ocsp-stapling*.test: prefix waited servers with "timeout 60" to avoid deadlock failure modes; grep output from "openssl s_client" in "test interop fail case" for expected error message ("self signed certificate in certificate chain").

2020-10-27 14:23:55 -05:00
parent a5d96721ac
commit 139b0431cb
3 changed files with 6 additions and 6 deletions
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@ -226,7 +226,7 @@ port3=$(get_first_free_port $((port2 + 1)))
 # test interop fail case
 ready_file=$PWD/wolf_ocsp_readyF$$
 printf '%s\n' "ready file:  $ready_file"
-./examples/server/server -b -p $port1 -o -R $ready_file &
+timeout 60 ./examples/server/server -b -p $port1 -o -R $ready_file &
 wolf_pid=$!
 wait_for_readyFile $ready_file $wolf_pid $port1
 if [ ! -f $ready_file ]; then
@ -234,9 +234,9 @@ if [ ! -f $ready_file ]; then
    exit 1
 else
    # should fail if ocspstapling is also enabled
-    echo "hi" | openssl s_client -status $V4V6_FLAG -connect ${LOCALHOST}:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
-    if [ $? -eq 0 ]; then
-        printf '%s\n' "Succeeded when should have failed"
+    echo "hi" | openssl s_client -status $V4V6_FLAG -connect ${LOCALHOST}:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem 2>&1 | tee /dev/stderr | fgrep -q 'self signed certificate in certificate chain'
+    if [ $? -neq 0 ]; then
+        printf '%s\n' "Expected verification error from s_client is missing."
        remove_single_rF $ready_file
        exit 1
    fi
--- a/scripts/ocsp-stapling2.test
+++ b/scripts/ocsp-stapling2.test
@ -425,7 +425,7 @@ fi
 printf '%s\n\n' "Test successful"
 printf '%s\n\n' "------------- TEST CASE 8 SHOULD REVOKE ----------------------"
 remove_single_rF $ready_file5
-./examples/server/server -c certs/ocsp/server4-cert.pem \
+timeout 60 ./examples/server/server -c certs/ocsp/server4-cert.pem \
                         -k certs/ocsp/server4-key.pem -R $ready_file5 \
                         -p $port5 -H loadSSL &
 server_pid5=$!
--- a/scripts/openssl.test
+++ b/scripts/openssl.test
@ -204,7 +204,7 @@ start_wolfssl_server() {
        echo "# $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL"
        $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL &
        server_pid=$!
-        # wait to see if s_server successfully starts before continuing
+        # wait to see if server successfully starts before continuing
        sleep 0.1

        check_process_running