wolfssl/scripts/ocsp-stapling.test

#!/bin/bash

# ocsp-stapling.test

# create a unique ready file ending in PID for the script instance ($$) to take
# advantage of port zero solution
WORKSPACE=`pwd`
CERT_DIR="./certs/ocsp"
resume_port=0
ready_file=`pwd`/wolf_ocsp_s1_readyF$$
ready_file2=`pwd`/wolf_ocsp_s1_readyF2$$
printf '%s\n' "ready file:  $ready_file"

test_cnf="ocsp_s1.cnf"

copy_originals() {
    cd $CERT_DIR
    cp intermediate1-ca-cert.pem bak-intermediate1-ca-cert.pem
    cp intermediate2-ca-cert.pem bak-intermediate2-ca-cert.pem
    cp intermediate3-ca-cert.pem bak-intermediate3-ca-cert.pem
    cp ocsp-responder-cert.pem bak-ocsp-responder-cert.pem
    cp root-ca-cert.pem bak-root-ca-cert.pem
    cp server1-cert.pem bak-server1-cert.pem
    cp server2-cert.pem bak-server2-cert.pem
    cp server3-cert.pem bak-server3-cert.pem
    cp server4-cert.pem bak-server4-cert.pem
    cp server5-cert.pem bak-server5-cert.pem
    cd $WORKSPACE
}

restore_originals() {
    cd $CERT_DIR
    mv bak-intermediate1-ca-cert.pem intermediate1-ca-cert.pem
    mv bak-intermediate2-ca-cert.pem intermediate2-ca-cert.pem
    mv bak-intermediate3-ca-cert.pem intermediate3-ca-cert.pem
    mv bak-ocsp-responder-cert.pem ocsp-responder-cert.pem
    mv bak-root-ca-cert.pem root-ca-cert.pem
    mv bak-server1-cert.pem server1-cert.pem
    mv bak-server2-cert.pem server2-cert.pem
    mv bak-server3-cert.pem server3-cert.pem
    mv bak-server4-cert.pem server4-cert.pem
    mv bak-server5-cert.pem server5-cert.pem
}

wait_for_readyFile(){

    counter=0

    while [ ! -s $1 -a "$counter" -lt 20 ]; do
        echo -e "waiting for ready file..."
        sleep 0.1
        counter=$((counter+ 1))
    done

    if test -e $1; then
        echo -e "found ready file, starting client..."
    else
        echo -e "NO ready file ending test..."
        exit 1
    fi

}

remove_single_rF(){
    if test -e $1; then
        printf '%s\n' "removing ready file: $1"
        rm $1
    fi
}

#create a configure file for cert generation with the port 0 solution
create_new_cnf() {
    copy_originals

    printf '%s\n' "Random Port Selected: $RPORTSELECTED"

    printf '%s\n' "#" > $test_cnf
    printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf
    printf '%s\n' "#" >> $test_cnf
    printf '%s\n' "" >> $test_cnf
    printf '%s\n' "# Extensions to add to a certificate request (intermediate1-ca)" >> $test_cnf
    printf '%s\n' "[ v3_req1 ]" >> $test_cnf
    printf '%s\n' "basicConstraints       = CA:false" >> $test_cnf
    printf '%s\n' "subjectKeyIdentifier   = hash" >> $test_cnf
    printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
    printf '%s\n' "keyUsage               = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf
    printf '%s\n' "authorityInfoAccess    = OCSP;URI:http://127.0.0.1:$1" >> $test_cnf
    printf '%s\n' "" >> $test_cnf
    printf '%s\n' "# Extensions to add to a certificate request (intermediate2-ca)" >> $test_cnf
    printf '%s\n' "[ v3_req2 ]" >> $test_cnf
    printf '%s\n' "basicConstraints       = CA:false" >> $test_cnf
    printf '%s\n' "subjectKeyIdentifier   = hash" >> $test_cnf
    printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
    printf '%s\n' "keyUsage               = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf
    printf '%s\n' "authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22222" >> $test_cnf
    printf '%s\n' "" >> $test_cnf
    printf '%s\n' "# Extensions to add to a certificate request (intermediate3-ca)" >> $test_cnf
    printf '%s\n' "[ v3_req3 ]" >> $test_cnf
    printf '%s\n' "basicConstraints       = CA:false" >> $test_cnf
    printf '%s\n' "subjectKeyIdentifier   = hash" >> $test_cnf
    printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
    printf '%s\n' "keyUsage               = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf
    printf '%s\n' "authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22223" >> $test_cnf
    printf '%s\n' "" >> $test_cnf
    printf '%s\n' "# Extensions for a typical CA" >> $test_cnf
    printf '%s\n' "[ v3_ca ]" >> $test_cnf
    printf '%s\n' "basicConstraints       = CA:true" >> $test_cnf
    printf '%s\n' "subjectKeyIdentifier   = hash" >> $test_cnf
    printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
    printf '%s\n' "keyUsage               = keyCertSign, cRLSign" >> $test_cnf
    printf '%s\n' "authorityInfoAccess    = OCSP;URI:http://127.0.0.1:22220" >> $test_cnf
    printf '%s\n' "" >> $test_cnf
    printf '%s\n' "# OCSP extensions." >> $test_cnf
    printf '%s\n' "[ v3_ocsp ]" >> $test_cnf
    printf '%s\n' "basicConstraints       = CA:false" >> $test_cnf
    printf '%s\n' "subjectKeyIdentifier   = hash" >> $test_cnf
    printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
    printf '%s\n' "extendedKeyUsage       = OCSPSigning" >> $test_cnf

