Home Explore Help
Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

add simple ocsp response der verify test case

JacobBarthelmeh 2 years ago
parent
a7f86f9473
commit
5b5f673c51
4 changed files with 56 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      certs/ocsp/include.am
  2. 11 0
      certs/ocsp/renewcerts.sh
  3. BIN
      certs/ocsp/test-response.der
  4. 43 0
      tests/api.c

+ 2 - 1
certs/ocsp/include.am
View File 

@@ -32,4 +32,5 @@ EXTRA_DIST += \
 
         certs/ocsp/server5-key.pem \
 
         certs/ocsp/server5-cert.pem \
 
         certs/ocsp/root-ca-key.pem \
 
-        certs/ocsp/root-ca-cert.pem
 
+        certs/ocsp/root-ca-cert.pem \
 
+        certs/ocsp/test-response.der

+ 11 - 0
certs/ocsp/renewcerts.sh
View File 

@@ -79,3 +79,14 @@ update_cert server2          "www2.wolfssl.com"                intermediate1-ca
 
 update_cert server3          "www3.wolfssl.com"                intermediate2-ca v3_req2 07
 
 update_cert server4          "www4.wolfssl.com"                intermediate2-ca v3_req2 08 # REVOKED
 
 update_cert server5          "www5.wolfssl.com"                intermediate3-ca v3_req3 09
 
+
 
+
 
+# Create response DER buffer for test
 
+openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem &
 
+PID=$!
 
+
 
+openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -url http://localhost:22221/ -respout test-response.der
 
+
 
+kill $PID
 
+wait $PID
 
+

BIN
certs/ocsp/test-response.der
View File


+ 43 - 0
tests/api.c
View File 

@@ -1403,6 +1403,48 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
 
     return 0;
 
 }
 
 
+static void test_wolfSSL_CheckOCSPResponse(void)
 
+{
 
+#if defined(HAVE_OCSP) && !defined(NO_RSA) && defined(OPENSSL_ALL)
 
+    const char* responseFile = "./certs/ocsp/test-response.der";
 
+    const char* caFile = "./certs/ocsp/root-ca-cert.pem";
 
+    OcspResponse* res = NULL;
 
+    byte data[4096];
 
+    const unsigned char* pt;
 
+    int  dataSz;
 
+    XFILE f;
 
+    WOLFSSL_OCSP_BASICRESP* bs;
 
+    WOLFSSL_X509_STORE* st;
 
+    WOLFSSL_X509* issuer;
 
+
 
+
 
+    printf(testingFmt, "wolfSSL_CheckOCSPResponse()");
 
+
 
+    f = XFOPEN(responseFile, "rb");
 
+    AssertTrue(f != XBADFILE);
 
+    dataSz = (word32)XFREAD(data, 1, sizeof(data), f);
 
+    AssertIntGT(dataSz, 0);
 
+    XFCLOSE(f);
 
+
 
+    pt = data;
 
+    res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz);
 
+    AssertNotNull(res);
 
+    issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM);
 
+    AssertNotNull(issuer);
 
+    st = wolfSSL_X509_STORE_new();
 
+    AssertNotNull(st);
 
+    AssertIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS);
 
+    bs = wolfSSL_OCSP_response_get1_basic(res);
 
+    AssertNotNull(bs);
 
+    AssertIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS);
 
+    wolfSSL_OCSP_RESPONSE_free(res);
 
+    wolfSSL_X509_STORE_free(st);
 
+    wolfSSL_X509_free(issuer);
 
+
 
+    printf(resultFmt, passed);
 
+#endif /* HAVE_OCSP */
 
+}
 
+
 
 static int test_wolfSSL_CertManagerLoadCABuffer(void)
 
 {
 
     int ret;
 
@@ -57441,6 +57483,7 @@ TEST_CASE testCases[] = {
 
     TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file),
 
     TEST_DECL(test_wolfSSL_CTX_load_verify_locations),
 
     TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse),
 
+    TEST_DECL(test_wolfSSL_CheckOCSPResponse),
 
     TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer),
 
     TEST_DECL(test_wolfSSL_CertManagerGetCerts),
 
     TEST_DECL(test_wolfSSL_CertManagerSetVerify),