diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test index 92cc9ce14e7..ece7aaedb14 100755 --- a/scripts/crl-revoked.test +++ b/scripts/crl-revoked.test @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + [ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ && exit 1 @@ -99,7 +106,7 @@ run_test() { # starts the server on crl_port, -R generates ready file to be used as a # mutex lock, -c loads the revoked certificate. We capture the processid # into the variable server_pid - ./examples/server/server -R "$ready_file" -p $crl_port \ + timeout -s KILL 2m ./examples/server/server -R "$ready_file" -p $crl_port \ -c ${CERT_DIR}/server-revoked-cert.pem \ -k ${CERT_DIR}/server-revoked-key.pem & server_pid=$! @@ -176,7 +183,7 @@ run_hashdir_test() { # starts the server on crl_port, -R generates ready file to be used as a # mutex lock, -c loads the revoked certificate. We capture the processid # into the variable server_pid - ./examples/server/server -R "$ready_file" -p $crl_port \ + timeout -s KILL 2m ./examples/server/server -R "$ready_file" -p $crl_port \ -c ${CERT_DIR}/server-revoked-cert.pem \ -k ${CERT_DIR}/server-revoked-key.pem & server_pid=$! diff --git a/scripts/dtlscid.test b/scripts/dtlscid.test index 58968d978dd..2de1dcf46c6 100755 --- a/scripts/dtlscid.test +++ b/scripts/dtlscid.test @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + # dtlscid.test # Copyright wolfSSL 2022-2024 @@ -54,7 +61,7 @@ test_cid () { echo "Running test_cid" SERVER_FILE=$(mktemp) CLIENT_FILE=$(mktemp) - $WOLFSSL_ROOT/examples/server/server -v4 -u --cid $SCID 1> $SERVER_FILE & + timeout -s KILL 2m $WOLFSSL_ROOT/examples/server/server -v4 -u --cid $SCID 1> $SERVER_FILE & SERVER_PID=$! sleep 0.2 $WOLFSSL_ROOT/examples/client/client -v4 -u --cid $CCID 1> $CLIENT_FILE diff --git a/scripts/ocsp-stapling-with-wolfssl-responder.test b/scripts/ocsp-stapling-with-wolfssl-responder.test index f7ca8bafd5f..5bffe1cdda2 100755 --- a/scripts/ocsp-stapling-with-wolfssl-responder.test +++ b/scripts/ocsp-stapling-with-wolfssl-responder.test @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + # ocsp-stapling-with-wolfssl-responder.test # Tests OCSP stapling using wolfSSL's own ocsp_responder example # instead of the OpenSSL ocsp utility. @@ -455,7 +462,7 @@ if [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS -------------------------" # client test against our own server - GOOD CERT - ./examples/server/server -c certs/ocsp/server1-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server1-cert.pem \ -k certs/ocsp/server1-key.pem -R $ready_file5 \ -p $port5 & server_pid5=$! @@ -468,7 +475,7 @@ if [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE -----------------------" # client test against our own server - REVOKED CERT remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server2-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server2-cert.pem \ -k certs/ocsp/server2-key.pem -R $ready_file5 \ -p $port5 & server_pid5=$! @@ -486,7 +493,7 @@ if [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE 3 TLS13 SHOULD PASS -----------------" # client test against our own server - GOOD CERT remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server1-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server1-cert.pem \ -k certs/ocsp/server1-key.pem -v 4 \ -R $ready_file5 -p $port5 & server_pid5=$! @@ -500,7 +507,7 @@ if [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE 4 TLS13 MUST-STAPLE SHOULD PASS -----" # client test against our own server, must staple - GOOD CERT remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server1-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server1-cert.pem \ -k certs/ocsp/server1-key.pem -v 4 \ -R $ready_file5 -p $port5 & server_pid5=$! @@ -514,7 +521,7 @@ if [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE 5 TLS13 SHOULD REVOKE ---------------" # client test against our own server - REVOKED CERT remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server2-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server2-cert.pem \ -k certs/ocsp/server2-key.pem -v 4 \ -R $ready_file5 -p $port5 & server_pid5=$! @@ -533,7 +540,7 @@ if [ "$stapling_v1" == "yes" ]; then if [[ "$dtls12" == "yes" ]]; then printf '%s\n\n' "------------- TEST CASE DTLS12-1 SHOULD PASS ----------------" remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file5 \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file5 \ -k certs/ocsp/server1-key.pem -u -v 3 \ -p $port5 & server_pid5=$! @@ -549,7 +556,7 @@ if [ "$stapling_v1" == "yes" ]; then if [ "$dtls13" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE DTLS13-1 SHOULD PASS ----------------" remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file5 \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file5 \ -k certs/ocsp/server1-key.pem -u -v 4 \ -p $port5 & server_pid5=$! @@ -575,7 +582,7 @@ if [ "$stapling_v2" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE V2-1 SHOULD PASS ----------------------" # client test against our own server - GOOD CERTS remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server3-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server3-cert.pem \ -k certs/ocsp/server3-key.pem -R $ready_file5 \ -p $port5 & server_pid5=$! @@ -588,7 +595,7 @@ if [ "$stapling_v2" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE V2-2 SHOULD PASS ----------------------" remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server3-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server3-cert.pem \ -k certs/ocsp/server3-key.pem -R $ready_file5 \ -p $port5 & server_pid5=$! @@ -602,7 +609,7 @@ if [ "$stapling_v2" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE V2-3 SHOULD REVOKE --------------------" # client test against our own server - REVOKED SERVER CERT remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server4-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server4-cert.pem \ -k certs/ocsp/server4-key.pem -R $ready_file5 \ -p $port5 & server_pid5=$! @@ -616,7 +623,7 @@ if [ "$stapling_v2" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE V2-4 SHOULD REVOKE --------------------" remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server4-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server4-cert.pem \ -k certs/ocsp/server4-key.pem -R $ready_file5 \ -p $port5 & sleep 0.1 @@ -630,7 +637,7 @@ if [ "$stapling_v2" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE V2-5 SHOULD PASS ----------------------" # client test against our own server - REVOKED INTERMEDIATE CERT remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server5-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server5-cert.pem \ -k certs/ocsp/server5-key.pem -R $ready_file5 \ -p $port5 & server_pid5=$! @@ -643,7 +650,7 @@ if [ "$stapling_v2" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE V2-6 SHOULD REVOKE --------------------" remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server5-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server5-cert.pem \ -k certs/ocsp/server5-key.pem -R $ready_file5 \ -p $port5 & server_pid5=$! @@ -659,7 +666,7 @@ if [ "$stapling_v2" == "yes" ]; then if [[ "$dtls12" == "yes" ]]; then printf '%s\n\n' "------------- TEST CASE DTLS12-V2 SHOULD PASS ----------------" remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server3-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server3-cert.pem \ -k certs/ocsp/server3-key.pem -R $ready_file5 \ -p $port5 -u -v 3 & server_pid5=$! @@ -685,7 +692,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE T13-1 SHOULD PASS --------------------" # client test against our own server - GOOD CERTS remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server3-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server3-cert.pem \ -k certs/ocsp/server3-key.pem -R $ready_file5 \ -p $port5 -v 4 & server_pid5=$! @@ -699,7 +706,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE T13-2 SHOULD REVOKE ------------------" # client test against our own server - REVOKED SERVER CERT remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server4-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server4-cert.pem \ -k certs/ocsp/server4-key.pem -R $ready_file5 \ -p $port5 -v 4 & server_pid5=$! @@ -714,7 +721,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE T13-3 SHOULD REVOKE ------------------" # client test against our own server - REVOKED INTERMEDIATE CERT remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server5-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server5-cert.pem \ -k certs/ocsp/server5-key.pem -R $ready_file5 \ -p $port5 -v 4 & server_pid5=$! @@ -730,7 +737,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then if [ "$dtls13" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE DTLS13-V2 SHOULD PASS ----------------" remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server3-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server3-cert.pem \ -k certs/ocsp/server3-key.pem -R $ready_file5 \ -p $port5 -u -v 4 & server_pid5=$! @@ -743,7 +750,7 @@ if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE DTLS13-V2-REVOKE SHOULD REVOKE -------" remove_single_rF $ready_file5 - ./examples/server/server -c certs/ocsp/server4-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server4-cert.pem \ -k certs/ocsp/server4-key.pem -R $ready_file5 \ -p $port5 -v 4 & server_pid5=$! diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index bd62868cf6d..5ab2e28c265 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + # ocsp-stapling.test # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST @@ -290,7 +297,7 @@ port3=$(get_first_free_port $((port2 + 1))) # test interop fail case ready_file=$PWD/wolf_ocsp_readyF$$ printf '%s\n' "ready file: \"$ready_file\"" -./examples/server/server -b -p "$port1" -o -R "$ready_file" & +timeout -s KILL 2m ./examples/server/server -b -p "$port1" -o -R "$ready_file" & wolf_pid=$! wait_for_readyFile "$ready_file" "$wolf_pid" "$port1" if [ ! -f "$ready_file" ]; then diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index c79dcae2792..e3c1cee6434 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + # ocsp-stapling2.test # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2 @@ -447,7 +454,7 @@ RESULT=$? printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 7 LOAD CERT IN SSL -------------------" remove_single_rF "$ready_file5" -./examples/server/server -c certs/ocsp/server1-cert.pem \ +timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server1-cert.pem \ -k certs/ocsp/server1-key.pem -R "$ready_file5" \ -p "$port5" -H loadSSL & server_pid5=$! @@ -462,7 +469,7 @@ fi printf '%s\n\n' "Test successful" printf '%s\n\n' "------------- TEST CASE 8 SHOULD REVOKE ----------------------" remove_single_rF "$ready_file5" -./examples/server/server -c certs/ocsp/server4-cert.pem \ +timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server4-cert.pem \ -k certs/ocsp/server4-key.pem -R "$ready_file5" \ -p "$port5" -H loadSSL & server_pid5=$! diff --git a/scripts/ocsp-stapling_tls13multi.test b/scripts/ocsp-stapling_tls13multi.test index ce49ba13c71..2b05a85498b 100755 --- a/scripts/ocsp-stapling_tls13multi.test +++ b/scripts/ocsp-stapling_tls13multi.test @@ -1,5 +1,12 @@ #!/bin/bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + # ocsp-stapling_tls13multi.test # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2 @@ -455,7 +462,7 @@ if [ "$tls13" == "yes" ]; then printf '%s\n\n' "------------- TEST CASE 6 LOAD CERT IN SSL -------------------" remove_single_rF "$ready_file5" - ./examples/server/server -c certs/ocsp/server1-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server1-cert.pem \ -k certs/ocsp/server1-key.pem -R "$ready_file5" -v 4 \ -p "$port5" -H loadSSL & server_pid5=$! @@ -470,7 +477,7 @@ if [ "$tls13" == "yes" ]; then printf '%s\n\n' "Test successful" printf '%s\n\n' "------------- TEST CASE 7 SHOULD REVOKE ----------------------" remove_single_rF "$ready_file5" - ./examples/server/server -c certs/ocsp/server4-cert.pem \ + timeout -s KILL 2m ./examples/server/server -c certs/ocsp/server4-cert.pem \ -k certs/ocsp/server4-key.pem -R "$ready_file5" \ -p "$port5" -H loadSSL -v 4 & server_pid5=$! diff --git a/scripts/pkcallbacks.test b/scripts/pkcallbacks.test index aa7b783981e..d73bb015081 100755 --- a/scripts/pkcallbacks.test +++ b/scripts/pkcallbacks.test @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + #pkcallbacks.test [ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ @@ -101,7 +108,7 @@ run_test() { # starts the server on pk_port, -R generates ready file to be used as a # mutex lock, -P does pkcallbacks. We capture the processid # into the variable server_pid - ./examples/server/server -P -R "$ready_file" -p $pk_port & + timeout -s KILL 2m ./examples/server/server -P -R "$ready_file" -p $pk_port & server_pid=$! while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do diff --git a/scripts/resume.test b/scripts/resume.test index 38af600e916..ac7361e2325 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + #resume.test # if we can, isolate the network namespace to eliminate port collisions. @@ -77,7 +84,7 @@ do_test() { remove_ready_file echo "./examples/server/server -r -R \"$ready_file\" -p $resume_port" - ./examples/server/server -r -R "$ready_file" -p $resume_port & + timeout -s KILL 2m ./examples/server/server -r -R "$ready_file" -p $resume_port & server_pid=$! while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do diff --git a/scripts/tls13.test b/scripts/tls13.test index d0f02004de9..7a29e3fe20a 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# timeout(1) is GNU coreutils and absent on macOS; where it's missing, run the +# command unbounded (the flaky hang this guards against is Linux-only CI). +if ! command -v timeout >/dev/null 2>&1; then + timeout() { while [ "${1:-}" = "-s" ] || [ "${1:-}" = "-k" ]; do shift 2; done; shift; "$@"; } +fi + + # tls13.test # Copyright wolfSSL 2016-2021 @@ -260,7 +267,7 @@ if [ "$early_data" = "yes" ]; then echo -e "\n\nTLS v1.3 Early Data - session ticket" port=0 - (./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \ + (timeout -s KILL 2m ./examples/server/server -v 4 -r -0 -R "$ready_file" -p $port 2>&1 | \ tee "$server_out_file") & server_pid=$! create_port @@ -308,7 +315,7 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then early_data_try_num=1 while :; do - (./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \ + (timeout -s KILL 2m ./examples/server/server -v 4 -s -0 -R "$ready_file" -p $port 2>&1 | \ tee "$server_out_file") & server_pid=$! create_port