WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

scripts/: tweak scripts/include.am to run ocsp tests before rather than after testsuite and unit.test; revert POSIXish scripts/*.test to use /bin/sh.

pull/3291/head
Daniel Pouzzner 2020-09-14 16:06:45 -05:00
parent d8dc6be5b9
commit b669f8eeb9
13 changed files with 62 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/crl-revoked.test
View File

@ -1,15 +1,15 @@
#!/bin/bash
#!/bin/sh
#crl.test
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
revocation_code="-361"

12
scripts/include.am
View File

@ -24,12 +24,17 @@ dist_noinst_SCRIPTS+= scripts/crl-revoked.test
scripts/crl-revoked.log: scripts/resume.log
endif
# arrange to serialize ocsp.test, ocsp-stapling.test, ocsp-stapling-with-ca-as-responder.test, ocsp-stapling2.test, and testsuite,
# to help mitigate port conflicts among them.
# note that unit.test is gated on testsuite in Makefile.am, which is also helpful for these purposes.
if BUILD_OCSP_STAPLING
dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test
scripts/ocsp-stapling.log: tests/unit.log
if !BUILD_OCSP_STAPLING_V2
testsuite/testsuite.log: scripts/ocsp-stapling.log scripts/ocsp-stapling-with-ca-as-responder.log
endif
scripts/ocsp-stapling.log: scripts/ocsp.log
dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-ca-as-responder.test
scripts/ocsp-stapling-with-ca-as-responder.log: tests/unit.log
scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp.log
scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp-stapling.log
endif
@ -38,12 +43,11 @@ if BUILD_OCSP_STAPLING_V2
dist_noinst_SCRIPTS+= scripts/ocsp-stapling2.test
if BUILD_OCSP_STAPLING
scripts/ocsp-stapling2.log: tests/unit.log
testsuite/testsuite.log: scripts/ocsp-stapling2.log
scripts/ocsp-stapling2.log: scripts/ocsp.log
scripts/ocsp-stapling2.log: scripts/ocsp-stapling.log
scripts/ocsp-stapling2.log: scripts/ocsp-stapling-with-ca-as-responder.log
else
scripts/ocsp-stapling2.log: tests/unit.log
scripts/ocsp-stapling2.log: scripts/ocsp.log
endif

14
scripts/ocsp-stapling-with-ca-as-responder.test
View File

@ -3,13 +3,13 @@
# ocsp-stapling-with-ca-as-responder.test
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
if [[ -z "${RETRIES_REMAINING-}" ]]; then
@ -39,7 +39,6 @@ ln -s ../examples
CERT_DIR="certs/ocsp"
resume_port=0
ready_file="${WORKSPACE}"/wolf_ocsp_s1_readyF$$
ready_file2="${WORKSPACE}"/wolf_ocsp_s1_readyF2$$
printf '%s\n' "ready files: $ready_file $ready_file2"
@ -190,8 +189,9 @@ get_first_free_port() {
return 0
}
base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024))
base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
port1=$(get_first_free_port $base_port)
port2=$(get_first_free_port $((port1 + 1)))
# create a port to use with openssl ocsp responder
@ -240,7 +240,7 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
# client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem \
-k certs/ocsp/server1-key.pem -R $ready_file2 \
-p $resume_port &
-p $port2 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \
@ -254,7 +254,7 @@ printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server2-cert.pem \
-k certs/ocsp/server2-key.pem -R $ready_file2 \
-p $resume_port &
-p $port2 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 \