    mv $test_cnf $CERT_DIR/$test_cnf
    cd $CERT_DIR
    CURR_LOC=`pwd`
    printf '%s\n' "echo now in $CURR_LOC"
    ./renewcerts-for-test.sh $test_cnf
    cd $WORKSPACE
}

remove_ready_file() {
    if test -e $ready_file; then
        printf '%s\n' "removing ready file"
        rm $ready_file
    fi
    if test -e $ready_file2; then
        printf '%s\n' "removing ready file: $ready_file2"
        rm $ready_file2
    fi
}

cleanup()
{
    for i in $(jobs -pr)
    do
        kill -s HUP "$i"
    done
    remove_ready_file
    rm $CERT_DIR/$test_cnf
    restore_originals
}
trap cleanup EXIT INT TERM HUP

server=login.live.com
ca=certs/external/baltimore-cybertrust-root.pem

[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
if [ $? -eq 0 ]; then
    exit 0
fi

# create a port 0 port to use with openssl ocsp responder
./examples/server/server -R $ready_file -p $resume_port &
wait_for_readyFile $ready_file
if [ ! -f $ready_file ]; then
    printf '%s\n' "Failed to create ready file: \"$ready_file\""
    exit 1
else
    RPORTSELECTED=`cat $ready_file`
    printf '%s\n' "Random port selected: $RPORTSELECTED"
    # Use client connection to shutdown the server cleanly
    ./examples/client/client -p $RPORTSELECTED
    create_new_cnf $RPORTSELECTED
fi
sleep 1

# is our desired server there? - login.live.com doesn't answers PING
#./scripts/ping.test $server 2

# client test against the server
./examples/client/client -C -h $server -p 443 -A $ca -g -W 1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1


# Test with example server

./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
if [ $? -eq 0 ]; then
    exit 0
fi

# setup ocsp responder
# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh &
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
# purposes!
openssl ocsp -port $RPORTSELECTED -nmin 1                       \
    -index   certs/ocsp/index-intermediate1-ca-issued-certs.txt \
    -rsigner certs/ocsp/ocsp-responder-cert.pem                 \
    -rkey    certs/ocsp/ocsp-responder-key.pem                  \
    -CA      certs/ocsp/intermediate1-ca-cert.pem               \
    "$@" &

sleep 1
# "jobs" is not portable for posix. Must use bash interpreter!
[ $(jobs -r | wc -l) -ne 1 ] && \
             printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0

printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
# client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
                         -k certs/ocsp/server1-key.pem -p $resume_port &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
RESULT=$?
[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1
printf '%s\n\n' "Test PASSED!"

printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
# client test against our own server - REVOKED CERT
remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
                         -k certs/ocsp/server2-key.pem -p $resume_port &
wait_for_readyFile $ready_file2
sleep 1
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
RESULT=$?
[ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection suceeded $RESULT" \
                  && exit 1
printf '%s\n\n' "Test successfully REVOKED!"


