diff options
| author | Kinichiro Inoguchi <inoguchi@cvs.openbsd.org> | 2019-06-24 15:17:37 +0000 |
|---|---|---|
| committer | Kinichiro Inoguchi <inoguchi@cvs.openbsd.org> | 2019-06-24 15:17:37 +0000 |
| commit | 716061f62c93997598968d9eaaaa1d681a003de0 (patch) | |
| tree | 4d0ab6c691574daff2cb52cd38d40739a2869a9a /regress/usr.bin/openssl | |
| parent | f04d5bb436765490605b35bb757907e0a83e6ee3 (diff) | |
Add more options test to ocsp in appstest.sh
Diffstat (limited to 'regress/usr.bin/openssl')
| -rwxr-xr-x | regress/usr.bin/openssl/appstest.sh | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/regress/usr.bin/openssl/appstest.sh b/regress/usr.bin/openssl/appstest.sh index 57f4cdf17ba..d1a81f78839 100755 --- a/regress/usr.bin/openssl/appstest.sh +++ b/regress/usr.bin/openssl/appstest.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $OpenBSD: appstest.sh,v 1.20 2019/06/23 05:05:07 inoguchi Exp $ +# $OpenBSD: appstest.sh,v 1.21 2019/06/24 15:17:36 inoguchi Exp $ # # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> # @@ -959,12 +959,21 @@ function test_ocsp { # --- OCSP operations --- section_message "OCSP operations" + # get key without pass + user1_key_nopass=$user1_dir/user1_key_nopass.pem + $openssl_bin pkey -in $user1_key -passin pass:$user1_pass \ + -out $user1_key_nopass + check_exit_status $? + # request start_message "ocsp ... create OCSP request" ocsp_req=$user1_dir/ocsp_req.der $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ - -cert $revoke_cert -CAfile $ca_cert -reqout $ocsp_req + -cert $revoke_cert -serial 1 -nonce -no_certs -CAfile $ca_cert \ + -signer $user1_cert -signkey $user1_key_nopass \ + -sign_other $user1_cert -sha256 \ + -reqout $ocsp_req -req_text -out $ocsp_req.out check_exit_status $? # response @@ -973,7 +982,9 @@ function test_ocsp { ocsp_res=$user1_dir/ocsp_res.der $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ - -reqin $ocsp_req -respout $ocsp_res -text > $ocsp_res.out 2>&1 + -reqin $ocsp_req -rother $ocsp_cert -resp_no_certs -noverify \ + -nmin 60 -validity_period 300 -status_age 300 \ + -respout $ocsp_res -resp_text -out $ocsp_res.out check_exit_status $? # ocsp server @@ -981,9 +992,11 @@ function test_ocsp { ocsp_port=8888 + ocsp_svr_log=$user1_dir/ocsp_svr.log $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ - -port '*:'$ocsp_port -nrequest 1 & + -host localhost -port $ocsp_port -path / -ndays 1 -nrequest 1 \ + -resp_key_id -text -out $ocsp_svr_log & check_exit_status $? ocsp_svr_pid=$! echo "ocsp server pid = [ $ocsp_svr_pid ]" @@ -994,9 +1007,19 @@ function test_ocsp { ocsp_qry=$user1_dir/ocsp_qry.der $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \ - -cert $revoke_cert -CAfile $ca_cert \ - -url http://localhost:$ocsp_port -resp_text \ - -respout $ocsp_qry > $ocsp_qry.out 2>&1 + -cert $revoke_cert -CAfile $ca_cert -no_nonce \ + -url http://localhost:$ocsp_port -timeout 10 -text \ + -header Host localhost \ + -respout $ocsp_qry -out $ocsp_qry.out + check_exit_status $? + + # verify response from server + start_message "ocsp ... verify OCSP response from server" + + $openssl_bin ocsp -respin $ocsp_qry -CAfile $ca_cert \ + -ignore_err -no_signature_verify -no_cert_verify -no_chain \ + -no_cert_checks -no_explicit -trust_other -no_intern \ + -verify_other $ocsp_cert -VAfile $ocsp_cert check_exit_status $? } |