1
0

ocsp-stapling2.test 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504
  1. #!/bin/bash
  2. # ocsp-stapling2.test
  3. # Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
  4. SCRIPT_DIR="$(dirname "$0")"
  5. # if we can, isolate the network namespace to eliminate port collisions.
  6. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
  7. if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
  8. export NETWORK_UNSHARE_HELPER_CALLED=yes
  9. exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
  10. fi
  11. elif [ "${AM_BWRAPPED-}" != "yes" ]; then
  12. bwrap_path="$(command -v bwrap)"
  13. if [ -n "$bwrap_path" ]; then
  14. export AM_BWRAPPED=yes
  15. exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
  16. fi
  17. unset AM_BWRAPPED
  18. fi
  19. if [[ -z "${RETRIES_REMAINING-}" ]]; then
  20. export RETRIES_REMAINING=2
  21. fi
  22. if ! ./examples/client/client -V | grep -q 3; then
  23. echo 'skipping ocsp-stapling2.test because TLS1.2 is not available.' 1>&2
  24. exit 77
  25. fi
  26. if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then
  27. echo 'skipping oscp-stapling2.test because WOLFSSL_SNIFFER defined.'
  28. exit 77
  29. fi
  30. if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then
  31. IPV6_SUPPORTED=yes
  32. else
  33. IPV6_SUPPORTED=no
  34. fi
  35. if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then
  36. if [[ "$IPV6_SUPPORTED" == "no" ]]; then
  37. echo 'Skipping IPV6 test in environment lacking IPV6 support.'
  38. exit 0
  39. fi
  40. LOCALHOST='[::1]'
  41. LOCALHOST_FOR_NC='-6 ::1'
  42. else
  43. LOCALHOST='127.0.0.1'
  44. LOCALHOST_FOR_NC='127.0.0.1'
  45. fi
  46. PARENTDIR="$PWD"
  47. # create a unique workspace directory ending in PID for the script instance ($$)
  48. # to make this instance orthogonal to any others running, even on same repo.
  49. # TCP ports are also carefully formed below from the PID, to minimize conflicts.
  50. WORKSPACE="${PARENTDIR}/workspace.pid$$"
  51. mkdir "${WORKSPACE}" || exit $?
  52. cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $?
  53. cd "$WORKSPACE" || exit $?
  54. ln -s ../examples
  55. CERT_DIR="certs/ocsp"
  56. ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$
  57. ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$
  58. ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$
  59. ready_file4="$WORKSPACE"/wolf_ocsp_s2_readyF4$$
  60. ready_file5="$WORKSPACE"/wolf_ocsp_s2_readyF5$$
  61. printf '%s\n' "ready file 1: $ready_file1"
  62. printf '%s\n' "ready file 2: $ready_file2"
  63. printf '%s\n' "ready file 3: $ready_file3"
  64. printf '%s\n' "ready file 4: $ready_file4"
  65. printf '%s\n' "ready file 5: $ready_file5"
  66. test_cnf="ocsp_s2.cnf"
  67. wait_for_readyFile(){
  68. counter=0
  69. while [ ! -s $1 -a "$counter" -lt 20 ]; do
  70. if [[ -n "${2-}" ]]; then
  71. if ! kill -0 $2 2>&-; then
  72. echo "pid $2 for port ${3-} exited before creating ready file. bailing..."
  73. exit 1
  74. fi
  75. fi
  76. echo -e "waiting for ready file..."
  77. sleep 0.1
  78. counter=$((counter+ 1))
  79. done
  80. if test -e $1; then
  81. echo -e "found ready file, starting client..."
  82. else
  83. echo -e "NO ready file at $1 -- ending test..."