14
scripts/ocsp-stapling.test
View File

@ -3,6 +3,8 @@
# ocsp-stapling.test
# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
# Note, this script makes connection(s) to the public Internet.
if [[ -z "${RETRIES_REMAINING-}" ]]; then
export RETRIES_REMAINING=2
fi
@ -29,7 +31,6 @@ cd "$WORKSPACE" || exit $?
ln -s ../examples
CERT_DIR="./certs/ocsp"
resume_port=0
ready_file="$WORKSPACE"/wolf_ocsp_s1_readyF$$
ready_file2="$WORKSPACE"/wolf_ocsp_s1_readyF2$$
printf '%s\n' "ready file: $ready_file"
@ -191,9 +192,10 @@ get_first_free_port() {
return 0
}
base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024))
base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
port1=$(get_first_free_port $base_port)
port2=$(get_first_free_port $((port1 + 1)))
port3=$(get_first_free_port $((port2 + 1)))
# test interop fail case
@ -279,7 +281,7 @@ sleep 0.1
printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------"
# client test against our own server - GOOD CERT
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
-k certs/ocsp/server1-key.pem -p $resume_port &
-k certs/ocsp/server1-key.pem -p $port3 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $CLI_PORT
@ -291,7 +293,7 @@ printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------"
# client test against our own server - REVOKED CERT
remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
-k certs/ocsp/server2-key.pem -p $resume_port &
-k certs/ocsp/server2-key.pem -p $port3 &
wait_for_readyFile $ready_file2
sleep 0.1
CLI_PORT=`cat $ready_file2`
@ -309,7 +311,7 @@ if [ $? -ne 0 ]; then
remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file2 \
-k certs/ocsp/server1-key.pem -v 4 \
-p $resume_port &
-p $port3 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \
@ -323,7 +325,7 @@ if [ $? -ne 0 ]; then
remove_single_rF $ready_file2
./examples/server/server -c certs/ocsp/server2-cert.pem -R $ready_file2 \
-k certs/ocsp/server2-key.pem -v 4 \
-p $resume_port &
-p $port3 &
wait_for_readyFile $ready_file2
CLI_PORT=`cat $ready_file2`
./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \

11
scripts/ocsp-stapling2.test
View File

@ -4,13 +4,13 @@
# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
if [[ -z "${RETRIES_REMAINING-}" ]]; then
@ -40,7 +40,6 @@ ln -s ../examples
CERT_DIR="certs/ocsp"
resume_port=0
ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$
ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$
ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$
@ -219,7 +218,7 @@ get_first_free_port() {
return 0
}
base_port=$((((($$ + $RETRIES_REMAINING) * 4) % (65536 - 2048)) + 1024))
base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024))
port1=$(get_first_free_port $base_port)
port2=$(get_first_free_port $((port1 + 1)))
port3=$(get_first_free_port $((port2 + 1)))
@ -334,7 +333,7 @@ printf '%s\n\n' "TEST CASE 2 DISABLED PENDING REVIEW"
#remove_single_rF $ready_file5
#./examples/server/server -c certs/ocsp/server3-cert.pem \
# -k certs/ocsp/server3-key.pem -R $ready_file5 \
# -p $resume_port &
# -p $port5 &
#wait_for_readyFile $ready_file5
#CLI_PORT=`cat $ready_file5`
#./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \

2
scripts/ocsp.test
View File

@ -2,6 +2,8 @@
# ocsp.test
# Note, this script makes connection(s) to the public Internet.
server=www.globalsign.com
ca=certs/external/ca-globalsign-root.pem

8
scripts/openssl.test
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/sh
#openssl.test
@ -8,13 +8,13 @@ if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
fi
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
echo "WOLFSSL_OPENSSL_TEST set, running test..."

8
scripts/pkcallbacks.test
View File

@ -1,15 +1,15 @@
#!/bin/bash
#!/bin/sh
#pkcallbacks.test
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
exit_code=1

8
scripts/psk.test
View File

@ -1,16 +1,16 @@
#!/bin/bash
#!/bin/sh
# psk.test
# copyright wolfSSL 2016
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
# getting unique port is modeled after resume.test script

8
scripts/resume.test
View File

@ -1,15 +1,15 @@
#!/bin/bash
#!/bin/sh
#resume.test
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
# need a unique resume port since may run the same time as testsuite

8
scripts/sniffer-testsuite.test
View File

@ -1,15 +1,15 @@
#!/bin/bash
#!/bin/sh
#sniffer-testsuite.test
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
# ./configure --enable-sniffer [--enable-session-ticket]

8
scripts/tls13.test
View File

@ -1,16 +1,16 @@
#!/bin/bash
#!/bin/sh
# tls13.test
# copyright wolfSSL 2016
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
# getting unique port is modeled after resume.test script

8
scripts/trusted_peer.test
View File

@ -1,16 +1,16 @@
#!/bin/bash
#!/bin/sh
# trusted_peer.test
# copyright wolfSSL 2016
# if we can, isolate the network namespace to eliminate port collisions.
if [[ "${AM_BWRAPPED-}" != "yes" ]]; then
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [[ -n "$bwrap_path" ]]; then
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
unset AM_BWRAPPED
fi
unset AM_BWRAPPED
fi
# getting unique port is modeled after resume.test script