diff --git a/scripts/benchmark.test b/scripts/benchmark.test index 09cb74cf94c..55e33667c79 100755 --- a/scripts/benchmark.test +++ b/scripts/benchmark.test @@ -2,6 +2,12 @@ #benchmark.test +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + # if we can, isolate the network namespace to eliminate port collisions. if [ -n "$NETWORK_UNSHARE_HELPER" ]; then if [ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]; then @@ -111,7 +117,7 @@ if [ $1 -eq 1 ] then echo "Starting example client to benchmark connection average time" # start client to benchmark average time for each connection using port - ./examples/client/client -b $2 -p $bench_port $3 + timeout -s KILL 2m ./examples/client/client -b $2 -p $bench_port $3 client_result=$? fi @@ -120,7 +126,7 @@ if [ $1 -eq 2 ] then echo "Starting example client to benchmark throughput" # start client in non-blocking mode, benchmark throughput using port - ./examples/client/client -N -B $2 -p $bench_port $3 + timeout -s KILL 2m ./examples/client/client -N -B $2 -p $bench_port $3 client_result=$? fi diff --git a/scripts/dtls.test b/scripts/dtls.test index d1a461b6292..e1d5c926449 100755 --- a/scripts/dtls.test +++ b/scripts/dtls.test @@ -1,5 +1,11 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + # This script can be run with several environment variables set dictating its # run. You can set the following to what you like: WOLFSSL_ROOT=${WOLFSSL_ROOT:-$(pwd)} @@ -85,9 +91,9 @@ prepend() { # Usage: cmd 2>&1 | prepend "sometext " run_test() { # usage: run_test "" "" "" "" ((NUM_TESTS_RUN++)) - echo "" | nc -u 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file - echo "$1" | nc -u 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file - echo "" | nc -u 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file + echo "" | nc -u -w 1 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file + echo "$1" | nc -u -w 1 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file + echo "" | nc -u -w 1 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file echo -e "\n${1}\n" stdbuf -oL -eL $WOLFSSL_ROOT/examples/server/server -u -p$SERVER_PORT $DTLS_VERSION $3 2>&1 | prepend "[server] " & sleep 0.2 diff --git a/scripts/dtlscid.test b/scripts/dtlscid.test index 2de1dcf46c6..7dcc7320457 100755 --- a/scripts/dtlscid.test +++ b/scripts/dtlscid.test @@ -64,7 +64,7 @@ test_cid () { timeout -s KILL 2m $WOLFSSL_ROOT/examples/server/server -v4 -u --cid $SCID 1> $SERVER_FILE & SERVER_PID=$! sleep 0.2 - $WOLFSSL_ROOT/examples/client/client -v4 -u --cid $CCID 1> $CLIENT_FILE + timeout -s KILL 2m $WOLFSSL_ROOT/examples/client/client -v4 -u --cid $CCID 1> $CLIENT_FILE wait $SERVER_PID SERVER_PID= grep "Sending CID is ${HEXSCID}" $CLIENT_FILE > /dev/null diff --git a/scripts/external.test b/scripts/external.test index 970f6ad6d09..f921699f8e3 100755 --- a/scripts/external.test +++ b/scripts/external.test @@ -2,6 +2,12 @@ # external.test +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + SCRIPT_DIR="$(dirname "$0")" server=www.wolfssl.com @@ -45,7 +51,7 @@ RESULT=$? [ $RESULT -ne 0 ] && exit 0 # client test against the server -./examples/client/client -X -C -h $server -p 443 -g -A $ca +timeout -s KILL 2m ./examples/client/client -X -C -h $server -p 443 -g -A $ca RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 diff --git a/scripts/google.test b/scripts/google.test index 5e3e8f0f96f..e7b8aaa93f3 100755 --- a/scripts/google.test +++ b/scripts/google.test @@ -2,6 +2,12 @@ # google.test +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + server=www.google.com [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 @@ -26,7 +32,7 @@ RESULT=$? [ $RESULT -ne 0 ] && exit 0 # client test against the server -./examples/client/client -X -C -h $server -p 443 -g -d +timeout -s KILL 2m ./examples/client/client -X -C -h $server -p 443 -g -d RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 diff --git a/scripts/ocsp-responder-openssl-interop.test b/scripts/ocsp-responder-openssl-interop.test index 8e0bd3ac25e..595c0992905 100755 --- a/scripts/ocsp-responder-openssl-interop.test +++ b/scripts/ocsp-responder-openssl-interop.test @@ -9,6 +9,12 @@ # Uses: examples/ocsp_responder/ocsp_responder as the OCSP responder # openssl ocsp as the client +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + if ! test -n "$WOLFSSL_OPENSSL_TEST"; then echo "WOLFSSL_OPENSSL_TEST NOT set, won't run" exit 77 @@ -89,8 +95,18 @@ ready_files="" cleanup() { exit_status=$? + local counter for p in $resp_pids; do kill $p 2>/dev/null + # Escalate to KILL so a wedged responder cannot hang this trap. + counter=0 + while kill -0 $p 2>/dev/null && [ "$counter" -lt 50 ]; do + sleep 0.1 + counter=$((counter + 1)) + done + if kill -0 $p 2>/dev/null; then + kill -s KILL $p 2>/dev/null + fi wait $p 2>/dev/null done # Clean up log files @@ -131,14 +147,20 @@ print_responder_logs() { get_first_free_port() { local ret="$1" + local scanned=0 while :; do if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then + if ! nc -w 1 -z ${LOCALHOST_FOR_NC} "$ret"; then break fi ret=$((ret+1)) + scanned=$((scanned+1)) + if [ "$scanned" -ge 100 ]; then + echo "ERROR: no free port found after scanning 100 ports" 1>&2 + exit 1 + fi done echo "$ret" return 0 @@ -180,7 +202,7 @@ query_ocsp() { printf " TEST %2d: %-55s " "$tests_run" "$desc" local output - output=$($OPENSSL ocsp \ + output=$(timeout -s KILL 2m $OPENSSL ocsp \ -issuer "$issuer" \ -cert "$cert" \ -url "http://127.0.0.1:$_port/" \ @@ -395,7 +417,7 @@ echo "=== Negative tests: unsupported features ===" tests_run=$((tests_run+1)) printf " TEST %2d: %-55s " "$tests_run" "SHA-384 hash -> good" -output=$($OPENSSL ocsp \ +output=$(timeout -s KILL 2m $OPENSSL ocsp \ -sha384 \ -issuer "$OCSP_DIR/intermediate1-ca-cert.pem" \ -cert "$OCSP_DIR/server1-cert.pem" \ @@ -433,7 +455,7 @@ printf " TEST %2d: %-55s " "$tests_run" "Authorized responder" # Query using OpenSSL - asks about intermediate1-ca which was issued by root-ca # Response will be signed by ocsp-responder-cert (authorized responder) -output=$($OPENSSL ocsp \ +output=$(timeout -s KILL 2m $OPENSSL ocsp \ -issuer "$OCSP_DIR/root-ca-cert.pem" \ -cert "$OCSP_DIR/intermediate1-ca-cert.pem" \ -url "http://127.0.0.1:$port5/" \ @@ -468,7 +490,7 @@ echo "=== Unknown certificate tests ===" tests_run=$((tests_run+1)) printf " TEST %2d: %-55s " "$tests_run" "Wrong issuer: server3 to responder 1 (wrong issuer)" -output=$($OPENSSL ocsp \ +output=$(timeout -s KILL 2m $OPENSSL ocsp \ -issuer "$OCSP_DIR/intermediate1-ca-cert.pem" \ -cert "$OCSP_DIR/server3-cert.pem" \ -url "http://127.0.0.1:$port1/" \ @@ -495,7 +517,7 @@ fi tests_run=$((tests_run+1)) printf " TEST %2d: %-55s " "$tests_run" "Wrong issuer: server1 to responder 2 (wrong issuer)" -output=$($OPENSSL ocsp \ +output=$(timeout -s KILL 2m $OPENSSL ocsp \ -issuer "$OCSP_DIR/intermediate2-ca-cert.pem" \ -cert "$OCSP_DIR/server1-cert.pem" \ -url "http://127.0.0.1:$port2/" \ @@ -528,7 +550,7 @@ tests_run=$((tests_run+1)) printf " TEST %2d: %-55s " "$tests_run" "Multiple requests (should return OCSP error)" # Using multiple -cert options creates one OCSP request with multiple certificate IDs -output=$($OPENSSL ocsp \ +output=$(timeout -s KILL 2m $OPENSSL ocsp \ -issuer "$OCSP_DIR/intermediate1-ca-cert.pem" \ -cert "$OCSP_DIR/server1-cert.pem" \ -cert "$OCSP_DIR/server2-cert.pem" \ diff --git a/scripts/ocsp-stapling-with-ca-as-responder.test b/scripts/ocsp-stapling-with-ca-as-responder.test index 74fd02e1966..60763a87e6d 100755 --- a/scripts/ocsp-stapling-with-ca-as-responder.test +++ b/scripts/ocsp-stapling-with-ca-as-responder.test @@ -2,6 +2,12 @@ # ocsp-stapling-with-ca-as-responder.test +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + SCRIPT_DIR="$(dirname "$0")" # if we can, isolate the network namespace to eliminate port collisions. @@ -197,14 +203,20 @@ ca=certs/external/DigiCertGlobalRootCA.pem get_first_free_port() { local ret="$1" + local scanned=0 while :; do if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z 127.0.0.1 "$ret"; then + if ! nc -w 1 -z 127.0.0.1 "$ret"; then break fi ret=$((ret+1)) + scanned=$((scanned+1)) + if [ "$scanned" -ge 100 ]; then + echo "ERROR: no free port found after scanning 100 ports" 1>&2 + exit 1 + fi done echo "$ret" return 0 @@ -225,7 +237,7 @@ if [ ! -f "$ready_file" ]; then else printf '%s\n' "Random port selected: $port1" # Use client connection to shutdown the server cleanly - ./examples/client/client -p $port1 + timeout -s KILL 2m ./examples/client/client -p $port1 create_new_cnf $port1 fi sleep 0.1 @@ -263,7 +275,7 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" -p $port2 & wolf_pid2=$! wait_for_readyFile "$ready_file2" $wolf_pid2 $port2 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ -p $port2 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" && exit 1 @@ -277,7 +289,7 @@ remove_single_rF "$ready_file2" -p $port2 & wolf_pid2=$! wait_for_readyFile "$ready_file2" $wolf_pid2 $port2 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \ -p $port2 RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 diff --git a/scripts/ocsp-stapling-with-wolfssl-responder.test b/scripts/ocsp-stapling-with-wolfssl-responder.test index 5bffe1cdda2..f0e459259c6 100755 --- a/scripts/ocsp-stapling-with-wolfssl-responder.test +++ b/scripts/ocsp-stapling-with-wolfssl-responder.test @@ -349,14 +349,20 @@ fi get_first_free_port() { local ret="$1" + local scanned=0 while :; do if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then + if ! nc -w 1 -z ${LOCALHOST_FOR_NC} "$ret"; then break fi ret=$((ret+1)) + scanned=$((scanned+1)) + if [ "$scanned" -ge 100 ]; then + echo "ERROR: no free port found after scanning 100 ports" 1>&2 + exit 1 + fi done echo "$ret" return 0 @@ -408,10 +414,10 @@ printf '%s\n' "OCSP responder ports: $port1 $port2 $port3 $port4" printf '%s\n' "TLS server port: $port5" printf '%s\n' "-----------------------------------" # Use client connections to cleanly shutdown the servers -./examples/client/client -p $port1 -./examples/client/client -p $port2 -./examples/client/client -p $port3 -./examples/client/client -p $port4 +timeout -s KILL 2m ./examples/client/client -p $port1 +timeout -s KILL 2m ./examples/client/client -p $port2 +timeout -s KILL 2m ./examples/client/client -p $port3 +timeout -s KILL 2m ./examples/client/client -p $port4 create_new_cnf $port1 $port2 $port3 $port4 # Start wolfSSL OCSP responders (CA signs responses directly) @@ -467,7 +473,7 @@ if [ "$stapling_v1" == "yes" ]; then -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port5 + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" @@ -481,7 +487,7 @@ if [ "$stapling_v1" == "yes" ]; then server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 sleep 0.1 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port5 + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port5 RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection 2 succeeded $RESULT" \ && exit 1 @@ -498,7 +504,7 @@ if [ "$stapling_v1" == "yes" ]; then -R $ready_file5 -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1 @@ -512,7 +518,7 @@ if [ "$stapling_v1" == "yes" ]; then -R $ready_file5 -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \ -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 4 failed" && exit 1 @@ -526,7 +532,7 @@ if [ "$stapling_v1" == "yes" ]; then -R $ready_file5 -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ -p $port5 RESULT=$? [ $RESULT -ne 1 ] && \ @@ -545,7 +551,7 @@ if [ "$stapling_v1" == "yes" ]; then -p $port5 & server_pid5=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \ -W 1 -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client DTLS12 connection failed" && exit 1 @@ -561,7 +567,7 @@ if [ "$stapling_v1" == "yes" ]; then -p $port5 & server_pid5=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \ -W 1 -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client DTLS13 connection failed" && exit 1 @@ -587,7 +593,7 @@ if [ "$stapling_v2" == "yes" ]; then -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection V2-1 failed" && exit 1 @@ -600,7 +606,7 @@ if [ "$stapling_v2" == "yes" ]; then -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection V2-2 failed" && exit 1 @@ -614,7 +620,7 @@ if [ "$stapling_v2" == "yes" ]; then -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ -p $port5 RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection V2-3 succeeded $RESULT" && exit 1 @@ -627,7 +633,7 @@ if [ "$stapling_v2" == "yes" ]; then -k certs/ocsp/server4-key.pem -R $ready_file5 \ -p $port5 & sleep 0.1 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ -p $port5 RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection V2-4 succeeded $RESULT" && exit 1 @@ -642,7 +648,7 @@ if [ "$stapling_v2" == "yes" ]; then -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection V2-5 failed $RESULT" && exit 1 @@ -655,7 +661,7 @@ if [ "$stapling_v2" == "yes" ]; then -p $port5 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ -p $port5 RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection V2-6 succeeded $RESULT" && exit 1 @@ -671,7 +677,7 @@ if [ "$stapling_v2" == "yes" ]; then -p $port5 -u -v 3 & server_pid5=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \ -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client DTLS12 v2 connection failed" && exit 1 @@ -697,7 +703,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then -p $port5 -v 4 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection T13-1 failed" && exit 1 @@ -711,7 +717,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then -p $port5 -v 4 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p $port5 RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection T13-2 succeeded $RESULT" && exit 1 @@ -726,7 +732,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then -p $port5 -v 4 & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p $port5 RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection T13-3 succeeded $RESULT" && exit 1 @@ -742,7 +748,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then -p $port5 -u -v 4 & server_pid5=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \ -p $port5 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client DTLS13 connection failed" && exit 1 @@ -755,7 +761,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then -p $port5 -v 4 & server_pid5=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p $port5 RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client DTLS13 connection succeeded $RESULT" && exit 1 diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 5ab2e28c265..8d5263ee1a2 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -275,14 +275,20 @@ fi get_first_free_port() { local ret="$1" + local scanned=0 while :; do if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z $V4V6_FLAG $LOCALHOST_FOR_NC "$ret"; then + if ! nc -w 1 -z $V4V6_FLAG $LOCALHOST_FOR_NC "$ret"; then break fi ret=$((ret+1)) + scanned=$((scanned+1)) + if [ "$scanned" -ge 100 ]; then + echo "ERROR: no free port found after scanning 100 ports" 1>&2 + exit 1 + fi done echo "$ret" return 0 @@ -335,7 +341,7 @@ if [ ! -f "$ready_file" ]; then else printf '%s\n' "Random port selected: $port2" # Use client connection to shutdown the server cleanly - ./examples/client/client -p "$port2" + timeout -s KILL 2m ./examples/client/client -p "$port2" create_new_cnf "$port2" fi sleep 0.1 @@ -351,7 +357,7 @@ ca=./certs/external/ca_collection.pem if [[ -z "${WOLFSSL_EXTERNAL_TEST-}" || "$WOLFSSL_EXTERNAL_TEST" == "0" ]]; then echo "Skipping OCSP test on $server (set WOLFSSL_EXTERNAL_TEST=1 to run)" elif [[ "$V4V6" == "4" ]]; then - retry_with_backoff 3 ./examples/client/client -C -h "$server" -p 443 -A "$ca" -g -W 1 + retry_with_backoff 3 timeout -s KILL 2m ./examples/client/client -C -h "$server" -p 443 -A "$ca" -g -W 1 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 else @@ -386,7 +392,7 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" -k certs/ocsp/server1-key.pem -p "$port3" & wolf_pid3=$! wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p "$port3" +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" @@ -399,7 +405,7 @@ remove_single_rF "$ready_file2" wolf_pid3=$! wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" sleep 0.1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p "$port3" +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p "$port3" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection 2 succeeded $RESULT" \ && exit 1 @@ -415,7 +421,7 @@ printf '%s\n\n' "Test successfully REVOKED!" -p "$port3" & wolf_pid3=$! wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1 @@ -429,7 +435,7 @@ printf '%s\n\n' "Test successfully REVOKED!" -p "$port3" & wolf_pid3=$! wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \ -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 4 failed" && exit 1 @@ -443,7 +449,7 @@ printf '%s\n\n' "Test successfully REVOKED!" -p "$port3" & wolf_pid3=$! wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ -p "$port3" RESULT=$? [ $RESULT -ne 1 ] && \ @@ -465,7 +471,7 @@ if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then wolf_pid3=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \ -W 1 -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1 @@ -480,7 +486,7 @@ fi -p "$port3" & wolf_pid3=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \ -W 1 -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1 @@ -545,7 +551,7 @@ generate_port() { generate_port openssl s_server $V4V6_FLAG -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port "$port" & MAX_TIMEOUT=10 -until nc -z localhost "$port" # Wait for openssl to be ready +until nc -w 1 -z localhost "$port" # Wait for openssl to be ready do sleep 0.05 if [ "$MAX_TIMEOUT" == "0" ]; then @@ -556,7 +562,7 @@ done printf '%s\n\n' "------------- TEST CASE 6 SHOULD PASS ----------------------" # client asks for OCSP staple but doesn't fail when none returned -./examples/client/client -p "$port" -g -v 3 -W 1 +timeout -s KILL 2m ./examples/client/client -p "$port" -g -v 3 -W 1 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 6 failed" && exit 1 @@ -564,7 +570,7 @@ printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 7 SHOULD UNKNOWN -------------------" # client asks for OCSP staple but doesn't fail when none returned -./examples/client/client -p "$port" -g -v 3 -W 1m +timeout -s KILL 2m ./examples/client/client -p "$port" -g -v 3 -W 1m RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection 7 succeeded $RESULT" \ @@ -578,7 +584,7 @@ wolfssl_tls13=$? if [ "$openssl_tls13" = "0" ] && [ "$wolfssl_tls13" = "0" ]; then printf '%s\n\n' "------------- TEST CASE 8 SHOULD PASS --------------------" # client asks for OCSP staple but doesn't fail when none returned - ./examples/client/client -p "$port" -g -v 4 -W 1 + timeout -s KILL 2m ./examples/client/client -p "$port" -g -v 4 -W 1 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 8 failed" && exit 1 @@ -586,7 +592,7 @@ if [ "$openssl_tls13" = "0" ] && [ "$wolfssl_tls13" = "0" ]; then printf '%s\n\n' "------------- TEST CASE 9 SHOULD UNKNOWN -----------------" # client asks for OCSP staple but doesn't fail when none returned - ./examples/client/client -p "$port" -g -v 4 -W 1m + timeout -s KILL 2m ./examples/client/client -p "$port" -g -v 4 -W 1m RESULT=$? [ $RESULT -ne 1 ] \ diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index e3c1cee6434..c448070a226 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -258,14 +258,20 @@ fi get_first_free_port() { local ret="$1" + local scanned=0 while :; do if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then + if ! nc -w 1 -z ${LOCALHOST_FOR_NC} "$ret"; then break fi ret=$((ret+1)) + scanned=$((scanned+1)) + if [ "$scanned" -ge 100 ]; then + echo "ERROR: no free port found after scanning 100 ports" 1>&2 + exit 1 + fi done echo "$ret" return 0 @@ -316,10 +322,10 @@ printf '%s' "Random ports selected: $port1 $port2" printf '%s\n' " $port3 $port4" printf '%s\n' "-----------------------------------" # Use client connections to cleanly shutdown the servers -./examples/client/client -p "$port1" -./examples/client/client -p "$port2" -./examples/client/client -p "$port3" -./examples/client/client -p "$port4" +timeout -s KILL 2m ./examples/client/client -p "$port1" +timeout -s KILL 2m ./examples/client/client -p "$port2" +timeout -s KILL 2m ./examples/client/client -p "$port3" +timeout -s KILL 2m ./examples/client/client -p "$port4" create_new_cnf "$port1" "$port2" "$port3" \ "$port4" @@ -381,7 +387,7 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" -p "$port5" & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ -p "$port5" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 @@ -394,7 +400,7 @@ remove_single_rF "$ready_file5" -p "$port5" & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ -p "$port5" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1 @@ -408,7 +414,7 @@ remove_single_rF "$ready_file5" -p "$port5" & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ -p "$port5" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -420,7 +426,7 @@ remove_single_rF "$ready_file5" -k certs/ocsp/server4-key.pem -R "$ready_file5" \ -p "$port5" & sleep 0.1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ -p "$port5" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -434,7 +440,7 @@ remove_single_rF "$ready_file5" -p "$port5" & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ -p "$port5" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed $RESULT" && exit 1 @@ -447,7 +453,7 @@ remove_single_rF "$ready_file5" -p "$port5" & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ -p "$port5" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -474,7 +480,7 @@ timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server4-cert.pem \ -p "$port5" -H loadSSL & server_pid5=$! sleep 0.1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ -p "$port5" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -554,7 +560,7 @@ done printf '%s\n\n' "------------- TEST CASE 9 SHOULD PASS ----------------------" # client asks for OCSP staple but doesn't fail when none returned -./examples/client/client -p "$port" -g -v 3 -W 2 +timeout -s KILL 2m ./examples/client/client -p "$port" -g -v 3 -W 2 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 9 failed" && exit 1 @@ -562,7 +568,7 @@ printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 10 SHOULD UNKNOWN -------------------" # client asks for OCSP staple but doesn't fail when none returned -./examples/client/client -p "$port" -g -v 3 -W 2m +timeout -s KILL 2m ./examples/client/client -p "$port" -g -v 3 -W 2m RESULT=$? [ $RESULT -ne 1 ] \ @@ -579,7 +585,7 @@ printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------" -p "$port5" -u -v 3 & server_pid5=$! sleep 0.2 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \ +timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \ -p "$port5" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 diff --git a/scripts/ocsp-stapling_tls13multi.test b/scripts/ocsp-stapling_tls13multi.test index 2b05a85498b..e679e7084be 100755 --- a/scripts/ocsp-stapling_tls13multi.test +++ b/scripts/ocsp-stapling_tls13multi.test @@ -276,14 +276,20 @@ fi get_first_free_port() { local ret="$1" + local scanned=0 while :; do if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then + if ! nc -w 1 -z ${LOCALHOST_FOR_NC} "$ret"; then break fi ret=$((ret+1)) + scanned=$((scanned+1)) + if [ "$scanned" -ge 100 ]; then + echo "ERROR: no free port found after scanning 100 ports" 1>&2 + exit 1 + fi done echo "$ret" return 0 @@ -334,10 +340,10 @@ printf '%s' "Random ports selected: $port1 $port2" printf '%s\n' " $port3 $port4 $port5" printf '%s\n' "-----------------------------------" # Use client connections to cleanly shutdown the servers -./examples/client/client -p "$port1" -./examples/client/client -p "$port2" -./examples/client/client -p "$port3" -./examples/client/client -p "$port4" +timeout -s KILL 2m ./examples/client/client -p "$port1" +timeout -s KILL 2m ./examples/client/client -p "$port2" +timeout -s KILL 2m ./examples/client/client -p "$port3" +timeout -s KILL 2m ./examples/client/client -p "$port4" create_new_cnf "$port1" "$port2" "$port3" \ "$port4" @@ -401,7 +407,7 @@ if [ "$tls13" == "yes" ]; then -p "$port5" -v 4 & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p "$port5" RESULT=$? [ "$RESULT" -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 @@ -415,7 +421,7 @@ if [ "$tls13" == "yes" ]; then -p "$port5" -v 4 & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p "$port5" RESULT=$? [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -427,7 +433,7 @@ if [ "$tls13" == "yes" ]; then -k certs/ocsp/server4-key.pem -R "$ready_file5" \ -p "$port5" & sleep 0.1 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p "$port5" RESULT=$? [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -441,7 +447,7 @@ if [ "$tls13" == "yes" ]; then -p "$port5" -v 4 & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p "$port5" RESULT=$? [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -454,7 +460,7 @@ if [ "$tls13" == "yes" ]; then -p "$port5" -v 4 & server_pid5=$! wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p "$port5" RESULT=$? [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -482,7 +488,7 @@ if [ "$tls13" == "yes" ]; then -p "$port5" -H loadSSL -v 4 & server_pid5=$! sleep 0.1 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p "$port5" RESULT=$? [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 @@ -502,7 +508,7 @@ if [ "$dtls13" == "yes" ]; then -p "$port5" -u -v 4 & server_pid5=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \ -p "$port5" RESULT=$? [ "$RESULT" -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 @@ -516,7 +522,7 @@ if [ "$dtls13" == "yes" ]; then -p "$port5" -v 4 & server_pid5=$! sleep 0.2 - ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + timeout -s KILL 2m ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ -p "$port5" RESULT=$? [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 diff --git a/scripts/ocsp.test b/scripts/ocsp.test index 74764de9068..e028be383e1 100755 --- a/scripts/ocsp.test +++ b/scripts/ocsp.test @@ -2,6 +2,12 @@ # ocsp.test +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + # Note, this script makes connection(s) to the public Internet. SCRIPT_DIR="$(dirname "$0")" @@ -38,7 +44,7 @@ if [ "$OUTPUT" = "SNI is: ON" ]; then if [ $RESULT -eq 0 ]; then # client test against the server echo "./examples/client/client -X -C -h $server -p 443 -A \"$ca\" -g -o -N -v d -S $server" - ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server + timeout -s KILL 2m ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server GL_RESULT=$? [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" else @@ -63,7 +69,7 @@ fi if [ $RESULT -eq 0 ]; then # client test against the server echo "./examples/client/client -X -C -h $server -p 443 -A \"$ca\" -g -o -N" - ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N + timeout -s KILL 2m ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N GR_RESULT=$? [ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed" else diff --git a/scripts/openssl.test b/scripts/openssl.test index 26ed1546e92..e5487b29599 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -2,6 +2,12 @@ # openssl.test +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + # Environment variables used: # OPENSSL (openssl app to use) # OPENSSL_ENGINE_ID (engine id if any i.e. "wolfengine") @@ -363,13 +369,13 @@ do_wolfssl_client() { echo "#" echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl" # shellcheck disable=SC2086 - $WOLFSSL_CLIENT -p "$port" -g $wolfssl_resume -l "$wolfSuite" -v "$version" $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl + timeout -s KILL 2m $WOLFSSL_CLIENT -p "$port" -g $wolfssl_resume -l "$wolfSuite" -v "$version" $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl else echo "#" echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl" # do all versions # shellcheck disable=SC2086 - $WOLFSSL_CLIENT -p "$port" -g $wolfssl_resume -l "$wolfSuite" $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl + timeout -s KILL 2m $WOLFSSL_CLIENT -p "$port" -g $wolfssl_resume -l "$wolfSuite" $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl fi client_result=$? @@ -425,11 +431,11 @@ do_openssl_client() { then