mirror of
https://github.com/openssl/openssl.git
synced 2024-11-25 19:13:48 +08:00
VMS adjustments:
catch up with the Unix build. A number of new tests, among others test/tocsp.com Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"' Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
parent
c168a027cf
commit
132536f96e
@ -94,12 +94,12 @@ $! library that isn't necessarely ported to VMS.
|
||||
$!
|
||||
$ ENGINES = "," + P6
|
||||
$ IF ENGINES .EQS. "," THEN -
|
||||
ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
|
||||
ENGINES = ",4758cca,padlock,capi,"
|
||||
$!
|
||||
$! GOST requires a 64-bit integer type, unavailable on VAX.
|
||||
$!
|
||||
$ IF (ARCH .NES. "VAX") THEN -
|
||||
ENGINES = ENGINES+ ",ccgost"
|
||||
ENGINES = ENGINES+ ",gost"
|
||||
$!
|
||||
$! Check options.
|
||||
$!
|
||||
@ -156,20 +156,14 @@ $ TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ"
|
||||
$ TV_OBJ = ",''TV_OBJ_NAME'"
|
||||
$ ENDIF
|
||||
$ ENGINE_4758CCA = "e_4758cca"
|
||||
$ ENGINE_aep = "e_aep"
|
||||
$ ENGINE_atalla = "e_atalla"
|
||||
$ ENGINE_cswift = "e_cswift"
|
||||
$ ENGINE_chil = "e_chil"
|
||||
$ ENGINE_nuron = "e_nuron"
|
||||
$ ENGINE_sureware = "e_sureware"
|
||||
$ ENGINE_ubsec = "e_ubsec"
|
||||
$ ENGINE_padlock = "e_padlock"
|
||||
$
|
||||
$ ENGINE_ccgost_SUBDIR = "ccgost"
|
||||
$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
|
||||
"gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
|
||||
"gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
|
||||
"gost_sign"
|
||||
$ ENGINE_capi = "e_capi"
|
||||
$
|
||||
$ ENGINE_gost_SUBDIR = "ccgost"
|
||||
$ ENGINE_gost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
|
||||
"gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
|
||||
"gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
|
||||
"gost_sign"
|
||||
$!
|
||||
$! Define which programs need to be linked with a TCP/IP library
|
||||
$!
|
||||
|
@ -213,16 +213,15 @@ $ ENDIF
|
||||
$!
|
||||
$! Define The Different SSL "library" Files.
|
||||
$!
|
||||
$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
|
||||
"s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
|
||||
"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
|
||||
"t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
|
||||
"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
|
||||
"d1_both,d1_enc,d1_srtp,"+ -
|
||||
$ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ -
|
||||
"s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ -
|
||||
"t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc, t1_ext,"+ -
|
||||
"d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ -
|
||||
"d1_both,d1_srtp,"+ -
|
||||
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
|
||||
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
|
||||
"ssl_asn1,ssl_txt,ssl_algs,"+ -
|
||||
"bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce"
|
||||
"ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ -
|
||||
"bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst"
|
||||
$!
|
||||
$ COMPILEWITH_CC5 = ""
|
||||
$!
|
||||
@ -240,7 +239,7 @@ $ NEXT_FILE:
|
||||
$!
|
||||
$! O.K, Extract The File Name From The File List.
|
||||
$!
|
||||
$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
|
||||
$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"TRIM")
|
||||
$!
|
||||
$! Check To See If We Are At The End Of The File List.
|
||||
$!
|
||||
|
@ -142,47 +142,56 @@ $!
|
||||
$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
|
||||
"MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
|
||||
"RC2TEST,RC4TEST,RC5TEST,"+ -
|
||||
"DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
|
||||
"DESTEST,SHA1TEST,SHA256T,SHA512T,"+ -
|
||||
"MDC2TEST,RMDTEST,"+ -
|
||||
"RANDTEST,DHTEST,ENGINETEST,"+ -
|
||||
"BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
|
||||
"EVP_TEST,IGETEST,JPAKETEST,SRPTEST"
|
||||
"GOST2814789TEST,"+ -
|
||||
"BFTEST,CASTTEST,SSLTEST,"+ -
|
||||
"EXPTEST,DSATEST,RSA_TEST,"+ -
|
||||
"EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
|
||||
"V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ -
|
||||
"CONSTANT_TIME_TEST"
|
||||
$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
|
||||
$!
