#!/bin/bash # ocsp-stapling.test cleanup() { for i in $(jobs -pr) do kill -s HUP "$i" done } trap cleanup EXIT INT TERM HUP [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 # setup ocsp responders # OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! openssl ocsp -port 22220 -nmin 1 \ -index certs/ocsp/index-ca-and-intermediate-cas.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ -CA certs/ocsp/root-ca-cert.pem \ $@ \ & # OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! openssl ocsp -port 22222 -nmin 1 \ -index certs/ocsp/index-intermediate2-ca-issued-certs.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ -CA certs/ocsp/intermediate2-ca-cert.pem \ $@ \ & # OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! openssl ocsp -port 22223 -nmin 1 \ -index certs/ocsp/index-intermediate3-ca-issued-certs.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ -CA certs/ocsp/intermediate3-ca-cert.pem \ $@ \ & sleep 1 # "jobs" is not portable for posix. Must use bash interpreter! [ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0 # client test against our own server - GOOD CERTS ./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & sleep 1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 ./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem & sleep 1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 # client test against our own server - REVOKED SERVER CERT ./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem & sleep 1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 RESULT=$? [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 ./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem & sleep 1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 RESULT=$? [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 # client test against our own server - REVOKED INTERMEDIATE CERT ./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem & sleep 1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1 ./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem & sleep 1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 RESULT=$? [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1 exit 0