Changeset 5d04f8d for tests


Ignore:
Timestamp:
May 15, 2014 3:38:29 AM (6 years ago)
Author:
kytv <kytv@…>
Branches:
master
Children:
f994590
Parents:
06de347
Message:

checkremotecerts.sh fix test logic

Script would return 0 even connecting to the remote host failed.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • tests/scripts/checkremotecerts.sh

    r06de347 r5d04f8d  
    6262    while ! "$@"
    6363    do
    64         echo "$0: try $i of $MAX failed for command $@"
     64        echo "try $i of $MAX failed for command $@" >&2
    6565        if [ $i -ge $MAX ]
    6666        then
     
    7070        sleep 15
    7171    done
     72    if [ $i = $MAX ]; then
     73        return 1
     74    fi
    7275}
    7376
     
    7982connect() {
    8083    if [ $OPENSSL -eq 1 ]; then
    81         retry $OPENSSL_BIN s_client -connect "$1:443" -no_ign_eof -CAfile $CACERTS -servername $1 < /dev/null 2>/dev/null
     84        $OPENSSL_BIN s_client -connect "$1:443" -CAfile $CACERTS -servername $1 < /dev/null 2> /dev/null
    8285    else
    83         retry $GNUTLS_BIN --insecure --print-cert --x509cafile "$CACERTS" "$1"  < /dev/null 2>/dev/null
     86        $GNUTLS_BIN --insecure --print-cert --x509cafile "$CACERTS" "$1"  < /dev/null 2>/dev/null
    8487    fi
    8588}
     
    118121    for HOST in $RESEEDHOSTS; do
    119122        echo -n "Checking $HOST..."
    120         connect "$HOST"  < /dev/null > "$WORK/$HOST"
     123        if retry connect "$HOST"  < /dev/null 1> "$WORK/$HOST"; then
    121124
    122         # OpenSSL returns "return code: 0 (ok)"
    123         # GnuTLS returns "certificate is trusted"
    124         # GnuTLS v2 has the word "Peer" before certificate, v3 has the word "The" before it
    125         if ! grep -q 'Verify return code: 0 (ok)\|certificate is trusted' "$WORK/$HOST"; then
    126             # If we end up here it's for one of two probable reasons:
    127             # 1) the the CN in the certificate doesn't match the hostname.
    128             # 2) the certificate is invalid
     125            # OpenSSL returns "return code: 0 (ok)"
     126            # GnuTLS returns "certificate is trusted"
     127            # GnuTLS v2 has the word "Peer" before certificate, v3 has the word "The" before it
     128            if ! grep -q 'Verify return code: 0 (ok)\|certificate is trusted' "$WORK/$HOST"; then
     129                # If we end up here it's for one of two probable reasons:
     130                # 1) the the CN in the certificate doesn't match the hostname.
     131                # 2) the certificate is invalid
    129132
    130             # OpenSSL returns code 21 with self-signed certs.
    131             # GnuTLS returns "certificate issuer is unknown"
    132             # As noted above, GnuTLS v2 has the word "Peer" before certificate, v3 has the word "The" before it
     133                # OpenSSL returns code 21 with self-signed certs.
     134                # GnuTLS returns "certificate issuer is unknown"
     135                # As noted above, GnuTLS v2 has the word "Peer" before certificate, v3 has the word "The" before it
    133136
    134             # If the CN just doesn't match the hostname, pass
    135             if ! grep -q 'Verify return code: 21\|certificate issuer is unknown' "$WORK/$HOST"; then : ;else
    136                 verify_fingerprint $HOST
     137                # If the CN just doesn't match the hostname, pass
     138                if ! grep -q 'Verify return code: 21\|certificate issuer is unknown\|self signed' "$WORK/$HOST"; then : ;else
     139                    verify_fingerprint $HOST
     140                fi
    137141            fi
     142            echo
     143        else
     144            echo "failed to connect to $HOST" >&2
     145            FAIL=1
    138146        fi
    139         echo
    140147    done
    141148}
Note: See TracChangeset for help on using the changeset viewer.