|
||||
$! Additional directory information.
|
||||
$ T_D_BNTEST := [-.crypto.bn]
|
||||
$ T_D_ECTEST := [-.crypto.ec]
|
||||
$ T_D_ECDSATEST := [-.crypto.ecdsa]
|
||||
$ T_D_ECDHTEST := [-.crypto.ecdh]
|
||||
$ T_D_IDEATEST := [-.crypto.idea]
|
||||
$ T_D_MD2TEST := [-.crypto.md2]
|
||||
$ T_D_MD4TEST := [-.crypto.md4]
|
||||
$ T_D_MD5TEST := [-.crypto.md5]
|
||||
$ T_D_HMACTEST := [-.crypto.hmac]
|
||||
$ T_D_WP_TEST := [-.crypto.whrlpool]
|
||||
$ T_D_RC2TEST := [-.crypto.rc2]
|
||||
$ T_D_RC4TEST := [-.crypto.rc4]
|
||||
$ T_D_RC5TEST := [-.crypto.rc5]
|
||||
$ T_D_DESTEST := [-.crypto.des]
|
||||
$ T_D_SHATEST := [-.crypto.sha]
|
||||
$ T_D_SHA1TEST := [-.crypto.sha]
|
||||
$ T_D_SHA256T := [-.crypto.sha]
|
||||
$ T_D_SHA512T := [-.crypto.sha]
|
||||
$ T_D_MDC2TEST := [-.crypto.mdc2]
|
||||
$ T_D_RMDTEST := [-.crypto.ripemd]
|
||||
$ T_D_RANDTEST := [-.crypto.rand]
|
||||
$ T_D_DHTEST := [-.crypto.dh]
|
||||
$ T_D_ENGINETEST := [-.crypto.engine]
|
||||
$ T_D_BFTEST := [-.crypto.bf]
|
||||
$ T_D_CASTTEST := [-.crypto.cast]
|
||||
$ T_D_SSLTEST := [-.ssl]
|
||||
$ T_D_EXPTEST := [-.crypto.bn]
|
||||
$ T_D_DSATEST := [-.crypto.dsa]
|
||||
$ T_D_RSA_TEST := [-.crypto.rsa]
|
||||
$ T_D_EVP_TEST := [-.crypto.evp]
|
||||
$ T_D_IGETEST := [-.test]
|
||||
$ T_D_JPAKETEST := [-.crypto.jpake]
|
||||
$ T_D_SRPTEST := [-.crypto.srp]
|
||||
$ T_D_BNTEST := [-.crypto.bn]
|
||||
$ T_D_ECTEST := [-.crypto.ec]
|
||||
$ T_D_ECDSATEST := [-.crypto.ecdsa]
|
||||
$ T_D_ECDHTEST := [-.crypto.ecdh]
|
||||
$ T_D_IDEATEST := [-.crypto.idea]
|
||||
$ T_D_MD2TEST := [-.crypto.md2]
|
||||
$ T_D_MD4TEST := [-.crypto.md4]
|
||||
$ T_D_MD5TEST := [-.crypto.md5]
|
||||
$ T_D_HMACTEST := [-.crypto.hmac]
|
||||
$ T_D_WP_TEST := [-.crypto.whrlpool]
|
||||
$ T_D_RC2TEST := [-.crypto.rc2]
|
||||
$ T_D_RC4TEST := [-.crypto.rc4]
|
||||
$ T_D_RC5TEST := [-.crypto.rc5]
|
||||
$ T_D_DESTEST := [-.crypto.des]
|
||||
$ T_D_SHATEST := [-.crypto.sha]
|
||||
$ T_D_SHA1TEST := [-.crypto.sha]
|
||||
$ T_D_SHA256T := [-.crypto.sha]
|
||||
$ T_D_SHA512T := [-.crypto.sha]
|
||||
$ T_D_MDC2TEST := [-.crypto.mdc2]
|
||||
$ T_D_RMDTEST := [-.crypto.ripemd]
|
||||
$ T_D_RANDTEST := [-.crypto.rand]
