From a42b3f2e54971e1325666720e235ce1e17ed8cae Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Wed, 23 Jul 2014 01:51:47 +0200
Subject: Updaten OpenVPN master

--HG--
extra : rebase_source : 7937a60e9172279fce1c3cf37371a7e74caf7f31
---
 main/openvpn/tests/t_client.sh.in |  6 ++++++
 main/openvpn/tests/t_lpback.sh    | 33 +++++++++++++++++++++++++++++----
 2 files changed, 35 insertions(+), 4 deletions(-)

(limited to 'main/openvpn/tests')

diff --git a/main/openvpn/tests/t_client.sh.in b/main/openvpn/tests/t_client.sh.in
index 52c5ed1a..d4f7c4ab 100755
--- a/main/openvpn/tests/t_client.sh.in
+++ b/main/openvpn/tests/t_client.sh.in
@@ -134,6 +134,12 @@ get_ifconfig_route()
 	   @NETSTAT@ -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
 	   return
 	   ;;
+	AIX)
+	   echo "-- AIX --"
+	   @IFCONFIG@ -a | egrep "(flags=|inet)"
+	   @NETSTAT@ -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
+	   return
+	   ;;
     esac
 
     echo "get_ifconfig_route(): no idea how to get info on your OS.  FAIL." >&2
diff --git a/main/openvpn/tests/t_lpback.sh b/main/openvpn/tests/t_lpback.sh
index 40767a1b..8f88ad92 100755
--- a/main/openvpn/tests/t_lpback.sh
+++ b/main/openvpn/tests/t_lpback.sh
@@ -2,6 +2,7 @@
 #
 # t_lpback.sh - script to test OpenVPN's crypto loopback
 # Copyright (C) 2005  Matthias Andree
+# Copyright (C) 2014  Steffan Karger
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,15 +19,39 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 # 02110-1301, USA.
 
-set -e
+set -eu
 top_builddir="${top_builddir:-..}"
 trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
 trap "rm -f key.$$ log.$$ ; exit 1" 0 3
+
+# Get list of supported ciphers from openvpn --show-ciphers output
+CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \
+            sed -e '1,/^$/d' -e s'/ .*//' -e '/^\s*$/d' | sort)
+
+# SK, 2014-06-04: currently the DES-EDE3-CFB1 implementation of OpenSSL is
+# broken (see http://rt.openssl.org/Ticket/Display.html?id=2867), so exclude
+# that cipher from this test.
+# GD, 2014-07-06 so is DES-CFB1
+# GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
+CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
+
 "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
 set +e
-( "${top_builddir}/src/openvpn/openvpn" --test-crypto --secret key.$$ ) >log.$$ 2>&1
-e=$?
-if [ $e != 0 ] ; then cat log.$$ ; fi
+
+e=0
+for cipher in ${CIPHERS}
+do
+    echo -n "Testing cipher ${cipher}... "
+    ( "${top_builddir}/src/openvpn/openvpn" --test-crypto --secret key.$$ --cipher ${cipher} ) >log.$$ 2>&1
+    if [ $? != 0 ] ; then
+        echo "FAILED"
+        cat log.$$
+        e=1
+    else
+        echo "OK"
+    fi
+done
+
 rm key.$$ log.$$
 trap 0
 exit $e
-- 
cgit v1.2.3