Changeset d8afa3e in mod_gnutls for test


Ignore:
Timestamp:
Dec 17, 2016, 6:56:34 PM (5 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, upstream
Children:
c598e21, d2b32f1
Parents:
ce12806 (diff), 677754f (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

New upstream version 0.8.0

Location:
test
Files:
11 added
6 edited

Legend:

Unmodified
Added
Removed
  • test/Makefile.am

    rce12806 rd8afa3e  
    2929        test-24_pkcs11_cert.bash \
    3030        test-25_Disable_TLS_1.0.bash \
    31         test-26_redirect_HTTP_to_HTTPS.bash
     31        test-26_redirect_HTTP_to_HTTPS.bash \
     32        test-27_OCSP_server.bash
    3233
    3334TESTS = $(dist_check_SCRIPTS)
     
    3536check_PROGRAMS = pgpcrc
    3637pgpcrc_SOURCES = pgpcrc.c
     38
     39# build OCSP database tool
     40if ENABLE_OCSP_TEST
     41check_PROGRAMS += gen_ocsp_index
     42gen_ocsp_index_SOURCES = gen_ocsp_index.c cert_helper.c
     43gen_ocsp_index_LDFLAGS = $(LIBGNUTLS_LIBS)
     44noinst_HEADERS = cert_helper.h
     45endif
    3746
    3847# Identities in the miniature CA, server, and client environment for
     
    4150pgp_identities = $(shared_identities)
    4251x509_only_identities = rogueclient
     52if ENABLE_OCSP_TEST
     53x509_only_identities += ocsp-responder
     54endif
    4355x509_identities = $(shared_identities) $(x509_only_identities)
    4456identities = $(shared_identities) $(x509_only_identities)
     
    7486
    7587cert_templates = authority.template.in client.template.in \
    76         imposter.template.in rogueca.template rogueclient.template.in \
    77         server.template.in
     88        imposter.template.in ocsp-responder.template rogueca.template \
     89        rogueclient.template.in server.template.in
    7890generated_templates = authority.template client.template \
    7991        imposter.template rogueclient.template server.template
     
    117129endif
    118130
     131if ENABLE_OCSP_TEST
     132# rules to build OCSP database
     133check_DATA += authority/ocsp_index.txt
     134MOSTLYCLEANFILES += authority/ocsp_index.txt authority/ocsp_index.txt.attr
     135authority/ocsp_index.txt: $(x509_tokens) gen_ocsp_index authority/ocsp_index.txt.attr
     136        ./gen_ocsp_index server/x509.pem client/x509.pem > $@
     137
     138authority/ocsp_index.txt.attr: authority/secret.key
     139        echo "unique_subject = no" > $@
     140
     141# build certificate chain file for server
     142check_DATA += server/x509-chain.pem
     143MOSTLYCLEANFILES += server/x509-chain.pem
     144%/x509-chain.pem: %/x509.pem authority/x509.pem
     145        cat $< authority/x509.pem > $@
     146endif
    119147
    120148# SoftHSM tokens. Note that the SoftHSM 2 token is a directory and
     
    159187
    160188# Apache configuration and data files
    161 apache_data = base_apache.conf cgi_module.conf data/dump.cgi data/secret.txt data/test.txt mime.types proxy_mods.conf
     189apache_data = base_apache.conf cgi_module.conf data/dump.cgi data/ocsp.cgi \
     190        data/secret.txt data/test.txt mime.types ocsp_server.conf \
     191        proxy_mods.conf
    162192
    163193EXTRA_DIST = $(apache_data) $(cert_templates) $(shared_identities:=.uid.in) \
     
    177207# port for MSVA in test cases that use it
    178208MSVA_PORT ?= 9933
     209# port for OCSP server (Apache vhost if enabled)
     210if ENABLE_OCSP_TEST
     211OCSP_PORT ?= 9936
     212endif
    179213# maximum time to wait for MSVA startup (milliseconds)
    180214TEST_MSVA_MAX_WAIT ?= 10000
     
    202236endif
    203237
     238if ENABLE_OCSP_TEST
     239AM_TESTS_ENVIRONMENT += export OPENSSL="@OPENSSL@"; \
     240        export OCSP_PORT="$(OCSP_PORT)";
     241endif
     242
    204243if ENABLE_NETNS
    205244AM_TESTS_ENVIRONMENT += export UNSHARE="@UNSHARE@"; \
  • test/client.template.in

    rce12806 rd8afa3e  
    55signing_key
    66encryption_key
     7### ocsp_uri=http://__HOSTNAME__:__OCSP_PORT__/ocsp/
  • test/runtests

    rce12806 rd8afa3e  
    189189fi
    190190
     191# check OCSP server
     192if [ -n "${CHECK_OCSP_SERVER}" ]; then
     193    if [ -n "${OCSP_RESPONSE_FILE}" ]; then
     194        store_ocsp="--outfile ${OCSP_RESPONSE_FILE}"
     195    fi
     196    echo "---- Testing OCSP server ----"
     197    ocsptool --ask --nonce --load-issuer authority/x509.pem --load-cert server/x509.pem ${store_ocsp}
     198    echo "---- OCSP test done ----"
     199fi
     200
    191201# PID file for sleep command (explanation below)
    192202sleep_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
  • test/server.template.in

    rce12806 rd8afa3e  
    55encryption_key
    66dns_name="__HOSTNAME__"
     7### ocsp_uri=http://__HOSTNAME__:__OCSP_PORT__/ocsp/
  • test/test_ca.mk

    rce12806 rd8afa3e  
    99%.template: $(srcdir)/%.template.in
    1010        sed s/__HOSTNAME__/$(TEST_HOST)/ < $< > $@
     11        if test -n "$(OCSP_PORT)"; then \
     12                sed -i -e 's/^### ocsp/ocsp/' \
     13                        -e s/__OCSP_PORT__/$(OCSP_PORT)/ $@; \
     14        fi
    1115
    1216%.uid: $(srcdir)/%.uid.in
     
    3943
    4044# Import and signing modify the shared keyring, which leads to race
    41 # conditions with parallel make. Locking avoids this problem.
    42 %/cert.pgp: %/minimal.pgp authority/gpg.conf
     45# conditions with parallel make. Locking avoids this problem. Building
     46# authority/minimal.pgp (instead of just authority/gpg.conf) before
     47# */cert.pgp avoids having to lock for all */minimal.pgp, too.
     48%/cert.pgp: %/minimal.pgp authority/minimal.pgp
    4349        if test -r $@; then rm $@; fi
    4450        GNUPGHOME=authority $(GPG_FLOCK) gpg --import $<
    4551        GNUPGHOME=authority $(GPG_FLOCK) gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    46         GNUPGHOME=authority gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
     52        GNUPGHOME=authority $(GPG_FLOCK) gpg --output $@ --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    4753
    4854# special cases for the authorities' root certs:
  • test/tests/Makefile.am

    rce12806 rd8afa3e  
    2626        24_pkcs11_cert/apache.conf 24_pkcs11_cert/gnutls-cli.args 24_pkcs11_cert/input 24_pkcs11_cert/output \
    2727        25_Disable_TLS_1.0/apache.conf 25_Disable_TLS_1.0/fail.client 25_Disable_TLS_1.0/gnutls-cli.args 25_Disable_TLS_1.0/input \
    28         26_redirect_HTTP_to_HTTPS/apache.conf
     28        26_redirect_HTTP_to_HTTPS/apache.conf \
     29        27_OCSP_server/apache.conf 27_OCSP_server/gnutls-cli.args 27_OCSP_server/input 27_OCSP_server/output
Note: See TracChangeset for help on using the changeset viewer.