./examples/client/client -v 4 2>&1 | grep -- 'Bad SSL version'
if [ $? -ne 0 ]; then
    printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------"
    # client test against our own server - GOOD CERT
    remove_single_rF $ready_file2
    ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
                             -k certs/ocsp/server1-key.pem -v 4 \
                             -p $resume_port &
    wait_for_readyFile $ready_file2
    CLI_PORT=`cat $ready_file2`
    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
                             -p $CLI_PORT
    RESULT=$?
    [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1
    printf '%s\n\n' "Test PASSED!"

    printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------"
    # client test against our own server - REVOKED CERT
    remove_single_rF $ready_file2
    ./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
                             -k certs/ocsp/server2-key.pem -v 4 \
                             -p $resume_port &
    wait_for_readyFile $ready_file2
    CLI_PORT=`cat $ready_file2`
    ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
                             -p $CLI_PORT
    RESULT=$?
    [ $RESULT -ne 1 ] && \
                      printf '\n\n%s\n' "Client connection suceeded $RESULT" \
                      && exit 1
    printf '%s\n\n' "Test successfully REVOKED!"
fi

exit 0
Portability and self-cleanup changes to ocsp test scripts 2018-08-02 01:43:57 +03:00			`#!/bin/bash`

Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`# ocsp-stapling.test`

address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`# create a unique ready file ending in PID for the script instance ($$) to take`
			`# advantage of port zero solution`
			WORKSPACE=`pwd`
			`CERT_DIR="./certs/ocsp"`
			`resume_port=0`
			ready_file=`pwd`/wolf_ocsp_s1_readyF$$
Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			ready_file2=`pwd`/wolf_ocsp_s1_readyF2$$
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`printf '%s\n' "ready file: $ready_file"`

			`test_cnf="ocsp_s1.cnf"`

			`copy_originals() {`
			`cd $CERT_DIR`
			`cp intermediate1-ca-cert.pem bak-intermediate1-ca-cert.pem`
			`cp intermediate2-ca-cert.pem bak-intermediate2-ca-cert.pem`
			`cp intermediate3-ca-cert.pem bak-intermediate3-ca-cert.pem`
			`cp ocsp-responder-cert.pem bak-ocsp-responder-cert.pem`
			`cp root-ca-cert.pem bak-root-ca-cert.pem`
			`cp server1-cert.pem bak-server1-cert.pem`
			`cp server2-cert.pem bak-server2-cert.pem`
			`cp server3-cert.pem bak-server3-cert.pem`
			`cp server4-cert.pem bak-server4-cert.pem`
			`cp server5-cert.pem bak-server5-cert.pem`
			`cd $WORKSPACE`
			`}`

			`restore_originals() {`
			`cd $CERT_DIR`
			`mv bak-intermediate1-ca-cert.pem intermediate1-ca-cert.pem`
			`mv bak-intermediate2-ca-cert.pem intermediate2-ca-cert.pem`
			`mv bak-intermediate3-ca-cert.pem intermediate3-ca-cert.pem`
			`mv bak-ocsp-responder-cert.pem ocsp-responder-cert.pem`
			`mv bak-root-ca-cert.pem root-ca-cert.pem`
			`mv bak-server1-cert.pem server1-cert.pem`
			`mv bak-server2-cert.pem server2-cert.pem`
			`mv bak-server3-cert.pem server3-cert.pem`
			`mv bak-server4-cert.pem server4-cert.pem`
			`mv bak-server5-cert.pem server5-cert.pem`
			`}`

Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			`wait_for_readyFile(){`

			`counter=0`

			`while [ ! -s $1 -a "$counter" -lt 20 ]; do`
			`echo -e "waiting for ready file..."`
			`sleep 0.1`
			`counter=$((counter+ 1))`
			`done`

			`if test -e $1; then`
			`echo -e "found ready file, starting client..."`
			`else`
			`echo -e "NO ready file ending test..."`
			`exit 1`
			`fi`

			`}`

			`remove_single_rF(){`
			`if test -e $1; then`
			`printf '%s\n' "removing ready file: $1"`
			`rm $1`
			`fi`
			`}`

address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`#create a configure file for cert generation with the port 0 solution`
			`create_new_cnf() {`
			`copy_originals`

