VMS adjustments:

catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'

Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Richard Levitte 2015-01-29 13:13:28 +01:00
parent c168a027cf
commit 132536f96e
5 changed files with 298 additions and 97 deletions

View File

@ -94,12 +94,12 @@ $! library that isn't necessarely ported to VMS.
$!
$ ENGINES = "," + P6
$ IF ENGINES .EQS. "," THEN -
ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
ENGINES = ",4758cca,padlock,capi,"
$!
$! GOST requires a 64-bit integer type, unavailable on VAX.
$!
$ IF (ARCH .NES. "VAX") THEN -
ENGINES = ENGINES+ ",ccgost"
ENGINES = ENGINES+ ",gost"
$!
$! Check options.
$!
@ -156,20 +156,14 @@ $ TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ"
$ TV_OBJ = ",''TV_OBJ_NAME'"
$ ENDIF
$ ENGINE_4758CCA = "e_4758cca"
$ ENGINE_aep = "e_aep"
$ ENGINE_atalla = "e_atalla"
$ ENGINE_cswift = "e_cswift"
$ ENGINE_chil = "e_chil"
$ ENGINE_nuron = "e_nuron"
$ ENGINE_sureware = "e_sureware"
$ ENGINE_ubsec = "e_ubsec"
$ ENGINE_padlock = "e_padlock"
$
$ ENGINE_ccgost_SUBDIR = "ccgost"
$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
"gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
"gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
"gost_sign"
$ ENGINE_capi = "e_capi"
$
$ ENGINE_gost_SUBDIR = "ccgost"
$ ENGINE_gost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
"gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
"gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
"gost_sign"
$!
$! Define which programs need to be linked with a TCP/IP library
$!

View File

@ -213,16 +213,15 @@ $ ENDIF
$!
$! Define The Different SSL "library" Files.
$!
$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
"s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
"t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
"d1_both,d1_enc,d1_srtp,"+ -
$ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ -
"s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ -
"t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc, t1_ext,"+ -
"d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ -
"d1_both,d1_srtp,"+ -
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
"ssl_asn1,ssl_txt,ssl_algs,"+ -
"bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce"
"ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ -
"bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst"
$!
$ COMPILEWITH_CC5 = ""
$!
@ -240,7 +239,7 @@ $ NEXT_FILE:
$!
$! O.K, Extract The File Name From The File List.
$!
$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"TRIM")
$!
$! Check To See If We Are At The End Of The File List.
$!

