test/scripts/5655-OCSP-GnuTLS-1.3/5655

   1 # OCSP stapling, server, multiple chain-element OCSP
   2 #
   3 #
   4 #
   5 mkdir -p DIR/tmp/ocsp
   6 sudo chown -R EXIMUSER:EXIMGROUP tmp
   7 sudo chmod -R a+rwx DIR/tmp/ocsp
   8 perl
   9 chdir 'aux-fixed/exim-ca/example.com';
  10 system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.good.resp.pem CA/CA.ocsp.signernocert.good.resp.pem > DIR/tmp/ocsp/triple.ocsp.pem';
  11 system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.revoked.resp.pem > DIR/tmp/ocsp/double_r.ocsp.pem';
  12 ****
  13 #
  14 #
  15 exim -z '1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth'
  16 ****
  17 #
  18 exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.2
  19 ****
  20 #
  21 exim -odf -DOPT=rsa -DLIMIT=TLS1.2 rsa.auth@test.ex
  22 Subject: test
  23
  24 .
  25 ****
  26 killdaemon
  27 #
  28 #
  29 exim -z '2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth'
  30 ****
  31 #
  32 exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3
  33 ****
  34 exim -odf -DOPT=rsa rsa.auth@test.ex
  35 Subject: test
  36
  37 .
  38 ****
  39 killdaemon
  40 #
  41 #
  42 #
  43 exim -z '3: TLS1.3 Server sends bad nonleaf staple, client detects it'
  44 ****
  45 #
  46 EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 -DCONTROL=bad
  47 ****
  48 exim -odf -DOPT=rsa rsa.auth@test.ex
  49 Subject: test
  50
  51 .
  52 ****
  53 killdaemon
  54 #
  55 #
  56 #
  57 #
  58 sudo rm -fr tmp/
  59 no_msglog_check