1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
#!/bin/sh
# ocsp.test
# Note, this script makes connection(s) to the public Internet.
SCRIPT_DIR="$(dirname "$0")"
server=www.globalsign.com
ca=certs/external/ca-globalsign-root.pem
[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
&& exit 1
if ! ./examples/client/client -V | grep -q 3; then
echo 'skipping ocsp.test because TLS1.2 is not available.' 1>&2
exit 77
fi
GL_UNREACHABLE=0
# Global Sign now requires server name indication extension to work, check
# enabled prior to testing
OUTPUT=$(eval "./examples/client/client -S check")
if [ "$OUTPUT" = "SNI is: ON" ]; then
printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test"
if [ "$AM_BWRAPPED" != "yes" ]; then
# is our desired server there?
"${SCRIPT_DIR}/ping.test" $server 2
RESULT=$?
if [ $RESULT -ne 0 ]; then
GL_UNREACHABLE=1
fi
else
RESULT=0
fi
if [ $RESULT -eq 0 ]; then
# client test against the server
echo "./examples/client/client -X -C -h $server -p 443 -A \"$ca\" -g -o -N -v d -S $server"
./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server
GL_RESULT=$?
[ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
else
GL_RESULT=1
fi
else
printf '\n\n%s\n\n' "SNI disabled, skipping globalsign test"
GL_RESULT=0
fi
server=www.google.com
ca=certs/external/ca-google-root.pem
if [ "$AM_BWRAPPED" != "yes" ]; then
# is our desired server there?
${SCRIPT_DIR}/ping.test $server 2
RESULT=$?
else
RESULT=0
fi
if [ $RESULT -eq 0 ]; then
# client test against the server
echo "./examples/client/client -X -C -h $server -p 443 -A \"$ca\" -g -o -N"
./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N
GR_RESULT=$?
[ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
else
GR_RESULT=1
fi
if test -n "$WOLFSSL_OCSP_TEST"; then
# check that both passed
if [ $GL_RESULT -eq 0 ] && [ $GR_RESULT -eq 0 ]; then
printf '\n\n%s\n' "Both OCSP connection to globalsign and google passed"
printf '%s\n' "Test Passed!"
exit 0
elif [ $GL_UNREACHABLE -eq 1 ] && [ $GR_RESULT -eq 0 ]; then
printf '%s\n' "Global Sign is currently unreachable. Logging it but if"
printf '%s\n' "this continues to occur should be investigated"
exit 0
else
# Unlike other environment variables the intent of WOLFSSL_OCSP_TEST
# is to indicate a requirement for both tests to pass. If variable is
# set and either tests fail then whole case fails. Do not set the
# variable if either case passing is to be considered a success.
printf '\n\n%s\n' "One of the OCSP connections to either globalsign or"
printf '%s\n' "google failed, however since WOLFSSL_OCSP_TEST is set"
printf '%s\n' "the test is considered to have failed"
printf '%s\n' "Test Failed!"
exit 1
fi
else
# if environment variable is not set then just need one to pass
if [ $GL_RESULT -ne 0 ] && [ $GR_RESULT -ne 0 ]; then
printf '\n\n%s\n' "Both OCSP connection to globalsign and google failed"
printf '%s\n' "Test Failed!"
exit 77
else
printf '\n\n%s\n' "WOLFSSL_OCSP_TEST NOT set, and 1 of the tests passed"
printf '%s\n' "Test Passed!"
exit 0
fi
fi
|
