forked from wolfSSL/wolfssl
fix scripts/ocsp-stapling*.test to accommodate IPv6 examples/ client/server build.
This commit is contained in:
Daniel Pouzzner
@@ -16,6 +16,13 @@ if [ $? -eq 0 ]; then
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
|
||||||
|
LOCALHOST='::1'
|
||||||
|
V4V6=-6
|
||||||
|
else
|
||||||
|
LOCALHOST='127.0.0.1'
|
||||||
|
V4V6=-4
|
||||||
|
fi
|
||||||
|
|
||||||
PARENTDIR="$PWD"
|
PARENTDIR="$PWD"
|
||||||
|
|
||||||
@@ -71,7 +78,7 @@ remove_single_rF(){
|
|||||||
|
|
||||||
#create a configure file for cert generation with the port 0 solution
|
#create a configure file for cert generation with the port 0 solution
|
||||||
create_new_cnf() {
|
create_new_cnf() {
|
||||||
printf '%s\n' "Random Port Selected: $RPORTSELECTED"
|
printf '%s\n' "Random Port Selected: $1"
|
||||||
|
|
||||||
printf '%s\n' "#" > $test_cnf
|
printf '%s\n' "#" > $test_cnf
|
||||||
printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf
|
printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf
|
||||||
@@ -183,7 +190,7 @@ get_first_free_port() {
|
|||||||
if [[ "$ret" -ge 65536 ]]; then
|
if [[ "$ret" -ge 65536 ]]; then
|
||||||
ret=1024
|
ret=1024
|
||||||
fi
|
fi
|
||||||
if ! nc -z 127.0.0.1 "$ret"; then
|
if ! nc -z $V4V6 $LOCALHOST "$ret"; then
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
ret=$((ret+1))
|
ret=$((ret+1))
|
||||||
@@ -201,7 +208,7 @@ port3=$(get_first_free_port $((port2 + 1)))
|
|||||||
# test interop fail case
|
# test interop fail case
|
||||||
ready_file=$PWD/wolf_ocsp_readyF$$
|
ready_file=$PWD/wolf_ocsp_readyF$$
|
||||||
printf '%s\n' "ready file: $ready_file"
|
printf '%s\n' "ready file: $ready_file"
|
||||||
./examples/server/server -b -p $port1 -o -R $ready_file &
|
./examples/server/server -p $port1 -o -R $ready_file &
|
||||||
wolf_pid=$!
|
wolf_pid=$!
|
||||||
wait_for_readyFile $ready_file $wolf_pid $port1
|
wait_for_readyFile $ready_file $wolf_pid $port1
|
||||||
if [ ! -f $ready_file ]; then
|
if [ ! -f $ready_file ]; then
|
||||||
@@ -209,7 +216,7 @@ if [ ! -f $ready_file ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
# should fail if ocspstapling is also enabled
|
# should fail if ocspstapling is also enabled
|
||||||
echo "hi" | openssl s_client -status -connect 127.0.0.1:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
|
echo "hi" | openssl s_client -status -connect [${LOCALHOST}]:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
printf '%s\n' "Succeeded when should have failed"
|
printf '%s\n' "Succeeded when should have failed"
|
||||||
remove_single_rF $ready_file
|
remove_single_rF $ready_file
|
||||||
@@ -225,7 +232,7 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
# create a port to use with openssl ocsp responder
|
# create a port to use with openssl ocsp responder
|
||||||
./examples/server/server -b -p $port2 -R $ready_file &
|
./examples/server/server -p $port2 -R $ready_file &
|
||||||
wolf_pid2=$!
|
wolf_pid2=$!
