upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-02-19 02:29:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
openvpn/tests/t_server_null_default.rc
Max Fillinger 494fb71804
Some checks are pending
Build / Check code style with clang-format (push) Waiting to run
Details
Build / Android - arm64-v8a (push) Waiting to run
Details
Build / gcc-mingw - x64 - Debug - OSSL (push) Waiting to run
Details
Build / gcc-mingw - x64 - Release - OSSL (push) Waiting to run
Details
Build / gcc-mingw - x86 - Debug - OSSL (push) Waiting to run
Details
Build / gcc-mingw - x86 - Release - OSSL (push) Waiting to run
Details
Build / mingw unittest argv - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest auth_token - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest buffer - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest crypto - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest cryptoapi - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest misc - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest ncp - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest options_parse - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest packet_id - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest pkt - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest provider - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest ssl - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest tls_crypt - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest user_pass - x64 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest argv - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest auth_token - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest buffer - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest crypto - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest cryptoapi - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest misc - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest ncp - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest options_parse - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest packet_id - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest pkt - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest provider - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest ssl - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest tls_crypt - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest user_pass - x64 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest argv - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest auth_token - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest buffer - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest crypto - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest cryptoapi - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest misc - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest ncp - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest options_parse - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest packet_id - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest pkt - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest provider - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest ssl - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest tls_crypt - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest user_pass - x86 - Debug - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest argv - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest auth_token - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest buffer - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest crypto - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest cryptoapi - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest misc - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest ncp - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest options_parse - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest packet_id - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest pkt - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest provider - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest ssl - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest tls_crypt - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / mingw unittest user_pass - x86 - Release - OSSL (push) Blocked by required conditions
Details
Build / gcc - ubuntu-24.04 - OpenSSL 3.0.13 --enable-pkcs11 (push) Waiting to run
Details
Build / gcc - ubuntu-22.04 - OpenSSL 3.0.2 --enable-pkcs11 (push) Waiting to run
Details
Build / clang-asan - ubuntu-22.04 - openssl (push) Waiting to run
Details
Build / clang-asan - ubuntu-24.04 - openssl (push) Waiting to run
Details
Build / macos-14 - libressl - asan (push) Waiting to run
Details
Build / macos-14 - openssl@3 - asan (push) Waiting to run
Details
Build / macos-15 - libressl - asan (push) Waiting to run
Details
Build / macos-15 - openssl@3 - asan (push) Waiting to run
Details
Build / macos-26 - libressl - asan (push) Waiting to run
Details
Build / macos-26 - openssl@3 - asan (push) Waiting to run
Details
Build / macos-14 - libressl - normal (push) Waiting to run
Details
Build / macos-14 - openssl@3 - normal (push) Waiting to run
Details
Build / macos-15 - libressl - normal (push) Waiting to run
Details
Build / macos-15 - openssl@3 - normal (push) Waiting to run
Details
Build / macos-26 - libressl - normal (push) Waiting to run
Details
Build / macos-26 - openssl@3 - normal (push) Waiting to run
Details
Build / msbuild - amd64 - openssl (push) Waiting to run
Details
Build / msbuild - amd64-clang - openssl (push) Waiting to run
Details
Build / msbuild - arm64 - openssl (push) Waiting to run
Details
Build / msbuild - x86 - openssl (push) Waiting to run
Details
Build / msbuild - x86-clang - openssl (push) Waiting to run
Details
Build / clang asan - ubuntu-22.04 - libressl (push) Waiting to run
Details
Build / gcc normal - ubuntu-22.04 - libressl (push) Waiting to run
Details
Build / clang asan - ubuntu-22.04 - mbedtls3 (push) Waiting to run
Details
Build / gcc normal - ubuntu-22.04 - mbedtls3 (push) Waiting to run
Details
Build / clang asan - ubuntu-24.04 - awslc (push) Waiting to run
Details
Build / gcc normal - ubuntu-24.04 - awslc (push) Waiting to run
Details
Deploy Doxygen documentation to Pages / build (push) Waiting to run
Details
Deploy Doxygen documentation to Pages / deploy (push) Blocked by required conditions
Details
Add support for Mbed TLS 4 
This commit adds support for Mbed TLS 4. This version comes with some
drastic changes. The crypto library has been completely redesigned, so
the contents of crypto_mbedtls.c are moved to crypto_mbedtls_legacy.c
and crypto_mbedtls.c handles the crypto for version 4.

Mbed TLS 4 also removed the feature for looking up a crypto algorithm by
name, so we need to translate algorithm names to Mbed TLS numbers in
OpenVPN. The tables are not yet complete. For symmetric algorithms, I
have added AES and Chacha-Poly which should be enough for most use
cases.

