xref: /openbsd/regress/usr.bin/nc/Makefile (revision c9cd3efa) 
1#	$OpenBSD: Makefile,v 1.14 2023/11/10 06:15:50 anton Exp $
2
3# Copyright (c) 2020 Alexander Bluhm <bluhm@openbsd.org>
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17PROGS =			client-tcp server-tcp
18SRCS_client-tcp =	client-tcp.c util.c
19SRCS_server-tcp =	server-tcp.c util.c
20WARNINGS =		yes
21
22NC =			./netcat-regress
23
24CLEANFILES =		${NC:T} {client,server}.{out,err,port,sock} ktrace.out
25
26REGRESS_SETUP =		setup
27setup:
28	pkill ${NC:T} || true
29	rm -f ${NC:T}
30	# copying global netcat to local name allows to pkill it during cleanup
31	cp /usr/bin/nc ${NC:T}
32	chmod 755 ${NC:T}
33
34REGRESS_CLEANUP =	cleanup
35cleanup:
36	-pkill ${NC:T} || true
37
38REGRESS_TARGETS =
39
40SERVER_NC = rm -f server.err; echo greeting | ${NC}
41CLIENT_NC = rm -f client.err; echo command | ${NC}
42SERVER_BG = 2>&1 >server.out | tee server.err &
43CLIENT_BG = 2>&1 >client.out | tee client.err &
44SERVER_LOG = >server.out 2>server.err
45CLIENT_LOG = >client.out 2>client.err
46
47PORT_GET = \
48	sed -E -n 's/(Listening|Bound) on .* //p' server.err >server.port
49PORT = `cat server.port`
50
51LISTEN_WAIT = \
52	let timeout=`date +%s`+5; \
53	until grep -q 'Listening on ' server.err; \
54	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
55
56BIND_WAIT = \
57	let timeout=`date +%s`+5; \
58	until grep -q 'Bound on ' server.err; \
59	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
60
61BIND_CLIENT_WAIT = \
62	let timeout=`date +%s`+5; \
63	until grep -q 'Bound on ' client.err; \
64	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
65
66CONNECT_WAIT = \
67	let timeout=`date +%s`+5; \
68	until grep -q 'Connection to .* succeeded' client.err; \
69	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
70
71TLS_WAIT = \
72	let timeout=`date +%s`+5; \
73	until grep -q 'Cert Hash:' client.err; \
74	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
75
76TRANSFER_WAIT = \
77	let timeout=`date +%s`+5; \
78	until grep -q 'greeting' client.out && grep -q 'command' server.out; \
79	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
80
81TRANSFER_CLIENT_WAIT = \
82	let timeout=`date +%s`+5; \
83	until grep -q 'greeting' client.out; \
84	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
85
86TRANSFER_SERVER_WAIT = \
87	let timeout=`date +%s`+5; \
88	until grep -q 'command' server.out; \
89	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
90
91RUNNING_WAIT = \
92	let timeout=`date +%s`+5; \
93	while ps -xww -o comm,stat | grep -q '${NC:T} .*R'; \
94	do [[ `date +%s` -lt $$timeout ]] || { echo timeout; exit 1; }; done
95
96# Server close barrier. Since netcat only handles a single connection and then
97# terminates, issuing this command after the first request will ensure that the
98# server has terminated upon completion.
99SERVER_CLOSE_WAIT = \
100	nc localhost ${PORT} 2>/dev/null || :
101
102### TCP ####
103
104REGRESS_TARGETS +=	run-tcp
105run-tcp:
106	${SERVER_NC} -n -v -l 127.0.0.1 0 ${SERVER_BG}
107	${LISTEN_WAIT}
108	${PORT_GET}
109	${CLIENT_NC} -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
110	${CONNECT_WAIT}
111	${TRANSFER_WAIT}
112	grep '^greeting$$' client.out
113	grep '^command$$' server.out
114	grep 'Listening on 127.0.0.1 ' server.err
115	grep 'Connection received on 127.0.0.1 ' server.err
116	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
117
118REGRESS_TARGETS +=	run-tcp6
119run-tcp6:
120	${SERVER_NC} -n -v -l ::1 0 ${SERVER_BG}
121	${LISTEN_WAIT}
122	${PORT_GET}
123	${CLIENT_NC} -n -v ::1 ${PORT} ${CLIENT_BG}
124	${CONNECT_WAIT}
125	${TRANSFER_WAIT}
126	grep '^greeting$$' client.out
127	grep '^command$$' server.out
128	grep 'Listening on ::1 ' server.err
129	grep 'Connection received on ::1 ' server.err
130	grep 'Connection to ::1 .* succeeded!' client.err
131
132# TCP resolver
133
134REGRESS_TARGETS +=	run-tcp-localhost-server
135run-tcp-localhost-server:
136	${SERVER_NC} -4 -v -l localhost 0 ${SERVER_BG}
137	${LISTEN_WAIT}
138	${PORT_GET}
139	${CLIENT_NC} -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
140	${CONNECT_WAIT}
141	${TRANSFER_WAIT}
142	grep '^greeting$$' client.out
143	grep '^command$$' server.out
144	grep 'Listening on localhost ' server.err
145	grep 'Connection received on localhost ' server.err
146	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
147
148REGRESS_TARGETS +=	run-tcp6-localhost-server
149run-tcp6-localhost-server:
150	${SERVER_NC} -6 -v -l localhost 0 ${SERVER_BG}
151	${LISTEN_WAIT}
152	${PORT_GET}
153	${CLIENT_NC} -n -v ::1 ${PORT} ${CLIENT_BG}
154	${CONNECT_WAIT}
155	${TRANSFER_WAIT}
156	grep '^greeting$$' client.out
157	grep '^command$$' server.out
158	grep 'Listening on localhost ' server.err
159	grep 'Connection received on localhost ' server.err
160	grep 'Connection to ::1 .* succeeded!' client.err
161
162REGRESS_TARGETS +=	run-tcp-localhost-client
163run-tcp-localhost-client:
164	${SERVER_NC} -n -v -l 127.0.0.1 0 ${SERVER_BG}
165	${LISTEN_WAIT}
166	${PORT_GET}
167	${CLIENT_NC} -4 -v localhost ${PORT} ${CLIENT_BG}
168	${CONNECT_WAIT}
169	${TRANSFER_WAIT}
170	grep '^greeting$$' client.out
171	grep '^command$$' server.out
