tests: added ECDSA OCSP response verification

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

4 files changed, 67 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 81e843b0fc..4c630b1ae0 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -36,6 +36,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \
 	rsa-md5-collision/colliding-chain-md5-2.pem rsa-md5-collision/colliding-chain-md5-1.pem \
 	ocsp-tests/certs/ocsp-amazon.com.der ocsp-tests/certs/chain-amazon.com.pem \
 	ocsp-tests/certs/chain-amazon.com-unsorted.pem \
+	ocsp-tests/certs/chain-akamai.com.pem ocsp-tests/certs/ocsp-akamai.com.der \
 	certs-interesting/README.md certs-interesting/cert1.der certs-interesting/cert1.der.err \
 	certs-interesting/cert2.der certs-interesting/cert2.der.err certs-interesting/cert3.der \
 	certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \
diff --git a/tests/ocsp-tests/certs/chain-akamai.com.pem b/tests/ocsp-tests/certs/chain-akamai.com.pem
new file mode 100644
index 0000000000..bcb506e1e7
--- /dev/null
+++ b/tests/ocsp-tests/certs/chain-akamai.com.pem
@@ -0,0 +1,54 @@
+-----BEGIN CERTIFICATE-----
+MIIEujCCBGCgAwIBAgIQY7nsfv+YgzXxE9Z9L4ZNNTAKBggqhkjOPQQDAjCBgDEL
+MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
+VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQDEyhTeW1hbnRlYyBD
+bGFzcyAzIEVDQyAyNTYgYml0IFNTTCBDQSAtIEcyMB4XDTE2MDcyODAwMDAwMFoX
+DTE3MDcyODIzNTk1OVoweTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1
+c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAGA1UECgwZQWthbWFpIFRlY2hu
+b2xvZ2llcywgSW5jLjEaMBgGA1UEAwwRYTI0OC5lLmFrYW1haS5uZXQwWTATBgcq
+hkjOPQIBBggqhkjOPQMBBwNCAAQCpvwTzWb1uqosqE52ItPukH6zYbx1GjvTx4Bg
+HGulRdgt9psnHybLLv404jXSmt1KkitP6xmokBA4qb1HZnQro4ICwDCCArwwbgYD
+VR0RBGcwZYIOKi5ha2FtYWloZC5uZXSCFiouYWthbWFpaGQtc3RhZ2luZy5uZXSC
+FyouYWthbWFpemVkLXN0YWdpbmcubmV0gg8qLmFrYW1haXplZC5uZXSCEWEyNDgu
+ZS5ha2FtYWkubmV0MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMGEGA1UdIARa
+MFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20v
+Y3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
+HwQkMCIwIKAeoByGGmh0dHA6Ly9yYy5zeW1jYi5jb20vcmMuY3JsMB0GA1UdJQQW
+MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQl8IrhS3rZAZUK7cZT
+8Yx4H9nz+DBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9yYy5z
+eW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9yYy5zeW1jYi5jb20vcmMuY3J0
+MIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHV
+XIiNPRHEzbbsvswAAAFWMxw8DAAABAMARzBFAiEA0jnhAc04ytMqwcpzdhepDolx
+k4/Ly01z7TbzhrdEm68CIDBoqkfHeUf/Egy4Dc6WtF7d4Yaz6VQwtPZtE62nYobW
+AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFWMxw8aQAABAMA
+RzBFAiEAtmv/WDAEkIzPoAmNg8rDB3hxjrqDE28O9ypcHfLfDKQCIAkexztlslo9
+vvg88draHLAFn6LehOKa+CDmG+7iBshSMAoGCCqGSM49BAMCA0gAMEUCIQCaLLx7
+OCmOUhNgoZX/s6pyGzE4p5dFiLJJm3u6dDw/jQIgS8vB1RZeveychMbXDPrx5y/W
+HvfPyxlCkvHQR9TX15o=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEajCCA1KgAwIBAgIQP5KHvp0dpKN6nfYoLndaxDANBgkqhkiG9w0BAQsFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMTUwNTEyMDAwMDAwWhcNMjUwNTExMjM1OTU5WjCBgDEL
+MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
+VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQDEyhTeW1hbnRlYyBD
+bGFzcyAzIEVDQyAyNTYgYml0IFNTTCBDQSAtIEcyMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEDxukkdfnrOfRTk63ZFvhj39uBNOrONtEt0Bcbb2WljffeYmGZ/ex
+Hwie/WM7RoyfvVPoFdyXPiuBRq2Gfw4BOaOCAV0wggFZMC4GCCsGAQUFBwEBBCIw
+IDAeBggrBgEFBQcwAYYSaHR0cDovL3Muc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwZQYDVR0gBF4wXDBaBgpghkgBhvhFAQc2MEwwIwYIKwYBBQUHAgEWF2h0
+dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5z
+eW1jYi5jb20vcnBhMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9zLnN5bWNiLmNv
+bS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKwYDVR0RBCQwIqQgMB4xHDAa
+BgNVBAMTE1NZTUMtRUNDLUNBLXAyNTYtMjIwHQYDVR0OBBYEFCXwiuFLetkBlQrt
+xlPxjHgf2fP4MB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
+SIb3DQEBCwUAA4IBAQAMMGUXBaWTdaLxsTGtcB/naqjIQrLvoV9NG+7MoHpGd/69
+dZ/h2zOy7sGFUHoG/0HGRA9rxT/5w5GkEVIVkxtWyIWWq6rs4CTZt8Bej/KHYRbo
+jtEDUkCTZSTLiCvguPyvinXgxy+LHT+PmdtEfXsvcdbeBSWUYpOsDYvD2hNtz9dw
+Od5nBosMApmdxt+z7LQyZu8wMnfI1U6IMO+RWowxZ8uy0oswdFYd32l9xe+aAE/k
+y9alLu/M9pvxiUKufqHJRgDBKA6uDjHLMPX+/nxXaNCPX3SI4KVZ1stHQ/U5oNlM
+dHN9umAvlU313g0IgJrjsQ2nIdf9dsdP+6lrmP7s
+-----END CERTIFICATE-----
diff --git a/tests/ocsp-tests/certs/ocsp-akamai.com.der b/tests/ocsp-tests/certs/ocsp-akamai.com.der
new file mode 100644
index 0000000000..0687207178
--- /dev/null
+++ b/tests/ocsp-tests/certs/ocsp-akamai.com.der
diff --git a/tests/ocsp-tests/ocsp-load-chain b/tests/ocsp-tests/ocsp-load-chain
index 88529a1138..304781043e 100755
--- a/tests/ocsp-tests/ocsp-load-chain
+++ b/tests/ocsp-tests/ocsp-load-chain
@@ -53,7 +53,18 @@ rc=$?
 
 # We're done.
 if test "${rc}" != "0"; then
-	echo "Test 1 - Amazon OCSP response verification - failed"
+	echo "Test 2 - Amazon OCSP response verification - failed"
+	exit ${rc}
+fi
+
+# verify an OCSP response using ECDSA
+datefudge -s "2017-06-29" \
+	"${OCSPTOOL}" -d 6 -e --load-chain "${srcdir}/ocsp-tests/certs/chain-akamai.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-akamai.com.der"
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 3 - Akamai (ECDSA) OCSP response verification - failed"
 	exit ${rc}
 fi