Change-Id: Ib251d546d993b96ed3bd8cb9111bcc627cdb0fae
Signed-off-by: Max Fillinger <maximilian.fillinger@sentyron.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1441
Message-Id: <20260123164746.7333-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35401.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
2026-01-24 18:49:44 +01:00

146 lines
6.5 KiB
Bash
Executable file
Raw Blame History

# -*- shell-script -*-
# Notes regarding --dev null server and client configurations:
#
# The t_server_null_server.sh exits when all client pid files have gone
# missing. That is the most reliable and fastest way to detect client
# disconnections in the "everything runs on localhost" context. Checking server
# status files for client connections works, but introduces long delays as
# --explicit-exit-notify does not seem to work on all client configurations.
# This means that, by default, there is about 1 minute delay before the server
# purges clients that have already exited and have not reported back.
#
srcdir="${srcdir:-.}"
top_builddir="${top_builddir:-..}"
sample_keys="${srcdir}/../sample/sample-keys"
DH="${sample_keys}/ffdhe2048.pem"
CA="${sample_keys}/ca.crt"
CLIENT_CERT="${sample_keys}/client.crt"
CLIENT_KEY="${sample_keys}/client.key"
SERVER_CERT="${sample_keys}/server.crt"
SERVER_KEY="${sample_keys}/server.key"
TA="${sample_keys}/ta.key"
# This parameter can't be overridden in t_server_null.rc because that gets
# loaded too late. However, you can use
#
# LWIPOVPN_PATH=/some/path/to/lwipovpn make check
#
# to run the tests using lwipovpn in a custom location
#
LWIPOVPN_PATH="${LWIPOVPN_PATH:-lwipovpn}"
# Used to detect if graceful kill of any server instance failed during the test
# run
SERVER_KILL_FAIL_FILE=".t_server_null_server.kill_failed"
# Test server configurations
MAX_CLIENTS="10"
CLIENT_MATCH="Test-Client"
SERVER_EXEC="${top_builddir}/src/openvpn/openvpn"
SERVER_BASE_OPTS="--dev tun --topology subnet --max-clients $MAX_CLIENTS --persist-tun --verb 3 --duplicate-cn"
SERVER_BIND_OPTS="--local 127.0.0.1"
SERVER_CIPHER_OPTS=""
SERVER_CERT_OPTS="--ca ${CA} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0"
SERVER_CONF_BASE="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS} ${SERVER_BIND_OPTS}"
SERVER_CONF_BASE_MULTISOCKET="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS}"
TEST_SERVER_LIST="1 2 3 4"
SERVER_NAME_1="t_server_null_server-1194_udp"
SERVER_SERVER_1="--server 10.29.41.0 255.255.255.0"
SERVER_MGMT_PORT_1="11194"
SERVER_EXEC_1="${SERVER_EXEC}"
SERVER_CONF_1="${SERVER_CONF_BASE} ${SERVER_SERVER_1} --lport 1194 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_1}"
SERVER_NAME_2="t_server_null_server-1195_tcp"
SERVER_SERVER_2="--server 10.29.42.0 255.255.255.0"
SERVER_MGMT_PORT_2="11195"
SERVER_EXEC_2="${SERVER_EXEC}"
SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp --management 127.0.0.1 ${SERVER_MGMT_PORT_2} --dh none"
SERVER_NAME_3="t_server_null_server-1196_udp"
SERVER_SERVER_3="--server 10.29.43.0 255.255.255.0"
SERVER_MGMT_PORT_3="11196"
SERVER_EXEC_3="${SERVER_EXEC}"
SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --dh none --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC"
SERVER_NAME_4="t_server_null_server-1197_multisocket_ipv4_ipv6"
SERVER_SERVER_4="--server 10.29.44.0 255.255.255.0"
SERVER_MGMT_PORT_4="11197"
SERVER_EXEC_4="${SERVER_EXEC}"
SERVER_CONF_4="${SERVER_CONF_BASE_MULTISOCKET} ${SERVER_SERVER_4} --local 127.0.0.1 1197 tcp --local ::1 1197 udp --management 127.0.0.1 ${SERVER_MGMT_PORT_4}"