echo "#" echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" - echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" + echo "Hello" | eval "timeout -s KILL 2m $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" else echo "#" echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_seclevel $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" - echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_seclevel $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" + echo "Hello" | eval "timeout -s KILL 2m $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_seclevel $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" fi client_result=$? @@ -536,7 +542,7 @@ if [ "$wolf_certs" != "" ] then echo # Check if RSA certificates supported in wolfSSL - wolf_rsa=$($WOLFSSL_CLIENT -A "${CERT_DIR}/ca-cert.pem" 2>&1) + wolf_rsa=$(timeout -s KILL 2m $WOLFSSL_CLIENT -A "${CERT_DIR}/ca-cert.pem" 2>&1) case $wolf_rsa in *"ca file"*) echo "wolfSSL does not support RSA" @@ -549,7 +555,7 @@ then echo "wolfSSL supports RSA" fi # Check if RSA-PSS certificates supported in wolfSSL - wolf_rsapss=$($WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1) + wolf_rsapss=$(timeout -s KILL 2m $WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1) case $wolf_rsapss in *"ca file"*) echo "wolfSSL does not support RSA-PSS" @@ -562,7 +568,7 @@ then echo "wolfSSL supports RSA-PSS" fi # Check if ECC certificates supported in wolfSSL - wolf_ecc=$($WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1) + wolf_ecc=$(timeout -s KILL 2m $WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1) case $wolf_ecc in *"ca file"*) echo "wolfSSL does not support ECDSA" @@ -575,7 +581,7 @@ then echo "wolfSSL supports ECDSA" fi # Check if Ed25519 certificates supported in wolfSSL - wolf_ed25519=$($WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1) + wolf_ed25519=$(timeout -s KILL 2m $WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1) case $wolf_ed25519 in *"ca file"*) echo "wolfSSL does not support Ed25519" @@ -588,7 +594,7 @@ then echo "wolfSSL supports Ed25519" fi # Check if Ed25519 certificates supported in OpenSSL - openssl_ed25519=$($OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1) + openssl_ed25519=$(timeout -s KILL 2m $OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1) case $openssl_ed25519 in *"unable to load"*) echo "OpenSSL does not support Ed25519" @@ -601,7 +607,7 @@ then echo "OpenSSL supports Ed25519" fi # Check if Ed448 certificates supported in wolfSSL - wolf_ed448=$($WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1) + wolf_ed448=$(timeout -s KILL 2m $WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1) case $wolf_ed448 in *"ca file"*) echo "wolfSSL does not support Ed448" @@ -614,7 +620,7 @@ then echo "wolfSSL supports Ed448" fi # Check if Ed448 certificates supported in OpenSSL - openssl_ed448=$($OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1) + openssl_ed448=$(timeout -s KILL 2m $OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1) case $openssl_ed448 in *"unable to load"*) echo "OpenSSL does not support Ed448" @@ -870,7 +876,7 @@ do # double check that can actually do a sslv3 connection using # client-cert.pem to send but any file with EOF works - $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port "$openssl_port" < "${CERT_DIR}/client-cert.pem" + timeout -s KILL 2m $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port "$openssl_port" < "${CERT_DIR}/client-cert.pem" sslv3_sup=$? if [ "$sslv3_sup" != 0 ] then @@ -881,7 +887,7 @@ do openssl_version="-ssl3" ;; "1") - proto_check=$(echo "hell" | $OPENSSL s_client -connect localhost:"$openssl_port" -tls1 2>&1) + proto_check=$(echo "hell" | timeout -s KILL 2m $OPENSSL s_client -connect localhost:"$openssl_port" -tls1 2>&1) tlsv1_sup=$? if [ "$tlsv1_sup" != 0 ] then @@ -902,7 +908,7 @@ do "2") # Same ciphers for TLSv1.1 as TLSv1 # shellcheck disable=SC2034 - proto_check=$(echo "hello" | $OPENSSL s_client -connect localhost:"$openssl_port" -tls1_1 2>&1) + proto_check=$(echo "hello" | timeout -s KILL 2m $OPENSSL s_client -connect localhost:"$openssl_port" -tls1_1 2>&1) tlsv1_1_sup=$? if [ "$tlsv1_1_sup" != 0 ] then diff --git a/scripts/openssl_srtp.test b/scripts/openssl_srtp.test index c1bdcb61b82..32db6d2c936 100755 --- a/scripts/openssl_srtp.test +++ b/scripts/openssl_srtp.test @@ -3,6 +3,12 @@ # # TODO: add OpenSSL client with WolfSSL server +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + set -e # if we can, isolate the network namespace to eliminate port collisions. @@ -151,7 +157,7 @@ start_wolfssl_client() { fi client_output_file=/tmp/wolfssl_srtp_out - ${WOLFSSL_CLIENT} -u\ + timeout -s KILL 2m ${WOLFSSL_CLIENT} -u\ -x \ -v${dtls_version} \ --srtp "${srtp_profile}" \ diff --git a/scripts/psk.test b/scripts/psk.test index 0810e385f5a..a810e5fe49b 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -3,6 +3,12 @@ # psk.test # copyright wolfSSL 2016 +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + # if we can, isolate the network namespace to eliminate port collisions. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then @@ -101,7 +107,7 @@ port=0 ./examples/server/server -s -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -s -p $port +timeout -s KILL 2m ./examples/client/client -s -p $port RESULT=$? remove_ready_file # if fail here then is a settings issue so return 0 @@ -115,8 +121,13 @@ echo "" # client test against the server ############################### -./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' -if [ $? -ne 0 ]; then +timeout -s KILL 2m ./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version' +pipe_rc=("${PIPESTATUS[@]}") +if [ "${pipe_rc[0]}" -ge 124 ]; then + echo "client version probe timed out" + exit 1 +fi +if [ "${pipe_rc[1]}" -ne 0 ]; then # Usual server / client. This use case is tested in # tests/unit.test and is used here for just checking if cipher suite # is available (one case for example is with disable-asn) @@ -124,7 +135,7 @@ if [ $? -ne 0 ]; then ./examples/server/server -R "$ready_file" -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & server_pid=$! create_port - ./examples/client/client -p $port + timeout -s KILL 2m ./examples/client/client -p $port RESULT=$? remove_ready_file # if fail here then is a settings issue so return 0 @@ -140,7 +151,7 @@ if [ $? -ne 0 ]; then ./examples/server/server -j -R "$ready_file" -p $port & server_pid=$! create_port - ./examples/client/client -p $port + timeout -s KILL 2m ./examples/client/client -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -157,7 +168,7 @@ if [ $? -ne 0 ]; then ./examples/server/server -j -R "$ready_file" -p $port & server_pid=$! create_port - ./examples/client/client -x -p $port + timeout -s KILL 2m ./examples/client/client -x -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then diff --git a/scripts/rsapss.test b/scripts/rsapss.test index 6ae75c92ce2..4b88cd4c7ea 100755 --- a/scripts/rsapss.test +++ b/scripts/rsapss.test @@ -2,6 +2,12 @@ # rsapss.test +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + [ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ && exit 1 @@ -109,14 +115,14 @@ WOLFSSL_SERVER=./examples/server/server start_wolfssl_server() { generate_port server_port=$port - $WOLFSSL_SERVER -p "$server_port" -v 4 -c "$CERT_DIR"/rsapss/server-rsapss.pem -k "$CERT_DIR"/rsapss/server-rsapss-priv.pem -A "$CERT_DIR"/rsapss/root-rsapss.pem -d & + timeout -s KILL 2m $WOLFSSL_SERVER -p "$server_port" -v 4 -c "$CERT_DIR"/rsapss/server-rsapss.pem -k "$CERT_DIR"/rsapss/server-rsapss-priv.pem -A "$CERT_DIR"/rsapss/root-rsapss.pem -d & } # # Run OpenSSL client against wolfSSL server # do_openssl_client() { - echo "test connection" | $OPENSSL s_client -connect 127.0.0.1:"$server_port" -cert "$CERT_DIR"/rsapss/client-rsapss.pem -key "$CERT_DIR"/rsapss/client-rsapss-priv.pem -CAfile "$CERT_DIR"/rsapss/root-rsapss.pem > rsapss.test.log + echo "test connection" | timeout -s KILL 2m $OPENSSL s_client -connect 127.0.0.1:"$server_port" -cert "$CERT_DIR"/rsapss/client-rsapss.pem -key "$CERT_DIR"/rsapss/client-rsapss-priv.pem -CAfile "$CERT_DIR"/rsapss/root-rsapss.pem > rsapss.test.log result=$? cat rsapss.test.log if [ "$result" != 0 ] diff --git a/scripts/tls13.test b/scripts/tls13.test index 7a29e3fe20a..48037258b57 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -86,7 +86,7 @@ do_cleanup() { # sleep to give sanitizers time to dump backtraces. sleep 1 echo "killing server" - kill -9 $server_pid 2>/dev/null + kill $server_pid 2>/dev/null server_pid=$no_pid fi remove_ready_file @@ -125,11 +125,11 @@ fi # Usual TLS v1.3 server / TLS v1.3 client. echo -e "\n\nTLS v1.3 server with TLS v1.3 client" port=0 -./examples/server/server -v 4 -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -v 4 -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -v 4 -p $port | tee "$client_file" -RESULT=$? +timeout -s KILL 2m ./examples/client/client -v 4 -p $port | tee "$client_file" +RESULT=${PIPESTATUS[0]} remove_ready_file if [ $RESULT -ne 0 ]; then echo -e "\n\nTLS v1.3 not enabled" @@ -141,10 +141,10 @@ echo "" # TLS 1.3 cipher suites server / client. echo -e "\n\nTLS v1.3 cipher suite mismatch" port=0 -./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-AES128-GCM-SHA256 & +timeout -s KILL 2m ./examples/server/server -v 4 -R "$ready_file" -p $port -l TLS13-AES128-GCM-SHA256 & server_pid=$! create_port -./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384 +timeout -s KILL 2m ./examples/client/client -v 4 -p $port -l TLS13-AES256-GCM-SHA384 RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then @@ -163,10 +163,10 @@ if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then # TLS 1.3 mutual auth required but client doesn't send certificates. echo -e "\n\nTLS v1.3 mutual auth fail" port=0 - ./examples/server/server -v 4 -F -R "$ready_file" -p $port & + timeout -s KILL 2m ./examples/server/server -v 4 -F -R "$ready_file" -p $port & server_pid=$! create_port - ./examples/client/client -v 4 -x -p $port + timeout -s KILL 2m ./examples/client/client -v 4 -x -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then @@ -179,15 +179,20 @@ if [ $NO_CERTS -ne 0 -a $NO_CLIENT_AUTH -ne 0 ]; then fi # Check for TLS 1.2 support -./examples/client/client -v 3 2>&1 | grep -F -e 'Bad SSL version' -if [ $? -ne 0 ]; then +timeout -s KILL 2m ./examples/client/client -v 3 2>&1 | grep -F -e 'Bad SSL version' +pipe_rc=("${PIPESTATUS[@]}") +if [ "${pipe_rc[0]}" -ge 124 ]; then + echo -e "\n\nTLS v1.2 support probe timed out" + exit 1 +fi +if [ "${pipe_rc[1]}" -ne 0 ]; then # TLS 1.3 server / TLS 1.2 client. echo -e "\n\nTLS v1.3 server downgrading to TLS v1.2" port=0 - ./examples/server/server -v 4 -R "$ready_file" -p $port & + timeout -s KILL 2m ./examples/server/server -v 4 -R "$ready_file" -p $port & server_pid=$! create_port - ./examples/client/client -v 3 -p $port + timeout -s KILL 2m ./examples/client/client -v 3 -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then @@ -201,10 +206,10 @@ if [ $? -ne 0 ]; then # TLS 1.2 server / TLS 1.3 client. echo -e "\n\nTLS v1.3 client upgrading server to TLS v1.3" port=0 - ./examples/server/server -v 3 -R "$ready_file" -p $port & + timeout -s KILL 2m ./examples/server/server -v 3 -R "$ready_file" -p $port & server_pid=$! create_port - ./examples/client/client -v 4 -p $port + timeout -s KILL 2m ./examples/client/client -v 4 -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then @@ -232,10 +237,10 @@ if [ $? -ne 0 ]; then port=0 SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS" CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS" - ./examples/server/server -v d -l $SERVER_CS -R "$ready_file" -p $port & + timeout -s KILL 2m ./examples/server/server -v d -l $SERVER_CS -R "$ready_file" -p $port & server_pid=$! create_port - ./examples/client/client -v d -l $CLIENT_CS -p $port + timeout -s KILL 2m ./examples/client/client -v d -l $CLIENT_CS -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then diff --git a/scripts/trusted_peer.test b/scripts/trusted_peer.test index c3260b8f005..010dad7bf83 100755 --- a/scripts/trusted_peer.test +++ b/scripts/trusted_peer.test @@ -3,6 +3,12 @@ # trusted_peer.test # copyright wolfSSL 2016 +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + [ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ && exit 1 @@ -92,7 +98,7 @@ do_cleanup() { # sleep to give sanitizers time to dump backtraces. sleep 1 echo "killing server" - kill -9 $server_pid + kill $server_pid fi remove_ready_file } @@ -138,10 +144,10 @@ echo "Checking built with trusted peer certs " echo "-----------------------------------------------------" port=0 remove_ready_file -./examples/server/server -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$client_ca" -p $port +timeout -s KILL 2m ./examples/client/client -A "$client_ca" -p $port RESULT=$? remove_ready_file # if fail here then is a settings issue so return 0 @@ -156,10 +162,10 @@ echo "" echo "Server and Client relying on trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -A "$wrong_ca" -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -A "$wrong_ca" -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$wrong_ca" -E "$server_cert" -c "$client_cert" -p $port +timeout -s KILL 2m ./examples/client/client -A "$wrong_ca" -E "$server_cert" -c "$client_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -173,10 +179,10 @@ echo "" echo "Server relying on trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -A "$wrong_ca" -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -A "$wrong_ca" -E "$client_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$client_ca" -c "$client_cert" -p $port +timeout -s KILL 2m ./examples/client/client -A "$client_ca" -c "$client_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -190,10 +196,10 @@ echo "" echo "Client relying on trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$wrong_ca" -E "$server_cert" -p $port +timeout -s KILL 2m ./examples/client/client -A "$wrong_ca" -E "$server_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -207,10 +213,10 @@ echo "" echo "Client fall through to loaded CAs" echo "-----------------------------------------------------" port=0 -./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$client_ca" -E "$wrong_cert" -p $port +timeout -s KILL 2m ./examples/client/client -A "$client_ca" -E "$wrong_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -226,10 +232,10 @@ if [[ $wrong_ca != *"ecc"* ]]; then echo "Client wrong CA and wrong trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$wrong_ca" -E "$wrong_cert" -p $port +timeout -s KILL 2m ./examples/client/client -A "$wrong_ca" -E "$wrong_cert" -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then @@ -244,10 +250,10 @@ fi echo "Server wrong CA and wrong trusted peer cert loaded" echo "-----------------------------------------------------" port=0 -./examples/server/server -A "$wrong_ca" -E "$wrong_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -A "$wrong_ca" -E "$wrong_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$client_ca" -p $port +timeout -s KILL 2m ./examples/client/client -A "$client_ca" -p $port RESULT=$? remove_ready_file if [ $RESULT -eq 0 ]; then @@ -261,10 +267,10 @@ echo "" echo "Server fall through to loaded CAs" echo "-----------------------------------------------------" port=0 -./examples/server/server -E "$wrong_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -E "$wrong_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$client_ca" -p $port +timeout -s KILL 2m ./examples/client/client -A "$client_ca" -p $port RESULT=$? remove_ready_file if [ $RESULT -ne 0 ]; then @@ -280,24 +286,24 @@ echo "Test two success cases and one fail case" echo "-----------------------------------------------------" port=0 cat "$client_cert" "$client_ca" > "$combined_cert" -./examples/server/server -i -A "$wrong_ca" -E "$combined_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & +timeout -s KILL 2m ./examples/server/server -i -A "$wrong_ca" -E "$combined_cert" -c "$server_cert" -k "$server_key" -R "$ready_file" -p $port & server_pid=$! create_port -./examples/client/client -A "$client_ca" -c "$client_cert" -k "$client_key" -p $port +timeout -s KILL 2m ./examples/client/client -A "$client_ca" -c "$client_cert" -k "$client_key" -p $port RESULT=$? if [ $RESULT -ne 0 ]; then echo -e "\nServer load multiple trusted peer certs failed!" do_cleanup exit 1 fi -./examples/client/client -A "$client_ca" -c "$client_ca" -k "$ca_key" -p $port +timeout -s KILL 2m ./examples/client/client -A "$client_ca" -c "$client_ca" -k "$ca_key" -p $port RESULT=$? if [ $RESULT -ne 0 ]; then echo -e "\nServer load multiple trusted peer certs failed!" do_cleanup exit 1 fi -./examples/client/client -A "$client_ca" -c "$wrong_cert" -k "$client_key" -p $port +timeout -s KILL 2m ./examples/client/client -A "$client_ca" -c "$wrong_cert" -k "$client_key" -p $port RESULT=$? if [ $RESULT -eq 0 ]; then echo -e "\nServer load multiple trusted peer certs failed!"