#!/bin/sh

# Checking if the PSK authentication works properly.
# PSK identities and corresponding keys are stored in files specified with PSKsecrets.
# The success is expected because the client presents the valid PSK.

. $(dirname $0)/../test_library

start() {
  ../../src/stunnel -fd 0 <<EOT
  debug = debug
  syslog = no
  pid = ${result_path}/stunnel.pid
  output = ${result_path}/stunnel.log

  [client]
  client = yes
  accept = 127.0.0.1:${http1}
  connect = 127.0.0.1:${https1}
  PSKsecrets = ${script_path}/certs/psk1.txt

  [server]
  accept = 127.0.0.1:${https1}
  connect = 127.0.0.1:${http_nc}
  PSKsecrets = ${script_path}/certs/secrets.txt
EOT
}

if grep -q -e "OpenSSL [1-9]" "results.log"
  then
    test_log_for "014_PSK_secrets" "success" "0" "$1" "$2" "$3" 2>> "stderr.log"
    exit $?
  else # older OpenSSL doesn't support PSK
    exit_logs "014_PSK_secrets" "skipped"
    clean_logs
    exit 125
  fi