View File

@ -142,47 +142,56 @@ $!
$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
"MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
"RC2TEST,RC4TEST,RC5TEST,"+ -
"DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
"DESTEST,SHA1TEST,SHA256T,SHA512T,"+ -
"MDC2TEST,RMDTEST,"+ -
"RANDTEST,DHTEST,ENGINETEST,"+ -
"BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
"EVP_TEST,IGETEST,JPAKETEST,SRPTEST"
"GOST2814789TEST,"+ -
"BFTEST,CASTTEST,SSLTEST,"+ -
"EXPTEST,DSATEST,RSA_TEST,"+ -
"EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
"V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ -
"CONSTANT_TIME_TEST"
$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
$!
$! Additional directory information.
$ T_D_BNTEST := [-.crypto.bn]
$ T_D_ECTEST := [-.crypto.ec]
$ T_D_ECDSATEST := [-.crypto.ecdsa]
$ T_D_ECDHTEST := [-.crypto.ecdh]
$ T_D_IDEATEST := [-.crypto.idea]
$ T_D_MD2TEST := [-.crypto.md2]
$ T_D_MD4TEST := [-.crypto.md4]
$ T_D_MD5TEST := [-.crypto.md5]
$ T_D_HMACTEST := [-.crypto.hmac]
$ T_D_WP_TEST := [-.crypto.whrlpool]
$ T_D_RC2TEST := [-.crypto.rc2]
$ T_D_RC4TEST := [-.crypto.rc4]
$ T_D_RC5TEST := [-.crypto.rc5]
$ T_D_DESTEST := [-.crypto.des]
$ T_D_SHATEST := [-.crypto.sha]
$ T_D_SHA1TEST := [-.crypto.sha]
$ T_D_SHA256T := [-.crypto.sha]
$ T_D_SHA512T := [-.crypto.sha]
$ T_D_MDC2TEST := [-.crypto.mdc2]
$ T_D_RMDTEST := [-.crypto.ripemd]
$ T_D_RANDTEST := [-.crypto.rand]
$ T_D_DHTEST := [-.crypto.dh]
$ T_D_ENGINETEST := [-.crypto.engine]
$ T_D_BFTEST := [-.crypto.bf]
$ T_D_CASTTEST := [-.crypto.cast]
$ T_D_SSLTEST := [-.ssl]
$ T_D_EXPTEST := [-.crypto.bn]
$ T_D_DSATEST := [-.crypto.dsa]
$ T_D_RSA_TEST := [-.crypto.rsa]
$ T_D_EVP_TEST := [-.crypto.evp]
$ T_D_IGETEST := [-.test]
$ T_D_JPAKETEST := [-.crypto.jpake]
$ T_D_SRPTEST := [-.crypto.srp]
$ T_D_BNTEST := [-.crypto.bn]
$ T_D_ECTEST := [-.crypto.ec]
$ T_D_ECDSATEST := [-.crypto.ecdsa]
$ T_D_ECDHTEST := [-.crypto.ecdh]
$ T_D_IDEATEST := [-.crypto.idea]
$ T_D_MD2TEST := [-.crypto.md2]
$ T_D_MD4TEST := [-.crypto.md4]
$ T_D_MD5TEST := [-.crypto.md5]
$ T_D_HMACTEST := [-.crypto.hmac]
$ T_D_WP_TEST := [-.crypto.whrlpool]
$ T_D_RC2TEST := [-.crypto.rc2]
$ T_D_RC4TEST := [-.crypto.rc4]
$ T_D_RC5TEST := [-.crypto.rc5]
$ T_D_DESTEST := [-.crypto.des]
$ T_D_SHATEST := [-.crypto.sha]
$ T_D_SHA1TEST := [-.crypto.sha]
$ T_D_SHA256T := [-.crypto.sha]
$ T_D_SHA512T := [-.crypto.sha]
$ T_D_MDC2TEST := [-.crypto.mdc2]
$ T_D_RMDTEST := [-.crypto.ripemd]
$ T_D_RANDTEST := [-.crypto.rand]
$ T_D_DHTEST := [-.crypto.dh]
$ T_D_ENGINETEST := [-.crypto.engine]
$ T_D_GOST2814789TEST := [-.engines.ccgost]
$ T_D_BFTEST := [-.crypto.bf]
$ T_D_CASTTEST := [-.crypto.cast]
$ T_D_SSLTEST := [-.ssl]
$ T_D_EXPTEST := [-.crypto.bn]
$ T_D_DSATEST := [-.crypto.dsa]
$ T_D_RSA_TEST := [-.crypto.rsa]
$ T_D_EVP_TEST := [-.crypto.evp]
$ T_D_IGETEST := [-.test]
$ T_D_JPAKETEST := [-.crypto.jpake]
$ T_D_SRPTEST := [-.crypto.srp]
$ T_D_V3NAMETEST := [-.crypto.x509v3]
$ T_D_HEARTBEAT_TEST := [-.ssl]
$ T_D_P5_CRPT2_TEST := [-.crypto.evp]
$ T_D_CONSTANT_TIME_TEST := [-.crypto]
$!
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -
@ -468,7 +477,7 @@ $ CHECK_OPTIONS:
$!
$! Set basic C compiler /INCLUDE directories.
$!
$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
$!
$! Check To See If P1 Is Blank.
$!
@ -1060,10 +1069,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A
$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "TEST]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"
$!
$! Set up the logical name OPENSSL to point at the include directory
$!
$ DEFINE OPENSSL /NOLOG '__INCLUDE'
$ DEFINE INTERNAL /NOLOG '__INTERNAL'
$!
$! Done
$!
@ -1076,6 +1087,7 @@ $!
$ IF __SAVE_OPENSSL .EQS. ""
$ THEN
$ DEASSIGN OPENSSL
$ DEASSIGN INTERNAL
$ ELSE
$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
$ ENDIF