172	grep 'Listening on 127.0.0.1 ' server.err
173	grep 'Connection received on 127.0.0.1 ' server.err
174	grep 'Connection to localhost .* succeeded!' client.err
175
176REGRESS_TARGETS +=	run-tcp6-localhost-client
177run-tcp6-localhost-client:
178	${SERVER_NC} -n -v -l ::1 0 ${SERVER_BG}
179	${LISTEN_WAIT}
180	${PORT_GET}
181	${CLIENT_NC} -6 -v localhost ${PORT} ${CLIENT_BG}
182	${CONNECT_WAIT}
183	${TRANSFER_WAIT}
184	grep '^greeting$$' client.out
185	grep '^command$$' server.out
186	grep 'Listening on ::1 ' server.err
187	grep 'Connection received on ::1 ' server.err
188	grep 'Connection to localhost .* succeeded!' client.err
189
190REGRESS_TARGETS +=	run-tcp-bad-localhost-server
191run-tcp-bad-localhost-server:
192	! ${NC} -4 -v -l ::1 0 ${SERVER_LOG}
193	grep 'non-recoverable failure in name resolution' server.err
194
195REGRESS_TARGETS +=	run-tcp6-bad-localhost-server
196run-tcp6-bad-localhost-server:
197	! ${NC} -6 -v -l 127.0.0.0 0 ${SERVER_LOG}
198	grep 'no address associated with name' server.err
199
200REGRESS_TARGETS +=	run-tcp-bad-localhost-client
201run-tcp-bad-localhost-client:
202	${SERVER_NC} -n -v -l 127.0.0.1 0 ${SERVER_BG}
203	${LISTEN_WAIT}
204	${PORT_GET}
205	! ${NC} -4 -v ::1 ${PORT} ${CLIENT_LOG}
206	grep 'non-recoverable failure in name resolution' client.err
207
208REGRESS_TARGETS +=	run-tcp6-bad-localhost-client
209run-tcp6-bad-localhost-client:
210	${SERVER_NC} -n -v -l 127.0.0.1 0 ${SERVER_BG}
211	${LISTEN_WAIT}
212	${PORT_GET}
213	! ${NC} -6 -v 127.0.0.1 ${PORT} ${CLIENT_LOG}
214	grep 'no address associated with name' client.err
215
216REGRESS_TARGETS +=	run-tcp-sleep
217run-tcp-sleep:
218	${SERVER_NC} -n -v -l 127.0.0.1 0 ${SERVER_BG}
219	${LISTEN_WAIT}
220	${PORT_GET}
221	${CLIENT_NC} -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
222	${CONNECT_WAIT}
223	${TRANSFER_WAIT}
224	grep '^greeting$$' client.out
225	grep '^command$$' server.out
226	grep 'Listening on 127.0.0.1 ' server.err
227	grep 'Connection received on 127.0.0.1 ' server.err
228	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
229	# netcat waits for the other side to terminate, check it is sleeping
230	${RUNNING_WAIT}
231	ps -xww -o comm,stat,args | grep '^${NC:T} .*S.* -v -l 127'
232	ps -xww -o comm,stat,args | grep '^${NC:T} .*S.* -v 127'
233
234# TCP keep
235
236REGRESS_TARGETS +=	run-tcp-keep
237run-tcp-keep:
238	${SERVER_NC} -k -n -v -l 127.0.0.1 0 ${SERVER_BG}
239	${LISTEN_WAIT}
240	${PORT_GET}
241	${CLIENT_NC} -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
242	${CONNECT_WAIT}
243	${TRANSFER_WAIT}
244	grep '^greeting$$' client.out
245	grep '^command$$' server.out
246	grep 'Listening on 127.0.0.1 ' server.err
247	grep 'Connection received on 127.0.0.1 ' server.err
248	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
249	# kill client and reconnect with a new one
250	:> server.err
251	pkill -l -f "^${NC} .* 127.0.0.1 ${PORT}$$"
252	rm -f client.{out,err}
253	:> server.out
254	# server closes the listen socket and binds a new one with new port
255	${LISTEN_WAIT}
256	${PORT_GET}
257	${CLIENT_NC} -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
258	${CONNECT_WAIT}
259	# server sends only one greeting, do not wait for a second one
260	${TRANSFER_SERVER_WAIT}
261	! grep 'greeting' client.out
262	# truncation of log results in NUL bytes, do not match ^
263	grep 'command$$' server.out
264	grep 'Listening on 127.0.0.1 ' server.err
265	grep 'Connection received on 127.0.0.1 ' server.err
266	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
267
268### TLS ###
269
270REGRESS_TARGETS +=	run-tls
271run-tls: 127.0.0.1.crt
272	${SERVER_NC} -c -C 127.0.0.1.crt -K 127.0.0.1.key -n -v -l 127.0.0.1 0 \
273	    ${SERVER_BG}
274	${LISTEN_WAIT}
275	${PORT_GET}
276	${CLIENT_NC} -c -R 127.0.0.1.crt -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
277	${CONNECT_WAIT}
278	${TLS_WAIT}
279	${TRANSFER_WAIT}
280	grep '^greeting$$' client.out
281	grep '^command$$' server.out
282	grep 'Listening on 127.0.0.1 ' server.err
283	grep 'Connection received on 127.0.0.1 ' server.err
284	# XXX success message should be issued after TLS handshake
285	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
286	grep 'Subject: .*/OU=server/CN=127.0.0.1' client.err
287	grep 'Issuer: .*/OU=server/CN=127.0.0.1' client.err
288
289REGRESS_TARGETS +=	run-tls6
290run-tls6: 1.crt
291	${SERVER_NC} -c -C 1.crt -K 1.key -n -v -l ::1 0 ${SERVER_BG}
292	${LISTEN_WAIT}
293	${PORT_GET}
294	${CLIENT_NC} -c -R 1.crt -n -v ::1 ${PORT} ${CLIENT_BG}
295	${CONNECT_WAIT}
296	${TLS_WAIT}
297	${TRANSFER_WAIT}
298	grep '^greeting$$' client.out
299	grep '^command$$' server.out
300	grep 'Listening on ::1 ' server.err
301	grep 'Connection received on ::1 ' server.err
302	grep 'Connection to ::1 .* succeeded!' client.err
303	grep 'Subject: .*/OU=server/CN=::1' client.err
304	grep 'Issuer: .*/OU=server/CN=::1' client.err
305
306REGRESS_TARGETS +=	run-tls-localhost
307run-tls-localhost: server.crt ca.crt
308	${SERVER_NC} -c -C server.crt -K server.key -v -l localhost 0 \
309	    ${SERVER_BG}
310	${LISTEN_WAIT}
311	${PORT_GET}
312	${CLIENT_NC} -c -R ca.crt -v localhost ${PORT} ${CLIENT_BG}
313	${CONNECT_WAIT}