			`printf '%s\n' "Random Port Selected: $RPORTSELECTED"`

			`printf '%s\n' "#" > $test_cnf`
			`printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf`
			`printf '%s\n' "#" >> $test_cnf`
			`printf '%s\n' "" >> $test_cnf`
			`printf '%s\n' "# Extensions to add to a certificate request (intermediate1-ca)" >> $test_cnf`
			`printf '%s\n' "[ v3_req1 ]" >> $test_cnf`
			`printf '%s\n' "basicConstraints = CA:false" >> $test_cnf`
			`printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf`
			`printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf`
			`printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf`
			`printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1" >> $test_cnf`
			`printf '%s\n' "" >> $test_cnf`
			`printf '%s\n' "# Extensions to add to a certificate request (intermediate2-ca)" >> $test_cnf`
			`printf '%s\n' "[ v3_req2 ]" >> $test_cnf`
			`printf '%s\n' "basicConstraints = CA:false" >> $test_cnf`
			`printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf`
			`printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf`
			`printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf`
			`printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22222" >> $test_cnf`
			`printf '%s\n' "" >> $test_cnf`
			`printf '%s\n' "# Extensions to add to a certificate request (intermediate3-ca)" >> $test_cnf`
			`printf '%s\n' "[ v3_req3 ]" >> $test_cnf`
			`printf '%s\n' "basicConstraints = CA:false" >> $test_cnf`
			`printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf`
			`printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf`
			`printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf`
			`printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22223" >> $test_cnf`
			`printf '%s\n' "" >> $test_cnf`
			`printf '%s\n' "# Extensions for a typical CA" >> $test_cnf`
			`printf '%s\n' "[ v3_ca ]" >> $test_cnf`
			`printf '%s\n' "basicConstraints = CA:true" >> $test_cnf`
			`printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf`
			`printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf`
			`printf '%s\n' "keyUsage = keyCertSign, cRLSign" >> $test_cnf`
			`printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22220" >> $test_cnf`
			`printf '%s\n' "" >> $test_cnf`
			`printf '%s\n' "# OCSP extensions." >> $test_cnf`
			`printf '%s\n' "[ v3_ocsp ]" >> $test_cnf`
			`printf '%s\n' "basicConstraints = CA:false" >> $test_cnf`
			`printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf`
			`printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf`
			`printf '%s\n' "extendedKeyUsage = OCSPSigning" >> $test_cnf`

			`mv $test_cnf $CERT_DIR/$test_cnf`
			`cd $CERT_DIR`
			CURR_LOC=`pwd`
			`printf '%s\n' "echo now in $CURR_LOC"`
			`./renewcerts-for-test.sh $test_cnf`
			`cd $WORKSPACE`
			`}`

			`remove_ready_file() {`
			`if test -e $ready_file; then`
			`printf '%s\n' "removing ready file"`
			`rm $ready_file`
			`fi`
Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			`if test -e $ready_file2; then`
			`printf '%s\n' "removing ready file: $ready_file2"`
			`rm $ready_file2`
			`fi`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`}`

OSCP 1. Made killing the OCSP server process more reliable. 2. Added attr files for the OSCP status files. Bare minimum attr. 3. Added a NL to the error string from the client regarding external tests. 2018-08-02 21:32:36 +03:00			`cleanup()`
			`{`
			`for i in $(jobs -pr)`
			`do`
			`kill -s HUP "$i"`
			`done`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`remove_ready_file`
			`rm $CERT_DIR/$test_cnf`
			`restore_originals`
OSCP 1. Made killing the OCSP server process more reliable. 2. Added attr files for the OSCP status files. Bare minimum attr. 3. Added a NL to the error string from the client regarding external tests. 2018-08-02 21:32:36 +03:00			`}`
			`trap cleanup EXIT INT TERM HUP`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00
			`server=login.live.com`
update root certs for ocsp scripts 2017-08-14 21:58:36 +03:00			`ca=certs/external/baltimore-cybertrust-root.pem`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00
			`[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1`
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00			`./examples/client/client -? 2>&1 \| grep -- 'Client not compiled in!'`
			`if [ $? -eq 0 ]; then`
			`exit 0`
			`fi`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`# create a port 0 port to use with openssl ocsp responder`
			`./examples/server/server -R $ready_file -p $resume_port &`
Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			`wait_for_readyFile $ready_file`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`if [ ! -f $ready_file ]; then`
			`printf '%s\n' "Failed to create ready file: \"$ready_file\""`
			`exit 1`
			`else`
			RPORTSELECTED=`cat $ready_file`
			`printf '%s\n' "Random port selected: $RPORTSELECTED"`
			`# Use client connection to shutdown the server cleanly`
			`./examples/client/client -p $RPORTSELECTED`
			`create_new_cnf $RPORTSELECTED`
			`fi`
give servers time to shut-down after client connection 2018-08-10 20:57:35 +03:00			`sleep 1`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00
Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`# is our desired server there? - login.live.com doesn't answers PING`
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used. 2016-04-02 01:45:53 +03:00			`#./scripts/ping.test $server 2`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00
			`# client test against the server`
OSCP 1. Made killing the OCSP server process more reliable. 2. Added attr files for the OSCP status files. Bare minimum attr. 3. Added a NL to the error string from the client regarding external tests. 2018-08-02 21:32:36 +03:00			`./examples/client/client -C -h $server -p 443 -A $ca -g -W 1`
			`RESULT=$?`
			`[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00
			`# Test with example server`

