source: mod_gnutls/test/test-27_OCSP_server.bash @ 5f3222b

debian/masterdebian/stretch-backportsupstream
Last change on this file since 5f3222b was 10d9053, checked in by Thomas Klute <thomas2.klute@…>, 3 years ago

Test suite, gen_ocsp_index.c: Handle serial as fixed order byte array

The previous approach assumed that the serial fits within a long long
unsigned type, because the test suite controls the serial. However,
this breaks on big endian architectures because the order in the
certificate is fixed and returned by gnutls_x509_crt_get_serial in
that way.

The fix is to print the serial byte for byte. Additionally OpenSSL
apparently requires upper case characters in the DB hex encoded
serial, which didn't show up previously due to the small serials. Use
a larger one for the server certificate to detect similar problems in
the future.

Cat the OCSP database into the test log for easier debugging on build
systems without direct file system access (e.g. Debian buildd).

  • Property mode set to 100755
File size: 546 bytes
Line 
1#!/bin/bash
2# Try HTTPS access with OCSP status check
3
4# Skip if OCSP tests are not enabled
5[ -n "${OCSP_PORT}" ] || exit 77
6
7# trigger OCSP server test in the runtests script
8export CHECK_OCSP_SERVER="true"
9echo "OCSP index for the test CA:"
10cat authority/ocsp_index.txt
11
12${srcdir}/runtests t-27
13ret=${?}
14
15echo "Checking if client actually got a stapled response."
16if grep -P "^- Options: .*OCSP status request," outputs/27_*.output; then
17    echo "OK"
18else
19    echo "Error: \"OCSP status request\" option is missing!"
20    ret=1
21fi
22
23exit ${ret}
Note: See TracBrowser for help on using the repository browser.