314	${TLS_WAIT}
315	${TRANSFER_WAIT}
316	grep '^greeting$$' client.out
317	grep '^command$$' server.out
318	grep 'Listening on localhost ' server.err
319	grep 'Connection received on localhost ' server.err
320	grep 'Connection to localhost .* succeeded!' client.err
321	grep 'Subject: .*/OU=server/CN=localhost' client.err
322	grep 'Issuer: .*/OU=ca/CN=root' client.err
323
324REGRESS_TARGETS +=	run-tls-bad-ca
325run-tls-bad-ca: server.crt fake-ca.crt
326	${SERVER_NC} -c -C server.crt -K server.key -v -l localhost 0 \
327	    ${SERVER_BG}
328	${LISTEN_WAIT}
329	${PORT_GET}
330	# the client uses the wrong root ca to verify the server cert
331	! ${NC} -c -R fake-ca.crt -v localhost ${PORT} ${CLIENT_LOG}
332	${CONNECT_WAIT}
333	grep 'Listening on localhost ' server.err
334	grep 'Connection received on localhost ' server.err
335	grep 'certificate verification failed' client.err
336	! grep 'greeting' client.out
337	! grep 'command' server.out
338
339REGRESS_TARGETS +=	run-tls-name
340run-tls-name: server.crt ca.crt
341	${SERVER_NC} -c -C server.crt -K server.key -n -v -l 127.0.0.1 0 \
342	    ${SERVER_BG}
343	${LISTEN_WAIT}
344	${PORT_GET}
345	${CLIENT_NC} -c -e localhost -R ca.crt -n -v 127.0.0.1 ${PORT} \
346	    ${CLIENT_BG}
347	${CONNECT_WAIT}
348	${TLS_WAIT}
349	${TRANSFER_WAIT}
350	grep '^greeting$$' client.out
351	grep '^command$$' server.out
352	grep 'Listening on 127.0.0.1 ' server.err
353	grep 'Connection received on 127.0.0.1 ' server.err
354	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
355	grep 'Subject: .*/OU=server/CN=localhost' client.err
356	grep 'Issuer: .*/OU=ca/CN=root' client.err
357
358REGRESS_TARGETS +=	run-tls-bad-name
359run-tls-bad-name: server.crt ca.crt
360	${SERVER_NC} -c -C server.crt -K server.key -n -v -l 127.0.0.1 0 \
361	    ${SERVER_BG}
362	${LISTEN_WAIT}
363	${PORT_GET}
364	# the common name in server.crt is localhost, not 127.0.0.1
365	! ${NC} -c -e 127.0.0.1 -R ca.crt -n -v 127.0.0.1 ${PORT} ${CLIENT_LOG}
366	${CONNECT_WAIT}
367	grep 'Listening on 127.0.0.1 ' server.err
368	grep 'Connection received on 127.0.0.1 ' server.err
369	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
370	grep "name \`127.0.0.1\' not present in server certificate" client.err
371	! grep 'greeting' client.out
372	! grep 'command' server.out
373
374REGRESS_TARGETS +=	run-tls-hash
375run-tls-hash: server.crt ca.crt server.hash
376	${SERVER_NC} -c -C server.crt -K server.key -v -l localhost 0 \
377	    ${SERVER_BG}
378	${LISTEN_WAIT}
379	${PORT_GET}
380	# check that the server presents certificate with correct hash
381	${CLIENT_NC} -c -H `cat server.hash` -R ca.crt -v localhost ${PORT} \
382	    ${CLIENT_BG}
383	${CONNECT_WAIT}
384	${TLS_WAIT}
385	${TRANSFER_WAIT}
386	grep '^greeting$$' client.out
387	grep '^command$$' server.out
388	grep 'Listening on localhost ' server.err
389	grep 'Connection received on localhost ' server.err
390	grep 'Connection to localhost .* succeeded!' client.err
391	grep 'Subject: .*/OU=server/CN=localhost' client.err
392	grep 'Issuer: .*/OU=ca/CN=root' client.err
393	grep 'Cert Hash: SHA256:' client.err
394
395REGRESS_TARGETS +=	run-tls-bad-hash
396run-tls-bad-hash: server.crt ca.crt ca.hash
397	${SERVER_NC} -c -C server.crt -K server.key -v -l localhost 0 \
398	    ${SERVER_BG}
399	${LISTEN_WAIT}
400	${PORT_GET}
401	# server presents certificate with server.hash, ca.hash is wrong
402	! ${NC} -c -H `cat ca.hash` -R ca.crt -v localhost ${PORT} \
403	    ${CLIENT_LOG}
404	${CONNECT_WAIT}
405	${TLS_WAIT}
406	grep 'Listening on localhost ' server.err
407	grep 'Connection received on localhost ' server.err
408	grep 'Connection to localhost .* succeeded!' client.err
409	grep 'peer certificate is not SHA256:' client.err
410	! grep 'greeting' client.out
411	! grep 'command' server.out
412
413# TLS client certificate
414
415REGRESS_TARGETS +=	run-tls-client
416run-tls-client: client.crt server.crt ca.crt
417	# use client certificate and validate at server
418	${SERVER_NC} -c -R ca.crt -C server.crt -K server.key -v -l \
419	    localhost 0 ${SERVER_BG}
420	${LISTEN_WAIT}
421	${PORT_GET}
422	${CLIENT_NC} -c -R ca.crt -C client.crt -K client.key -v \
423	    localhost ${PORT} ${CLIENT_BG}
424	${CONNECT_WAIT}
425	${TLS_WAIT}
426	${TRANSFER_WAIT}
427	grep '^greeting$$' client.out
428	grep '^command$$' server.out
429	grep 'Listening on localhost ' server.err
430	grep 'Connection received on localhost ' server.err
431	grep 'Connection to localhost .* succeeded!' client.err
432	grep 'Subject: .*/OU=server/CN=localhost' client.err
433	grep 'Issuer: .*/OU=ca/CN=root' client.err
434	grep 'Subject: .*/OU=client/CN=localhost' server.err
435	grep 'Issuer: .*/OU=ca/CN=root' server.err
436
437REGRESS_TARGETS +=	run-tls-bad-client
438run-tls-bad-client: client.crt server.crt ca.crt
439	# require client certificate at server
440	${SERVER_NC} -c -T clientcert -R ca.crt -C server.crt -K server.key \
441	    -v -l localhost 0 ${SERVER_BG}
442	${LISTEN_WAIT}
443	${PORT_GET}
444	# client does not provide certificate
445	${CLIENT_NC} -c -R ca.crt -v localhost ${PORT} ${CLIENT_BG}
446	${CONNECT_WAIT}
447	${TLS_WAIT}
448	grep 'Listening on localhost ' server.err
