commit e97aa06dc058 introduced "full openvpn cipher testing", but fails
on OpenSSL 0.9.8 with DES-CFB1 (skip), on NetBSD for RC5-* (needs extra
library, libcrypto_rc5.a) and on Solaris for POSIXly "tail" (rewrite).
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1404830758-7927-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8861
... | ... |
@@ -25,12 +25,15 @@ trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15 |
25 | 25 |
trap "rm -f key.$$ log.$$ ; exit 1" 0 3 |
26 | 26 |
|
27 | 27 |
# Get list of supported ciphers from openvpn --show-ciphers output |
28 |
-CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | tail -n+7 | sed 's/ .*//' | sed '/^\s*$/d' | sort) |
|
28 |
+CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \ |
|
29 |
+ sed -e '1,/^$/d' -e s'/ .*//' -e '/^\s*$/d' | sort) |
|
29 | 30 |
|
30 | 31 |
# SK, 2014-06-04: currently the DES-EDE3-CFB1 implementation of OpenSSL is |
31 | 32 |
# broken (see http://rt.openssl.org/Ticket/Display.html?id=2867), so exclude |
32 | 33 |
# that cipher from this test. |
33 |
-CIPHERS=$(echo "$CIPHERS" | sed '/.*DES-EDE3-CFB1.*/d') |
|
34 |
+# GD, 2014-07-06 so is DES-CFB1 |
|
35 |
+# GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) |
|
36 |
+CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) |
|
34 | 37 |
|
35 | 38 |
"${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ |
36 | 39 |
set +e |