wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 12:42:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f45dbed8f96da91f5d8dec9b80463f6d31fe8352
wolfssl/scripts/ocsp-stapling2.test
John Safranek f45dbed8f9 OCSP 
1. Modify the other OCSP Stapling scripts to better manage the OCSP responder.
2. Modify the client's W option to take:
 - 1 for Stapling v1
 - 2 for Stapling v2
 - 3 for Stapling v2 MULTI
3. Modify the client to disallow stapling v2 with TLSv1.3.
2018-08-02 16:25:38 -07:00

93 lines
3.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# ocsp-stapling.test
cleanup()
{
for i in $(jobs -pr)
do
kill -s HUP "$i"
done
}
trap cleanup EXIT INT TERM HUP
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# setup ocsp responders
# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port 22220 -nmin 1 \
-index certs/ocsp/index-ca-and-intermediate-cas.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/root-ca-cert.pem \
$@ \
&
# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port 22222 -nmin 1 \
-index certs/ocsp/index-intermediate2-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate2-ca-cert.pem \
$@ \
&
# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port 22223 -nmin 1 \
-index certs/ocsp/index-intermediate3-ca-issued-certs.txt \
-rsigner certs/ocsp/ocsp-responder-cert.pem \
-rkey certs/ocsp/ocsp-responder-key.pem \
-CA certs/ocsp/intermediate3-ca-cert.pem \
$@ \
&
sleep 1
# "jobs" is not portable for posix. Must use bash interpreter!
[ $(jobs -r | wc -l) -ne 3 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
# client test against our own server - GOOD CERTS
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
# client test against our own server - REVOKED SERVER CERT
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
# client test against our own server - REVOKED INTERMEDIATE CERT
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1
./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
sleep 1
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3
RESULT=$?
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
exit 0
Reference in New Issue View Git Blame Copy Permalink