449	grep 'Connection received on localhost ' server.err
450	grep 'Connection to localhost .* succeeded!' client.err
451	grep 'Subject: .*/OU=server/CN=localhost' client.err
452	grep 'Issuer: .*/OU=ca/CN=root' client.err
453	grep 'No client certificate provided' server.err
454	! grep 'greeting' client.out
455	! grep 'command' server.out
456
457REGRESS_TARGETS +=	run-tls-client-bad-ca
458run-tls-client-bad-ca: client.crt server.crt ca.crt fake-ca.crt
459	# the server uses the wrong root ca to verify the client cert
460	${SERVER_NC} -c -R fake-ca.crt -C server.crt -K server.key -v -l \
461	    localhost 0 ${SERVER_BG}
462	${LISTEN_WAIT}
463	${PORT_GET}
464	! ${NC} -c -R ca.crt -C client.crt -K client.key -v \
465	    localhost ${PORT} ${CLIENT_LOG}
466	${CONNECT_WAIT}
467	${SERVER_CLOSE_WAIT}
468	grep 'Listening on localhost ' server.err
469	grep 'Connection received on localhost ' server.err
470	grep 'Connection to localhost .* succeeded!' client.err
471	# XXX no specific error message for bogus ca
472	egrep \
473	    'CRYPTO_internal:(block type is not 01|data too large for modulus)'\
474	    server.err
475	! grep 'greeting' client.out
476	! grep 'command' server.out
477
478REGRESS_TARGETS +=	run-tls-client-name
479run-tls-client-name: client.crt server.crt ca.crt
480	# check client certificate name at server
481	${SERVER_NC} -c -e localhost -R ca.crt -C server.crt -K server.key \
482	    -n -v -l 127.0.0.1 0 ${SERVER_BG}
483	${LISTEN_WAIT}
484	${PORT_GET}
485	${CLIENT_NC} -4 -c -R ca.crt -C client.crt -K client.key -v \
486	    localhost ${PORT} ${CLIENT_BG}
487	${CONNECT_WAIT}
488	${TLS_WAIT}
489	${TRANSFER_WAIT}
490	grep '^greeting$$' client.out
491	grep '^command$$' server.out
492	grep 'Listening on 127.0.0.1 ' server.err
493	grep 'Connection received on 127.0.0.1 ' server.err
494	grep 'Connection to localhost .* succeeded!' client.err
495	grep 'Subject: .*/OU=server/CN=localhost' client.err
496	grep 'Issuer: .*/OU=ca/CN=root' client.err
497	grep 'Subject: .*/OU=client/CN=localhost' server.err
498	grep 'Issuer: .*/OU=ca/CN=root' server.err
499
500REGRESS_TARGETS +=	run-tls-client-bad-name
501run-tls-client-bad-name: client.crt server.crt ca.crt
502	# client certificate is for localhost, check with 127.0.0.1 should fail
503	${SERVER_NC} -c -e 127.0.0.1 -R ca.crt -C server.crt -K server.key \
504	    -n -v -l 127.0.0.1 0 ${SERVER_BG}
505	${LISTEN_WAIT}
506	${PORT_GET}
507	# client does not see any problem, TLS handshake works, wait for exit
508	${CLIENT_NC} -4 -c -R ca.crt -C client.crt -K client.key -v \
509	    localhost ${PORT} ${CLIENT_BG}
510	${CONNECT_WAIT}
511	${TLS_WAIT}
512	grep 'Listening on 127.0.0.1 ' server.err
513	grep 'Connection received on 127.0.0.1 ' server.err
514	grep 'Connection to localhost .* succeeded!' client.err
515	grep 'Subject: .*/OU=server/CN=localhost' client.err
516	grep 'Issuer: .*/OU=ca/CN=root' client.err
517	grep 'Subject: .*/OU=client/CN=localhost' server.err
518	grep 'Issuer: .*/OU=ca/CN=root' server.err
519	grep 'name (127.0.0.1) not found in client cert' server.err
520	! grep 'greeting' client.out
521	! grep 'command' server.out
522
523REGRESS_TARGETS +=	run-tls-client-hash
524run-tls-client-hash: client.crt server.crt ca.crt client.hash
525	# check client certificate hash at server
526	${SERVER_NC} -c -H `cat client.hash` -R ca.crt \
527	    -C server.crt -K server.key -v -l localhost 0 ${SERVER_BG}
528	${LISTEN_WAIT}
529	${PORT_GET}
530	${CLIENT_NC} -c -R ca.crt -C client.crt -K client.key -v \
531	    localhost ${PORT} ${CLIENT_BG}
532	${CONNECT_WAIT}
533	${TLS_WAIT}
534	${TRANSFER_WAIT}
535	grep '^greeting$$' client.out
536	grep '^command$$' server.out
537	grep 'Listening on localhost ' server.err
538	grep 'Connection received on localhost ' server.err
539	grep 'Connection to localhost .* succeeded!' client.err
540	grep 'Subject: .*/OU=server/CN=localhost' client.err
541	grep 'Issuer: .*/OU=ca/CN=root' client.err
542	grep 'Subject: .*/OU=client/CN=localhost' server.err
543	grep 'Issuer: .*/OU=ca/CN=root' server.err
544
545REGRESS_TARGETS +=	run-tls-client-bad-hash
546run-tls-client-bad-hash: client.crt server.crt ca.crt ca.hash
547	# client presents certificate with client.hash, ca.hash is wrong
548	${SERVER_NC} -c -H `cat ca.hash` -R ca.crt \
549	    -C server.crt -K server.key -v -l localhost 0 ${SERVER_BG}
550	${LISTEN_WAIT}
551	${PORT_GET}
552	# client does not see any problem, TLS handshake works, wait for exit
553	${CLIENT_NC} -c -R ca.crt -C client.crt -K client.key -v \
554	    localhost ${PORT} ${CLIENT_BG}
555	${CONNECT_WAIT}
556	${TLS_WAIT}
557	${SERVER_CLOSE_WAIT}
558	grep 'Listening on localhost ' server.err
559	grep 'Connection received on localhost ' server.err
560	grep 'Connection to localhost .* succeeded!' client.err
561	grep 'Subject: .*/OU=server/CN=localhost' client.err
562	grep 'Issuer: .*/OU=ca/CN=root' client.err
563	grep 'Subject: .*/OU=client/CN=localhost' server.err
564	grep 'Issuer: .*/OU=ca/CN=root' server.err
565	grep 'peer certificate is not SHA256:' server.err
566	! grep 'greeting' client.out
567	! grep 'command' server.out
568
569REGRESS_TARGETS +=	run-tls-client-no-hash
570run-tls-client-no-hash: client.crt server.crt ca.crt client.hash