			`./examples/server/server -? 2>&1 \| grep -- 'Server not compiled in!'`
			`if [ $? -eq 0 ]; then`
			`exit 0`
			`fi`

Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`# setup ocsp responder`
Portability and self-cleanup changes to ocsp test scripts 2018-08-02 01:43:57 +03:00			`# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh &`
			`# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup`
			`# purposes!`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`openssl ocsp -port $RPORTSELECTED -nmin 1 \`
Portability and self-cleanup changes to ocsp test scripts 2018-08-02 01:43:57 +03:00			`-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \`
			`-rsigner certs/ocsp/ocsp-responder-cert.pem \`
			`-rkey certs/ocsp/ocsp-responder-key.pem \`
			`-CA certs/ocsp/intermediate1-ca-cert.pem \`
OSCP 1. Made killing the OCSP server process more reliable. 2. Added attr files for the OSCP status files. Bare minimum attr. 3. Added a NL to the error string from the client regarding external tests. 2018-08-02 21:32:36 +03:00			`"$@" &`
Portability and self-cleanup changes to ocsp test scripts 2018-08-02 01:43:57 +03:00
Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`sleep 1`
Portability and self-cleanup changes to ocsp test scripts 2018-08-02 01:43:57 +03:00			`# "jobs" is not portable for posix. Must use bash interpreter!`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`[ $(jobs -r \| wc -l) -ne 1 ] && \`
			`printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`# client test against our own server - GOOD CERT`
Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			`./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \`
			`-k certs/ocsp/server1-key.pem -p $resume_port &`
			`wait_for_readyFile $ready_file2`
			CLI_PORT=`cat $ready_file2`
			`./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`RESULT=$?`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1`
			`printf '%s\n\n' "Test PASSED!"`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`# client test against our own server - REVOKED CERT`
Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			`remove_single_rF $ready_file2`
			`./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \`
			`-k certs/ocsp/server2-key.pem -p $resume_port &`
			`wait_for_readyFile $ready_file2`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`sleep 1`
Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			CLI_PORT=`cat $ready_file2`
			`./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`RESULT=$?`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`[ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection suceeded $RESULT" \`
			`&& exit 1`
			`printf '%s\n\n' "Test successfully REVOKED!"`
Merge branch 'csr' 2015-12-29 01:38:04 +03:00
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00
			`./examples/client/client -v 4 2>&1 \| grep -- 'Bad SSL version'`
			`if [ $? -ne 0 ]; then`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------"`
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00			`# client test against our own server - GOOD CERT`
Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			`remove_single_rF $ready_file2`
			`./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \`
			`-k certs/ocsp/server1-key.pem -v 4 \`
			`-p $resume_port &`
			`wait_for_readyFile $ready_file2`
			CLI_PORT=`cat $ready_file2`
			`./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \`
			`-p $CLI_PORT`
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00			`RESULT=$?`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1`
			`printf '%s\n\n' "Test PASSED!"`
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------"`
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00			`# client test against our own server - REVOKED CERT`
Use pzero solutions on servers and clients in addition to ocsp responders 2018-08-10 23:17:17 +03:00			`remove_single_rF $ready_file2`
			`./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \`
			`-k certs/ocsp/server2-key.pem -v 4 \`
			`-p $resume_port &`
			`wait_for_readyFile $ready_file2`
			CLI_PORT=`cat $ready_file2`
			`./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \`
			`-p $CLI_PORT`
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00			`RESULT=$?`
address file restoration issue present when git not available 2018-08-10 19:24:42 +03:00			`[ $RESULT -ne 1 ] && \`
			`printf '\n\n%s\n' "Client connection suceeded $RESULT" \`
			`&& exit 1`
			`printf '%s\n\n' "Test successfully REVOKED!"`
TLS 1.3 OCSP Stapling Introduce support for OCSP stapling in TLS 1.3. Note: OCSP Stapling v2 is not used in TLS 1.3. Added tests. Allow extensions to be sent with first certificate. Fix writing out of certificate chains in TLS 1.3. Tidy up the OCSP stapling code to remove duplication as much as possible. 2018-07-02 09:59:23 +03:00			`fi`

Merge branch 'csr' 2015-12-29 01:38:04 +03:00			`exit 0`