|
||||
$ T_D_DHTEST := [-.crypto.dh]
|
||||
$ T_D_ENGINETEST := [-.crypto.engine]
|
||||
$ T_D_GOST2814789TEST := [-.engines.ccgost]
|
||||
$ T_D_BFTEST := [-.crypto.bf]
|
||||
$ T_D_CASTTEST := [-.crypto.cast]
|
||||
$ T_D_SSLTEST := [-.ssl]
|
||||
$ T_D_EXPTEST := [-.crypto.bn]
|
||||
$ T_D_DSATEST := [-.crypto.dsa]
|
||||
$ T_D_RSA_TEST := [-.crypto.rsa]
|
||||
$ T_D_EVP_TEST := [-.crypto.evp]
|
||||
$ T_D_IGETEST := [-.test]
|
||||
$ T_D_JPAKETEST := [-.crypto.jpake]
|
||||
$ T_D_SRPTEST := [-.crypto.srp]
|
||||
$ T_D_V3NAMETEST := [-.crypto.x509v3]
|
||||
$ T_D_HEARTBEAT_TEST := [-.ssl]
|
||||
$ T_D_P5_CRPT2_TEST := [-.crypto.evp]
|
||||
$ T_D_CONSTANT_TIME_TEST := [-.crypto]
|
||||
$!
|
||||
$ TCPIP_PROGRAMS = ",,"
|
||||
$ IF COMPILER .EQS. "VAXC" THEN -
|
||||
@ -468,7 +477,7 @@ $ CHECK_OPTIONS:
|
||||
$!
|
||||
$! Set basic C compiler /INCLUDE directories.
|
||||
$!
|
||||
$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
|
||||
$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
|
||||
$!
|
||||
$! Check To See If P1 Is Blank.
|
||||
$!
|
||||
@ -1060,10 +1069,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A
|
||||
$ __HERE = F$EDIT(__HERE,"UPCASE")
|
||||
$ __TOP = __HERE - "TEST]"
|
||||
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
|
||||
$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"
|
||||
$!
|
||||
$! Set up the logical name OPENSSL to point at the include directory
|
||||
$!
|
||||
$ DEFINE OPENSSL /NOLOG '__INCLUDE'
|
||||
$ DEFINE INTERNAL /NOLOG '__INTERNAL'
|
||||
$!
|
||||
$! Done
|
||||
$!
|
||||
@ -1076,6 +1087,7 @@ $!
|
||||
$ IF __SAVE_OPENSSL .EQS. ""
|
||||
$ THEN
|
||||
$ DEASSIGN OPENSSL
|
||||
$ DEASSIGN INTERNAL
|
||||
$ ELSE
|
||||
$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
|
||||
$ ENDIF
|
||||
|
103
test/tests.com
103
test/tests.com
@ -27,6 +27,7 @@ $ endif
|
||||
$!
|
||||
$ texe_dir := sys$disk:[-.'__archd'.exe.test]
|
||||
$ exe_dir := sys$disk:[-.'__archd'.exe.apps]
|
||||
$ engines_dir := sys$disk:[-.'__archd'.exe.engines]
|
||||
$
|
||||
$ set default '__here'
|
||||
$
|
||||
@ -51,47 +52,55 @@ $! if there's a difference that needs to be taken care of.