571	# check client certificate hash at server if available
572	${SERVER_NC} -c -H `cat client.hash` -R ca.crt \
573	    -C server.crt -K server.key -v -l localhost 0 ${SERVER_BG}
574	${LISTEN_WAIT}
575	${PORT_GET}
576	# client provides no certificate
577	${CLIENT_NC} -c -R ca.crt -v localhost ${PORT} ${CLIENT_BG}
578	${CONNECT_WAIT}
579	${TLS_WAIT}
580	${TRANSFER_WAIT}
581	# client certificate and hash is optional, transfer is successful
582	grep '^greeting$$' client.out
583	grep '^command$$' server.out
584	grep 'Listening on localhost ' server.err
585	grep 'Connection received on localhost ' server.err
586	grep 'Connection to localhost .* succeeded!' client.err
587	grep 'Subject: .*/OU=server/CN=localhost' client.err
588	grep 'Issuer: .*/OU=ca/CN=root' client.err
589	# non existing hash is not checked
590	! grep 'Cert Hash: SHA256:' server.err
591
592REGRESS_TARGETS +=	run-tls-sleep
593run-tls-sleep: 127.0.0.1.crt
594	${SERVER_NC} -c -C 127.0.0.1.crt -K 127.0.0.1.key -n -v -l 127.0.0.1 0 \
595	    ${SERVER_BG}
596	${LISTEN_WAIT}
597	${PORT_GET}
598	${CLIENT_NC} -c -R 127.0.0.1.crt -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
599	${CONNECT_WAIT}
600	${TLS_WAIT}
601	${TRANSFER_WAIT}
602	grep '^greeting$$' client.out
603	grep '^command$$' server.out
604	grep 'Listening on 127.0.0.1 ' server.err
605	grep 'Connection received on 127.0.0.1 ' server.err
606	# XXX success message should be issued after TLS handshake
607	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
608	grep 'Subject: .*/OU=server/CN=127.0.0.1' client.err
609	grep 'Issuer: .*/OU=server/CN=127.0.0.1' client.err
610	# netcat waits for the other side to terminate, check it is sleeping
611	${RUNNING_WAIT}
612	ps -xww -o comm,stat,args | grep '^${NC:T} .*S.* -v -l 127'
613	ps -xww -o comm,stat,args | grep '^${NC:T} .*S.* -v 127'
614
615# TLS keep
616
617REGRESS_TARGETS +=	run-tls-keep
618run-tls-keep: 127.0.0.1.crt
619	${SERVER_NC} -k -c -C 127.0.0.1.crt -K 127.0.0.1.key -n -v -l \
620	    127.0.0.1 0 ${SERVER_BG}
621	${LISTEN_WAIT}
622	${PORT_GET}
623	${CLIENT_NC} -c -R 127.0.0.1.crt -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
624	${CONNECT_WAIT}
625	${TLS_WAIT}
626	${TRANSFER_WAIT}
627	grep '^greeting$$' client.out
628	grep '^command$$' server.out
629	grep 'Listening on 127.0.0.1 ' server.err
630	grep 'Connection received on 127.0.0.1 ' server.err
631	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
632	grep 'Subject: .*/OU=server/CN=127.0.0.1' client.err
633	grep 'Issuer: .*/OU=server/CN=127.0.0.1' client.err
634	# kill client and reconnect with a new one
635	:> server.err
636	pkill -l -f "^${NC} .* 127.0.0.1 ${PORT}$$"
637	rm -f client.{out,err}
638	:> server.out
639	# server closes the listen socket and binds a new one with new port
640	${LISTEN_WAIT}
641	${PORT_GET}
642	${CLIENT_NC} -c -R 127.0.0.1.crt -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
643	${CONNECT_WAIT}
644	${TLS_WAIT}
645	# server sends only one greeting, do not wait for a second one
646	${TRANSFER_SERVER_WAIT}
647	! grep 'greeting' client.out
648	# truncation of log results in NUL bytes, do not match ^
649	grep 'command$$' server.out
650	grep 'Listening on 127.0.0.1 ' server.err
651	grep 'Connection received on 127.0.0.1 ' server.err
652	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
653	grep 'Subject: .*/OU=server/CN=127.0.0.1' client.err
654	grep 'Issuer: .*/OU=server/CN=127.0.0.1' client.err
655
656### UDP ####
657
658REGRESS_TARGETS +=	run-udp
659run-udp:
660	${SERVER_NC} -u -n -v -l 127.0.0.1 0 ${SERVER_BG}
661	${BIND_WAIT}
662	${PORT_GET}
663	# the -v option would cause udptest() to write additional X
664	${CLIENT_NC} -u -n 127.0.0.1 ${PORT} ${CLIENT_BG}
665	${TRANSFER_WAIT}
666	grep '^greeting$$' client.out
667	grep '^command$$' server.out
668	grep 'Bound on 127.0.0.1 ' server.err
669	grep 'Connection received on 127.0.0.1 ' server.err
670
671REGRESS_TARGETS +=	run-udp6
672run-udp6:
673	${SERVER_NC} -u -n -v -l ::1 0 ${SERVER_BG}
674	${BIND_WAIT}
675	${PORT_GET}
676	# the -v option would cause udptest() to write additional X
677	${CLIENT_NC} -u -n ::1 ${PORT} ${CLIENT_BG}
678	${TRANSFER_WAIT}
679	grep '^greeting$$' client.out
680	grep '^command$$' server.out
681	grep 'Bound on ::1 ' server.err
682	grep 'Connection received on ::1 ' server.err
683
684REGRESS_TARGETS +=	run-udp-probe
685run-udp-probe:
686	${SERVER_NC} -u -n -v -l 127.0.0.1 0 ${SERVER_BG}
687	${BIND_WAIT}
688	${PORT_GET}
689	${CLIENT_NC} -u -v -n 127.0.0.1 ${PORT} ${CLIENT_BG}
690	${TRANSFER_WAIT}
691	grep '^greeting$$' client.out
692	grep '^command$$' server.out
693	grep 'Bound on 127.0.0.1 ' server.err
694	grep 'Connection received on 127.0.0.1 ' server.err
695
696# UDP resolver
697
698REGRESS_TARGETS +=	run-udp-localhost
699run-udp-localhost:
700	${SERVER_NC} -u -4 -v -l localhost 0 ${SERVER_BG}
701	${BIND_WAIT}
702	${PORT_GET}
703	# the -v option would cause udptest() to write additional X
704	${CLIENT_NC} -u -4 localhost ${PORT} ${CLIENT_BG}
705	${TRANSFER_WAIT}
706	grep '^greeting$$' client.out
707	grep '^command$$' server.out
708	grep 'Bound on localhost ' server.err
709	grep 'Connection received on localhost ' server.err