  84. exit 1
  85. fi
  86. }
  87. remove_single_rF(){
  88. if test -e $1; then
  89. printf '%s\n' "removing ready file: $1"
  90. rm $1
  91. fi
  92. }
  93. #create a configure file for cert generation with the port 0 solution
  94. create_new_cnf() {
  95. printf '%s\n' "Random Ports Selected: $1 $2 $3 $4"
  96. printf '%s\n' "#" > $test_cnf
  97. printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf
  98. printf '%s\n' "#" >> $test_cnf
  99. printf '%s\n' "" >> $test_cnf
  100. printf '%s\n' "# Extensions to add to a certificate request (intermediate1-ca)" >> $test_cnf
  101. printf '%s\n' "[ v3_req1 ]" >> $test_cnf
  102. printf '%s\n' "basicConstraints = CA:false" >> $test_cnf
  103. printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf
  104. printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
  105. printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf
  106. printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1" >> $test_cnf
  107. printf '%s\n' "" >> $test_cnf
  108. printf '%s\n' "# Extensions to add to a certificate request (intermediate2-ca)" >> $test_cnf
  109. printf '%s\n' "[ v3_req2 ]" >> $test_cnf
  110. printf '%s\n' "basicConstraints = CA:false" >> $test_cnf
  111. printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf
  112. printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
  113. printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf
  114. printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$2" >> $test_cnf
  115. printf '%s\n' "" >> $test_cnf
  116. printf '%s\n' "# Extensions to add to a certificate request (intermediate3-ca)" >> $test_cnf
  117. printf '%s\n' "[ v3_req3 ]" >> $test_cnf
  118. printf '%s\n' "basicConstraints = CA:false" >> $test_cnf
  119. printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf
  120. printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
  121. printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf
  122. printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$3" >> $test_cnf
  123. printf '%s\n' "" >> $test_cnf
  124. printf '%s\n' "# Extensions for a typical CA" >> $test_cnf
  125. printf '%s\n' "[ v3_ca ]" >> $test_cnf
  126. printf '%s\n' "basicConstraints = CA:true" >> $test_cnf
  127. printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf
  128. printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
  129. printf '%s\n' "keyUsage = keyCertSign, cRLSign" >> $test_cnf
  130. printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$4" >> $test_cnf
  131. printf '%s\n' "" >> $test_cnf
  132. printf '%s\n' "# OCSP extensions." >> $test_cnf
  133. printf '%s\n' "[ v3_ocsp ]" >> $test_cnf
  134. printf '%s\n' "basicConstraints = CA:false" >> $test_cnf
  135. printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf
  136. printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf
  137. printf '%s\n' "extendedKeyUsage = OCSPSigning" >> $test_cnf
  138. mv $test_cnf $CERT_DIR/$test_cnf
  139. cd $CERT_DIR
  140. CURR_LOC="$PWD"
  141. printf '%s\n' "echo now in $CURR_LOC"
  142. ./renewcerts-for-test.sh $test_cnf
  143. cd $WORKSPACE
  144. }
  145. remove_ready_file(){
  146. if test -e $ready_file1; then
  147. printf '%s\n' "removing ready file: $ready_file1"
  148. rm $ready_file1
  149. fi
  150. if test -e $ready_file2; then
  151. printf '%s\n' "removing ready file: $ready_file2"
  152. rm $ready_file2
  153. fi
  154. if test -e $ready_file3; then
  155. printf '%s\n' "removing ready file: $ready_file3"
  156. rm $ready_file3
  157. fi
  158. if test -e $ready_file4; then
  159. printf '%s\n' "removing ready file: $ready_file4"
  160. rm $ready_file4
  161. fi
  162. if test -e $ready_file5; then
  163. printf '%s\n' "removing ready file: $ready_file5"
  164. rm $ready_file5
  165. fi
  166. }
  167. cleanup()
  168. {
  169. exit_status=$?
  170. for i in $(jobs -pr)
  171. do
  172. kill -s KILL "$i"
  173. done
  174. remove_ready_file
  175. rm $CERT_DIR/$test_cnf
  176. cd "$PARENTDIR" || return 1
  177. rm -r "$WORKSPACE" || return 1
  178. if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then
  179. echo "retrying..."
