diff --git a/tests/common.sh b/tests/common.sh index 867adc59..cc3db5ec 100644 --- a/tests/common.sh +++ b/tests/common.sh @@ -52,6 +52,10 @@ launch_server() { fi } +launch_simple_server() { + $SERV $* >/dev/null 2>&1 & +} + launch_debug_server() { valgrind --leak-check=full $SERV $* >out.txt 2>&1 & LOCALPID="$!"; diff --git a/tests/test-cert b/tests/test-cert index 92334412..6ebbdc02 100755 --- a/tests/test-cert +++ b/tests/test-cert @@ -26,7 +26,20 @@ PORT=4446 echo "Testing ocserv with certificates... " -launch_server -d 1 -f -c test3.config & PID=$! +echo crl_next_update = 999 >crl.tmpl +echo crl_number = 1 >>crl.tmpl + +rm -f crl.pem +certtool --generate-crl --load-ca-privkey ca-key.pem --load-ca-certificate ca.pem \ + --outfile crl.pem --template crl.tmpl >/dev/null 2>&1 +if test $? != 0;then + kill $PID + exit 77 +fi + +launch_simple_server -d 1 -f -c test3.config +PID=$! + wait_server $PID echo -n "Connecting to obtain cookie (without certificate)... " @@ -42,10 +55,30 @@ echo -n "Connecting to obtain cookie (with certificate)... " echo ok +#revoking the certificate +certtool --generate-crl --load-ca-privkey ca-key.pem --load-ca-certificate ca.pem \ + --load-certificate ./user-cert.pem --outfile crl.pem --template crl.tmpl >/dev/null 2>&1 +if test $? != 0;then + kill $PID + exit 77 +fi + +echo "Reloading server" +kill -HUP $PID +sleep 5 + +echo -n "Connecting to obtain cookie (with certificate)... " +( openconnect -q localhost:$PORT --sslkey ./user-key.pem -c ./user-cert.pem --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly /dev/null 2>&1 ) && + fail $PID "Connected with revoked certificate!" + +echo ok + #echo "Normal connection... " #( echo "test" | openconnect -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --script=/bin/true ) || # fail $PID "Could not connect to server" +rm -f crl.pem crl.tmpl + kill $PID wait diff --git a/tests/test3.config b/tests/test3.config index bdbd3e17..0cf1080e 100644 --- a/tests/test3.config +++ b/tests/test3.config @@ -87,7 +87,7 @@ cert-user-oid = 0.9.2342.19200300.100.1.1 #cert-group-oid = 2.5.4.11 # A revocation list of ca-cert is set -#crl = /path/to/crl.pem +crl = crl.pem # GnuTLS priority string tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"