GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added test for CRL file support.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2014-04-02 12:06:15 +02:00
parent d00319faf4
commit c094a94d19
3 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/common.sh
View File

@@ -52,6 +52,10 @@ launch_server() {
fi
}
launch_simple_server() {
$SERV $* >/dev/null 2>&1 &
}
launch_debug_server() {
valgrind --leak-check=full $SERV $* >out.txt 2>&1 &
LOCALPID="$!";

35
tests/test-cert
View File

@@ -26,7 +26,20 @@ PORT=4446
echo "Testing ocserv with certificates... "
launch_server -d 1 -f -c test3.config & PID=$!
echo crl_next_update = 999 >crl.tmpl
echo crl_number = 1 >>crl.tmpl
rm -f crl.pem
certtool --generate-crl --load-ca-privkey ca-key.pem --load-ca-certificate ca.pem \
--outfile crl.pem --template crl.tmpl >/dev/null 2>&1
if test $? != 0;then
kill $PID
exit 77
fi
launch_simple_server -d 1 -f -c test3.config
PID=$!
wait_server $PID
echo -n "Connecting to obtain cookie (without certificate)... "
@@ -42,10 +55,30 @@ echo -n "Connecting to obtain cookie (with certificate)... "
echo ok
#revoking the certificate
certtool --generate-crl --load-ca-privkey ca-key.pem --load-ca-certificate ca.pem \
--load-certificate ./user-cert.pem --outfile crl.pem --template crl.tmpl >/dev/null 2>&1
if test $? != 0;then
kill $PID
exit 77
fi
echo "Reloading server"
kill -HUP $PID
sleep 5
echo -n "Connecting to obtain cookie (with certificate)... "
( openconnect -q localhost:$PORT --sslkey ./user-key.pem -c ./user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly </dev/null >/dev/null 2>&1 ) &&
fail $PID "Connected with revoked certificate!"
echo ok
#echo "Normal connection... "
#( echo "test" | openconnect -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) ||
# fail $PID "Could not connect to server"
rm -f crl.pem crl.tmpl
kill $PID
wait

2
tests/test3.config
View File

@@ -87,7 +87,7 @@ cert-user-oid = 0.9.2342.19200300.100.1.1
#cert-group-oid = 2.5.4.11
# A revocation list of ca-cert is set
#crl = /path/to/crl.pem
crl = crl.pem
# GnuTLS priority string
tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"