERVER_NAME_3="t_server_null_server-1196_udp"
+SERVER_SERVER_3="--server 10.29.43.0 255.255.255.0"
+SERVER_MGMT_PORT_3="11196"
+SERVER_EXEC_3="${SERVER_EXEC}"
+SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp 
--management 127.0.0.1 ${SERVER_MGMT_PORT_3} --cipher AES-192-CBC 
--data-ciphers DEFAULT:AES-192-CBC"
+
 # Test client configurations
 CLIENT_EXEC="${top_builddir}/src/openvpn/openvpn"
 CLIENT_BASE_OPTS="--client --nobind --remote-cert-tls server --persist-tun 
--verb 3 --resolv-retry infinite --connect-retry-max 3 --server-poll-timeout 5 
--explicit-exit-notify 3 --script-security 2"
@@ -65,7 +72,7 @@
 CLIENT_CIPHER_OPTS=""
 CLIENT_CERT_OPTS="--ca ${CA} --cert ${CLIENT_CERT} --key ${CLIENT_KEY} 
--tls-auth ${TA} 1"

-TEST_RUN_LIST="1 1L 2 2L 3"
+TEST_RUN_LIST="1 1L 2 2L 3 4a 4b 4c"
 CLIENT_CONF_BASE="${CLIENT_NULL_OPTS} ${CLIENT_BASE_OPTS} 
${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}"
 CLIENT_CONF_BASE_LWIP="${CLIENT_LWIP_OPTS} ${CLIENT_BASE_OPTS} 
${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}"

@@ -93,3 +100,24 @@
 SHOULD_PASS_3="no"
 CLIENT_EXEC_3="${CLIENT_EXEC}"
 CLIENT_CONF_3="${CLIENT_CONF_BASE} --remote 127.0.0.1 11194 udp --proto udp"
+
+# --data-cipher list against server with defaults
+# --cipher ignored
+TEST_NAME_4a="t_server_null_client.sh-openvpn_current_udp_dc1"
+SHOULD_PASS_4a="yes"
+CLIENT_EXEC_4a="${CLIENT_EXEC}"
+CLIENT_CONF_4a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1194 udp --proto udp 
--cipher AES-128-CBC --data-ciphers AES-192-CBC:DEFAULT"
+
+# specific --data-cipher against server that supports that cipher
+# --cipher ignored
+TEST_NAME_4b="t_server_null_client.sh-openvpn_current_udp_dc3"
+SHOULD_PASS_4b="yes"
+CLIENT_EXEC_4b="${CLIENT_EXEC}"
+CLIENT_CONF_4b="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp 
--cipher AES-128-CBC --data-ciphers AES-192-CBC"
+
+# specific --data-cipher against server that doesn't support that cipher
+# --cipher ignored
+TEST_NAME_4c="t_server_null_client.sh-openvpn_current_udp_dc3_fail"
+SHOULD_PASS_4c="no"
+CLIENT_EXEC_4c="${CLIENT_EXEC}"
+CLIENT_CONF_4c="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp 
--cipher AES-192-CBC --data-ciphers AES-128-CBC"

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/847?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I47d95eee8a00b9878331fd6cd6a7db12665f5537
Gerrit-Change-Number: 847
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: mattock <sas...@proton.me>
Gerrit-CC: cron2 <g...@greenie.muc.de>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: mattock <sas...@proton.me>
Gerrit-MessageType: newpatchset

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to