mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

scripts/ocsp-stapling*.test: add bwrap attempt at top, to isolate network namespace.

Browse Source
This commit is contained in:
Daniel Pouzzner 2020-09-11 18:19:04 -05:00
parent 8f25456f86
commit 1e9971f64c
3 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
scripts/ocsp-stapling-with-ca-as-responder.test
View File

@ -2,6 +2,22 @@
# ocsp-stapling-with-ca-as-responder.test
# if we can, isolate the network namespace to eliminate port collisions
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
bwrap_path="$(command -v bwrap)"
if [[ -z "$bwrap_path" ]]; then
echo "couldn't find bwrap -- not isolating network namespace."
elif [[ ! -u "$bwrap_path" ]]; then
echo "$bwrap_path isn't setuid -- not isolating network namespace."
else
echo "isolating network namespace..."
export AM_BWRAPPED=yes
exec $bwrap_path --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
echo "not isolating network namespace."
fi
fi
if [[ -z "${RETRIES_REMAINING-}" ]]; then
export RETRIES_REMAINING=2
fi

16
scripts/ocsp-stapling.test
View File

@ -3,6 +3,22 @@
# ocsp-stapling.test
# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
# if we can, isolate the network namespace to eliminate port collisions
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
bwrap_path="$(command -v bwrap)"
if [[ -z "$bwrap_path" ]]; then
echo "couldn't find bwrap -- not isolating network namespace."
elif [[ ! -u "$bwrap_path" ]]; then
echo "$bwrap_path isn't setuid -- not isolating network namespace."
else
echo "isolating network namespace..."
export AM_BWRAPPED=yes
exec $bwrap_path --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
echo "not isolating network namespace."
fi
fi
if [[ -z "${RETRIES_REMAINING-}" ]]; then
export RETRIES_REMAINING=2
fi

16
scripts/ocsp-stapling2.test
View File

@ -3,6 +3,22 @@
# ocsp-stapling2.test
# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
# if we can, isolate the network namespace to eliminate port collisions
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
bwrap_path="$(command -v bwrap)"
if [[ -z "$bwrap_path" ]]; then
echo "couldn't find bwrap -- not isolating network namespace."
elif [[ ! -u "$bwrap_path" ]]; then
echo "$bwrap_path isn't setuid -- not isolating network namespace."
else
echo "isolating network namespace..."
export AM_BWRAPPED=yes
exec $bwrap_path --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
echo "not isolating network namespace."
fi
fi
if [[ -z "${RETRIES_REMAINING-}" ]]; then
export RETRIES_REMAINING=2
fi