From f57cb3b57b285e560cadc6a4183162830ab5aafd Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 22 Nov 2022 20:49:05 +0000 Subject: [PATCH] Testsuite: regularize client_anytls OCSP trace output --- test/src/client.c | 37 ++++++++++++++++++++++++------------- test/stdout/1102 | 2 ++ test/stdout/5600 | 6 +++--- test/stdout/5610 | 6 +++--- 4 files changed, 32 insertions(+), 19 deletions(-) diff --git a/test/src/client.c b/test/src/client.c index 4e2449817..250f7af8b 100644 --- a/test/src/client.c +++ b/test/src/client.c @@ -86,7 +86,7 @@ latter needs a whole pile of tables. */ # include # include # if GNUTLS_VERSION_NUMBER >= 0x030103 -# define HAVE_OCSP +# define HAVE_GNUTLS_OCSP # include # endif # ifndef GNUTLS_NO_EXTENSIONS @@ -711,7 +711,7 @@ nextinput: if (*inptr != 0) goto nextinput; - #ifdef HAVE_TLS +#ifdef HAVE_TLS if (srv->sent_starttls) { if (lineptr[0] == '2') @@ -721,11 +721,11 @@ nextinput: printf("Attempting to start TLS\n"); fflush(stdout); - #ifdef HAVE_OPENSSL +# ifdef HAVE_OPENSSL srv->tls_active = tls_start(srv->sock, &srv->ssl, srv->ctx); - #endif +# endif - #ifdef HAVE_GNUTLS +# ifdef HAVE_GNUTLS { int rc; fd_set rfd; @@ -760,14 +760,20 @@ nextinput: DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); } } } - #endif +# endif /*HAVE_GNUTLS*/ if (!srv->tls_active) { printf("Failed to start TLS\n"); fflush(stdout); } - #ifdef HAVE_GNUTLS + +# ifdef HAVE_OPENSSL + else if (ocsp_stapling) + printf("Succeeded in starting TLS (with OCSP)\n"); +# endif + +# ifdef HAVE_GNUTLS else if (ocsp_stapling) { if ((rc= gnutls_certificate_verify_peers2(tls_session, &verify)) < 0) @@ -780,7 +786,7 @@ nextinput: printf("Bad certificate\n"); fflush(stdout); } - #ifdef HAVE_OCSP +# ifdef HAVE_GNUTLS_OCSP else if (gnutls_ocsp_status_request_is_checked(tls_session, 0) == 0) { printf("Failed to verify certificate status\n"); @@ -803,14 +809,19 @@ nextinput: fflush(stdout); } else + { + printf("OCSP status response: good signature\n"); printf("Succeeded in starting TLS (with OCSP)\n"); - #endif + } +# endif /*HAVE_GNUTLS_OCSP*/ } - #endif +# endif /*HAVE_GNUTLS*/ + else printf("Succeeded in starting TLS\n"); } - else printf("Abandoning TLS start attempt\n"); + else + printf("Abandoning TLS start attempt\n"); } srv->sent_starttls = 0; #endif @@ -1291,7 +1302,7 @@ if (certfile != NULL) printf("Certificate file = %s\n", certfile); if (keyfile != NULL) printf("Key file = %s\n", keyfile); tls_init(US certfile, US keyfile); tls_session = tls_session_init(); -#ifdef HAVE_OCSP +#ifdef HAVE_GNUTLS_OCSP if (ocsp_stapling) gnutls_ocsp_status_request_enable_client(tls_session, NULL, 0, NULL); #endif @@ -1337,7 +1348,7 @@ if (tls_on_connect) if (!srv.tls_active) printf("Failed to start TLS\n"); -#if defined(HAVE_GNUTLS) && defined(HAVE_OCSP) +#if defined(HAVE_GNUTLS) && defined(HAVE_GNUTLS_OCSP) else if ( ocsp_stapling && gnutls_ocsp_status_request_is_checked(tls_session, 0) == 0) printf("Failed to verify certificate status\n"); diff --git a/test/stdout/1102 b/test/stdout/1102 index 908c37d34..3803fb2a9 100644 --- a/test/stdout/1102 +++ b/test/stdout/1102 @@ -7,6 +7,7 @@ Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 TLS go ahead Attempting to start TLS +OCSP status response: good signature Succeeded in starting TLS (with OCSP) >>> EHLO rhu.barb ????250 @@ -29,6 +30,7 @@ Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 TLS go ahead Attempting to start TLS +OCSP status response: good signature Succeeded in starting TLS (with OCSP) >>> EHLO rhu.barb ????250 diff --git a/test/stdout/5600 b/test/stdout/5600 index 165c0ff78..5493ef79a 100644 --- a/test/stdout/5600 +++ b/test/stdout/5600 @@ -21,7 +21,7 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS OCSP status response: good signature -Succeeded in starting TLS +Succeeded in starting TLS (with OCSP) >>> helo test ??? 250 <<< 250 server1.example.com Hello test [ip4.ip4.ip4.ip4] @@ -58,7 +58,7 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS no OCSP response received -Succeeded in starting TLS +Succeeded in starting TLS (with OCSP) End of script Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected Certificate file = aux-fixed/cert2 @@ -83,7 +83,7 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS no OCSP response received -Succeeded in starting TLS +Succeeded in starting TLS (with OCSP) End of script Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected Certificate file = aux-fixed/cert2 diff --git a/test/stdout/5610 b/test/stdout/5610 index c1b442906..7dbadc46e 100644 --- a/test/stdout/5610 +++ b/test/stdout/5610 @@ -21,7 +21,7 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS OCSP status response: good signature -Succeeded in starting TLS +Succeeded in starting TLS (with OCSP) >>> helo test ??? 250 <<< 250 server1.example.com Hello test [ip4.ip4.ip4.ip4] @@ -58,7 +58,7 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS no OCSP response received -Succeeded in starting TLS +Succeeded in starting TLS (with OCSP) End of script Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected Certificate file = aux-fixed/cert2 @@ -83,7 +83,7 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS no OCSP response received -Succeeded in starting TLS +Succeeded in starting TLS (with OCSP) End of script Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected Certificate file = aux-fixed/cert2 -- 2.30.2