|
||||||
wait_for_readyFile $ready_file $wolf_pid2 $port2
|
wait_for_readyFile $ready_file $wolf_pid2 $port2
|
||||||
if [ ! -f $ready_file ]; then
|
if [ ! -f $ready_file ]; then
|
||||||
@@ -247,10 +254,13 @@ server=login.live.com
|
|||||||
#ca=certs/external/baltimore-cybertrust-root.pem
|
#ca=certs/external/baltimore-cybertrust-root.pem
|
||||||
ca=certs/external/ca_collection.pem
|
ca=certs/external/ca_collection.pem
|
||||||
|
|
||||||
|
if [[ "$V4V6" == "-4" ]]; then
|
||||||
./examples/client/client -C -h $server -p 443 -A $ca -g -W 1
|
./examples/client/client -C -h $server -p 443 -A $ca -g -W 1
|
||||||
RESULT=$?
|
RESULT=$?
|
||||||
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
||||||
|
else
|
||||||
|
echo "Skipping OCSP test on $server (IPv6 test client)"
|
||||||
|
fi
|
||||||
|
|
||||||
# Test with example server
|
# Test with example server
|
||||||
|
|
||||||
@@ -341,7 +351,7 @@ generate_port() {
|
|||||||
|
|
||||||
# Start OpenSSL server that has no OCSP responses to return
|
# Start OpenSSL server that has no OCSP responses to return
|
||||||
generate_port
|
generate_port
|
||||||
openssl s_server -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port &
|
openssl s_server $V4V6 -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port &
|
||||||
openssl_pid=$!
|
openssl_pid=$!
|
||||||
sleep 0.1
|
sleep 0.1
|
||||||
|
|
||||||
|
|||||||
@@ -24,6 +24,14 @@ if [ $? -eq 0 ]; then
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
|
||||||
|
LOCALHOST='[::1]'
|
||||||
|
LOCALHOST_FOR_NC='-6 ::1'
|
||||||
|
else
|
||||||
|
LOCALHOST='127.0.0.1'
|
||||||
|
LOCALHOST_FOR_NC='127.0.0.1'
|
||||||
|
fi
|
||||||
|
|
||||||
PARENTDIR="$PWD"
|
PARENTDIR="$PWD"
|
||||||
|
|
||||||
# create a unique workspace directory ending in PID for the script instance ($$)
|
# create a unique workspace directory ending in PID for the script instance ($$)
|
||||||
@@ -87,7 +95,7 @@ remove_single_rF(){
|
|||||||
|
|
||||||
#create a configure file for cert generation with the port 0 solution
|
#create a configure file for cert generation with the port 0 solution
|
||||||
create_new_cnf() {
|
create_new_cnf() {
|
||||||
printf '%s\n' "Random Port Selected: $RPORTSELECTED"
|
printf '%s\n' "Random Ports Selected: $1 $2 $3 $4"
|
||||||
|
|
||||||
printf '%s\n' "#" > $test_cnf
|
printf '%s\n' "#" > $test_cnf
|
||||||
printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf
|
printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf
|
||||||
@@ -209,7 +217,7 @@ get_first_free_port() {
|
|||||||
if [[ "$ret" -ge 65536 ]]; then
|
if [[ "$ret" -ge 65536 ]]; then
|
||||||
ret=1024
|
ret=1024
|
||||||
fi
|
fi
|
||||||
if ! nc -z 127.0.0.1 "$ret"; then
|
if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
ret=$((ret+1))
|
ret=$((ret+1))
|
||||||
@@ -396,7 +404,7 @@ remove_single_rF $ready_file5
|
|||||||
-p $port5 -H loadSSL &
|
-p $port5 -H loadSSL &
|
||||||
server_pid5=$!
|
server_pid5=$!
|
||||||
wait_for_readyFile $ready_file5 $server_pid5 $port5
|
wait_for_readyFile $ready_file5 $server_pid5 $port5
|
||||||
echo "test connection" | openssl s_client -status -connect 127.0.0.1:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
|
echo "test connection" | openssl s_client -status -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
|
||||||
RESULT=$?
|
RESULT=$?
|
||||||
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1
|
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1
|
||||||
wait $server_pid5
|
wait $server_pid5
|
||||||
|
|||||||
Reference in New Issue
Block a user