From 9ecdccbcaf89adac0fbb5522c72cbc09fe5b01e2 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 24 Aug 2016 14:09:13 +0200 Subject: tests: enable ocsp-must-staple-connection check --- tests/ocsp-tests/Makefile.am | 6 +++++- tests/ocsp-tests/ocsp-must-staple-connection | 29 +++++++++++++++------------- tests/ocsp-tests/ocsp-tls-connection | 6 +++++- 3 files changed, 26 insertions(+), 15 deletions(-) diff --git a/tests/ocsp-tests/Makefile.am b/tests/ocsp-tests/Makefile.am index 3a9be615f3..e1a82745c1 100644 --- a/tests/ocsp-tests/Makefile.am +++ b/tests/ocsp-tests/Makefile.am @@ -24,7 +24,11 @@ EXTRA_DIST = certs/ca.key certs/ca.pem certs/ocsp-server.key certs/ocsp-server.p certs/server_good.key certs/server_bad.key certs/server_good.template \ certs/server_bad.template certs/ocsp-staple-unrelated.der -dist_check_SCRIPTS = ocsp-test ocsp-tls-connection +dist_check_SCRIPTS = ocsp-test + +if !WINDOWS +dist_check_SCRIPTS += ocsp-tls-connection ocsp-must-staple-connection +endif TESTS = $(dist_check_SCRIPTS) diff --git a/tests/ocsp-tests/ocsp-must-staple-connection b/tests/ocsp-tests/ocsp-must-staple-connection index 3fab7f8e6c..2df3af1263 100755 --- a/tests/ocsp-tests/ocsp-must-staple-connection +++ b/tests/ocsp-tests/ocsp-must-staple-connection @@ -31,6 +31,10 @@ OCSP_REQ_FILE="ms-req.$$.tmp" export TZ="UTC" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + . "${srcdir}/../scripts/common.sh" eval "${GETPORT}" @@ -52,13 +56,6 @@ if ! test -x "${OPENSSL}"; then exit 77 fi -# Check for netcat -NETCAT=`which nc` -if ! test -x "${NETCAT}"; then - echo "You need nc to run this test." - exit 77 -fi - # Check for datefudge TSTAMP=`datefudge "2006-09-23" date -u +%s || true` if test "$TSTAMP" != "1158969600"; then @@ -100,6 +97,11 @@ datefudge -s "${CERTDATE}" ${CERTTOOL} \ echo "=== Bringing OCSP server up ===" +INDEXFILE="ocsp_index.txt" +ATTRFILE="${INDEXFILE}.attr" +cp "${srcdir}/certs/ocsp_index.txt" ${INDEXFILE} +cp "${srcdir}/certs/ocsp_index.txt.attr" ${ATTRFILE} + # Start OpenSSL OCSP server # # WARNING: As of version 1.0.2g, OpenSSL OCSP cannot bind the TCP port @@ -108,7 +110,7 @@ echo "=== Bringing OCSP server up ===" PORT=${OCSP_PORT} launch_bare_server $$ \ datefudge "${TESTDATE}" \ - "${OPENSSL}" ocsp -index "${srcdir}/certs/ocsp_index.txt" -text \ + "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ -port "${OCSP_PORT}" \ -rsigner "${srcdir}/certs/ocsp-server.pem" \ -rkey "${srcdir}/certs/ocsp-server.key" \ @@ -124,7 +126,7 @@ t=0 while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do # Run a test request to make sure the server works datefudge "${TESTDATE}" \ - "${OCSPTOOL}" --ask \ + ${VALGRIND} "${OCSPTOOL}" --ask \ --load-cert "${SERVER_CERT_FILE}" \ --load-issuer "${srcdir}/certs/ca.pem" \ --outfile "${OCSP_RESPONSE_FILE}" @@ -284,9 +286,9 @@ rm -f "${OCSP_RESPONSE_FILE}" # Generate an OCSP response which expires in 2 days and use it after # a month. -${OCSPTOOL} --generate-request --load-issuer "${srcdir}/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" +${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" datefudge -s ${EXP_OCSP_DATE} \ - ${OPENSSL} ocsp -index certs/ocsp_index.txt -rsigner "${srcdir}/certs/ocsp-server.pem" -rkey "${srcdir}/certs/ocsp-server.key" -CA "${srcdir}/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2 + ${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/certs/ocsp-server.pem" -rkey "${srcdir}/certs/ocsp-server.key" -CA "${srcdir}/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2 eval "${GETPORT}" # Port for gnutls-serv @@ -327,9 +329,9 @@ echo "=== Test 6: Server with valid certificate - old staple ===" rm -f "${OCSP_RESPONSE_FILE}" -${OCSPTOOL} --generate-request --load-issuer "${srcdir}/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" +${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" datefudge -s ${EXP_OCSP_DATE} \ - ${OPENSSL} ocsp -index certs/ocsp_index.txt -rsigner "${srcdir}/certs/ocsp-server.pem" -rkey "${srcdir}/certs/ocsp-server.key" -CA "${srcdir}/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" + ${OPENSSL} ocsp -index ${INDEXFILE} -rsigner "${srcdir}/certs/ocsp-server.pem" -rkey "${srcdir}/certs/ocsp-server.key" -CA "${srcdir}/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" eval "${GETPORT}" # Port for gnutls-serv @@ -371,5 +373,6 @@ rm -f "${OCSP_RESPONSE_FILE}" rm -f "${OCSP_REQ_FILE}" rm -f "${SERVER_CERT_FILE}" rm -f "${TEMPLATE_FILE}" +rm -f "${INDEXFILE}" "${ATTRFILE}" exit 0 diff --git a/tests/ocsp-tests/ocsp-tls-connection b/tests/ocsp-tests/ocsp-tls-connection index 580743a9c1..8a73f98650 100755 --- a/tests/ocsp-tests/ocsp-tls-connection +++ b/tests/ocsp-tests/ocsp-tls-connection @@ -30,6 +30,10 @@ DIFF="${DIFF:-diff}" TEMPLATE_FILE="out.$$.tmpl.tmp" SERVER_CERT_FILE="cert.$$.pem.tmp" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + export TZ="UTC" . "${srcdir}/../scripts/common.sh" @@ -114,7 +118,7 @@ t=0 while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do # Run a test request to make sure the server works datefudge "${TESTDATE}" \ - "${OCSPTOOL}" --ask \ + ${VALGRIND} "${OCSPTOOL}" --ask \ --load-cert "${SERVER_CERT_FILE}" \ --load-issuer "${srcdir}/certs/ca.pem" rc=$? -- cgit v1.2.1