# Test client configurations
CLIENT_EXEC="${top_builddir}/src/openvpn/openvpn"
CLIENT_BASE_OPTS="--client --nobind --remote-cert-tls server --persist-tun --verb 3 --resolv-retry infinite --connect-retry-max 3 --server-poll-timeout 5 --explicit-exit-notify 3 --script-security 2"
CLIENT_NULL_OPTS="--dev null --ifconfig-noexec --up ${srcdir}/null_client_up.sh"
CLIENT_LWIP_OPTS="--dev null --dev-node unix:${LWIPOVPN_PATH} --up ${srcdir}/lwip_client_up.sh"
CLIENT_CIPHER_OPTS=""
CLIENT_CERT_OPTS="--ca ${CA} --cert ${CLIENT_CERT} --key ${CLIENT_KEY} --tls-auth ${TA} 1"
TEST_RUN_LIST="1a 1b 1c 1L 2a 2L 3a 3b 4a 4b 4c"
CLIENT_CONF_BASE="${CLIENT_NULL_OPTS} ${CLIENT_BASE_OPTS} ${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}"
CLIENT_CONF_BASE_LWIP="${CLIENT_LWIP_OPTS} ${CLIENT_BASE_OPTS} ${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}"
TEST_NAME_1a="t_server_null_client.sh-openvpn_current_udp"
SHOULD_PASS_1a="yes"
CLIENT_EXEC_1a="${CLIENT_EXEC}"
CLIENT_CONF_1a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1194 udp --proto udp"
TEST_NAME_1b="t_server_null_client.sh-openvpn_current_udp_fail"
SHOULD_PASS_1b="no"
CLIENT_EXEC_1b="${CLIENT_EXEC}"
CLIENT_CONF_1b="${CLIENT_CONF_BASE} --remote 127.0.0.1 11194 udp --proto udp"
# --data-cipher list against server with defaults
# --cipher ignored
TEST_NAME_1c="t_server_null_client.sh-openvpn_current_udp_dc1"
SHOULD_PASS_1c="yes"
CLIENT_EXEC_1c="${CLIENT_EXEC}"
CLIENT_CONF_1c="${CLIENT_CONF_BASE} --remote 127.0.0.1 1194 udp --proto udp --cipher AES-128-CBC --data-ciphers AES-192-CBC:DEFAULT"
TEST_NAME_1L="t_server_null_client.sh-openvpn_current_udp_lwip"
SHOULD_PASS_1L="yes"
CLIENT_EXEC_1L="${CLIENT_EXEC}"
CLIENT_CONF_1L="${CLIENT_CONF_BASE_LWIP} --remote 127.0.0.1 1194 udp --proto udp"
TEST_NAME_2a="t_server_null_client.sh-openvpn_current_tcp"
SHOULD_PASS_2a="yes"
CLIENT_EXEC_2a="${CLIENT_EXEC}"
CLIENT_CONF_2a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1195 tcp --proto tcp"
TEST_NAME_2L="t_server_null_client.sh-openvpn_current_tcp_lwip"
SHOULD_PASS_2L="yes"
CLIENT_EXEC_2L="${CLIENT_EXEC}"
CLIENT_CONF_2L="${CLIENT_CONF_BASE_LWIP} --remote 127.0.0.1 1195 tcp --proto tcp"
# specific --data-cipher against server that supports that cipher
# --cipher ignored
TEST_NAME_3a="t_server_null_client.sh-openvpn_current_udp_dc3"
SHOULD_PASS_3a="yes"
CLIENT_EXEC_3a="${CLIENT_EXEC}"
CLIENT_CONF_3a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp --cipher AES-128-CBC --data-ciphers AES-192-CBC"
# specific --data-cipher against server that doesn't support that cipher
# --cipher ignored
TEST_NAME_3b="t_server_null_client.sh-openvpn_current_udp_dc3_fail"
SHOULD_PASS_3b="no"
CLIENT_EXEC_3b="${CLIENT_EXEC}"
CLIENT_CONF_3b="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp --cipher AES-192-CBC --data-ciphers AES-128-CBC"
TEST_NAME_4a="t_server_null_client.sh-openvpn_current_multisocket_ipv4_tcp"
SHOULD_PASS_4a="yes"
CLIENT_EXEC_4a="${CLIENT_EXEC}"
CLIENT_CONF_4a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1197 tcp"
TEST_NAME_4b="t_server_null_client.sh-openvpn_current_multisocket_ipv6_udp"
SHOULD_PASS_4b="yes"
CLIENT_EXEC_4b="${CLIENT_EXEC}"
CLIENT_CONF_4b="${CLIENT_CONF_BASE} --remote ::1 1197 udp"
TEST_NAME_4c="t_server_null_client.sh-openvpn_current_multisocket_ipv6_tcp_fail"
SHOULD_PASS_4c="no"
CLIENT_EXEC_4c="${CLIENT_EXEC}"
CLIENT_CONF_4c="${CLIENT_CONF_BASE} --remote ::1 1197 tcp"
Reference in a new issue View git blame Copy permalink