Merge pull request #1737 from ejohnstown/ocsp-free

OCSP Free

scripts/ocsp-stapling-with-ca-as-responder.test

@@ -1,8 +1,14 @@
-#!/bin/sh
-
+#!/bin/bash
 # ocsp-stapling.test
 
-trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT
+cleanup()
+{
+    for i in $(jobs -pr)
+    do
+        kill -s HUP "$i"
+    done
+}
+trap cleanup EXIT INT TERM HUP
 
 server=login.live.com
 ca=certs/external/baltimore-cybertrust-root.pem
@@ -13,13 +19,26 @@ ca=certs/external/baltimore-cybertrust-root.pem
 #./scripts/ping.test $server 2
 
 # client test against the server
-./examples/client/client -X -C -h $server -p 443 -A $ca -g -W 1
-RESULT=$?
-[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
+# external test case was never running, disable for now but retain case in event
+# we wish to re-activate in the future.
+#./examples/client/client -X -C -h $server -p 443 -A $ca -g -W 1
+#RESULT=$?
+#[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
 # setup ocsp responder
-./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh &
+# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port 22221 -nmin 1                                \
+    -index   certs/ocsp/index-intermediate1-ca-issued-certs.txt \
+    -rsigner certs/ocsp/intermediate1-ca-cert.pem               \
+    -rkey    certs/ocsp/intermediate1-ca-key.pem                \
+    -CA      certs/ocsp/intermediate1-ca-cert.pem               \
+    $@                                                          \
+    &
+
 sleep 1
+# "jobs" is not portable for posix. Must use bash interpreter!
 [ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
 
 # client test against our own server - GOOD CERT

scripts/ocsp-stapling.test

@@ -1,8 +1,15 @@
-#!/bin/sh
+#!/bin/bash
 
 # ocsp-stapling.test
 
-trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT
+cleanup()
+{
+    for i in $(jobs -pr)
+    do
+        kill -s HUP "$i"
+    done
+}
+trap cleanup EXIT INT TERM HUP
 
 server=login.live.com
 ca=certs/external/baltimore-cybertrust-root.pem
@@ -17,7 +24,7 @@ fi
 #./scripts/ping.test $server 2
 
 # client test against the server
-./examples/client/client -X -C -h $server -p 443 -A $ca -g -W 1
+./examples/client/client -C -h $server -p 443 -A $ca -g -W 1
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
@@ -30,8 +37,18 @@ if [ $? -eq 0 ]; then
 fi
 
 # setup ocsp responder
-./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh &
+# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port 22221 -nmin 1                                \
+    -index   certs/ocsp/index-intermediate1-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate1-ca-cert.pem               \
+    "$@" &
+
 sleep 1
+# "jobs" is not portable for posix. Must use bash interpreter!
 [ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
 
 # client test against our own server - GOOD CERT

scripts/ocsp-stapling2.test

@@ -1,54 +1,91 @@
-#!/bin/sh
-
+#!/bin/bash
 # ocsp-stapling.test
 
-trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT
+cleanup()
+{
+    for i in $(jobs -pr)
+    do
+        kill -s HUP "$i"
+    done
+}
+trap cleanup EXIT INT TERM HUP
 
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
 # setup ocsp responders
-./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
-./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
-./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
+# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port 22220 -nmin 1                          \
+    -index   certs/ocsp/index-ca-and-intermediate-cas.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem           \
+    -rkey    certs/ocsp/ocsp-responder-key.pem            \
+    -CA      certs/ocsp/root-ca-cert.pem                  \
+    $@                                                    \
+    &
+
+# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port 22222 -nmin 1                                \
+    -index   certs/ocsp/index-intermediate2-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate2-ca-cert.pem               \
+    $@                                                          \
+    &
+
+# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
+# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
+# purposes!
+openssl ocsp -port 22223 -nmin 1                                \
+    -index   certs/ocsp/index-intermediate3-ca-issued-certs.txt \
+    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
+    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
+    -CA      certs/ocsp/intermediate3-ca-cert.pem               \
+    $@                                                          \
+    &
+
 sleep 1
+# "jobs" is not portable for posix. Must use bash interpreter!
 [ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
 
 # client test against our own server - GOOD CERTS
 ./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
 sleep 1
-./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
 ./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
 sleep 1
-./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
 # client test against our own server - REVOKED SERVER CERT
 ./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
 sleep 1
-./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
 RESULT=$?
 [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
 
 ./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
 sleep 1
-./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
 RESULT=$?
 [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
 
 # client test against our own server - REVOKED INTERMEDIATE CERT
 ./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
 sleep 1
-./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1
 
 ./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
 sleep 1
-./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
 RESULT=$?
 [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1