710
711REGRESS_TARGETS +=	run-udp6-localhost
712run-udp6-localhost:
713	${SERVER_NC} -u -6 -v -l localhost 0 ${SERVER_BG}
714	${BIND_WAIT}
715	${PORT_GET}
716	# the -v option would cause udptest() to write additional X
717	${CLIENT_NC} -u -6 localhost ${PORT} ${CLIENT_BG}
718	${TRANSFER_WAIT}
719	grep '^greeting$$' client.out
720	grep '^command$$' server.out
721	grep 'Bound on localhost ' server.err
722	grep 'Connection received on localhost ' server.err
723
724# UDP keep
725
726REGRESS_TARGETS +=	run-udp-keep
727run-udp-keep:
728	${SERVER_NC} -k -u -n -v -l 127.0.0.1 0 ${SERVER_BG}
729	${BIND_WAIT}
730	${PORT_GET}
731	# the -v option causes udptest() to write additional X
732	${CLIENT_NC} -u -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
733	# server does not connect, nothing reaches the client
734	${TRANSFER_SERVER_WAIT}
735	! grep 'greeting' client.out
736	grep '^command$$' server.out
737	grep 'Bound on 127.0.0.1 ' server.err
738	# client does not connect
739	! grep 'Connection received on ' server.err
740	# kill client and reconnect with a new one
741	:> server.err
742	pkill -l -f "^${NC} .* 127.0.0.1 ${PORT}$$"
743	rm -f client.{out,err}
744	:> server.out
745	${CLIENT_NC} -u -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
746	${TRANSFER_SERVER_WAIT}
747	! grep 'greeting' client.out
748	# truncation of log results in NUL bytes, do not match ^
749	grep 'command$$' server.out
750	# server keeps socket and does not bind again
751	! grep 'Bound on ' server.err
752	# client does not connect
753	! grep 'Connection received on ' server.err
754
755REGRESS_TARGETS +=	run-udp-sleep
756run-udp-sleep:
757	${SERVER_NC} -u -n -v -l 127.0.0.1 0 ${SERVER_BG}
758	${BIND_WAIT}
759	${PORT_GET}
760	# the -v option would cause udptest() to write additional X
761	${CLIENT_NC} -u -n 127.0.0.1 ${PORT} ${CLIENT_BG}
762	${TRANSFER_WAIT}
763	grep '^greeting$$' client.out
764	grep '^command$$' server.out
765	grep 'Bound on 127.0.0.1 ' server.err
766	grep 'Connection received on 127.0.0.1 ' server.err
767	# netcat waits for the other side to terminate, check it is sleeping
768	${RUNNING_WAIT}
769	ps -xww -o comm,stat,args | grep '^${NC:T} .*S.* -v -l 127'
770	ps -xww -o comm,stat,args | grep '^${NC:T} .*S.* -n 127'
771
772### UNIX ####
773
774REGRESS_TARGETS +=	run-unix
775run-unix:
776	rm -f server.sock
777	${SERVER_NC} -U -n -v -l server.sock ${SERVER_BG}
778	${LISTEN_WAIT}
779	${CLIENT_NC} -U -n -v server.sock ${CLIENT_BG}
780	${TRANSFER_WAIT}
781	grep '^greeting$$' client.out
782	grep '^command$$' server.out
783	# XXX message Bound and Listening is redundant
784	grep 'Bound on server.sock$$' server.err
785	grep 'Listening on server.sock$$' server.err
786	grep 'Connection received on server.sock$$' server.err
787	# XXX message succeeded is missing
788	! grep 'Connection to server.sock .* succeeded!' client.err
789
790REGRESS_TARGETS +=	run-unix-namelookup
791run-unix-namelookup:
792	rm -f server.sock
793	${SERVER_NC} -U -v -l server.sock ${SERVER_BG}
794	${LISTEN_WAIT}
795	${CLIENT_NC} -U -v server.sock ${CLIENT_BG}
796	${TRANSFER_WAIT}
797	grep '^greeting$$' client.out
798	grep '^command$$' server.out
799	# XXX message Bound and Listening is redundant
800	grep 'Bound on server.sock$$' server.err
801	grep 'Listening on server.sock$$' server.err
802	grep 'Connection received on server.sock$$' server.err
803	# XXX message succeeded is missing
804	! grep 'Connection to server.sock .* succeeded!' client.err
805
806REGRESS_TARGETS +=	run-unix-probe
807run-unix-probe:
808	rm -f server.sock
809	${SERVER_NC} -U -n -v -l server.sock ${SERVER_BG}
810	${LISTEN_WAIT}
811	# connect and close immediately, check if socket is listening
812	${NC} -N -U -v server.sock </dev/null ${CLIENT_LOG}
813	# XXX message Bound and Listening is redundant
814	grep 'Bound on server.sock$$' server.err
815	grep 'Listening on server.sock$$' server.err
816	grep 'Connection received on server.sock$$' server.err
817	# XXX message succeeded is missing
818	! grep 'Connection to server.sock .* succeeded!' client.err
819	# server accepts one connection, second connection should be refused
820	! ${NC} -N -U -v server.sock </dev/null ${CLIENT_LOG}
821	grep 'server.sock: Connection refused' client.err
822	# connection to non existing socket file should fail
823	rm server.sock
824	! ${NC} -N -U -v server.sock </dev/null ${CLIENT_LOG}
825	grep 'server.sock: No such file or directory' client.err
826
827# UNIX keep
828
829REGRESS_TARGETS +=	run-unix-keep
830run-unix-keep:
831	rm -f server.sock
832	${SERVER_NC} -k -U -n -v -l server.sock ${SERVER_BG}
833	${LISTEN_WAIT}
834	${CLIENT_NC} -U -n -v server.sock ${CLIENT_BG}
835	${TRANSFER_WAIT}
836	grep '^greeting$$' client.out
837	grep '^command$$' server.out
838	# XXX message Bound and Listening is redundant
839	grep 'Bound on server.sock$$' server.err
840	grep 'Listening on server.sock$$' server.err
841	grep 'Connection received on server.sock$$' server.err
842	# XXX message succeeded is missing
843	! grep 'Connection to server.sock .* succeeded!' client.err
844	# kill client and reconnect with a new one
845	:> server.err
846	pkill -l -f "^${NC} .* -v server.sock$$"
