feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Portability and self-cleanup changes to ocsp test scripts

Browse Source
This commit is contained in:
kaleb-himes
2018-08-01 16:43:57 -06:00
parent c87d6b27e2
commit a178764a8b
8 changed files with 98 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22221 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/intermediate1-ca-cert.pem \
-rkey certs/ocsp/intermediate1-ca-key.pem \
-CA certs/ocsp/intermediate1-ca-cert.pem \
$@

8
certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22221 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate1-ca-cert.pem \
$@

8
certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22222 -nmin 1 \
-index certs/ocsp/index-intermediate2-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate2-ca-cert.pem \
$@

8
certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22223 -nmin 1 \
-index certs/ocsp/index-intermediate3-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate3-ca-cert.pem \
$@

8
certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
openssl ocsp -port 22220 -nmin 1 \
-index certs/ocsp/index-ca-and-intermediate-cas.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/root-ca-cert.pem \
$@

27
scripts/ocsp-stapling-with-ca-as-responder.test
View File

@@ -1,8 +1,15 @@
#!/bin/sh #!/bin/bash
#set an invalid default PID so we don't cleanup a process unexpectedly
OSSL_INT1_PID="INVALID"
# ocsp-stapling.test # ocsp-stapling.test
cleanup(){
trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT # "jobs" is not portable for posix. Must use bash interpreter!
for i in `jobs -p`; do pkill -TERM -P $i; done
kill $OSSL_INT1_PID
}
trap cleanup INT TERM EXIT
server=login.live.com server=login.live.com
ca=certs/external/baltimore-cybertrust-root.pem ca=certs/external/baltimore-cybertrust-root.pem
@@ -18,8 +25,20 @@ RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# setup ocsp responder # setup ocsp responder
./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh & # OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs-with-ca-as-responder.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port 22221 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/intermediate1-ca-cert.pem \
-rkey certs/ocsp/intermediate1-ca-key.pem \
-CA certs/ocsp/intermediate1-ca-cert.pem \
$@ \
&
OSSL_INT1_PID=$!
sleep 1 sleep 1
# "jobs" is not portable for posix. Must use bash interpreter!
[ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 [ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
# client test against our own server - GOOD CERT # client test against our own server - GOOD CERT

27
scripts/ocsp-stapling.test
View File

@@ -1,8 +1,16 @@
#!/bin/sh #!/bin/bash
#set an invalid default PID so we don't cleanup a process unexpectedly
OSSL_INT1_PID="INVALID"
# ocsp-stapling.test # ocsp-stapling.test
cleanup(){
# "jobs" is not portable for posix. Must use bash interpreter!
for i in `jobs -p`; do pkill -TERM -P $i; done
kill $OSSL_INT1_PID
}
trap cleanup INT TERM EXIT
trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT
server=login.live.com server=login.live.com
ca=certs/external/baltimore-cybertrust-root.pem ca=certs/external/baltimore-cybertrust-root.pem
@@ -30,8 +38,21 @@ if [ $? -eq 0 ]; then
fi fi
# setup ocsp responder # setup ocsp responder
./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh & # OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port 22221 -nmin 1 \
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate1-ca-cert.pem \
$@ \
&
OSSL_INT1_PID=$!
sleep 1 sleep 1
# "jobs" is not portable for posix. Must use bash interpreter!
[ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 [ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
# client test against our own server - GOOD CERT # client test against our own server - GOOD CERT

57
scripts/ocsp-stapling2.test
View File

@@ -1,16 +1,61 @@
#!/bin/sh #!/bin/bash
#set some invalid default PID(s) so we don't cleanup a process unexpectedly
OSSL_ROOT_PID="INVALID"
OSSL_INT2_PID="INVALID"
OSSL_INT3_PID="INVALID"
# ocsp-stapling.test # ocsp-stapling.test
cleanup(){
trap 'for i in `jobs -p`; do pkill -TERM -P $i; done' EXIT # "jobs" is not portable for posix. Must use bash interpreter!
for i in `jobs -p`; do pkill -TERM -P $i; done
kill $OSSL_ROOT_PID
kill $OSSL_INT2_PID
kill $OSSL_INT3_PID
}
trap cleanup INT TERM EXIT
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# setup ocsp responders # setup ocsp responders
./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh & # OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh & # purposes!
openssl ocsp -port 22220 -nmin 1 \
-index certs/ocsp/index-ca-and-intermediate-cas.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/root-ca-cert.pem \
$@ \
&
OSSL_ROOT_PID=$!
# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port 22222 -nmin 1 \
-index certs/ocsp/index-intermediate2-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate2-ca-cert.pem \
$@ \
&
OSSL_INT2_PID=$!
# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port 22223 -nmin 1 \
-index certs/ocsp/index-intermediate3-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate3-ca-cert.pem \
$@ \
&
OSSL_INT3_PID=$!
sleep 1 sleep 1
# "jobs" is not portable for posix. Must use bash interpreter!
[ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 [ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
# client test against our own server - GOOD CERTS # client test against our own server - GOOD CERTS