mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-28 18:59:58 +01:00
487c60df78
TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
74 lines
2.3 KiB
Bash
Executable File
74 lines
2.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# ocsp-stapling.test
|
|
|
|
server=www.globalsign.com
|
|
ca=certs/external/ca-globalsign-root.pem
|
|
|
|
[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
|
|
&& exit 1
|
|
|
|
./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
|
|
if [ $? -eq 0 ]; then
|
|
echo "TLS 1.2 or lower required"
|
|
echo "Skipped"
|
|
exit 0
|
|
fi
|
|
|
|
# is our desired server there?
|
|
./scripts/ping.test $server 2
|
|
RESULT=$?
|
|
if [ $RESULT -eq 0 ]; then
|
|
# client test against the server
|
|
./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N
|
|
GL_RESULT=$?
|
|
[ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
|
|
else
|
|
GL_RESULT=1
|
|
fi
|
|
|
|
server=www.google.com
|
|
ca=certs/external/ca-google-root.pem
|
|
|
|
# is our desired server there?
|
|
./scripts/ping.test $server 2
|
|
RESULT=$?
|
|
if [ $RESULT -eq 0 ]; then
|
|
# client test against the server
|
|
./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N
|
|
GR_RESULT=$?
|
|
[ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
|
|
else
|
|
GR_RESULT=1
|
|
fi
|
|
|
|
if test -n "$WOLFSSL_OCSP_TEST"; then
|
|
# check that both passed
|
|
if [ $GL_RESULT -eq 0 ] && [ $GR_RESULT -eq 0 ]; then
|
|
printf '\n\n%s\n' "Both OCSP connection to globalsign and google passed"
|
|
printf '%s\n' "Test Passed!"
|
|
exit 0
|
|
else
|
|
# Unlike other environment variables the intent of WOLFSSL_OCSP_TEST
|
|
# is to indicate a requirement for both tests to pass. If variable is
|
|
# set and either tests fail then whole case fails. Do not set the
|
|
# variable if either case passing is to be considered a success.
|
|
printf '\n\n%s\n' "One of the OCSP connections to either globalsign or"
|
|
printf '%s\n' "google failed, however since WOLFSSL_OCSP_TEST is set"
|
|
printf '%s\n' "the test is considered to have failed"
|
|
printf '%s\n' "Test Failed!"
|
|
exit 1
|
|
fi
|
|
else
|
|
# if environment variable is not set then just need one to pass
|
|
if [ $GL_RESULT -ne 0 ] && [ $GR_RESULT -ne 0 ]; then
|
|
printf '\n\n%s\n' "Both OCSP connection to globalsign and google failed"
|
|
printf '%s\n' "Test Failed!"
|
|
exit 1
|
|
else
|
|
printf '\n\n%s\n' "WOLFSSL_OCSP_TEST NOT set, and 1 of the tests passed"
|
|
printf '%s\n' "Test Passed!"
|
|
exit 0
|
|
fi
|
|
fi
|