diff --git a/certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh b/certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh deleted file mode 100755 index eecd81b58..000000000 --- a/certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -openssl ocsp -port 22221 -nmin 1 \ - -index certs/ocsp/index-intermediate1-ca-issued-certs.txt \ - -rsigner certs/ocsp/intermediate1-ca-cert.pem \ - -rkey certs/ocsp/intermediate1-ca-key.pem \ - -CA certs/ocsp/intermediate1-ca-cert.pem \ - $@ diff --git a/certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh b/certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh deleted file mode 100755 index debfd63bb..000000000 --- a/certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -openssl ocsp -port 22221 -nmin 1 \ - -index certs/ocsp/index-intermediate1-ca-issued-certs.txt \ - -rsigner certs/ocsp/ocsp-responder-cert.pem \ - -rkey certs/ocsp/ocsp-responder-key.pem \ - -CA certs/ocsp/intermediate1-ca-cert.pem \ - $@ diff --git a/certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh b/certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh deleted file mode 100755 index 0d06c5be1..000000000 --- a/certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -openssl ocsp -port 22222 -nmin 1 \ - -index certs/ocsp/index-intermediate2-ca-issued-certs.txt \ - -rsigner certs/ocsp/ocsp-responder-cert.pem \ - -rkey certs/ocsp/ocsp-responder-key.pem \ - -CA certs/ocsp/intermediate2-ca-cert.pem \ - $@ diff --git a/certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh b/certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh deleted file mode 100755 index 5e6a5173c..000000000 --- a/certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -openssl ocsp -port 22223 -nmin 1 \ - -index certs/ocsp/index-intermediate3-ca-issued-certs.txt \ - -rsigner certs/ocsp/ocsp-responder-cert.pem \ - -rkey certs/ocsp/ocsp-responder-key.pem \ - -CA certs/ocsp/intermediate3-ca-cert.pem \ - $@ diff --git a/certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh b/certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh deleted file mode 100755 index d3c3bc1ad..000000000 --- a/certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -openssl ocsp -port 22220 -nmin 1 \ - -index certs/ocsp/index-ca-and-intermediate-cas.txt \ - -rsigner certs/ocsp/ocsp-responder-cert.pem \ - -rkey certs/ocsp/ocsp-responder-key.pem \ - -CA certs/ocsp/root-ca-cert.pem \ - $@ diff --git a/scripts/ocsp-stapling-with-ca-as-responder.test b/scripts/ocsp-stapling-with-ca-as-responder.test index 3b538c9d1..5c61e2ec1 100755 --- a/scripts/ocsp-stapling-with-ca-as-responder.test +++ b/scripts/ocsp-stapling-with-ca-as-responder.test @@ -1,8 +1,15 @@ -#!/bin/sh +#!/bin/bash + +#set an invalid default PID so we don't cleanup a process unexpectedly +OSSL_INT1_PID="INVALID" # ocsp-stapling.test - -trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT +cleanup(){ + # "jobs" is not portable for posix. Must use bash interpreter! + for i in `jobs -p`; do pkill -TERM -P $i; done + kill $OSSL_INT1_PID +} +trap cleanup INT TERM EXIT server=login.live.com ca=certs/external/baltimore-cybertrust-root.pem @@ -18,8 +25,20 @@ RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 # setup ocsp responder -./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh & +# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port 22221 -nmin 1 \ + -index certs/ocsp/index-intermediate1-ca-issued-certs.txt \ + -rsigner certs/ocsp/intermediate1-ca-cert.pem \ + -rkey certs/ocsp/intermediate1-ca-key.pem \ + -CA certs/ocsp/intermediate1-ca-cert.pem \ + $@ \ + & +OSSL_INT1_PID=$! + sleep 1 +# "jobs" is not portable for posix. Must use bash interpreter! [ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 # client test against our own server - GOOD CERT diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 511ae3b00..d39494c4e 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -1,8 +1,16 @@ -#!/bin/sh +#!/bin/bash + +#set an invalid default PID so we don't cleanup a process unexpectedly +OSSL_INT1_PID="INVALID" # ocsp-stapling.test +cleanup(){ + # "jobs" is not portable for posix. Must use bash interpreter! + for i in `jobs -p`; do pkill -TERM -P $i; done + kill $OSSL_INT1_PID +} +trap cleanup INT TERM EXIT -trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT server=login.live.com ca=certs/external/baltimore-cybertrust-root.pem @@ -30,8 +38,21 @@ if [ $? -eq 0 ]; then fi # setup ocsp responder -./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh & +# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port 22221 -nmin 1 \ + -index certs/ocsp/index-intermediate1-ca-issued-certs.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate1-ca-cert.pem \ + $@ \ + & + +OSSL_INT1_PID=$! + sleep 1 +# "jobs" is not portable for posix. Must use bash interpreter! [ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 # client test against our own server - GOOD CERT diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index 7a5bed878..a784733df 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -1,16 +1,61 @@ -#!/bin/sh +#!/bin/bash + +#set some invalid default PID(s) so we don't cleanup a process unexpectedly +OSSL_ROOT_PID="INVALID" +OSSL_INT2_PID="INVALID" +OSSL_INT3_PID="INVALID" # ocsp-stapling.test - -trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT +cleanup(){ + # "jobs" is not portable for posix. Must use bash interpreter! + for i in `jobs -p`; do pkill -TERM -P $i; done + kill $OSSL_ROOT_PID + kill $OSSL_INT2_PID + kill $OSSL_INT3_PID +} +trap cleanup INT TERM EXIT [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 # setup ocsp responders -./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh & -./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh & -./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh & +# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port 22220 -nmin 1 \ + -index certs/ocsp/index-ca-and-intermediate-cas.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/root-ca-cert.pem \ + $@ \ + & +OSSL_ROOT_PID=$! + +# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port 22222 -nmin 1 \ + -index certs/ocsp/index-intermediate2-ca-issued-certs.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate2-ca-cert.pem \ + $@ \ + & +OSSL_INT2_PID=$! + +# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port 22223 -nmin 1 \ + -index certs/ocsp/index-intermediate3-ca-issued-certs.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate3-ca-cert.pem \ + $@ \ + & +OSSL_INT3_PID=$! + sleep 1 +# "jobs" is not portable for posix. Must use bash interpreter! [ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 # client test against our own server - GOOD CERTS