#!/bin/sh

# Checking FIPS mode.
# The cipher "CAMELLIA256-SHA" (TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256)
# is unavailable if FIPS is enabled.

. $(dirname $0)/../test_library

start() {
  ../../src/stunnel -fd 0 <<EOT
  debug = debug
  syslog = no
  pid = ${result_path}/stunnel.pid
  output = ${result_path}/stunnel.log

  fips = yes
  ciphers = CAMELLIA256-SHA

  [server]
  accept = 127.0.0.1:${https1}
  connect = 127.0.0.1:${http_nc}
  cert = ${script_path}/certs/server_cert.pem
EOT
}

if grep -q ",FIPS" results.log
  then
    test_log_for "121_failure_FIPS_ciphers" "failure" "0" "$1" "$2" "$3" 2>> "stderr.log"
    exit $?
  else
    exit_logs "121_failure_FIPS_ciphers" "skipped"
    clean_logs
    exit 125
  fi
