mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
tests: added check for connection using invalid certificate
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -12,7 +12,7 @@ EXTRA_DIST = ca-key.pem ca.pem common.sh server-cert.pem server-key.pem test1.co
|
||||
server-key-ossl.pem server-key-p8.pem proxyproto-unix-test user-cn.pem \
|
||||
user-cert-testuser.pem test-stress test-user-config.config user-config/testuser \
|
||||
test-sighup-key-change.config test-sighup-key-change.config user-config/testipnet \
|
||||
user-cert-testipnet.pem
|
||||
user-cert-testipnet.pem user-cert-invalid.pem
|
||||
|
||||
SUBDIRS = docker-ocserv docker-kerberos
|
||||
|
||||
|
||||
@@ -48,7 +48,13 @@ echo -n "Connecting to obtain cookie (without certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected without certificate!"
|
||||
|
||||
echo ok
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
echo -n "Connecting to obtain cookie (with invalid certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/user-key.pem -c ${srcdir}/user-cert-invalid.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected with invalid certificate!"
|
||||
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
echo -n "Connecting to obtain cookie (with certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/user-key.pem -c ${srcdir}/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) ||
|
||||
@@ -92,7 +98,7 @@ echo -n "Connecting to obtain cookie (with revoked certificate)... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT --sslkey ${srcdir}/user-key.pem -c ${srcdir}/user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
|
||||
fail $PID "Connected with revoked certificate!"
|
||||
|
||||
echo ok
|
||||
echo "ok (failed as expected)"
|
||||
|
||||
#echo "Normal connection... "
|
||||
#( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
|
||||
|
||||
107
tests/user-cert-invalid.pem
Normal file
107
tests/user-cert-invalid.pem
Normal file
@@ -0,0 +1,107 @@
|
||||
X.509 Certificate Information:
|
||||
Version: 3
|
||||
Serial Number (hex): 51d82f14
|
||||
Issuer: CN=CA
|
||||
Validity:
|
||||
Not Before: Sat Jul 06 14:52:05 UTC 2013
|
||||
Not After: Mon May 15 14:52:05 UTC 2023
|
||||
Subject: CN=A user,UID=test
|
||||
Subject Public Key Algorithm: RSA
|
||||
Algorithm Security Level: Medium (2432 bits)
|
||||
Modulus (bits 2432):
|
||||
00:ab:54:98:fc:a9:c6:15:95:9d:a6:c1:94:84:94:91
|
||||
79:1e:78:db:2d:48:51:99:65:01:02:c0:40:52:49:5d
|
||||
eb:70:bc:26:ef:68:39:1e:04:91:e2:db:cb:6f:93:40
|
||||
45:1e:22:8e:71:5a:58:89:28:79:5e:1a:32:25:3e:8b
|
||||
9d:3b:34:7f:19:f8:d0:2f:37:b7:62:32:b7:53:a5:43
|
||||
2c:c5:5d:ec:ac:f9:35:fa:14:2b:34:66:f1:d6:a7:a1
|
||||
d0:83:9a:56:f4:19:83:bc:bf:11:74:30:2d:a8:28:5b
|
||||
a2:ab:7a:c6:cd:9c:5c:f8:51:e9:a9:0c:48:db:71:bb
|
||||
b1:34:77:f7:ee:de:5d:78:c0:48:0a:37:0d:65:1e:3b
|
||||
2b:14:03:89:72:f2:52:ed:5f:00:c5:06:60:ea:80:20
|
||||
d0:43:ec:66:bc:d2:26:db:f0:29:3e:6a:f9:62:20:be
|
||||
58:26:44:ba:d7:8c:6f:76:a6:05:20:e4:98:b7:c4:72
|
||||
7a:5d:df:4f:0d:23:ec:2e:9c:71:ec:30:f9:14:5f:c8
|
||||
75:0b:ab:67:f6:7d:fb:4d:76:64:4a:a5:d5:fa:b4:08
|
||||
50:9d:13:c7:8f:c2:79:b0:b4:3e:2f:89:d3:33:27:4d
|
||||
9f:8b:d3:60:24:07:ab:b2:72:3d:29:a5:c4:4a:ec:3c
|
||||
04:d2:49:3e:26:1b:ec:7a:10:3d:ca:45:5a:80:8b:4d
|
||||
2a:96:63:4f:2d:63:28:0f:3b:47:47:ca:7c:2c:15:41
|
||||
32:d5:e0:c9:be:a5:55:2c:b3:6b:46:2a:56:b1:1b:ed
|
||||
29
|
||||
Exponent (bits 24):
|
||||
01:00:01
|
||||
Extensions:
|
||||
Basic Constraints (critical):
|
||||
Certificate Authority (CA): FALSE
|
||||
Key Purpose (not critical):
|
||||
TLS WWW Client.
|
||||
Key Usage (critical):
|
||||
Digital signature.
|
||||
Key encipherment.