|
||||
$ tests := -
|
||||
test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
|
||||
test_md2,test_mdc2,test_wp,-
|
||||
test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
|
||||
test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
|
||||
test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
|
||||
test_enc,test_x509,test_rsa,test_crl,test_sid,-
|
||||
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
|
||||
test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
|
||||
test_jpake,test_srp,test_cms
|
||||
test_jpake,test_srp,test_cms,test_v3name,test_ocsp,-
|
||||
test_gost2814789,test_heartbeat,test_p5_crpt2,-
|
||||
test_constant_time
|
||||
$ endif
|
||||
$ tests = f$edit(tests,"COLLAPSE")
|
||||
$
|
||||
$ BNTEST := bntest
|
||||
$ ECTEST := ectest
|
||||
$ ECDSATEST := ecdsatest
|
||||
$ ECDHTEST := ecdhtest
|
||||
$ EXPTEST := exptest
|
||||
$ IDEATEST := ideatest
|
||||
$ SHATEST := shatest
|
||||
$ SHA1TEST := sha1test
|
||||
$ MDC2TEST := mdc2test
|
||||
$ RMDTEST := rmdtest
|
||||
$ MD2TEST := md2test
|
||||
$ MD4TEST := md4test
|
||||
$ MD5TEST := md5test
|
||||
$ HMACTEST := hmactest
|
||||
$ WPTEST := wp_test
|
||||
$ RC2TEST := rc2test
|
||||
$ RC4TEST := rc4test
|
||||
$ RC5TEST := rc5test
|
||||
$ BFTEST := bftest
|
||||
$ CASTTEST := casttest
|
||||
$ DESTEST := destest
|
||||
$ RANDTEST := randtest
|
||||
$ DHTEST := dhtest
|
||||
$ DSATEST := dsatest
|
||||
$ METHTEST := methtest
|
||||
$ SSLTEST := ssltest
|
||||
$ RSATEST := rsa_test
|
||||
$ ENGINETEST := enginetest
|
||||
$ EVPTEST := evp_test
|
||||
$ IGETEST := igetest
|
||||
$ JPAKETEST := jpaketest
|
||||
$ SRPTEST := srptest
|
||||
$ BNTEST := bntest
|
||||
$ ECTEST := ectest
|
||||
$ ECDSATEST := ecdsatest
|
||||
$ ECDHTEST := ecdhtest
|
||||
$ EXPTEST := exptest
|
||||
$ IDEATEST := ideatest
|
||||
$ SHA1TEST := sha1test
|
||||
$ SHA256TEST := sha256t
|
||||
$ SHA512TEST := sha512t
|
||||
$ MDC2TEST := mdc2test
|
||||
$ RMDTEST := rmdtest
|
||||
$ MD2TEST := md2test
|
||||
$ MD4TEST := md4test
|
||||
$ MD5TEST := md5test
|
||||
$ HMACTEST := hmactest
|
||||
$ WPTEST := wp_test
|
||||
$ RC2TEST := rc2test
|
||||
$ RC4TEST := rc4test
|
||||
$ RC5TEST := rc5test
|
||||
$ BFTEST := bftest
|
||||
$ CASTTEST := casttest
|
||||
$ DESTEST := destest
|
||||
$ RANDTEST := randtest
|
||||
$ DHTEST := dhtest
|
||||
$ DSATEST := dsatest
|
||||
$ METHTEST := methtest
|
||||
$ SSLTEST := ssltest
|
||||
$ RSATEST := rsa_test
|
||||
$ ENGINETEST := enginetest
|
||||
$ GOST2814789TEST := gost2814789test
|
||||
$ EVPTEST := evp_test
|
||||
$ P5_CRPT2_TEST := p5_crpt2_test
|
||||
$ IGETEST := igetest
|
||||
$ JPAKETEST := jpaketest
|
||||
$ SRPTEST := srptest
|
||||
$ V3NAMETEST := v3nametest
|
||||
$ HEARTBEATTEST := heartbeat_test
|
||||
$ CONSTTIMETEST := constant_time_test
|
||||
$!
