wolfssl/scripts/ocsp.test

#!/bin/sh

# ocsp.test

# Note, this script makes connection(s) to the public Internet.

SCRIPT_DIR="$(dirname "$0")"

server=www.globalsign.com
ca=certs/external/ca-globalsign-root.pem

[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
                                  && exit 1

./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
if [ $? -eq 0 ]; then
    echo "TLS 1.2 or lower required"
    echo "Skipped"
    exit 0
fi

GL_UNREACHABLE=0
# Global Sign now requires server name indication extension to work, check
# enabled prior to testing
OUTPUT=$(eval "./examples/client/client -S check")
if [ "$OUTPUT" = "SNI is: ON" ]; then
    printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test"

    # is our desired server there?
    ${SCRIPT_DIR}/ping.test $server 2
    RESULT=$?
    if [ $RESULT -ne 0 ]; then
        GL_UNREACHABLE=1
    fi

    if [ $RESULT -eq 0 ]; then
        # client test against the server
        ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N -v d -S $server
        GL_RESULT=$?
        [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
    else
        GL_RESULT=1
    fi
else
    printf '\n\n%s\n\n' "SNI disabled, skipping globalsign test"
    GL_RESULT=0
fi

server=www.google.com
ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem

# is our desired server there?
${SCRIPT_DIR}/ping.test $server 2
RESULT=$?
if [ $RESULT -eq 0 ]; then
    # client test against the server
    ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N
    GR_RESULT=$?
    [ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
else
    GR_RESULT=1
fi

if test -n "$WOLFSSL_OCSP_TEST"; then
    # check that both passed
    if [ $GL_RESULT -eq 0 ] && [ $GR_RESULT -eq 0 ]; then
        printf '\n\n%s\n' "Both OCSP connection to globalsign and google passed"
        printf '%s\n' "Test Passed!"
        exit 0
    elif [ $GL_UNREACHABLE -eq 1 ] && [ $GR_RESULT -eq 0 ]; then
         printf '%s\n' "Global Sign is currently unreachable. Logging it but if"
         printf '%s\n' "this continues to occur should be investigated"
        exit 0
    else
        # Unlike other environment variables the intent of WOLFSSL_OCSP_TEST
        # is to indicate a requirement for both tests to pass. If variable is
        # set and either tests fail then whole case fails. Do not set the
        # variable if either case passing is to be considered a success.
        printf '\n\n%s\n' "One of the OCSP connections to either globalsign or"
        printf '%s\n' "google failed, however since WOLFSSL_OCSP_TEST is set"
        printf '%s\n' "the test is considered to have failed"
        printf '%s\n' "Test Failed!"
        exit 1
    fi
else
    # if environment variable is not set then just need one to pass
    if [ $GL_RESULT -ne 0 ] && [ $GR_RESULT -ne 0 ]; then
        printf '\n\n%s\n' "Both OCSP connection to globalsign and google failed"
        printf '%s\n' "Test Failed!"
        exit 1
    else
        printf '\n\n%s\n' "WOLFSSL_OCSP_TEST NOT set, and 1 of the tests passed"
        printf '%s\n' "Test Passed!"
        exit 0
    fi
fi
Merge branch 'csr' 2015-12-28 19:38:04 -03:00			`#!/bin/sh`

Address issues when testing with WOLFSSL_OCSP_TEST set 2018-08-30 14:44:49 -06:00			`# ocsp.test`
Merge branch 'csr' 2015-12-28 19:38:04 -03:00
scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh. 2020-09-14 16:06:45 -05:00			`# Note, this script makes connection(s) to the public Internet.`

scripts: fix tests for out of tree `distcheck` Copying or using certs from directory relative to scripts source directory. 2021-02-08 10:43:31 -08:00			`SCRIPT_DIR="$(dirname "$0")"`

Merge branch 'csr' 2015-12-28 19:38:04 -03:00			`server=www.globalsign.com`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`ca=certs/external/ca-globalsign-root.pem`
Merge branch 'csr' 2015-12-28 19:38:04 -03:00
update ocsp test case for portability and informative updates on use of environment variable 2018-08-07 10:42:18 -06:00			`[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \`
			`&& exit 1`
Merge branch 'csr' 2015-12-28 19:38:04 -03:00
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet. 2018-08-28 15:37:15 +10:00			`./examples/client/client -v 3 2>&1 \| grep -- 'Bad SSL version'`
			`if [ $? -eq 0 ]; then`
			`echo "TLS 1.2 or lower required"`
			`echo "Skipped"`
			`exit 0`
			`fi`

