mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
tests: added check for the CA certificate handler
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -14,7 +14,7 @@ EXTRA_DIST = ca-key.pem ca.pem common.sh server-cert.pem server-key.pem test1.co
|
||||
server-key-ossl.pem server-key-p8.pem proxyproto-unix-test user-cn.pem \
|
||||
user-cert-testuser.pem test-stress test-user-config.config user-config/testuser \
|
||||
test-sighup-key-change.config test-sighup-key-change.config user-config/testipnet \
|
||||
user-cert-testipnet.pem user-cert-invalid.pem
|
||||
user-cert-testipnet.pem user-cert-invalid.pem server-cert-ca.pem
|
||||
|
||||
SUBDIRS = docker-ocserv docker-kerberos
|
||||
|
||||
|
||||
42
tests/server-cert-ca.pem
Normal file
42
tests/server-cert-ca.pem
Normal file
@@ -0,0 +1,42 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDkTCCAkmgAwIBAgIEUdgu8DANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTEyOVoYDzIwMjMwNTE1MTQ1MTI5WjAUMRIwEAYDVQQD
|
||||
Ewlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQCnOivs
|
||||
PxSwLBn28W6QHb+OqfbpcIQJh/NQ81/DlFD6LGTWV4BY4Zb87tC9BBV+X3+lM/j8
|
||||
u5HvN3nDWtv4Ge0DryLW6Tcs6FPCt4srEfCkh5l54LrMmWbhFgkVlN5fTqoY0lnd
|
||||
YJx2X8WWldRjeL+8E7nFUcFStWrgi9AzgMFrjsL4pql97YAZRXcMoQXVjbRmzVLZ
|
||||
IVumQy7c+tl7Eqz8lx/xS/5Fx9tIRunqNS5jEUs8Nn5E6FvraAcy+eI0gXTGk759
|
||||
KNPYisSqAuFAmmt/XDTTvvOo6dpAseXqtR2/LjZJWOlXdiZ/yjHg5+RKQ5dt3dk5
|
||||
7lAIWER9egIOo/+GAkyek0ZJ5GWU6VxTsFcIl6oy3S7EtB0NCIM7hvhy32QrJ5ZU
|
||||
yNncTSf6qMVoedgdAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTAL
|
||||
gglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweg
|
||||
ADAdBgNVHQ4EFgQUqCVH9o9E1jUb72ys0de5boT536MwHwYDVR0jBBgwFoAUSCM0
|
||||
UwqJMThKWurKttKm3s4dKxgwDQYJKoZIhvcNAQELBQADggExAK7dBCSwM/OJw+6s
|
||||
9MJAb7Ygi9xhHSq30Hg3M7DaPC7J9rZB6+IAVb3poOZAtDDtyTqvXH7qY5UMjJC9
|
||||
GsFmHPI/OSk2xuJJpG+ZJaP54b7kzTtUD6UCHETsgBk2aNuqNhjXR2fYnR9QME0C
|
||||
zZWIDV+5DFEBI97ln30N6PcXvIxp7Rsac3qwzvwt3zL+23kTwgM+DoRPoPO0PHr/
|
||||
eQ9hvRU5wA2Vc47zhUXIFy1Jmx7Sf//pw0/wq46VUAjDZ5B09EoCpzBNvOD7P+cF
|
||||
FQQ7SId8h8OQ2uOWxT2baeJX0pVbVv+qwOOB1F0q3sjx0dZa/2rxOUZ3wnHG9j8j
|
||||
LZSUkZxGpPQffCSpSPma5RhYff8/BncdA8soT0dyEfXIX5V91IXnrlI8XZrADvJM
|
||||
zzJKdNg=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPzCCAfegAwIBAgIEUdguzDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDEwJD
|
||||
QTAiGA8yMDEzMDcwNjE0NTA1MloYDzIwMjMwNTE1MTQ1MDUyWjANMQswCQYDVQQD
|
||||
EwJDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/Hsqw
|
||||
fvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJ
|
||||
l1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyW
|
||||
DrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuh
|
||||
zSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKt
|
||||
c+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b
|
||||
7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Ep
|
||||
n4B5qnUCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
|
||||
MB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDANBgkqhkiG9w0BAQsFAAOC
|
||||
ATEAa1kdd8E1PkM06Isw0S/thEll0rAYsNHwSX17IDUWocTTQlmVXBXcvLqM04QT
|
||||
z7WNG4eushLhRpSn8LJQkf4RgvAxOMIjHM9troDbPVoec6k8fZrJ8jfXurOgoOVP
|
||||
g+hScT3VDvxgiOVwgXSe2XBryGDaviRuSOHlfy5GPVirLJLZwpcX6RpsHMX9rrZX
|
||||
ghvf8dwm4To9H5wT0Le2FnZRoLOTMmpr49bfKJqy/U7AUHaf4saSdkdEIaGOxkPk
|
||||
x+SFlr9TjavnJvL0TApkvfNZ1aOVHRHINgaFYHQJ4U0jQ/g7lPmD+UtZWnvSMNXH
|
||||
yct5cKOyP4j7Kla1sKPs+oamOQ7pR1Z/GwBxe48FvO7VDi7EkugLwlzoXC2G+4Jg
|
||||
fJbi9Ui2FmXEeKkX34f1ONNj9Q==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -60,6 +60,29 @@ fi
|
||||
|
||||
echo "ok"
|
||||
|
||||
echo -n "Connecting to GET CA PEM certificate... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so curl https://$ADDRESS:$PORT/ca.pem --insecure > $TMPFILE 2>/dev/null ) ||
|
||||
fail $PID "Could not get certificate!"
|
||||
|
||||
cmp $TMPFILE "${srcdir}/ca.pem"
|
||||
if test $? != 0;then
|
||||
fail $PID "failed, certs not match"
|
||||
fi
|
||||
|
||||
echo "ok"
|
||||
|
||||
echo -n "Connecting to GET CA DER certificate... "
|
||||
( LD_PRELOAD=libsocket_wrapper.so curl https://$ADDRESS:$PORT/ca.cer --insecure > $TMPFILE 2>/dev/null ) ||
|
||||
fail $PID "Could not get DER certificate!"
|
||||
|
||||
certtool --inder -i <"$TMPFILE" >$TMPFILE2
|
||||
certtool -i <"${srcdir}/ca.pem" >$TMPFILE
|
||||
cmp "$TMPFILE" "$TMPFILE2"
|
||||
if test $? != 0;then
|
||||
fail $PID "failed, certs not match"
|
||||
fi
|
||||
|
||||
echo "ok"
|
||||
|
||||
cleanup
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ try-mtu-discovery = false
|
||||
#
|
||||
# There may be multiple certificate and key pairs and each key
|
||||
# should correspond to the preceding certificate.
|
||||
server-cert = @SRCDIR@/server-cert.pem
|
||||
server-cert = @SRCDIR@/server-cert-ca.pem
|
||||
server-key = @SRCDIR@/server-key.pem
|
||||
|
||||
# Diffie-Hellman parameters. Only needed if you require support
|
||||
|
||||
Reference in New Issue
Block a user