|
||||
$ tests_i = 0
|
||||
$ loop_tests:
|
||||
@ -105,6 +114,9 @@ $
|
||||
$ test_evp:
|
||||
$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
|
||||
$ return
|
||||
$ test_p5_crpt2:
|
||||
$ mcr 'texe_dir''p5_crpt2_test'
|
||||
$ return
|
||||
$ test_des:
|
||||
$ mcr 'texe_dir''destest'
|
||||
$ return
|
||||
@ -112,8 +124,9 @@ $ test_idea:
|
||||
$ mcr 'texe_dir''ideatest'
|
||||
$ return
|
||||
$ test_sha:
|
||||
$ mcr 'texe_dir''shatest'
|
||||
$ mcr 'texe_dir''sha1test'
|
||||
$ mcr 'texe_dir''sha256test'
|
||||
$ mcr 'texe_dir''sha512test'
|
||||
$ return
|
||||
$ test_mdc2:
|
||||
$ mcr 'texe_dir''mdc2test'
|
||||
@ -154,6 +167,10 @@ $ return
|
||||
$ test_rand:
|
||||
$ mcr 'texe_dir''randtest'
|
||||
$ return
|
||||
$ test_gost2814789:
|
||||
$ define/user OPENSSL_ENGINES 'engines_dir'
|
||||
$ mcr 'texe_dir''gost2814789test'
|
||||
$ return
|
||||
$ test_enc:
|
||||
$ @testenc.com 'pointer_size'
|
||||
$ return
|
||||
@ -361,7 +378,21 @@ $ test_srp:
|
||||
$ write sys$output "Test SRP"
|
||||
$ mcr 'texe_dir''srptest'
|
||||
$ return
|
||||
$
|
||||
$ test_v3name:
|
||||
$ write sys$output "Test X509v3_check_*"
|
||||
$ mcr 'texe_dir''v3nametest'
|
||||
$ return
|
||||
$ test_ocsp:
|
||||
$ write sys$output "Test OCSP"
|
||||
$ @tocsp.com
|
||||
$ return
|
||||
$ test_heartbeat:
|
||||
$ mcr 'texe_dir''heartbeattest'
|
||||
$ return
|
||||
$ test_constant_time:
|
||||
$ write sys$output "Test constant time utilites"
|
||||
$ mcr 'texe_dir''consttimetest'
|
||||
$ return
|
||||
$
|
||||
$ exit:
|
||||
$ mcr 'exe_dir'openssl version -a
|
||||
|
165
test/tocsp.com
Normal file
165
test/tocsp.com
Normal file
@ -0,0 +1,165 @@
|
||||
$! TOCSP.COM -- Test ocsp
|
||||
$
|
||||
$ __arch = "VAX"
|
||||
$ if f$getsyi("cpu") .ge. 128 then -
|
||||
__arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
|
||||
$ if __arch .eqs. "" then __arch = "UNK"
|
||||
$!
|
||||
$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
|
||||
$!
|
||||
$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
|
||||
$
|
||||
$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
|
||||
$ ocspdir = "ocsp-tests"
|
||||
$
|
||||
$! 17 December 2012 so we don't get certificate expiry errors.
|
||||
$ check_time="-attime 1355875200"
|
||||
$
|
||||
$ test_ocsp:
|
||||
$ subroutine
|
||||
$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
|
||||
$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
|
||||
"-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
|
||||
$ if $severity .ne. p3+1
|
||||
$ then
|
||||
$ write sys$error "OCSP test failed!"
|
||||
$ exit 3
|
||||
$ endif
|
||||
$ endsubroutine
|
||||
$
|
||||
$ set noon
|
||||
$
|
||||
$ write sys$output "=== VALID OCSP RESPONSES ==="
|
||||
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
|
||||
$
|
||||
$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
|
||||
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
|
||||
$
|
||||
$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
|
||||
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
|
||||
$
|
||||
$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
|
||||
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
|
||||
$
|
||||
$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
|
||||
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
|
||||
$
|
||||
$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
|
||||
$
|
||||
$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
|
||||
$
|
||||
$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
|
||||
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
|
||||
$
|
||||
$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
|
||||
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
|
||||
$
|
||||
$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
|
||||
$! Expect success, because we're explicitly trusting the issuer certificate.
|
||||
$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
|
||||
$ write sys$output "NON-DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
|
||||
$ write sys$output "DELEGATED; Intermediate CA -> EE"
|
||||
$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
|
||||
$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
|
||||
$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
|
||||
$ write sys$output "DELEGATED; Root CA -> EE"
|
||||
$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
|
||||
$
|
||||
$ write sys$output "ALL OCSP TESTS SUCCESSFUL"
|
||||
$
|
||||
$ set on
|
||||
$
|
||||
$ exit
|
Loading…
Reference in New Issue
Block a user