scripts/: refactor TLS version support tests to use -V, rather than -v (which makes frivolous connection attempts).

scripts/external.test

@@ -10,39 +10,39 @@ ca=./certs/wolfssl-website-ca.pem
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
 # www.wolfssl.com isn't using RFC 8446 yet but the draft instead.
-./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
-if [ $? -ne 0 ]; then
+if ! ./examples/client/client -V | grep -q 3; then
+    echo 'skipping external.test because TLS1.2 is not available.' 1>&2
+    exit 0
+fi
 
-    # cloudflare seems to change CAs quickly, disabled by default
-    if test -n "$WOLFSSL_EXTERNAL_TEST"; then
+# cloudflare seems to change CAs quickly, disabled by default
+if test -n "$WOLFSSL_EXTERNAL_TEST"; then
 
-        BUILD_FLAGS="$(./examples/client/client '-#')"
-        if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
-            echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
-            exit 0
-        fi
-
-        if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
-            echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
-            exit 0
-        fi
-
-        echo "WOLFSSL_EXTERNAL_TEST set, running test..."
-    else
-        echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
+    BUILD_FLAGS="$(./examples/client/client '-#')"
+    if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
+        echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.'
         exit 0
     fi
 
-    # is our desired server there?
-    "${SCRIPT_DIR}"/ping.test $server 2
-    RESULT=$?
-    [ $RESULT -ne 0 ] && exit 0
-
-    # client test against the server
-    ./examples/client/client -X -C -h $server -p 443 -g -A $ca
-    RESULT=$?
-    [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
+    if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then
+        echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.'
+        exit 0
+    fi
 
+    echo "WOLFSSL_EXTERNAL_TEST set, running test..."
+else
+    echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run"
+    exit 0
 fi
 
+# is our desired server there?
+"${SCRIPT_DIR}"/ping.test $server 2
+RESULT=$?
+[ $RESULT -ne 0 ] && exit 0
+
+# client test against the server
+./examples/client/client -X -C -h $server -p 443 -g -A $ca
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
+
 exit 0

scripts/google.test

@@ -6,9 +6,8 @@ server=www.google.com
 
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
-./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
-if [ $? -eq 0 ]; then
-    echo -e "\n\nClient doesn't support TLS v1.2"
+if ! ./examples/client/client -V | grep -q 3; then
+    echo 'skipping google.test because TLS1.2 is not available.' 1>&2
     exit 0
 fi
 
@@ -22,8 +21,7 @@ RESULT=$?
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
-./examples/client/client -v 4 2>&1 | grep -- 'Bad SSL version'
-if [ $? -ne 0 ]; then
+if ./examples/client/client -V | grep -q 4; then
     # client test against the server using TLS v1.3
     ./examples/client/client -v 4 -X -C -h $server -p 443 -g -d
     RESULT=$?

scripts/ocsp-stapling-with-ca-as-responder.test

@@ -23,10 +23,8 @@ if [[ -z "${RETRIES_REMAINING-}" ]]; then
     export RETRIES_REMAINING=2
 fi
 
-./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
-if [ $? -eq 0 ]; then
-    echo "TLS 1.2 or lower required"
-    echo "Skipped"
+if ! ./examples/client/client -V | grep -q 3; then
+    echo 'skipping ocsp-stapling-with-ca-as-responder.test because TLS1.2 is not available.' 1>&2
     exit 0
 fi
 

scripts/ocsp-stapling.test

@@ -11,10 +11,8 @@ if [[ -z "${RETRIES_REMAINING-}" ]]; then
     export RETRIES_REMAINING=2
 fi
 
-./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
-if [ $? -eq 0 ]; then
-    echo "TLS 1.2 or lower required"
-    echo "Skipped"
+if ! ./examples/client/client -V | grep -q 3; then
+    echo 'skipping ocsp-stapling.test because TLS1.2 is not available.' 1>&2
     exit 0
 fi
 
@@ -331,8 +329,7 @@ RESULT=$?
 printf '%s\n\n' "Test successfully REVOKED!"
 
 
-./examples/client/client -v 4 2>&1 | grep -- 'Bad SSL version'
-if [ $? -ne 0 ]; then
+if ./examples/client/client -V | grep -q 4; then
     printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------"
     # client test against our own server - GOOD CERT
     remove_single_rF "$ready_file2"
@@ -376,6 +373,8 @@ if [ $? -ne 0 ]; then
                       printf '\n\n%s\n' "Client connection 5 succeeded $RESULT" \
                       && exit 1
     printf '%s\n\n' "Test successfully REVOKED!"
+else
+    echo 'skipping TLS1.3 stapling tests.' 1>&2
 fi
 
 # need a unique port since may run the same time as testsuite
@@ -408,9 +407,9 @@ printf '%s\n\n' "Test PASSED!"
 
 openssl ciphers -tls1_3
 openssl_tls13=$?
-./examples/client/client -v 4 2>&1 | grep -- 'Bad SSL version'
-wolfssl_not_tls13=$?
-if [ "$openssl_tls13" = "0" -a "$wolfssl_not_tls13" != "0" ]; then
+./examples/client/client -V | grep -q 4
+wolfssl_tls13=$?
+if [ "$openssl_tls13" = "0" -a "$wolfssl_tls13" = "0" ]; then
     printf '%s\n\n' "------------- TEST CASE 8 SHOULD PASS --------------------"
     # client asks for OCSP staple but doesn't fail when none returned
     ./examples/client/client -p $port -g -v 4 -W 1
@@ -428,6 +427,18 @@ if [ "$openssl_tls13" = "0" -a "$wolfssl_not_tls13" != "0" ]; then
                   && printf '\n\n%s\n' "Client connection 9 succeeded $RESULT" \
                   && exit 1
     printf '%s\n\n' "Test PASSED!"
+else
+    echo -n 'skipping TLS1.3 stapling interoperability test:' 1>&2
+    if [ "$openssl_tls13" != "0" ]; then
+	echo -n ' OpenSSL' 1>&2
+    fi
+    if [ "$wolfssl_tls13" != "0" ]; then
+	if [ "$openssl_tls13" != "0" ]; then
+	    echo -n ' and' 1>&2
+	fi
+	echo -n ' wolfSSL' 1>&2
+    fi
+    echo -n ' missing TLS1.3 support.' 1>&2
 fi
 
 printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------"

scripts/ocsp-stapling2.test

@@ -24,10 +24,8 @@ if [[ -z "${RETRIES_REMAINING-}" ]]; then
     export RETRIES_REMAINING=2
 fi
 
-./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
-if [ $? -eq 0 ]; then
-    echo "TLS 1.2 or lower required"
-    echo "Skipped"
+if ! ./examples/client/client -V | grep -q 3; then
+    echo 'skipping ocsp-stapling2.test because TLS1.2 is not available.' 1>&2
     exit 0
 fi
 

scripts/ocsp.test

@@ -12,10 +12,8 @@ ca=certs/external/ca-globalsign-root.pem
 [ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
                                   && exit 1
 
-./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
-if [ $? -eq 0 ]; then
-    echo "TLS 1.2 or lower required"
-    echo "Skipped"
+if ! ./examples/client/client -V | grep -q 3; then
+    echo 'skipping ocsp.test because TLS1.2 is not available.' 1>&2
     exit 0
 fi