fix ocsp response when using DTLS

2025-08-04 13:14:45 +02:00 · 2024-06-21 08:29:42 +09:00
parent 385a097646
commit 30eb558d58
4 changed files with 90 additions and 72 deletions
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@@ -388,6 +388,49 @@ else
    echo 'skipping TLS1.3 stapling tests.' 1>&2
 fi

+printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
+# client test against our own server - GOOD CERT
+./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
+                         -k certs/ocsp/server1-key.pem -p $port3 &
+wolf_pid3=$!
+wait_for_readyFile "$ready_file2" $wolf_pid3 $port3
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3
+RESULT=$?
+[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+printf '%s\n\n' "Test PASSED!"
+
+# DTLS 1.2 and 1.3 cases
+if ./examples/client/client -? 2>&1 | grep -q 'DTLS'; then
+  printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------"
+ # client test against our own server, must staple - GOOD CERT
+ echo $ready_file2
+  ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
+                          -k certs/ocsp/server1-key.pem -u -v 3 \
+                          -p $port3 &
+  wolf_pid3=$!
+
+  sleep 0.2
+  ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \
+                           -W 1 -p $port3
+  RESULT=$?
+  [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1
+  printf '%s\n\n' "Test PASSED!"
+
+  printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD PASS -------------------"
+ # client test against our own server, must staple - GOOD CERT
+  ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \
+                          -k certs/ocsp/server1-key.pem -u -v 4 \
+                          -p $port3 &
+  wolf_pid3=$!
+  sleep 0.2
+  ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \
+                           -W 1 -p $port3
+  RESULT=$?
+  [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1
+  printf '%s\n\n' "Test PASSED!"
+
+fi
+
 # need a unique port since may run the same time as testsuite
 generate_port() {
    #-------------------------------------------------------------------------#
--- a/scripts/ocsp-stapling2.test
+++ b/scripts/ocsp-stapling2.test
@@ -499,6 +499,22 @@ RESULT=$?
                 && exit 1
 printf '%s\n\n' "Test PASSED!"

+
+if ./examples/client/client -? 2>&1 | grep -q 'DTLS'; then
+printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------"
+# client test against our own server - GOOD CERTS
+./examples/server/server -c certs/ocsp/server3-cert.pem \
+                         -k certs/ocsp/server3-key.pem -R $ready_file5 \
+                         -p $port5 -u -v 3 &
+server_pid5=$!
+sleep 0.2
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \
+                         -p $port5
+RESULT=$?
+[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
+printf '%s\n\n' "Test PASSED!"
+fi
+
 printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------"

 exit 0