forked from wolfSSL/wolfssl
OCSP
1. Modify the other OCSP Stapling scripts to better manage the OCSP responder. 2. Modify the client's W option to take: - 1 for Stapling v1 - 2 for Stapling v2 - 3 for Stapling v2 MULTI 3. Modify the client to disallow stapling v2 with TLSv1.3.
This commit is contained in:
John Safranek
@ -1,15 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
#set an invalid default PID so we don't cleanup a process unexpectedly
|
||||
OSSL_INT1_PID="INVALID"
|
||||
|
||||
# ocsp-stapling.test
|
||||
cleanup(){
|
||||
# "jobs" is not portable for posix. Must use bash interpreter!
|
||||
for i in `jobs -p`; do pkill -TERM -P $i; done
|
||||
kill $OSSL_INT1_PID
|
||||
|
||||
cleanup()
|
||||
{
|
||||
for i in $(jobs -pr)
|
||||
do
|
||||
kill -s HUP "$i"
|
||||
done
|
||||
}
|
||||
trap cleanup INT TERM EXIT
|
||||
trap cleanup EXIT INT TERM HUP
|
||||
|
||||
server=login.live.com
|
||||
ca=certs/external/baltimore-cybertrust-root.pem
|
||||
@ -37,7 +36,6 @@ openssl ocsp -port 22221 -nmin 1 \
|
||||
-CA certs/ocsp/intermediate1-ca-cert.pem \
|
||||
$@ \
|
||||
&
|
||||
OSSL_INT1_PID=$!
|
||||
|
||||
sleep 1
|
||||
# "jobs" is not portable for posix. Must use bash interpreter!
|
||||
|
||||
@ -1,19 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
#set some invalid default PID(s) so we don't cleanup a process unexpectedly
|
||||
OSSL_ROOT_PID="INVALID"
|
||||
OSSL_INT2_PID="INVALID"
|
||||
OSSL_INT3_PID="INVALID"
|
||||
|
||||
# ocsp-stapling.test
|
||||
cleanup(){
|
||||
# "jobs" is not portable for posix. Must use bash interpreter!
|
||||
for i in `jobs -p`; do pkill -TERM -P $i; done
|
||||
kill $OSSL_ROOT_PID
|
||||
kill $OSSL_INT2_PID
|
||||
kill $OSSL_INT3_PID
|
||||
|
||||
cleanup()
|
||||
{
|
||||
for i in $(jobs -pr)
|
||||
do
|
||||
kill -s HUP "$i"
|
||||
done
|
||||
}
|
||||
trap cleanup INT TERM EXIT
|
||||
trap cleanup EXIT INT TERM HUP
|
||||
|
||||
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
|
||||
|
||||
@ -28,7 +23,6 @@ openssl ocsp -port 22220 -nmin 1 \
|
||||
-CA certs/ocsp/root-ca-cert.pem \
|
||||
$@ \
|
||||
&
|
||||
OSSL_ROOT_PID=$!
|
||||
|
||||
# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
|
||||
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
|
||||
@ -40,7 +34,6 @@ openssl ocsp -port 22222 -nmin 1 \
|
||||
-CA certs/ocsp/intermediate2-ca-cert.pem \
|
||||
$@ \
|
||||
&
|
||||
OSSL_INT2_PID=$!
|
||||
|
||||
# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
|
||||
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
|
||||
@ -52,7 +45,6 @@ openssl ocsp -port 22223 -nmin 1 \
|
||||
-CA certs/ocsp/intermediate3-ca-cert.pem \
|
||||
$@ \
|
||||
&
|
||||
OSSL_INT3_PID=$!
|
||||
|
||||
sleep 1
|
||||
# "jobs" is not portable for posix. Must use bash interpreter!
|
||||
@ -61,39 +53,39 @@ sleep 1
|
||||
# client test against our own server - GOOD CERTS
|
||||
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
||||
|
||||
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
||||
|
||||
# client test against our own server - REVOKED SERVER CERT
|
||||
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
||||
|
||||
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
||||
|
||||
# client test against our own server - REVOKED INTERMEDIATE CERT
|
||||
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1
|
||||
|
||||
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
|
||||
sleep 1
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
|
||||
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
||||
|
||||
|
||||
Reference in New Issue
Block a user