GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

tests: added check for the CA certificate handler

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2016-05-17 14:46:12 +02:00
parent f87871fc48
commit a9c5a8271c
4 changed files with 67 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/Makefile.am
View File

@@ -14,7 +14,7 @@ EXTRA_DIST = ca-key.pem ca.pem common.sh server-cert.pem server-key.pem test1.co
server-key-ossl.pem server-key-p8.pem proxyproto-unix-test user-cn.pem \ server-key-ossl.pem server-key-p8.pem proxyproto-unix-test user-cn.pem \
user-cert-testuser.pem test-stress test-user-config.config user-config/testuser \ user-cert-testuser.pem test-stress test-user-config.config user-config/testuser \
test-sighup-key-change.config test-sighup-key-change.config user-config/testipnet \ test-sighup-key-change.config test-sighup-key-change.config user-config/testipnet \
user-cert-testipnet.pem user-cert-invalid.pem user-cert-testipnet.pem user-cert-invalid.pem server-cert-ca.pem
SUBDIRS = docker-ocserv docker-kerberos SUBDIRS = docker-ocserv docker-kerberos

42
tests/server-cert-ca.pem Normal file
View File

@@ -0,0 +1,42 @@
-----BEGIN CERTIFICATE-----
MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD
Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs
PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8
u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd
YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ
IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759
KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5
7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU
yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL
gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg
ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0
UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s
9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9
GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C
zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/
eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF
FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j
LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM
zzJKdNg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD
EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw
fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ
l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW
DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh
zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt
c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b
7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep
n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC
ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT
z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP
g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX
ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk
x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH
yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg
fJbi9Ui2FmXEeKkX34f1ONNj9Q==
-----END CERTIFICATE-----

23
tests/test-get-cert
View File

@@ -60,6 +60,29 @@ fi
echo "ok" echo "ok"
echo -n "Connecting to GET CA PEM certificate... "
( LD_PRELOAD=libsocket_wrapper.so curl https://$ADDRESS:$PORT/ca.pem --insecure > $TMPFILE 2>/dev/null ) ||
fail $PID "Could not get certificate!"
cmp $TMPFILE "${srcdir}/ca.pem"
if test $? != 0;then
fail $PID "failed, certs not match"
fi
echo "ok"
echo -n "Connecting to GET CA DER certificate... "
( LD_PRELOAD=libsocket_wrapper.so curl https://$ADDRESS:$PORT/ca.cer --insecure > $TMPFILE 2>/dev/null ) ||
fail $PID "Could not get DER certificate!"
certtool --inder -i <"$TMPFILE" >$TMPFILE2
certtool -i <"${srcdir}/ca.pem" >$TMPFILE
cmp "$TMPFILE" "$TMPFILE2"
if test $? != 0;then
fail $PID "failed, certs not match"
fi
echo "ok"
cleanup cleanup

2
tests/test-user-cert.config
View File

@@ -45,7 +45,7 @@ try-mtu-discovery = false
# #
# There may be multiple certificate and key pairs and each key # There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate. # should correspond to the preceding certificate.
server-cert = @SRCDIR@/server-cert.pem server-cert = @SRCDIR@/server-cert-ca.pem
server-key = @SRCDIR@/server-key.pem server-key = @SRCDIR@/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support # Diffie-Hellman parameters. Only needed if you require support