847	rm -f client.{out,err}
848	:> server.out
849	${CLIENT_NC} -U -n -v server.sock ${CLIENT_BG}
850	# server sends only one greeting, do not wait for a second one
851	${TRANSFER_SERVER_WAIT}
852	! grep 'greeting' client.out
853	# truncation of log results in NUL bytes, do not match ^
854	grep 'command$$' server.out
855	grep 'Connection received on server.sock$$' server.err
856	# XXX message succeeded is missing
857	! grep 'Connection to server.sock .* succeeded!' client.err
858
859# UNIX dgram
860
861REGRESS_TARGETS +=	run-unix-dgram
862run-unix-dgram:
863	rm -f {client,server}.sock
864	${SERVER_NC} -U -u -n -v -l server.sock ${SERVER_BG}
865	${BIND_WAIT}
866	${CLIENT_NC} -U -u -n -v server.sock ${CLIENT_BG}
867	${TRANSFER_WAIT}
868	${BIND_CLIENT_WAIT}
869	grep '^greeting$$' client.out
870	grep '^command$$' server.out
871	grep 'Bound on server.sock$$' server.err
872	grep 'Connection received on server.sock$$' server.err
873	# XXX message succeeded is missing
874	! grep 'Connection to server.sock .* succeeded!' client.err
875
876REGRESS_TARGETS +=	run-unix-dgram-namelookup
877run-unix-dgram-namelookup:
878	rm -f {client,server}.sock
879	${SERVER_NC} -U -u -v -l server.sock ${SERVER_BG}
880	${BIND_WAIT}
881	${CLIENT_NC} -U -u -v server.sock ${CLIENT_BG}
882	${TRANSFER_WAIT}
883	${BIND_CLIENT_WAIT}
884	grep '^greeting$$' client.out
885	grep '^command$$' server.out
886	grep 'Bound on server.sock$$' server.err
887	grep 'Connection received on server.sock$$' server.err
888	# XXX message succeeded is missing
889	! grep 'Connection to server.sock .* succeeded!' client.err
890
891REGRESS_TARGETS +=	run-unix-dgram-clientsock
892run-unix-dgram-clientsock:
893	rm -f {client,server}.sock
894	${SERVER_NC} -U -u -n -v -l server.sock ${SERVER_BG}
895	${BIND_WAIT}
896	${CLIENT_NC} -U -u -n -v -s client.sock server.sock ${CLIENT_BG}
897	${TRANSFER_WAIT}
898	grep '^greeting$$' client.out
899	grep '^command$$' server.out
900	grep 'Bound on server.sock$$' server.err
901	grep 'Connection received on server.sock$$' server.err
902	# XXX message succeeded is missing
903	! grep 'Connection to server.sock .* succeeded!' client.err
904
905# UNIX dgram keep
906
907REGRESS_TARGETS +=	run-unix-dgram-keep
908run-unix-dgram-keep:
909	rm -f {client,server}.sock
910	${SERVER_NC} -k -U -u -n -v -l server.sock ${SERVER_BG}
911	${BIND_WAIT}
912	${CLIENT_NC} -U -u -n -v server.sock ${CLIENT_BG}
913	# server does not connect, nothing reaches the client
914	${TRANSFER_SERVER_WAIT}
915	${BIND_CLIENT_WAIT}
916	! grep 'greeting' client.out
917	grep '^command$$' server.out
918	grep 'Bound on server.sock$$' server.err
919	# client does not connect
920	! grep 'Connection received on ' server.err
921	# XXX message succeeded is missing
922	! grep 'Connection to server.sock .* succeeded!' client.err
923	# kill client and reconnect with a new one
924	:> server.err
925	pkill -l -f "^${NC} .* -v server.sock$$"
926	rm -f client.{out,err}
927	:> server.out
928	${CLIENT_NC} -U -u -n -v server.sock ${CLIENT_BG}
929	${TRANSFER_SERVER_WAIT}
930	${BIND_CLIENT_WAIT}
931	! grep 'greeting' client.out
932	# truncation of log results in NUL bytes, do not match ^
933	grep 'command$$' server.out
934	# server keeps socket and does not bind again
935	! grep 'Bound on ' server.err
936	# client does not connect
937	! grep 'Connection received on ' server.err
938	# XXX message succeeded is missing
939	! grep 'Connection to 127.0.0.1 .* succeeded!' client.err
940
941### TCP with test peer
942
943REGRESS_TARGETS +=	run-tcp-test
944run-tcp-test: server-tcp client-tcp
945	# test the test tools
946	./server-tcp -s greeting -r command 127.0.0.1 0 >server.port
947	./client-tcp -r greeting -s command 127.0.0.1 ${PORT} >client.port
948
949REGRESS_TARGETS +=	run-tcp-test-shutdown
950run-tcp-test-shutdown: server-tcp client-tcp
951	# test the test tools
952	./server-tcp -s greeting -N -r command -E 127.0.0.1 0 >server.port
953	./client-tcp -r greeting -E -s command -N 127.0.0.1 ${PORT} >client.port
954
955# TCP netcat server with test client
956
957REGRESS_TARGETS +=	run-tcp-server
958run-tcp-server: client-tcp
959	${SERVER_NC} -n -v -l 127.0.0.1 0 ${SERVER_BG}
960	${LISTEN_WAIT}
961	${PORT_GET}
962	# test client read from netcat, then send line and exit
963	./client-tcp -r greeting -s command 127.0.0.1 ${PORT} >client.port
964	${TRANSFER_SERVER_WAIT}
965	grep '^command$$' server.out
966	grep 'Listening on 127.0.0.1 ' server.err
967	grep 'Connection received on 127.0.0.1 ' server.err
968
969REGRESS_TARGETS +=	run-tcp-server-eof
970run-tcp-server-eof: client-tcp
971	${SERVER_NC} -n -v -l 127.0.0.1 0 ${SERVER_BG}
972	${LISTEN_WAIT}
973	${PORT_GET}
974	# test client read from netcat, then send line, shutdown, wait for eof
975	./client-tcp -r greeting -s command -N -E 127.0.0.1 ${PORT} >client.port
976	${TRANSFER_SERVER_WAIT}
977	grep '^command$$' server.out
978	grep 'Listening on 127.0.0.1 ' server.err
979	grep 'Connection received on 127.0.0.1 ' server.err
980
981REGRESS_TARGETS +=	run-tcp-server-reverse-eof
982run-tcp-server-reverse-eof: client-tcp
983	${SERVER_NC} -n -v -l 127.0.0.1 0 ${SERVER_BG}
984	${LISTEN_WAIT}
985	${PORT_GET}
