From 8c9e0cd427b68ebcd6fd39733e3182511d0f9b11 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 22 Jun 2018 15:58:27 -0600
Subject: [PATCH] add options for OCSP test and combine certs

---
 certs/external/ca-globalsign-root-r3.pem      | 21 ---------
 ...ign-root-r1.pem => ca-globalsign-root.pem} | 21 +++++++++
 certs/external/ca-google-root.pem             | 22 +++++++++
 certs/external/include.am                     |  4 +-
 scripts/ocsp.test                             | 47 ++++++++++++++++---
 5 files changed, 86 insertions(+), 29 deletions(-)
 delete mode 100644 certs/external/ca-globalsign-root-r3.pem
 rename certs/external/{ca-globalsign-root-r1.pem => ca-globalsign-root.pem} (50%)
 create mode 100644 certs/external/ca-google-root.pem

diff --git a/certs/external/ca-globalsign-root-r3.pem b/certs/external/ca-globalsign-root-r3.pem
deleted file mode 100644
index 8afb21905..000000000
--- a/certs/external/ca-globalsign-root-r3.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
-MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
-RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
-gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
-KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
-QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
-XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
-DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
-LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
-RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
-jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
-6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
-mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
-Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
-WD9f
------END CERTIFICATE-----
diff --git a/certs/external/ca-globalsign-root-r1.pem b/certs/external/ca-globalsign-root.pem
similarity index 50%
rename from certs/external/ca-globalsign-root-r1.pem
rename to certs/external/ca-globalsign-root.pem
index f4ce4ca43..48e3e7cc8 100644
--- a/certs/external/ca-globalsign-root-r1.pem
+++ b/certs/external/ca-globalsign-root.pem
@@ -1,4 +1,25 @@
 -----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
 MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
 A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
 b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
diff --git a/certs/external/ca-google-root.pem b/certs/external/ca-google-root.pem
new file mode 100644
index 000000000..6f0f8db0d
--- /dev/null
+++ b/certs/external/ca-google-root.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
diff --git a/certs/external/include.am b/certs/external/include.am
index 0bdf42de2..3ab9650e6 100644
--- a/certs/external/include.am
+++ b/certs/external/include.am
@@ -3,7 +3,7 @@
 #
 
 EXTRA_DIST += \
-	     certs/external/ca-globalsign-root-r3.pem \
-	     certs/external/ca-globalsign-root-r1.pem \
+	     certs/external/ca-globalsign-root.pem \
+	     certs/external/ca-google-root.pem\
 	     certs/external/ca-digicert-ev.pem \
 	     certs/external/baltimore-cybertrust-root.pem
diff --git a/scripts/ocsp.test b/scripts/ocsp.test
index b10ea0b5d..266679ecd 100755
--- a/scripts/ocsp.test
+++ b/scripts/ocsp.test
@@ -3,18 +3,53 @@
 # ocsp-stapling.test
 
 server=www.globalsign.com
-ca=certs/external/ca-globalsign-root-r1.pem
+ca=certs/external/ca-globalsign-root.pem
 
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
 # is our desired server there?
 ./scripts/ping.test $server 2
 RESULT=$?
-[ $RESULT -ne 0 ] && exit 0
+if [ $RESULT = 0 ]; then
+    # client test against the server
+    ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N
+    GL_RESULT=$?
+    [ $GL_RESULT -ne 0 ] && echo -e "\n\nClient connection failed"
+else
+    GL_RESULT=1
+fi
 
-# client test against the server
-./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N
+server=www.google.com
+ca=certs/external/ca-google-root.pem
+
+# is our desired server there?
+./scripts/ping.test $server 2
 RESULT=$?
-[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
+if [ $RESULT = 0 ]; then
+    # client test against the server
+    ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N
+    GR_RESULT=$?
+    [ $GL_RESULT -ne 0 ] && echo -e "\n\nClient connection failed"
+else
+    GR_RESULT=1
+fi
 
-exit 0
+if test -n "$WOLFSSL_OCSP_TEST"; then
+    # check that both passed
+    if [ $GL_RESULT = 0 ] && [ $GR_RESULT = 0 ]; then
+        echo "\n\nBoth OCSP connection to globalsign and google passed"
+        exit 0
+    else
+        echo "\n\nBoth OCSP connection to globalsign and google failed"
+        exit 1
+    fi
+else
+    # if environment variable is not set then just need one to pass
+    if [ $GL_RESULT -ne 0 ] && [ $GR_RESULT -ne 0 ]; then
+        echo "\n\nBoth OCSP connection to globalsign and google failed"
+        exit 1
+    else
+        echo "\n\nWOLFSSL_OCSP_TEST NOT set, and 1 of the tests passed"
+        exit 0
+    fi
+fi