diff options
| author | inoguchi <> | 2019-06-24 15:17:36 +0000 |
|---|---|---|
| committer | inoguchi <> | 2019-06-24 15:17:36 +0000 |
| commit | 98848d29bcaf2014e8ea87b920bdb3d3fca7cc6f (patch) | |
| tree | 037a35fbfd0d8b0bbeb1df7a5e40970e45231f1a | |
| parent | f01cfee1e4b22d2a5fbeeb5b0107bc4797473a8e (diff) | |
| download | openbsd-98848d29bcaf2014e8ea87b920bdb3d3fca7cc6f.tar.gz openbsd-98848d29bcaf2014e8ea87b920bdb3d3fca7cc6f.tar.bz2 openbsd-98848d29bcaf2014e8ea87b920bdb3d3fca7cc6f.zip | |
Add more options test to ocsp in appstest.sh
| -rwxr-xr-x | src/regress/usr.bin/openssl/appstest.sh | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh index 57f4cdf17b..d1a81f7883 100755 --- a/src/regress/usr.bin/openssl/appstest.sh +++ b/src/regress/usr.bin/openssl/appstest.sh | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | # | 2 | # |
| 3 | # $OpenBSD: appstest.sh,v 1.20 2019/06/23 05:05:07 inoguchi Exp $ | 3 | # $OpenBSD: appstest.sh,v 1.21 2019/06/24 15:17:36 inoguchi Exp $ |
| 4 | # | 4 | # |
| 5 | # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> | 5 | # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> |
| 6 | # | 6 | # |
| @@ -959,12 +959,21 @@ function test_ocsp { | |||
| 959 | # --- OCSP operations --- | 959 | # --- OCSP operations --- |
| 960 | section_message "OCSP operations" | 960 | section_message "OCSP operations" |
| 961 | 961 | ||
| 962 | # get key without pass | ||
| 963 | user1_key_nopass=$user1_dir/user1_key_nopass.pem | ||
| 964 | $openssl_bin pkey -in $user1_key -passin pass:$user1_pass \ | ||
| 965 | -out $user1_key_nopass | ||
| 966 | check_exit_status $? | ||
| 967 | |||
| 962 | # request | 968 | # request |
| 963 | start_message "ocsp ... create OCSP request" | 969 | start_message "ocsp ... create OCSP request" |
| 964 | 970 | ||
| 965 | ocsp_req=$user1_dir/ocsp_req.der | 971 | ocsp_req=$user1_dir/ocsp_req.der |
| 966 | $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ | 972 | $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ |
| 967 | -cert $revoke_cert -CAfile $ca_cert -reqout $ocsp_req | 973 | -cert $revoke_cert -serial 1 -nonce -no_certs -CAfile $ca_cert \ |
| 974 | -signer $user1_cert -signkey $user1_key_nopass \ | ||
| 975 | -sign_other $user1_cert -sha256 \ | ||
| 976 | -reqout $ocsp_req -req_text -out $ocsp_req.out | ||
| 968 | check_exit_status $? | 977 | check_exit_status $? |
| 969 | 978 | ||
| 970 | # response | 979 | # response |
| @@ -973,7 +982,9 @@ function test_ocsp { | |||
| 973 | ocsp_res=$user1_dir/ocsp_res.der | 982 | ocsp_res=$user1_dir/ocsp_res.der |
| 974 | $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ | 983 | $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ |
| 975 | -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ | 984 | -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ |
| 976 | -reqin $ocsp_req -respout $ocsp_res -text > $ocsp_res.out 2>&1 | 985 | -reqin $ocsp_req -rother $ocsp_cert -resp_no_certs -noverify \ |
| 986 | -nmin 60 -validity_period 300 -status_age 300 \ | ||
| 987 | -respout $ocsp_res -resp_text -out $ocsp_res.out | ||
| 977 | check_exit_status $? | 988 | check_exit_status $? |
| 978 | 989 | ||
| 979 | # ocsp server | 990 | # ocsp server |
| @@ -981,9 +992,11 @@ function test_ocsp { | |||
| 981 | 992 | ||
| 982 | ocsp_port=8888 | 993 | ocsp_port=8888 |
| 983 | 994 | ||
| 995 | ocsp_svr_log=$user1_dir/ocsp_svr.log | ||
| 984 | $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ | 996 | $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ |
| 985 | -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ | 997 | -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ |
| 986 | -port '*:'$ocsp_port -nrequest 1 & | 998 | -host localhost -port $ocsp_port -path / -ndays 1 -nrequest 1 \ |
| 999 | -resp_key_id -text -out $ocsp_svr_log & | ||
| 987 | check_exit_status $? | 1000 | check_exit_status $? |
| 988 | ocsp_svr_pid=$! | 1001 | ocsp_svr_pid=$! |
| 989 | echo "ocsp server pid = [ $ocsp_svr_pid ]" | 1002 | echo "ocsp server pid = [ $ocsp_svr_pid ]" |
| @@ -994,9 +1007,19 @@ function test_ocsp { | |||
| 994 | 1007 | ||
| 995 | ocsp_qry=$user1_dir/ocsp_qry.der | 1008 | ocsp_qry=$user1_dir/ocsp_qry.der |
| 996 | $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ | 1009 | $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ |
| 997 | -cert $revoke_cert -CAfile $ca_cert \ | 1010 | -cert $revoke_cert -CAfile $ca_cert -no_nonce \ |
| 998 | -url http://localhost:$ocsp_port -resp_text \ | 1011 | -url http://localhost:$ocsp_port -timeout 10 -text \ |
| 999 | -respout $ocsp_qry > $ocsp_qry.out 2>&1 | 1012 | -header Host localhost \ |
| 1013 | -respout $ocsp_qry -out $ocsp_qry.out | ||
| 1014 | check_exit_status $? | ||
| 1015 | |||
| 1016 | # verify response from server | ||
| 1017 | start_message "ocsp ... verify OCSP response from server" | ||
| 1018 | |||
| 1019 | $openssl_bin ocsp -respin $ocsp_qry -CAfile $ca_cert \ | ||
| 1020 | -ignore_err -no_signature_verify -no_cert_verify -no_chain \ | ||
| 1021 | -no_cert_checks -no_explicit -trust_other -no_intern \ | ||
| 1022 | -verify_other $ocsp_cert -VAfile $ocsp_cert | ||
| 1000 | check_exit_status $? | 1023 | check_exit_status $? |
| 1001 | } | 1024 | } |
| 1002 | 1025 | ||