mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
2dc3322664
The nsCertType x509 extension is very old, and barely used. We already have had an alternative for a long time: --remote-cert-tls uses the far more common keyUsage and extendedKeyUsage extensions instead. OpenSSL 1.1 longer exposes an API to (separately) check the nsCertType x509 extension. Since we want be able to migrate to OpenSSL 1.1, we should deprecate this option immediately. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1488653397-2309-1-git-send-email-steffan@karger.me> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14222.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
102 lines
2.6 KiB
Plaintext
102 lines
2.6 KiB
Plaintext
#
|
|
# this is sourced from t_client.sh and defines which openvpn client tests
|
|
# to run
|
|
#
|
|
# (sample config, copy to t_client.rc and adapt to your environment)
|
|
#
|
|
#
|
|
# define these - if empty, no tests will run
|
|
#
|
|
top_srcdir="${top_srcdir:-..}"
|
|
CA_CERT="${top_srcdir}/sample/sample-keys/ca.crt"
|
|
CLIENT_KEY="${top_srcdir}/sample/sample-keys/client.key"
|
|
CLIENT_CERT="${top_srcdir}/sample/sample-keys/client.crt"
|
|
#FPING_EXTRA_ARGS="-t 1000"
|
|
|
|
# Load EXPECT_IFCONFIG* parameters from cache
|
|
if [ -r "${top_builddir}/t_client_ips.rc" ]; then
|
|
. "${top_builddir}/t_client_ips.rc"
|
|
else
|
|
echo "NOTICE: missing t_client_ips.rc will be auto-generated"
|
|
fi
|
|
|
|
#
|
|
# remote host (used as macro below)
|
|
#
|
|
REMOTE=mytestserver
|
|
#
|
|
# tests to run (list suffixes for config stanzas below)
|
|
#
|
|
TEST_RUN_LIST="1 2"
|
|
|
|
#
|
|
# use "sudo" (etc) to give openvpn the necessary privileges
|
|
# if this is not active, "make check" must be run as root
|
|
#
|
|
#RUN_SUDO=sudo
|
|
|
|
#
|
|
# base confic that is the same for all the p2mp test runs
|
|
#
|
|
OPENVPN_BASE_P2MP="--client --ca $CA_CERT \
|
|
--cert $CLIENT_CERT --key $CLIENT_KEY \
|
|
--remote-cert-tls server --nobind --comp-lzo --verb 3"
|
|
|
|
# base config for p2p tests
|
|
#
|
|
OPENVPN_BASE_P2P="..."
|
|
|
|
#
|
|
#
|
|
# now define the individual tests - all variables suffixed with _1, _2 etc
|
|
# will be used in test run "1", "2", etc.
|
|
#
|
|
# if something is not defined here, the corresponding test is not run
|
|
#
|
|
# possible test options:
|
|
#
|
|
# RUN_TITLE_x="what is being tested on here" (purely informational)
|
|
# OPENVPN_CONF_x = "how to call ./openvpn" [mandatory]
|
|
# EXPECT_IFCONFIG4_x = "this IPv4 address needs to show up in ifconfig"
|
|
# EXPECT_IFCONFIG6_x = "this IPv6 address needs to show up in ifconfig"
|
|
# PING4_HOSTS_x = "these hosts musts ping when openvpn is up (IPv4 fping)"
|
|
# PING6_HOSTS_x = "these hosts musts ping when openvpn is up (IPv6 fping6)"
|
|
#
|
|
# Test 1: UDP / p2mp tun
|
|
# specify IPv4+IPv6 addresses expected from server and ping targets
|
|
#
|
|
RUN_TITLE_1="testing tun/udp/ipv4+ipv6"
|
|
OPENVPN_CONF_1="$OPENVPN_BASE_P2MP --dev tun --proto udp --remote $REMOTE --port 51194"
|
|
PING4_HOSTS_1="10.100.50.1 10.100.0.1"
|
|
PING6_HOSTS_1="2001:db8::1 2001:db8:a050::1"
|
|
|
|
# Test 2: TCP / p2mp tun
|
|
#
|
|
RUN_TITLE_2="testing tun/tcp/ipv4+ipv6"
|
|
OPENVPN_CONF_2="$OPENVPN_BASE_P2MP --dev tun --proto tcp --remote $REMOTE --port 51194"
|
|
PING4_HOSTS_2="10.100.51.1 10.100.0.1"
|
|
PING6_HOSTS_2="2001:db8::1 2001:db8:a051::1"
|
|
#
|
|
# run command after openvpn initialization is done - here: delay 5 seconds
|
|
POSTINIT_CMD_2="sleep 5"
|
|
|
|
# Test 3: UDP / p2p tun
|
|
# ...
|
|
|
|
# Test 4: TCP / p2p tun
|
|
# ...
|
|
|
|
# Test 5: UDP / p2mp tap
|
|
# ...
|
|
|
|
# Test 6: TCP / p2mp tun
|
|
# ...
|
|
|
|
# Test 7: UDP / p2p tap
|
|
# ...
|
|
|
|
# Test 8: TCP / p2p tap
|
|
# ...
|
|
|
|
# Test 9: whatever you want to test... :-)
|