forked from wolfSSL/wolfssl
Fixes and Improvements to OCSP scripts. Fix for OCSP test with IPV6 enabled (use -b
bind to any on server). Fix to use random port number for the oscp-stapling.test
script. Reduce delay times in scripts.
This commit is contained in:
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# ocsp-stapling.test
|
# ocsp-stapling.test
|
||||||
|
# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
|
||||||
|
|
||||||
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
|
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
@ -178,7 +178,8 @@ fi
|
|||||||
# test interop fail case
|
# test interop fail case
|
||||||
ready_file=`pwd`/wolf_ocsp_readyF$$
|
ready_file=`pwd`/wolf_ocsp_readyF$$
|
||||||
printf '%s\n' "ready file: $ready_file"
|
printf '%s\n' "ready file: $ready_file"
|
||||||
./examples/server/server -o -R $ready_file &
|
# use random port and bind to any (allows use with IPv6)
|
||||||
|
./examples/server/server -b -p $resume_port -o -R $ready_file &
|
||||||
wolf_pid=$!
|
wolf_pid=$!
|
||||||
wait_for_readyFile $ready_file
|
wait_for_readyFile $ready_file
|
||||||
if [ ! -f $ready_file ]; then
|
if [ ! -f $ready_file ]; then
|
||||||
@ -203,7 +204,7 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
# create a port 0 port to use with openssl ocsp responder
|
# create a port 0 port to use with openssl ocsp responder
|
||||||
./examples/server/server -R $ready_file -p $resume_port &
|
./examples/server/server -b -p $resume_port -R $ready_file &
|
||||||
wait_for_readyFile $ready_file
|
wait_for_readyFile $ready_file
|
||||||
if [ ! -f $ready_file ]; then
|
if [ ! -f $ready_file ]; then
|
||||||
printf '%s\n' "Failed to create ready file: \"$ready_file\""
|
printf '%s\n' "Failed to create ready file: \"$ready_file\""
|
||||||
@ -215,7 +216,7 @@ else
|
|||||||
./examples/client/client -p $RPORTSELECTED
|
./examples/client/client -p $RPORTSELECTED
|
||||||
create_new_cnf $RPORTSELECTED
|
create_new_cnf $RPORTSELECTED
|
||||||
fi
|
fi
|
||||||
sleep 1
|
sleep 0.1
|
||||||
|
|
||||||
# is our desired server there? - login.live.com doesn't answers PING
|
# is our desired server there? - login.live.com doesn't answers PING
|
||||||
#./scripts/ping.test $server 2
|
#./scripts/ping.test $server 2
|
||||||
@ -248,7 +249,7 @@ openssl ocsp -port $RPORTSELECTED -nmin 1 \
|
|||||||
-CA certs/ocsp/intermediate1-ca-cert.pem \
|
-CA certs/ocsp/intermediate1-ca-cert.pem \
|
||||||
"$@" &
|
"$@" &
|
||||||
|
|
||||||
sleep 1
|
sleep 0.1
|
||||||
# "jobs" is not portable for posix. Must use bash interpreter!
|
# "jobs" is not portable for posix. Must use bash interpreter!
|
||||||
[ $(jobs -r | wc -l) -ne 1 ] && \
|
[ $(jobs -r | wc -l) -ne 1 ] && \
|
||||||
printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
|
printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
|
||||||
@ -270,7 +271,7 @@ remove_single_rF $ready_file2
|
|||||||
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
|
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
|
||||||
-k certs/ocsp/server2-key.pem -p $resume_port &
|
-k certs/ocsp/server2-key.pem -p $resume_port &
|
||||||
wait_for_readyFile $ready_file2
|
wait_for_readyFile $ready_file2
|
||||||
sleep 1
|
sleep 0.1
|
||||||
CLI_PORT=`cat $ready_file2`
|
CLI_PORT=`cat $ready_file2`
|
||||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
|
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
|
||||||
RESULT=$?
|
RESULT=$?
|
||||||
@ -312,4 +313,6 @@ if [ $? -ne 0 ]; then
|
|||||||
printf '%s\n\n' "Test successfully REVOKED!"
|
printf '%s\n\n' "Test successfully REVOKED!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------"
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# ocsp-stapling.test
|
|
||||||
|
|
||||||
|
# ocsp-stapling2.test
|
||||||
|
# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
|
||||||
|
|
||||||
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
|
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
@ -9,7 +10,8 @@ if [ $? -eq 0 ]; then
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# create a unique ready file ending in PID for the script instance ($$) to take
|
||||||
|
# advantage of port zero solution
|
||||||
WORKSPACE=`pwd`
|
WORKSPACE=`pwd`
|
||||||
CERT_DIR="certs/ocsp"
|
CERT_DIR="certs/ocsp"
|
||||||
|
|
||||||
@ -233,7 +235,7 @@ else
|
|||||||
create_new_cnf $RPORTSELECTED1 $RPORTSELECTED2 $RPORTSELECTED3 \
|
create_new_cnf $RPORTSELECTED1 $RPORTSELECTED2 $RPORTSELECTED3 \
|
||||||
$RPORTSELECTED4
|
$RPORTSELECTED4
|
||||||
fi
|
fi
|
||||||
sleep 1
|
sleep 0.1
|
||||||
|
|
||||||
# setup ocsp responders
|
# setup ocsp responders
|
||||||
# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
|
# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
|
||||||
@ -269,7 +271,7 @@ openssl ocsp -port $RPORTSELECTED3 -nmin 1 \
|
|||||||
$@ \
|
$@ \
|
||||||
&
|
&
|
||||||
|
|
||||||
sleep 1
|
sleep 0.1
|
||||||
# "jobs" is not portable for posix. Must use bash interpreter!
|
# "jobs" is not portable for posix. Must use bash interpreter!
|
||||||
[ $(jobs -r | wc -l) -ne 3 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
|
[ $(jobs -r | wc -l) -ne 3 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
|
||||||
|
|
||||||
@ -320,7 +322,7 @@ remove_single_rF $ready_file5
|
|||||||
./examples/server/server -c certs/ocsp/server4-cert.pem \
|
./examples/server/server -c certs/ocsp/server4-cert.pem \
|
||||||
-k certs/ocsp/server4-key.pem -R $ready_file5 \
|
-k certs/ocsp/server4-key.pem -R $ready_file5 \
|
||||||
-p $resume_port &
|
-p $resume_port &
|
||||||
sleep 1
|
sleep 0.1
|
||||||
CLI_PORT=`cat $ready_file5`
|
CLI_PORT=`cat $ready_file5`
|
||||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
|
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
|
||||||
-p $CLI_PORT
|
-p $CLI_PORT
|
||||||
@ -377,7 +379,7 @@ remove_single_rF $ready_file5
|
|||||||
-k certs/ocsp/server4-key.pem -R $ready_file5 \
|
-k certs/ocsp/server4-key.pem -R $ready_file5 \
|
||||||
-p $resume_port -H loadSSL &
|
-p $resume_port -H loadSSL &
|
||||||
wolf_pid=$!
|
wolf_pid=$!
|
||||||
sleep 1
|
sleep 0.1
|
||||||
CLI_PORT=`cat $ready_file5`
|
CLI_PORT=`cat $ready_file5`
|
||||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
|
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
|
||||||
-p $CLI_PORT
|
-p $CLI_PORT
|
||||||
|
Reference in New Issue
Block a user