diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-06-19 20:50:22 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-20 12:47:03 +0200 |
| commit | 20ea355be0b48b2355e432ad4bf133a298caedde (patch) | |
| tree | 38e4ad41cf9e74ee9a9a4f3c79dc8abc51bb1ad9 /tests/ocsp-tests/ocsp-load-chain | |
| parent | cb1eb976236ad1bda736feb3a86cbad1ac414eba (diff) | |
| download | gnutls-20ea355be0b48b2355e432ad4bf133a298caedde.tar.gz | |
tests: ocsptool: added test of --verify-response with --load-chain
This utilizes the provided chain to find the signer of the
OCSP response.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'tests/ocsp-tests/ocsp-load-chain')
| -rwxr-xr-x | tests/ocsp-tests/ocsp-load-chain | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/tests/ocsp-tests/ocsp-load-chain b/tests/ocsp-tests/ocsp-load-chain new file mode 100755 index 0000000000..88529a1138 --- /dev/null +++ b/tests/ocsp-tests/ocsp-load-chain @@ -0,0 +1,60 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/> + +#set -e + +srcdir="${srcdir:-.}" +OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}" +DIFF="${DIFF:-diff}" + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +# Check for datefudge +TSTAMP=`datefudge "2006-09-23" date -u +%s || true` +if test "$TSTAMP" != "1158969600"; then + echo $TSTAMP + echo "You need datefudge to run this test" + exit 77 +fi + +datefudge -s "2017-06-19" \ + "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - Amazon OCSP response verification - failed" + exit ${rc} +fi + +datefudge -s "2017-06-19" \ + "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - Amazon OCSP response verification - failed" + exit ${rc} +fi + +exit 0 |