View File

@ -27,6 +27,7 @@ $ endif
$!
$ texe_dir := sys$disk:[-.'__archd'.exe.test]
$ exe_dir := sys$disk:[-.'__archd'.exe.apps]
$ engines_dir := sys$disk:[-.'__archd'.exe.engines]
$
$ set default '__here'
$
@ -51,47 +52,55 @@ $! if there's a difference that needs to be taken care of.
$ tests := -
test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
test_md2,test_mdc2,test_wp,-
test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
test_enc,test_x509,test_rsa,test_crl,test_sid,-
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
test_jpake,test_srp,test_cms
test_jpake,test_srp,test_cms,test_v3name,test_ocsp,-
test_gost2814789,test_heartbeat,test_p5_crpt2,-
test_constant_time
$ endif
$ tests = f$edit(tests,"COLLAPSE")
$
$ BNTEST := bntest
$ ECTEST := ectest
$ ECDSATEST := ecdsatest
$ ECDHTEST := ecdhtest
$ EXPTEST := exptest
$ IDEATEST := ideatest
$ SHATEST := shatest
$ SHA1TEST := sha1test
$ MDC2TEST := mdc2test
$ RMDTEST := rmdtest
$ MD2TEST := md2test
$ MD4TEST := md4test
$ MD5TEST := md5test
$ HMACTEST := hmactest
$ WPTEST := wp_test
$ RC2TEST := rc2test
$ RC4TEST := rc4test
$ RC5TEST := rc5test
$ BFTEST := bftest
$ CASTTEST := casttest
$ DESTEST := destest
$ RANDTEST := randtest
$ DHTEST := dhtest
$ DSATEST := dsatest
$ METHTEST := methtest
$ SSLTEST := ssltest
$ RSATEST := rsa_test
$ ENGINETEST := enginetest
$ EVPTEST := evp_test
$ IGETEST := igetest
$ JPAKETEST := jpaketest
$ SRPTEST := srptest
$ BNTEST := bntest
$ ECTEST := ectest
$ ECDSATEST := ecdsatest
$ ECDHTEST := ecdhtest
$ EXPTEST := exptest
$ IDEATEST := ideatest
$ SHA1TEST := sha1test
$ SHA256TEST := sha256t
$ SHA512TEST := sha512t
$ MDC2TEST := mdc2test
$ RMDTEST := rmdtest
$ MD2TEST := md2test
$ MD4TEST := md4test
$ MD5TEST := md5test
$ HMACTEST := hmactest
$ WPTEST := wp_test
$ RC2TEST := rc2test
$ RC4TEST := rc4test
$ RC5TEST := rc5test
$ BFTEST := bftest
$ CASTTEST := casttest
$ DESTEST := destest
$ RANDTEST := randtest
$ DHTEST := dhtest
$ DSATEST := dsatest
$ METHTEST := methtest
$ SSLTEST := ssltest
$ RSATEST := rsa_test
$ ENGINETEST := enginetest
$ GOST2814789TEST := gost2814789test
$ EVPTEST := evp_test
$ P5_CRPT2_TEST := p5_crpt2_test
$ IGETEST := igetest
$ JPAKETEST := jpaketest
$ SRPTEST := srptest
$ V3NAMETEST := v3nametest
$ HEARTBEATTEST := heartbeat_test
$ CONSTTIMETEST := constant_time_test
$!
$ tests_i = 0
$ loop_tests:
@ -105,6 +114,9 @@ $
$ test_evp:
$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
$ return
$ test_p5_crpt2:
$ mcr 'texe_dir''p5_crpt2_test'
$ return
$ test_des:
$ mcr 'texe_dir''destest'
$ return
@ -112,8 +124,9 @@ $ test_idea:
$ mcr 'texe_dir''ideatest'
$ return
$ test_sha:
$ mcr 'texe_dir''shatest'
$ mcr 'texe_dir''sha1test'
$ mcr 'texe_dir''sha256test'
$ mcr 'texe_dir''sha512test'
$ return
$ test_mdc2:
$ mcr 'texe_dir''mdc2test'
@ -154,6 +167,10 @@ $ return
$ test_rand:
$ mcr 'texe_dir''randtest'
$ return
$ test_gost2814789:
$ define/user OPENSSL_ENGINES 'engines_dir'
$ mcr 'texe_dir''gost2814789test'
$ return
$ test_enc:
$ @testenc.com 'pointer_size'
$ return
@ -361,7 +378,21 @@ $ test_srp:
$ write sys$output "Test SRP"
$ mcr 'texe_dir''srptest'
$ return
$
$ test_v3name:
$ write sys$output "Test X509v3_check_*"
$ mcr 'texe_dir''v3nametest'
$ return
$ test_ocsp:
$ write sys$output "Test OCSP"
$ @tocsp.com
$ return
$ test_heartbeat:
$ mcr 'texe_dir''heartbeattest'
$ return
$ test_constant_time:
$ write sys$output "Test constant time utilites"
$ mcr 'texe_dir''consttimetest'
$ return
$
$ exit:
$ mcr 'exe_dir'openssl version -a

165
test/tocsp.com Normal file
View File

@ -0,0 +1,165 @@
$! TOCSP.COM -- Test ocsp
$
$ __arch = "VAX"
$ if f$getsyi("cpu") .ge. 128 then -
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if __arch .eqs. "" then __arch = "UNK"
$!
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
$!
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
$
$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
$ ocspdir = "ocsp-tests"
$
$! 17 December 2012 so we don't get certificate expiry errors.
$ check_time="-attime 1355875200"
$
$ test_ocsp:
$ subroutine
$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
"-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
$ if $severity .ne. p3+1
$ then
$ write sys$error "OCSP test failed!"
$ exit 3
$ endif
$ endsubroutine
$
$ set noon
$
$ write sys$output "=== VALID OCSP RESPONSES ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
$
$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
$
$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
$
$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
$! Expect success, because we're explicitly trusting the issuer certificate.
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
$ write sys$output "NON-DELEGATED; Root CA -> EE"
$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
$ write sys$output "DELEGATED; Intermediate CA -> EE"
$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
$ write sys$output "DELEGATED; Root CA -> EE"
$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
$
$ write sys$output "ALL OCSP TESTS SUCCESSFUL"
$
$ set on
$
$ exit