OCSP Script Update The check status variable GL_UNREACHABLE is not initialized and there are times when it is checked and hasn't been set. Initialize it to zero. 2019-01-17 11:36:44 -08:00			`GL_UNREACHABLE=0`
Address issues when testing with WOLFSSL_OCSP_TEST set 2018-08-30 14:44:49 -06:00			`# Global Sign now requires server name indication extension to work, check`
			`# enabled prior to testing`
			`OUTPUT=$(eval "./examples/client/client -S check")`
			`if [ "$OUTPUT" = "SNI is: ON" ]; then`
			`printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test"`

			`# is our desired server there?`
scripts: fix tests for out of tree `distcheck` Copying or using certs from directory relative to scripts source directory. 2021-02-08 10:43:31 -08:00			`${SCRIPT_DIR}/ping.test $server 2`
Address issues when testing with WOLFSSL_OCSP_TEST set 2018-08-30 14:44:49 -06:00			`RESULT=$?`
			`if [ $RESULT -ne 0 ]; then`
			`GL_UNREACHABLE=1`
			`fi`

			`if [ $RESULT -eq 0 ]; then`
			`# client test against the server`
			`./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N -v d -S $server`
			`GL_RESULT=$?`
			`[ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"`
			`else`
			`GL_RESULT=1`
			`fi`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`else`
Address issues when testing with WOLFSSL_OCSP_TEST set 2018-08-30 14:44:49 -06:00			`printf '\n\n%s\n\n' "SNI disabled, skipping globalsign test"`
			`GL_RESULT=0`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`fi`
Merge branch 'csr' 2015-12-28 19:38:04 -03:00
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`server=www.google.com`
scripts: fix tests for out of tree `distcheck` Copying or using certs from directory relative to scripts source directory. 2021-02-08 10:43:31 -08:00			`ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00
			`# is our desired server there?`
scripts: fix tests for out of tree `distcheck` Copying or using certs from directory relative to scripts source directory. 2021-02-08 10:43:31 -08:00			`${SCRIPT_DIR}/ping.test $server 2`
Merge branch 'csr' 2015-12-28 19:38:04 -03:00			`RESULT=$?`
update ocsp test case for portability and informative updates on use of environment variable 2018-08-07 10:42:18 -06:00			`if [ $RESULT -eq 0 ]; then`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`# client test against the server`
			`./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N`
			`GR_RESULT=$?`
update ocsp test case for portability and informative updates on use of environment variable 2018-08-07 10:42:18 -06:00			`[ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`else`
			`GR_RESULT=1`
			`fi`
Merge branch 'csr' 2015-12-28 19:38:04 -03:00
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`if test -n "$WOLFSSL_OCSP_TEST"; then`
			`# check that both passed`
update ocsp test case for portability and informative updates on use of environment variable 2018-08-07 10:42:18 -06:00			`if [ $GL_RESULT -eq 0 ] && [ $GR_RESULT -eq 0 ]; then`
			`printf '\n\n%s\n' "Both OCSP connection to globalsign and google passed"`
			`printf '%s\n' "Test Passed!"`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`exit 0`
Address issues when testing with WOLFSSL_OCSP_TEST set 2018-08-30 14:44:49 -06:00			`elif [ $GL_UNREACHABLE -eq 1 ] && [ $GR_RESULT -eq 0 ]; then`
			`printf '%s\n' "Global Sign is currently unreachable. Logging it but if"`
			`printf '%s\n' "this continues to occur should be investigated"`
			`exit 0`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`else`
update ocsp test case for portability and informative updates on use of environment variable 2018-08-07 10:42:18 -06:00			`# Unlike other environment variables the intent of WOLFSSL_OCSP_TEST`
			`# is to indicate a requirement for both tests to pass. If variable is`
			`# set and either tests fail then whole case fails. Do not set the`
			`# variable if either case passing is to be considered a success.`
			`printf '\n\n%s\n' "One of the OCSP connections to either globalsign or"`
			`printf '%s\n' "google failed, however since WOLFSSL_OCSP_TEST is set"`
			`printf '%s\n' "the test is considered to have failed"`
			`printf '%s\n' "Test Failed!"`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`exit 1`
			`fi`
			`else`
			`# if environment variable is not set then just need one to pass`
			`if [ $GL_RESULT -ne 0 ] && [ $GR_RESULT -ne 0 ]; then`
update ocsp test case for portability and informative updates on use of environment variable 2018-08-07 10:42:18 -06:00			`printf '\n\n%s\n' "Both OCSP connection to globalsign and google failed"`
			`printf '%s\n' "Test Failed!"`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`exit 1`
			`else`
update ocsp test case for portability and informative updates on use of environment variable 2018-08-07 10:42:18 -06:00			`printf '\n\n%s\n' "WOLFSSL_OCSP_TEST NOT set, and 1 of the tests passed"`
			`printf '%s\n' "Test Passed!"`
add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00			`exit 0`
			`fi`
			`fi`