diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
| commit | 19fcec84d8d7d21e796c7624e521b60d28ee21ed (patch) | |
| tree | 42d26aa27d1e3f7c0b8bd3fd14e7d7082f5008dc /src/jaegertracing/thrift/test/features/tls.sh | |
| parent | Initial commit. (diff) | |
| download | ceph-upstream/16.2.11+ds.tar.xz ceph-upstream/16.2.11+ds.zip | |
Adding upstream version 16.2.11+ds.upstream/16.2.11+dsupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/jaegertracing/thrift/test/features/tls.sh')
| -rwxr-xr-x | src/jaegertracing/thrift/test/features/tls.sh | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/src/jaegertracing/thrift/test/features/tls.sh b/src/jaegertracing/thrift/test/features/tls.sh new file mode 100755 index 000000000..6fd90a5fc --- /dev/null +++ b/src/jaegertracing/thrift/test/features/tls.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +# +# Checks to make sure TLSv1.0 or later is allowed by a server. +# + +THRIFTHOST=localhost +THRIFTPORT=9090 + +while [[ $# -ge 1 ]]; do + arg="$1" + argIN=(${arg//=/ }) + + case ${argIN[0]} in + -h|--host) + THRIFTHOST=${argIN[1]} + shift # past argument + ;; + -p|--port) + THRIFTPORT=${argIN[1]} + shift # past argument + ;; + *) + # unknown option ignored + ;; + esac + + shift # past argument or value +done + +declare -A EXPECT_NEGOTIATE +EXPECT_NEGOTIATE[tls1]=1 +EXPECT_NEGOTIATE[tls1_1]=1 +EXPECT_NEGOTIATE[tls1_2]=1 +EXPECT_NEGOTIATE[tls1_3]=1 + +failures=0 + +function tls +{ + for PROTO in "${!EXPECT_NEGOTIATE[@]}"; do + + local nego + local negodenied + local res + + echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null" + nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null) + negodenied=$? + echo "result of command: $negodenied" + + res="enabled"; if [[ ${EXPECT_NEGOTIATE[$PROTO]} -eq 0 ]]; then res="disabled"; fi + + if [[ $negodenied -ne ${EXPECT_NEGOTIATE[$PROTO]} ]]; then + echo "$PROTO negotiation allowed" + else + echo "[warn] $PROTO negotiation did not work" + echo $nego + ((failures++)) + fi + done +} + +tls + +if [[ $failures -eq 4 ]]; then + echo "[fail] At least one of TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3 needs to work, but does not" + exit $failures +fi + +echo "[pass] At least one of TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3 worked" +exit 0 |