  180. RETRIES_REMAINING=$((RETRIES_REMAINING - 1))
  181. exec $0 "$@"
  182. fi
  183. }
  184. trap cleanup EXIT INT TERM HUP
  185. [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
  186. # check if supported key size is large enough to handle 4096 bit RSA
  187. size="$(./examples/client/client '-?' | grep "Max RSA key")"
  188. size="${size//[^0-9]/}"
  189. if [ ! -z "$size" ]; then
  190. printf 'check on max key size of %d ...' $size
  191. if [ $size -lt 4096 ]; then
  192. printf '%s\n' "4096 bit RSA keys not supported"
  193. exit 0
  194. fi
  195. printf 'OK\n'
  196. fi
  197. #get four unique ports
  198. # choose consecutive ports based on the PID, skipping any that are
  199. # already bound, to avoid the birthday problem in case other
  200. # instances are sharing this host.
  201. get_first_free_port() {
  202. local ret="$1"
  203. while :; do
  204. if [[ "$ret" -ge 65536 ]]; then
  205. ret=1024
  206. fi
  207. if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then
  208. break
  209. fi
  210. ret=$((ret+1))
  211. done
  212. echo "$ret"
  213. return 0
  214. }
  215. base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
  216. port1=$(get_first_free_port $base_port)
  217. port2=$(get_first_free_port $((port1 + 1)))
  218. port3=$(get_first_free_port $((port2 + 1)))
  219. port4=$(get_first_free_port $((port3 + 1)))
  220. port5=$(get_first_free_port $((port4 + 1)))
  221. # 1:
  222. ./examples/server/server -R $ready_file1 -p $port1 &
  223. server_pid1=$!
  224. wait_for_readyFile $ready_file1 $server_pid1 $port1
  225. if [ ! -f $ready_file1 ]; then
  226. printf '%s\n' "Failed to create ready file1: \"$ready_file1\""
  227. exit 1
  228. fi
  229. # 2:
  230. ./examples/server/server -R $ready_file2 -p $port2 &
  231. server_pid2=$!
  232. wait_for_readyFile $ready_file2 $server_pid2 $port2
  233. if [ ! -f $ready_file2 ]; then
  234. printf '%s\n' "Failed to create ready file2: \"$ready_file2\""
  235. exit 1
  236. fi
  237. # 3:
  238. ./examples/server/server -R $ready_file3 -p $port3 &
  239. server_pid3=$!
  240. wait_for_readyFile $ready_file3 $server_pid3 $port3
  241. if [ ! -f $ready_file3 ]; then
  242. printf '%s\n' "Failed to create ready file3: \"$ready_file3\""
  243. exit 1
  244. fi
  245. # 4:
  246. ./examples/server/server -R $ready_file4 -p $port4 &
  247. server_pid4=$!
  248. wait_for_readyFile $ready_file4 $server_pid4 $port4
  249. if [ ! -f $ready_file4 ]; then
  250. printf '%s\n' "Failed to create ready file4: \"$ready_file4\""
  251. exit 1
  252. fi
  253. printf '%s\n' "------------- PORTS ---------------"
  254. printf '%s' "Random ports selected: $port1 $port2"
  255. printf '%s\n' " $port3 $port4"
  256. printf '%s\n' "-----------------------------------"
  257. # Use client connections to cleanly shutdown the servers
  258. ./examples/client/client -p $port1
  259. ./examples/client/client -p $port2
  260. ./examples/client/client -p $port3
  261. ./examples/client/client -p $port4
  262. create_new_cnf $port1 $port2 $port3 \
  263. $port4
  264. sleep 0.1
  265. # setup ocsp responders
  266. # OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh &
  267. # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
  268. # purposes!
  269. openssl ocsp -port $port1 -nmin 1 \
  270. -index certs/ocsp/index-ca-and-intermediate-cas.txt \
  271. -rsigner certs/ocsp/ocsp-responder-cert.pem \
  272. -rkey certs/ocsp/ocsp-responder-key.pem \
  273. -CA certs/ocsp/root-ca-cert.pem \
  274. "$@" \
  275. &
  276. # OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh &
  277. # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
  278. # purposes!
