diff options
Diffstat (limited to 'tests/ocsp')
-rw-r--r-- | tests/ocsp/ocsp.sh | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/tests/ocsp/ocsp.sh b/tests/ocsp/ocsp.sh new file mode 100644 index 000000000..d6603eda0 --- /dev/null +++ b/tests/ocsp/ocsp.sh @@ -0,0 +1,118 @@ +#! /bin/bash +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +######################################################################## +# +# mozilla/security/nss/tests/ocsp/ocsp.sh +# +# Script to test NSS OCSP +# +# needs to work on all Unix and Windows platforms +# +# special strings +# --------------- +# FIXME ... known problems, search for this string +# NOTE .... unexpected behavior +# +######################################################################## + +############################## ssl_init ################################ +# local shell function to initialize this script +######################################################################## +ocsp_init() +{ + SCRIPTNAME=ocsp.sh # sourced - $0 would point to all.sh + + if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for + CLEANUP="${SCRIPTNAME}" # cleaning this script will do it + fi + + if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then + cd ../common + . ./init.sh + fi + if [ -z "${IOPR_OCSP_SOURCED}" ]; then + . ../iopr/ocsp_iopr.sh + fi + if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here + cd ../cert + . ./cert.sh + fi + SCRIPTNAME=ocsp.sh + echo "$SCRIPTNAME: OCSP tests ===============================" + + REQF=${QADIR}/ssl/sslreq.dat + + cd ${CLIENTDIR} +} + +ocsp_stapling() +{ + TESTNAME="startssl valid, supports OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF} + html_msg $? 0 "$TESTNAME" + + TESTNAME="startssl revoked, supports OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF} + html_msg $? 3 "$TESTNAME" + + TESTNAME="comodo trial test expired revoked, supports OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF} + html_msg $? 1 "$TESTNAME" + + TESTNAME="thawte (expired) valid, supports OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF} + html_msg $? 1 "$TESTNAME" + + TESTNAME="thawte (expired) revoked, supports OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF} + html_msg $? 1 "$TESTNAME" + + TESTNAME="digicert valid, supports OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF} + html_msg $? 0 "$TESTNAME" + + TESTNAME="digicert revoked, supports OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF} + html_msg $? 3 "$TESTNAME" + + TESTNAME="live valid, supports OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h login.live.com -p 443 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h login.live.com -p 443 -d . < ${REQF} + html_msg $? 0 "$TESTNAME" + + TESTNAME="startssl valid, doesn't support OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF} + html_msg $? 2 "$TESTNAME" + + TESTNAME="cacert untrusted, doesn't support OCSP stapling" + echo "$SCRIPTNAME: $TESTNAME" + echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h www.cacert.org -p 443 -d . < ${REQF}" + ${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h www.cacert.org -p 443 -d . < ${REQF} + html_msg $? 1 "$TESTNAME" +} + +################## main ################################################# +ocsp_init +ocsp_iopr_run +ocsp_stapling |