Changeset 94430e6 in mod_gnutls


Ignore:
Timestamp:
Oct 10, 2017, 12:32:13 PM (2 months ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master
Children:
e00d91a
Parents:
a09df8c
Message:

Test suite: Run a separate Apache instance for the OCSP responder

This change will be needed to cache OCSP responses on start (and
schedule) instead of when needed. An OCSP responder in the same Apache
instance won't be ready while the mod_gnutls post_config hook is
executing.

The changes to lock file handling included in this patch mean that
most parts of the test framework won't need to check which locking
method (if any) is used, they can just pass a lock file which is then
used for flock or PID file checks depending on ./configure results.

Files:
1 added
8 edited
1 moved

Legend:

Unmodified
Added
Removed
  • configure.ac

    rb0e4ce6 r94430e6  
    292292AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
    293293                        doc/Makefile doc/doxygen.conf include/mod_gnutls.h \
    294                         test/proxy_backend.conf \
     294                        test/proxy_backend.conf test/ocsp_server.conf \
    295295                        test/apache-conf/listen.conf \
    296296                        test/apache-conf/netns.conf])
  • test/.gitignore

    r439005a r94430e6  
    11cache
    22proxy_backend.conf
     3ocsp_server.conf
    34*~
    45logs
  • test/Makefile.am

    rb8b1990 r94430e6  
    194194apache_data = base_apache.conf cgi_module.conf data/dump.cgi data/ocsp.cgi \
    195195        data/secret.txt data/test.txt ffdhe3072.pem mime.types \
    196         ocsp_server.conf proxy_mods.conf
     196        proxy_mods.conf
    197197
    198198EXTRA_DIST = $(apache_data) $(cert_templates) $(shared_identities:=.uid.in) \
     
    204204# Lockfile for the proxy backend Apache process (if any)
    205205backend_lockfile = ./backend.lock
     206# Lockfile for the OCSP server Apache process (if any)
     207ocsp_lockfile = ./ocsp.lock
    206208
    207209# port for the main Apache server
     
    245247        export USE_TEST_NAMESPACE=1;
    246248endif
    247 # Without flock tests must not run in parallel. Otherwise set lock files.
     249# Without flock tests must not run in parallel, and PID files are used
     250# to prevent conflicts between server instances. Otherwise set lock
     251# files for flock.
    248252if DISABLE_FLOCK
     253AM_TESTS_ENVIRONMENT += export TEST_LOCK="apache2.pid"; \
     254        export BACKEND_LOCK="backend.pid"; \
     255        export OCSP_LOCK="ocsp.pid";
    249256.NOTPARALLEL:
    250257else
    251258AM_TESTS_ENVIRONMENT += export FLOCK="@FLOCK@"; \
    252259        export TEST_LOCK="$(test_lockfile)"; \
    253         export BACKEND_LOCK="$(backend_lockfile)";
     260        export BACKEND_LOCK="$(backend_lockfile)"; \
     261        export OCSP_LOCK="$(ocsp_lockfile)";
    254262endif
    255263
  • test/ocsp_server.conf.in

    rc4d6e77 r94430e6  
     1Define  OCSP_PORT       ${OCSP_PORT}
     2Define  TEST_PORT       ${OCSP_PORT}
     3
     4Include ${srcdir}/base_apache.conf
     5
    16Include         ${srcdir}/cgi_module.conf
    27LoadModule      env_module              ${AP_LIBEXECDIR}/mod_env.so
    38LoadModule      rewrite_module          ${AP_LIBEXECDIR}/mod_rewrite.so
     9
     10# separate log and PID file
     11CustomLog       logs/${TEST_NAME}.ocsp.access.log combined
     12ErrorLog        logs/${TEST_NAME}.ocsp.error.log
     13PidFile         ocsp@PID_AFFIX@.pid
     14
    415<IfDefine !OCSP_INDEX>
    516        # Default index file, define OCSP_INDEX in the test specific
  • test/proxy_backend.bash

    rcdc6e4a r94430e6  
    1010    export BACKEND_PORT="9934"
    1111fi
    12 : ${BACKEND_PID:="backend.pid"}
    1312: ${srcdir:="."}
    1413: ${APACHE2:="apache2"}
     
    2120    conf="${2}"
    2221    action="${3}"
    23     # needed only for start
     22    # Needed only for start. The "lockfile" parameter is used as flock
     23    # lock file or PID file to watch depending on whether FLOCK is
     24    # set.
    2425    lockfile="${4}"
    2526
     
    3940                else
    4041                    echo "Locking disabled, using wait based on proxy PID file."
    41                     wait_pid_gone "${BACKEND_PID}"
     42                    wait_pid_gone "${lockfile}"
    4243                fi
    4344                ${flock_cmd} \
  • test/test-26_redirect_HTTP_to_HTTPS.bash

    rd84f0f7 r94430e6  
    1717
    1818# "Proxy backend" functions are used to start the only instance needed
    19 # here without "runtests". We have to override BACKEND_PID and
    20 # BACKEND_PORT to make them match what a runtests-based test would
    21 # use.
    22 export BACKEND_PID="apache2.pid"
     19# here without "runtests". We have to override BACKEND_PORT to make it
     20# match what a runtests-based test would use.
    2321export BACKEND_PORT="${TEST_PORT}"
    2422function stop_backend
  • test/test-27_OCSP_server.bash

    r10d9053 r94430e6  
    44# Skip if OCSP tests are not enabled
    55[ -n "${OCSP_PORT}" ] || exit 77
     6
     7: ${srcdir:="."}
     8. ${srcdir}/common.bash
     9netns_reexec ${@}
     10
     11. $(dirname ${0})/proxy_backend.bash
     12
     13testdir="${srcdir}/tests/27_OCSP_server"
     14TEST_NAME="$(basename ${testdir})"
     15
     16backend_apache "${testdir}" "ocsp.conf" start "${OCSP_LOCK}"
    617
    718# trigger OCSP server test in the runtests script
     
    1223${srcdir}/runtests t-27
    1324ret=${?}
     25
     26backend_apache "${testdir}" "ocsp.conf" stop
    1427
    1528echo "Checking if client actually got a stapled response."
  • test/tests/27_OCSP_server/apache.conf

    re1c094c r94430e6  
    1 Define  OCSP_PORT       ${OCSP_PORT}
    2 
    31Include ${srcdir}/base_apache.conf
    4 Include ${srcdir}/ocsp_server.conf
    5 GnuTLSCache dbm cache/gnutls_cache
     2GnuTLSCache dbm cache/gnutls_cache_${TEST_NAME}
    63
    74<VirtualHost _default_:${TEST_PORT}>
  • test/tests/Makefile.am

    rc4d6e77 r94430e6  
    2727        25_Disable_TLS_1.0/apache.conf 25_Disable_TLS_1.0/fail.client 25_Disable_TLS_1.0/gnutls-cli.args 25_Disable_TLS_1.0/input \
    2828        26_redirect_HTTP_to_HTTPS/apache.conf \
    29         27_OCSP_server/apache.conf 27_OCSP_server/gnutls-cli.args 27_OCSP_server/input 27_OCSP_server/output
     29        27_OCSP_server/apache.conf 27_OCSP_server/gnutls-cli.args 27_OCSP_server/input 27_OCSP_server/ocsp.conf 27_OCSP_server/output
Note: See TracChangeset for help on using the changeset viewer.