  279. openssl ocsp -port $port2 -nmin 1 \
  280. -index certs/ocsp/index-intermediate2-ca-issued-certs.txt \
  281. -rsigner certs/ocsp/ocsp-responder-cert.pem \
  282. -rkey certs/ocsp/ocsp-responder-key.pem \
  283. -CA certs/ocsp/intermediate2-ca-cert.pem \
  284. "$@" \
  285. &
  286. # OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh &
  287. # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup
  288. # purposes!
  289. openssl ocsp -port $port3 -nmin 1 \
  290. -index certs/ocsp/index-intermediate3-ca-issued-certs.txt \
  291. -rsigner certs/ocsp/ocsp-responder-cert.pem \
  292. -rkey certs/ocsp/ocsp-responder-key.pem \
  293. -CA certs/ocsp/intermediate3-ca-cert.pem \
  294. "$@" \
  295. &
  296. sleep 0.1
  297. # "jobs" is not portable for posix. Must use bash interpreter!
  298. [ $(jobs -r | wc -l) -ne 3 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0
  299. printf '\n\n%s\n\n' "All OCSP responders started successfully!"
  300. printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
  301. # client test against our own server - GOOD CERTS
  302. ./examples/server/server -c certs/ocsp/server3-cert.pem \
  303. -k certs/ocsp/server3-key.pem -R $ready_file5 \
  304. -p $port5 &
  305. server_pid5=$!
  306. wait_for_readyFile $ready_file5 $server_pid5 $port5
  307. ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \
  308. -p $port5
  309. RESULT=$?
  310. [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1
  311. printf '%s\n\n' "Test PASSED!"
  312. printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW"
  313. #printf '%s\n\n' "------------- TEST CASE 2 SHOULD PASS ------------------------"
  314. #remove_single_rF $ready_file5
  315. #./examples/server/server -c certs/ocsp/server3-cert.pem \
  316. # -k certs/ocsp/server3-key.pem -R $ready_file5 \
  317. # -p $port5 &
  318. #wait_for_readyFile $ready_file5 $server_pid5 $port5
  319. #./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
  320. # -p $port5
  321. #RESULT=$?
  322. #[ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1
  323. #printf '%s\n\n' "Test PASSED!"
  324. printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------"
  325. # client test against our own server - REVOKED SERVER CERT
  326. remove_single_rF $ready_file5
  327. ./examples/server/server -c certs/ocsp/server4-cert.pem \
  328. -k certs/ocsp/server4-key.pem -R $ready_file5 \
  329. -p $port5 &
  330. server_pid5=$!
  331. wait_for_readyFile $ready_file5 $server_pid5 $port5
  332. ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \
  333. -p $port5
  334. RESULT=$?
  335. [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
  336. printf '%s\n\n' "Test successfully REVOKED!"
  337. printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ----------------------"
  338. remove_single_rF $ready_file5
  339. ./examples/server/server -c certs/ocsp/server4-cert.pem \
  340. -k certs/ocsp/server4-key.pem -R $ready_file5 \
  341. -p $port5 &
  342. sleep 0.1
  343. ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
  344. -p $port5
  345. RESULT=$?
  346. [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
  347. printf '%s\n\n' "Test successfully REVOKED!"
  348. printf '%s\n\n' "------------- TEST CASE 5 SHOULD PASS ------------------------"
  349. # client test against our own server - REVOKED INTERMEDIATE CERT
  350. remove_single_rF $ready_file5
  351. ./examples/server/server -c certs/ocsp/server5-cert.pem \
  352. -k certs/ocsp/server5-key.pem -R $ready_file5 \
  353. -p $port5 &
  354. server_pid5=$!
  355. wait_for_readyFile $ready_file5 $server_pid5 $port5
  356. ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \
  357. -p $port5
  358. RESULT=$?
  359. [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed $RESULT" && exit 1
  360. printf '%s\n\n' "Test PASSED!"
