source: mod_gnutls/test/tests/36_OCSP_server_nonce/ @ e60e3b9

Last change on this file since e60e3b9 was e60e3b9, checked in by Krista Karppinen <krista.celestia@…>, 7 months ago

Add test for checking nonce in OCSP response

Identical to 27-OCSP-server test, except nonce is explicitly
enabled in configuration and checked to be received (no
verification yet)

  • Property mode set to 100644
File size: 889 bytes
1import os
2import re
3import subprocess
4from mgstest import require_match
5from unittest import SkipTest
7def prepare_env():
8    if not 'OCSP_PORT' in os.environ:
9        raise SkipTest('OCSP_PORT is not set, check if openssl is available.')
11def post_check(conn_log, response_log):
12    print('Checking if the client actually got a stapled response:')
13    print(require_match(re.compile(r'^- Options: .*OCSP status request,'),
14                        conn_log).group(0))
15    print('Checking if the client got a nonce in the stapled response:')
16    print(require_match(
17            re.compile(r'^\s*Nonce: [0-9a-fA-F]{46}$'),
18            parse_ocsp_response('outputs/36-ocsp.der').split('\n')
19        ).group(0))
21def parse_ocsp_response(der_filename):
22    command = ['ocsptool', '--response-info',
23               '--infile', der_filename]
24    return subprocess.check_output(command).decode()
Note: See TracBrowser for help on using the repository browser.