RISCI_ATOM
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
							#!/bin/sh

# ocsp.test

# Note, this script makes connection(s) to the public Internet.

SCRIPT_DIR="$(dirname "$0")"

server=www.globalsign.com
ca=certs/external/ca-globalsign-root.pem

[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
                                  && exit 1

./examples/client/client -v 3 2>&1 | grep -- 'Bad SSL version'
if [ $? -eq 0 ]; then
    echo "TLS 1.2 or lower required"
    echo "Skipped"
    exit 0
fi

GL_UNREACHABLE=0
# Global Sign now requires server name indication extension to work, check
# enabled prior to testing
OUTPUT=$(eval "./examples/client/client -S check")
if [ "$OUTPUT" = "SNI is: ON" ]; then
    printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test"

    if [ "$AM_BWRAPPED" != "yes" ]; then
        # is our desired server there?
        "${SCRIPT_DIR}/ping.test" $server 2
        RESULT=$?
        if [ $RESULT -ne 0 ]; then
            GL_UNREACHABLE=1
        fi
    else
        RESULT=0
    fi

    if [ $RESULT -eq 0 ]; then
        # client test against the server
        echo "./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server"
        ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server
        GL_RESULT=$?
        [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
    else
        GL_RESULT=1
    fi
else
    printf '\n\n%s\n\n' "SNI disabled, skipping globalsign test"
    GL_RESULT=0
fi

server=www.google.com
ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem

if [ "$AM_BWRAPPED" != "yes" ]; then
    # is our desired server there?
    ${SCRIPT_DIR}/ping.test $server 2
    RESULT=$?
else
    RESULT=0
fi

if [ $RESULT -eq 0 ]; then
    # client test against the server
    echo "./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N"
    ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N
    GR_RESULT=$?
    [ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
else
    GR_RESULT=1
fi

if test -n "$WOLFSSL_OCSP_TEST"; then
    # check that both passed
    if [ $GL_RESULT -eq 0 ] && [ $GR_RESULT -eq 0 ]; then
        printf '\n\n%s\n' "Both OCSP connection to globalsign and google passed"
        printf '%s\n' "Test Passed!"
        exit 0
    elif [ $GL_UNREACHABLE -eq 1 ] && [ $GR_RESULT -eq 0 ]; then
         printf '%s\n' "Global Sign is currently unreachable. Logging it but if"
         printf '%s\n' "this continues to occur should be investigated"
        exit 0
    else
        # Unlike other environment variables the intent of WOLFSSL_OCSP_TEST
        # is to indicate a requirement for both tests to pass. If variable is
        # set and either tests fail then whole case fails. Do not set the
        # variable if either case passing is to be considered a success.
        printf '\n\n%s\n' "One of the OCSP connections to either globalsign or"
        printf '%s\n' "google failed, however since WOLFSSL_OCSP_TEST is set"
        printf '%s\n' "the test is considered to have failed"
        printf '%s\n' "Test Failed!"
        exit 1
    fi
else
    # if environment variable is not set then just need one to pass
    if [ $GL_RESULT -ne 0 ] && [ $GR_RESULT -ne 0 ]; then
        printf '\n\n%s\n' "Both OCSP connection to globalsign and google failed"
        printf '%s\n' "Test Failed!"
        exit 1
    else
        printf '\n\n%s\n' "WOLFSSL_OCSP_TEST NOT set, and 1 of the tests passed"
        printf '%s\n' "Test Passed!"
        exit 0
    fi
fi