|
||||
Subject Key Identifier (not critical):
|
||||
8b01094b3b91ece321b91dec8d6b4c5d9e40805e
|
||||
Authority Key Identifier (not critical):
|
||||
482334530a8931384a5aeacab6d2a6dece1d2b18
|
||||
Signature Algorithm: RSA-SHA256
|
||||
Signature:
|
||||
6b:bd:e2:90:d7:11:cf:6c:0d:e3:bd:f4:61:cd:57:83
|
||||
41:be:2a:92:46:dd:fa:44:6c:60:1c:ef:3e:1e:2f:e1
|
||||
e2:5b:45:88:6a:1e:50:2d:8d:96:c4:c7:80:75:59:7b
|
||||
54:6b:fb:86:b0:f1:6d:45:09:db:48:de:20:0a:87:60
|
||||
30:5e:35:f0:52:c4:55:44:c1:ff:e1:7c:3d:d6:6d:58
|
||||
ca:1c:fd:bf:04:9a:9b:10:35:05:fc:d1:01:3c:af:bb
|
||||
64:31:5e:59:8f:ef:6f:0d:35:e5:c0:07:77:0e:31:20
|
||||
8e:e3:2e:f1:a6:4d:f1:be:85:5b:df:04:48:9d:8c:c9
|
||||
c9:c1:b8:e3:e2:d2:4b:55:83:e9:d8:7b:71:2f:8e:89
|
||||
fc:4d:a7:f1:b0:bf:47:9b:97:c4:85:dd:c3:3d:38:15
|
||||
36:08:73:10:87:08:f6:e6:1c:4e:29:a8:a5:f5:24:b8
|
||||
0d:e9:d9:b8:19:27:1d:73:35:fe:7b:81:1f:4a:81:6a
|
||||
93:cd:a2:71:d7:60:0e:08:ee:ea:c8:2b:44:1b:e4:45
|
||||
6c:fe:44:68:d6:86:ad:89:4f:7e:9f:f9:1a:2a:97:0f
|
||||
6b:eb:5d:6e:38:b3:5b:13:b9:e3:4a:10:32:5b:dc:a9
|
||||
b4:a1:4e:b3:f9:4f:91:de:bc:cc:36:91:44:ba:e0:34
|
||||
74:f7:68:b4:7b:0e:db:4e:ec:28:03:01:cf:0a:63:c4
|
||||
23:75:0b:4b:41:9d:e0:68:b3:cb:bf:b5:5c:3d:52:93
|
||||
20:ba:ea:b8:f0:8c:f7:a6:ec:cd:a3:aa:4f:2a:ff:20
|
||||
Other Information:
|
||||
SHA1 fingerprint:
|
||||
5509a76b8738216938cdb3ec25048812737170de
|
||||
SHA256 fingerprint:
|
||||
c93e38ef35f1a9c485a27b161e708f2d45bf8768eb53a23fec841a8f35d6e478
|
||||
Public Key ID:
|
||||
8b01094b3b91ece321b91dec8d6b4c5d9e40805e
|
||||
Public key's random art:
|
||||
+--[ RSA 2432]----+
|
||||
| o=o |
|
||||
|..oE.. |
|
||||
|.+=.o |
|
||||
|o.*.... |
|
||||
| * B +..S |
|
||||
|. * o oo . |
|
||||
| o . . . |
|
||||
| + |
|
||||
| . |
|
||||
+-----------------+
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjDCCAkSgAwIBAgIEUdgvFDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTIwNVoYDzIwMjMwNTE1MTQ1MjA1WjAnMQ8wDQYDVQQD
|
||||
EwZBIHVzZXIxFDASBgoJkiaJk/IsZAEBEwR0ZXN0MIIBUjANBgkqhkiG9w0BAQEF
|
||||
AAOCAT8AMIIBOgKCATEAq1SY/KnGFZWdpsGUhJSReR542y1IUZllAQLAQFJJXetw
|
||||
vCbvaDkeBJHi28tvk0BFHiKOcVpYiSh5XhoyJT6LnTs0fxn40C83t2Iyt1OlQyzF
|
||||
Xeys+TX6FCs0ZvHWp6HQg5pW9BmDvL8RdDAtqChboqt6xs2cXPhR6akMSNtxu7E0
|
||||
d/fu3l14wEgKNw1lHjsrFAOJcvJS7V8AxQZg6oAg0EPsZrzSJtvwKT5q+WIgvlgm
|
||||
RLrXjG92pgUg5Ji3xHJ6Xd9PDSPsLpxx7DD5FF/IdQurZ/Z9+012ZEql1fq0CFCd
|
||||
E8ePwnmwtD4vidMzJ02fi9NgJAersnI9KaXESuw8BNJJPiYb7HoQPcpFWoCLTSqW
|
||||
Y08tYygPO0dHynwsFUEy1eDJvqVVLLNrRipWsRvtKQIDAQABo3YwdDAMBgNVHRMB
|
||||
Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYD
|
||||
VR0OBBYEFIsBCUs7kezjIbkd7I1rTF2eQIBeMB8GA1UdIwQYMBaAFEgjNFMKiTE4
|
||||
SlrqyrbSpt7OHSsYMA0GCSqGSIb3DQEBCwUAA4IBMQBrveKQ1xHPbA3jvfRhzVeD
|
||||
Qb4qkkbd+kRsYBzvPh4v4eJbRYhqHlAtjZbEx4B1WXtUa/uGsPFtRQnbSN4gCodg
|
||||
MF418FLEVUTB/+F8PdZtWMoc/b8EmpsQNQX80QE8r7tkMV5Zj+9vDTXlwAd3DjEg
|
||||
juMu8aZN8b6FW98ESJ2MycnBuOPi0ktVg+nYe3Evjon8TafxsL9Hm5fEhd3DPTgV
|
||||
NghzEIcI9uYcTimopfUkuA3p2bgZJx1zNf57gR9KgWqTzaJx12AOCO7qyCtEG+RF
|
||||
bP5EaNaGrYlPfp/5GiqXD2vrXW44s1sTueNKEDJb3Km0oU6z+U+R3rzMNpFEuuA0
|
||||
dPdotHsO207sKAMBzwpjxCN1C0tBneBos8u/tVw9UpMguuq48Iz3puzNo6pPKv8g
|
||||
-----END CERTIFICATE-----
|
||||
Reference in New Issue
Block a user