mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
tests: Move ocsp-server-cache-key-id.der generation into test case
There is no need to generate this OCSP response for every single test session. Generate this more dynamically if the test case that uses the particular file is executed. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
b5c28af431
commit
47ccb9ce24
@ -155,17 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
|
||||
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
|
||||
fi
|
||||
|
||||
openssl ocsp -index $DIR/auth_serv/index.txt \
|
||||
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
||||
-rkey $DIR/auth_serv/ocsp-responder.key \
|
||||
-resp_key_id \
|
||||
-CA $DIR/auth_serv/ca.pem \
|
||||
-issuer $DIR/auth_serv/ca.pem \
|
||||
-verify_other $DIR/auth_serv/ca.pem -trust_other \
|
||||
-ndays 7 \
|
||||
-reqin $DIR/auth_serv/ocsp-req.der \
|
||||
-respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1
|
||||
|
||||
for i in unknown revoked; do
|
||||
openssl ocsp -index $DIR/auth_serv/index-$i.txt \
|
||||
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
||||
|
@ -4118,11 +4118,40 @@ def int_eap_server_params():
|
||||
"dh_file": "auth_serv/dh.conf"}
|
||||
return params
|
||||
|
||||
def run_openssl(arg):
|
||||
logger.info(' '.join(arg))
|
||||
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE)
|
||||
res = cmd.stdout.read().decode() + "\n" + cmd.stderr.read().decode()
|
||||
cmd.stdout.close()
|
||||
cmd.stderr.close()
|
||||
cmd.wait()
|
||||
if cmd.returncode != 0:
|
||||
raise Exception("bad return code from openssl\n\n" + res)
|
||||
logger.info("openssl result:\n" + res)
|
||||
|
||||
def ocsp_cache_key_id(outfile):
|
||||
if os.path.exists(outfile):
|
||||
return
|
||||
arg = ["openssl", "ocsp", "-index", "auth_serv/index.txt",
|
||||
'-rsigner', 'auth_serv/ocsp-responder.pem',
|
||||
'-rkey', 'auth_serv/ocsp-responder.key',
|
||||
'-resp_key_id',
|
||||
'-CA', 'auth_serv/ca.pem',
|
||||
'-issuer', 'auth_serv/ca.pem',
|
||||
'-verify_other', 'auth_serv/ca.pem',
|
||||
'-trust_other',
|
||||
'-ndays', '7',
|
||||
'-reqin', 'auth_serv/ocsp-req.der',
|
||||
'-respout', outfile]
|
||||
run_openssl(arg)
|
||||
|
||||
def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params):
|
||||
"""EAP-TLS and OCSP certificate signed OCSP response using key ID"""
|
||||
check_ocsp_support(dev[0])
|
||||
check_pkcs12_support(dev[0])
|
||||
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der")
|
||||
ocsp_cache_key_id(ocsp)
|
||||
if not os.path.exists(ocsp):
|
||||
raise HwsimSkip("No OCSP response available")
|
||||
params = int_eap_server_params()
|
||||
|
Loading…
Reference in New Issue
Block a user