986	# test client send to netcat, shutdown, then read line, wait for eof
987	./client-tcp -s command -N -r greeting -E 127.0.0.1 ${PORT} >client.port
988	${TRANSFER_SERVER_WAIT}
989	grep '^command$$' server.out
990	grep 'Listening on 127.0.0.1 ' server.err
991	grep 'Connection received on 127.0.0.1 ' server.err
992
993REGRESS_TARGETS +=	run-tcp-server-shutdown-eof
994run-tcp-server-shutdown-eof: client-tcp
995	# netcat calls shutdown on output after EOF on input
996	${SERVER_NC} -N -n -v -l 127.0.0.1 0 ${SERVER_BG}
997	${LISTEN_WAIT}
998	${PORT_GET}
999	# test client read from netcat, then send line, wait for eof, shutdown
1000	./client-tcp -r greeting -s command -E -N 127.0.0.1 ${PORT} >client.port
1001	${TRANSFER_SERVER_WAIT}
1002	grep '^command$$' server.out
1003	grep 'Listening on 127.0.0.1 ' server.err
1004	grep 'Connection received on 127.0.0.1 ' server.err
1005
1006REGRESS_TARGETS +=	run-tcp-server-shutdown-reverse-eof
1007run-tcp-server-shutdown-reverse-eof: client-tcp
1008	# netcat calls shutdown on output after EOF on input
1009	${SERVER_NC} -N -n -v -l 127.0.0.1 0 ${SERVER_BG}
1010	${LISTEN_WAIT}
1011	${PORT_GET}
1012	# test client send to netcat, shutdown, then read line, wait for eof
1013	./client-tcp -s command -N -r greeting -E 127.0.0.1 ${PORT} >client.port
1014	${TRANSFER_SERVER_WAIT}
1015	grep '^command$$' server.out
1016	grep 'Listening on 127.0.0.1 ' server.err
1017	grep 'Connection received on 127.0.0.1 ' server.err
1018
1019# TCP netcat client with test server
1020
1021REGRESS_TARGETS +=	run-tcp-client
1022run-tcp-client: server-tcp
1023	# test server send to netcat, then read line and exit
1024	./server-tcp -s greeting -r command 127.0.0.1 0 >server.port
1025	${CLIENT_NC} -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
1026	${CONNECT_WAIT}
1027	${TRANSFER_CLIENT_WAIT}
1028	grep '^greeting$$' client.out
1029	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
1030
1031REGRESS_TARGETS +=	run-tcp-client-eof
1032run-tcp-client-eof: server-tcp
1033	# test server send to netcat, shutdown, then read line, wait for eof
1034	./server-tcp -s greeting -N -r command -E 127.0.0.1 0 >server.port
1035	${CLIENT_NC} -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
1036	${CONNECT_WAIT}
1037	${TRANSFER_CLIENT_WAIT}
1038	grep '^greeting$$' client.out
1039	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
1040
1041REGRESS_TARGETS +=	run-tcp-client-reverse-eof
1042run-tcp-client-reverse-eof: server-tcp
1043	# test server read from netcat, then read line, wait for eof, shutdown
1044	./server-tcp -r command -s greeting -E -N 127.0.0.1 0 >server.port
1045	${CLIENT_NC} -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
1046	${CONNECT_WAIT}
1047	${TRANSFER_CLIENT_WAIT}
1048	grep '^greeting$$' client.out
1049	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
1050
1051REGRESS_TARGETS +=	run-tcp-client-shutdown-eof
1052run-tcp-client-shutdown-eof: server-tcp
1053	# test server send to netcat, shutdown, then read line, wait for eof
1054	./server-tcp -s greeting -N -r command -E 127.0.0.1 0 >server.port
1055	# netcat calls shutdown on output after EOF on input
1056	${CLIENT_NC} -N -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
1057	${CONNECT_WAIT}
1058	${TRANSFER_CLIENT_WAIT}
1059	grep '^greeting$$' client.out
1060	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
1061
1062REGRESS_TARGETS +=	run-tcp-client-shutdown-reverse-eof
1063run-tcp-client-shutdown-reverse-eof: server-tcp
1064	# test server read from netcat, wait for eof, then read line, shutdown
1065	./server-tcp -r command -E -s greeting -N 127.0.0.1 0 >server.port
1066	# netcat calls shutdown on output after EOF on input
1067	${CLIENT_NC} -N -n -v 127.0.0.1 ${PORT} ${CLIENT_BG}
1068	${CONNECT_WAIT}
1069	${TRANSFER_CLIENT_WAIT}
1070	grep '^greeting$$' client.out
1071	grep 'Connection to 127.0.0.1 .* succeeded!' client.err
1072
1073
1074.PHONY: ${REGRESS_SETUP} ${REGRESS_CLEANUP} ${REGRESS_TARGETS}
1075
1076### create certificates for TLS
1077
1078CLEANFILES +=		{127.0.0.1,1}.{crt,key} \
1079			ca.{crt,key,srl,hash} fake-ca.{crt,key,hash} \
1080			{client,server}.{req,crt,key,hash}
1081
1082127.0.0.1.crt:
1083	openssl req -batch -new \
1084	    -subj /L=OpenBSD/O=netcat-regress/OU=server/CN=${@:R}/ \
1085	    -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@
1086
10871.crt:
1088	openssl req -batch -new \
1089	    -subj /L=OpenBSD/O=netcat-regress/OU=server/CN=::1/ \
1090	    -nodes -newkey rsa -keyout 1.key -x509 -out $@
1091
1092ca.crt fake-ca.crt:
1093	openssl req -batch -new \
1094	    -subj /L=OpenBSD/O=netcat-regress/OU=ca/CN=root/ \
1095	    -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@
1096
1097client.req server.req:
1098	openssl req -batch -new \
1099	    -subj /L=OpenBSD/O=netcat-regress/OU=${@:R}/CN=localhost/ \
1100	    -nodes -newkey rsa -keyout ${@:R}.key -out $@
1101
1102client.crt server.crt: ca.crt ${@:R}.req
1103	openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
1104	    -req -in ${@:R}.req -out $@
1105
1106client.hash server.hash ca.hash: ${@:R}.crt
1107	openssl x509 -in ${@:R}.crt -outform der | sha256 | sed s/^/SHA256:/ >$@
1108
1109.include <bsd.regress.mk>
1110