mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-02-17 17:43:06 -05:00
tests: OCSP certificate signed OCSP response using key ID
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
af4eba16ce
commit
58a406202a
tests/hwsim
@ -136,6 +136,17 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then
|
|||||||
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
|
cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
openssl ocsp -index $DIR/auth_serv/index.txt \
|
||||||
|
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
||||||
|
-rkey $DIR/auth_serv/ocsp-responder.key \
|
||||||
|
-resp_key_id \
|
||||||
|
-CA $DIR/auth_serv/ca.pem \
|
||||||
|
-issuer $DIR/auth_serv/ca.pem \
|
||||||
|
-verify_other $DIR/auth_serv/ca.pem -trust_other \
|
||||||
|
-ndays 7 \
|
||||||
|
-reqin $DIR/auth_serv/ocsp-req.der \
|
||||||
|
-respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1
|
||||||
|
|
||||||
for i in unknown revoked; do
|
for i in unknown revoked; do
|
||||||
openssl ocsp -index $DIR/auth_serv/index-$i.txt \
|
openssl ocsp -index $DIR/auth_serv/index-$i.txt \
|
||||||
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
-rsigner $DIR/auth_serv/ocsp-responder.pem \
|
||||||
|
@ -2597,6 +2597,21 @@ def int_eap_server_params():
|
|||||||
"private_key": "auth_serv/server.key" }
|
"private_key": "auth_serv/server.key" }
|
||||||
return params
|
return params
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params):
|
||||||
|
"""EAP-TLS and OCSP certificate signed OCSP response using key ID"""
|
||||||
|
check_ocsp_support(dev[0])
|
||||||
|
ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der")
|
||||||
|
if not os.path.exists(ocsp):
|
||||||
|
raise HwsimSkip("No OCSP response available")
|
||||||
|
params = int_eap_server_params()
|
||||||
|
params["ocsp_stapling_response"] = ocsp
|
||||||
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
|
||||||
|
identity="tls user", ca_cert="auth_serv/ca.pem",
|
||||||
|
private_key="auth_serv/user.pkcs12",
|
||||||
|
private_key_passwd="whatever", ocsp=2,
|
||||||
|
scan_freq="2412")
|
||||||
|
|
||||||
def test_ap_wpa2_eap_tls_ocsp_ca_signed_good(dev, apdev, params):
|
def test_ap_wpa2_eap_tls_ocsp_ca_signed_good(dev, apdev, params):
|
||||||
"""EAP-TLS and CA signed OCSP response (good)"""
|
"""EAP-TLS and CA signed OCSP response (good)"""
|
||||||
check_ocsp_support(dev[0])
|
check_ocsp_support(dev[0])
|
||||||
|
Loading…
x
Reference in New Issue
Block a user