tests: enable ocsp-must-staple-connection check

3 files changed, 26 insertions, 15 deletions

diff --git a/tests/ocsp-tests/Makefile.am b/tests/ocsp-tests/Makefile.am
index 3a9be615f3..e1a82745c1 100644
--- a/tests/ocsp-tests/Makefile.am
+++ b/tests/ocsp-tests/Makefile.am
@@ -24,7 +24,11 @@ EXTRA_DIST = certs/ca.key certs/ca.pem certs/ocsp-server.key certs/ocsp-server.p
 	certs/server_good.key certs/server_bad.key certs/server_good.template \
 	certs/server_bad.template certs/ocsp-staple-unrelated.der
 
-dist_check_SCRIPTS = ocsp-test ocsp-tls-connection
+dist_check_SCRIPTS = ocsp-test
+
+if !WINDOWS
+dist_check_SCRIPTS += ocsp-tls-connection ocsp-must-staple-connection
+endif
 
 TESTS = $(dist_check_SCRIPTS)
 
diff --git a/tests/ocsp-tests/ocsp-must-staple-connection b/tests/ocsp-tests/ocsp-must-staple-connection
index 3fab7f8e6c..2df3af1263 100755
--- a/tests/ocsp-tests/ocsp-must-staple-connection
+++ b/tests/ocsp-tests/ocsp-must-staple-connection
@@ -31,6 +31,10 @@ OCSP_REQ_FILE="ms-req.$$.tmp"
 
 export TZ="UTC"
 
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
 . "${srcdir}/../scripts/common.sh"
 
 eval "${GETPORT}"
@@ -52,13 +56,6 @@ if ! test -x "${OPENSSL}"; then
     exit 77
 fi
 
-# Check for netcat
-NETCAT=`which nc`
-if ! test -x "${NETCAT}"; then
-    echo "You need nc to run this test."
-    exit 77
-fi
-
 # Check for datefudge
 TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
 if test "$TSTAMP" != "1158969600"; then
@@ -100,6 +97,11 @@ datefudge -s "${CERTDATE}" ${CERTTOOL} \
 
 echo "=== Bringing OCSP server up ==="
 
+INDEXFILE="ocsp_index.txt"
+ATTRFILE="${INDEXFILE}.attr"
+cp "${srcdir}/certs/ocsp_index.txt" ${INDEXFILE}
+cp "${srcdir}/certs/ocsp_index.txt.attr" ${ATTRFILE}
+
 # Start OpenSSL OCSP server
 #
 # WARNING: As of version 1.0.2g, OpenSSL OCSP cannot bind the TCP port
@@ -108,7 +110,7 @@ echo "=== Bringing OCSP server up ==="
 PORT=${OCSP_PORT}
 launch_bare_server $$ \
 	  datefudge "${TESTDATE}" \
-	  "${OPENSSL}" ocsp -index "${srcdir}/certs/ocsp_index.txt" -text \
+	  "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \
 	  -port "${OCSP_PORT}" \
 	  -rsigner "${srcdir}/certs/ocsp-server.pem" \
 	  -rkey "${srcdir}/certs/ocsp-server.key" \
@@ -124,7 +126,7 @@ t=0
 while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do
     # Run a test request to make sure the server works
     datefudge "${TESTDATE}" \
-	      "${OCSPTOOL}" --ask \
+	      ${VALGRIND} "${OCSPTOOL}" --ask \
 	      --load-cert "${SERVER_CERT_FILE}" \
 	      --load-issuer "${srcdir}/certs/ca.pem" \
 	      --outfile "${OCSP_RESPONSE_FILE}"
@@ -284,9 +286,9 @@ rm -f "${OCSP_RESPONSE_FILE}"
 
 # Generate an OCSP response which expires in 2 days and use it after
 # a month.
-${OCSPTOOL} --generate-request --load-issuer "${srcdir}/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}"
+${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}"
 datefudge -s ${EXP_OCSP_DATE} \
-	${OPENSSL} ocsp -index certs/ocsp_index.txt -rsigner "${srcdir}/certs/ocsp-server.pem" -rkey "${srcdir}/certs/ocsp-server.key" -CA "${srcdir}/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2
+	${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/certs/ocsp-server.pem" -rkey "${srcdir}/certs/ocsp-server.key" -CA "${srcdir}/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2
 
 eval "${GETPORT}"
 # Port for gnutls-serv
@@ -327,9 +329,9 @@ echo "=== Test 6: Server with valid certificate - old staple ==="
 
 rm -f "${OCSP_RESPONSE_FILE}"
 
-${OCSPTOOL} --generate-request --load-issuer "${srcdir}/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}"
+${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}"
 datefudge -s ${EXP_OCSP_DATE} \
-	${OPENSSL} ocsp -index certs/ocsp_index.txt -rsigner "${srcdir}/certs/ocsp-server.pem" -rkey "${srcdir}/certs/ocsp-server.key" -CA "${srcdir}/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}"
+	${OPENSSL} ocsp -index ${INDEXFILE} -rsigner "${srcdir}/certs/ocsp-server.pem" -rkey "${srcdir}/certs/ocsp-server.key" -CA "${srcdir}/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}"
 
 eval "${GETPORT}"
 # Port for gnutls-serv
@@ -371,5 +373,6 @@ rm -f "${OCSP_RESPONSE_FILE}"
 rm -f "${OCSP_REQ_FILE}"
 rm -f "${SERVER_CERT_FILE}"
 rm -f "${TEMPLATE_FILE}"
+rm -f "${INDEXFILE}" "${ATTRFILE}"
 
 exit 0
diff --git a/tests/ocsp-tests/ocsp-tls-connection b/tests/ocsp-tests/ocsp-tls-connection
index 580743a9c1..8a73f98650 100755
--- a/tests/ocsp-tests/ocsp-tls-connection
+++ b/tests/ocsp-tests/ocsp-tls-connection
@@ -30,6 +30,10 @@ DIFF="${DIFF:-diff}"
 TEMPLATE_FILE="out.$$.tmpl.tmp"
 SERVER_CERT_FILE="cert.$$.pem.tmp"
 
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
 export TZ="UTC"
 
 . "${srcdir}/../scripts/common.sh"
@@ -114,7 +118,7 @@ t=0
 while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do
     # Run a test request to make sure the server works
     datefudge "${TESTDATE}" \
-	      "${OCSPTOOL}" --ask \
+	      ${VALGRIND} "${OCSPTOOL}" --ask \
 	      --load-cert "${SERVER_CERT_FILE}" \
 	      --load-issuer "${srcdir}/certs/ca.pem"
     rc=$?