3
# This Source Code Form is subject to the terms of the Mozilla Public
4
# License, v. 2.0. If a copy of the MPL was not distributed with this
5
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
7
########################################################################
9
# mozilla/security/nss/tests/ocsp/ocsp.sh
11
# Script to test NSS OCSP
13
# needs to work on all Unix and Windows platforms
17
# FIXME ... known problems, search for this string
18
# NOTE .... unexpected behavior
20
########################################################################
22
############################## ssl_init ################################
23
# local shell function to initialize this script
24
########################################################################
27
SCRIPTNAME=ocsp.sh # sourced - $0 would point to all.sh
29
if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
30
CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
33
if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
37
if [ -z "${IOPR_OCSP_SOURCED}" ]; then
38
. ../iopr/ocsp_iopr.sh
40
if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
45
echo "$SCRIPTNAME: OCSP tests ==============================="
47
REQF=${QADIR}/ssl/sslreq.dat
54
# Parameter -4 is used as a temporary workaround for lack of IPv6 connectivity
55
# on some build bot slaves.
57
TESTNAME="startssl valid, supports OCSP stapling"
58
echo "$SCRIPTNAME: $TESTNAME"
59
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}"
60
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5143 -d . < ${REQF}
61
html_msg $? 0 "$TESTNAME"
63
TESTNAME="startssl revoked, supports OCSP stapling"
64
echo "$SCRIPTNAME: $TESTNAME"
65
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}"
66
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5144 -d . < ${REQF}
67
html_msg $? 3 "$TESTNAME"
69
TESTNAME="comodo trial test expired revoked, supports OCSP stapling"
70
echo "$SCRIPTNAME: $TESTNAME"
71
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}"
72
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5145 -d . < ${REQF}
73
html_msg $? 1 "$TESTNAME"
75
TESTNAME="thawte (expired) valid, supports OCSP stapling"
76
echo "$SCRIPTNAME: $TESTNAME"
77
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}"
78
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5146 -d . < ${REQF}
79
html_msg $? 1 "$TESTNAME"
81
TESTNAME="thawte (expired) revoked, supports OCSP stapling"
82
echo "$SCRIPTNAME: $TESTNAME"
83
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}"
84
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5147 -d . < ${REQF}
85
html_msg $? 1 "$TESTNAME"
87
TESTNAME="digicert valid, supports OCSP stapling"
88
echo "$SCRIPTNAME: $TESTNAME"
89
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}"
90
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5148 -d . < ${REQF}
91
html_msg $? 0 "$TESTNAME"
93
TESTNAME="digicert revoked, supports OCSP stapling"
94
echo "$SCRIPTNAME: $TESTNAME"
95
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}"
96
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 5149 -d . < ${REQF}
97
html_msg $? 3 "$TESTNAME"
99
TESTNAME="live valid, supports OCSP stapling"
100
echo "$SCRIPTNAME: $TESTNAME"
101
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h login.live.com -p 443 -d . < ${REQF}"
102
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h login.live.com -p 443 -d . < ${REQF}
103
html_msg $? 0 "$TESTNAME"
105
TESTNAME="startssl valid, doesn't support OCSP stapling"
106
echo "$SCRIPTNAME: $TESTNAME"
107
echo "tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}"
108
${BINDIR}/tstclnt -4 -V tls1.0: -T -v -F -M 1 -O -h kuix.de -p 443 -d . < ${REQF}
109
html_msg $? 2 "$TESTNAME"
111
TESTNAME="cacert untrusted, doesn't support OCSP stapling"
112
echo "$SCRIPTNAME: $TESTNAME"
113
echo "tstclnt -V tls1.0: -T -v -F -M 1 -O -h www.cacert.org -p 443 -d . < ${REQF}"
114
${BINDIR}/tstclnt -V tls1.0: -T -v -F -M 1 -O -h www.cacert.org -p 443 -d . < ${REQF}
115
html_msg $? 1 "$TESTNAME"
118
################## main #################################################