  361. printf '%s\n\n' "------------- TEST CASE 6 SHOULD REVOKE ----------------------"
  362. remove_single_rF $ready_file5
  363. ./examples/server/server -c certs/ocsp/server5-cert.pem \
  364. -k certs/ocsp/server5-key.pem -R $ready_file5 \
  365. -p $port5 &
  366. server_pid5=$!
  367. wait_for_readyFile $ready_file5 $server_pid5 $port5
  368. ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
  369. -p $port5
  370. RESULT=$?
  371. [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
  372. printf '%s\n\n' "Test successfully REVOKED!"
  373. printf '%s\n\n' "------------- TEST CASE 7 LOAD CERT IN SSL -------------------"
  374. remove_single_rF $ready_file5
  375. ./examples/server/server -c certs/ocsp/server1-cert.pem \
  376. -k certs/ocsp/server1-key.pem -R $ready_file5 \
  377. -p $port5 -H loadSSL &
  378. server_pid5=$!
  379. wait_for_readyFile $ready_file5 $server_pid5 $port5
  380. echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem
  381. RESULT=$?
  382. [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1
  383. wait $server_pid5
  384. if [ $? -ne 0 ]; then
  385. printf '%s\n' "Unexpected server result"
  386. exit 1
  387. fi
  388. printf '%s\n\n' "Test successful"
  389. printf '%s\n\n' "------------- TEST CASE 8 SHOULD REVOKE ----------------------"
  390. remove_single_rF $ready_file5
  391. ./examples/server/server -c certs/ocsp/server4-cert.pem \
  392. -k certs/ocsp/server4-key.pem -R $ready_file5 \
  393. -p $port5 -H loadSSL &
  394. server_pid5=$!
  395. sleep 0.1
  396. ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \
  397. -p $port5
  398. RESULT=$?
  399. [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1
  400. wait $server_pid5
  401. if [ $? -ne 1 ]; then
  402. printf '%s\n' "Unexpected server result"
  403. exit 1
  404. fi
  405. printf '%s\n\n' "Test successfully REVOKED!"
  406. # need a unique port since may run the same time as testsuite
  407. generate_port() {
  408. #-------------------------------------------------------------------------#
  409. # Generate a random port number
  410. #-------------------------------------------------------------------------#
  411. if [[ "$OSTYPE" == "linux"* ]]; then
  412. port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
  413. elif [[ "$OSTYPE" == "darwin"* ]]; then
  414. port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
  415. else
  416. echo "Unknown OS TYPE"
  417. exit 1
  418. fi
  419. }
  420. # Start OpenSSL server that has no OCSP responses to return
  421. generate_port
  422. openssl s_server -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port &
  423. openssl_pid=$!
  424. MAX_TIMEOUT=10
  425. until nc -z localhost $port # Wait for openssl to be ready
  426. do
  427. sleep 0.05
  428. if [ "$MAX_TIMEOUT" == "0" ]; then
  429. break
  430. fi
  431. ((MAX_TIMEOUT--))
  432. done
  433. printf '%s\n\n' "------------- TEST CASE 9 SHOULD PASS ----------------------"
  434. # client asks for OCSP staple but doesn't fail when none returned
  435. ./examples/client/client -p $port -g -v 3 -W 2
  436. RESULT=$?
  437. [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 9 failed" && exit 1
  438. printf '%s\n\n' "Test PASSED!"
  439. printf '%s\n\n' "------------- TEST CASE 10 SHOULD UNKNOWN -------------------"
  440. # client asks for OCSP staple but doesn't fail when none returned
  441. ./examples/client/client -p $port -g -v 3 -W 2m
  442. RESULT=$?
  443. [ $RESULT -ne 1 ] \
  444. && printf '\n\n%s\n' "Client connection 10 succeeded $RESULT" \
  445. && exit 1
  446. printf '%s\n\n' "Test PASSED!"
  447. printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------"
  448. exit 0