c71f730d67
1. Made killing the OCSP server process more reliable. 2. Added attr files for the OSCP status files. Bare minimum attr. 3. Added a NL to the error string from the client regarding external tests.
87 lines
2.8 KiB
Bash
Executable File
87 lines
2.8 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# ocsp-stapling.test
|
|
|
|
cleanup()
|
|
{
|
|
for i in $(jobs -pr)
|
|
do
|
|
kill -s HUP "$i"
|
|
done
|
|
}
|
|
trap cleanup EXIT INT TERM HUP
|
|
|
|
server=login.live.com
|
|
ca=certs/external/baltimore-cybertrust-root.pem
|
|
|
|
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
|
|
./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!'
|
|
if [ $? -eq 0 ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# is our desired server there? - login.live.com doesn't answers PING
|
|
#./scripts/ping.test $server 2
|
|
|
|
# client test against the server
|
|
./examples/client/client -C -h $server -p 443 -A $ca -g -W 1
|
|
RESULT=$?
|
|
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
|
|
|
|
|
# Test with example server
|
|
|
|
./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!'
|
|
if [ $? -eq 0 ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# setup ocsp responder
|
|
# OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh &
|
|
# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
|
|
# purposes!
|
|
openssl ocsp -port 22221 -nmin 1 \
|
|
-index certs/ocsp/index-intermediate1-ca-issued-certs.txt \
|
|
-rsigner certs/ocsp/ocsp-responder-cert.pem \
|
|
-rkey certs/ocsp/ocsp-responder-key.pem \
|
|
-CA certs/ocsp/intermediate1-ca-cert.pem \
|
|
"$@" &
|
|
|
|
sleep 1
|
|
# "jobs" is not portable for posix. Must use bash interpreter!
|
|
[ $(jobs -r | wc -l) -ne 1 ] && echo -e "\n\nSetup ocsp responder failed, skipping" && exit 0
|
|
|
|
# client test against our own server - GOOD CERT
|
|
./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem &
|
|
sleep 1
|
|
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
|
RESULT=$?
|
|
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
|
|
|
# client test against our own server - REVOKED CERT
|
|
./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem &
|
|
sleep 1
|
|
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
|
|
RESULT=$?
|
|
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
|
|
|
|
|
./examples/client/client -v 4 2>&1 | grep -- 'Bad SSL version'
|
|
if [ $? -ne 0 ]; then
|
|
# client test against our own server - GOOD CERT
|
|
./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem -v 4 &
|
|
sleep 1
|
|
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1
|
|
RESULT=$?
|
|
[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
|
|
|
|
# client test against our own server - REVOKED CERT
|
|
./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem -v 4 &
|
|
sleep 1
|
|
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1
|
|
RESULT=$?
|
|
[ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
|
|
fi
|
|
|
|
exit 0
|