test/scripts/5600-OCSP-OpenSSL/5600

   1 # TLS server: OCSP stapling
   2 #
   3 #
   4 #
   5 # 1: Server sends good staple on request
   6 exim -bd -oX PORT_D -DSERVER=server \
   7  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
   8 ****
   9 client-ssl \
  10  -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
  11  HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
  12 ??? 220
  13 ehlo rhu.barb
  14 ??? 250-
  15 ??? 250-
  16 ??? 250-
  17 ??? 250-
  18 ??? 250-
  19 ??? 250
  20 starttls
  21 ??? 220
  22 mail from:<userx@test.ex>
  23 ??? 250
  24 rcpt to:<userx@test.ex>
  25 ??? 250
  26 quit
  27 ??? 221
  28 ****
  29 killdaemon
  30 #
  31 #
  32 #
  33 # 2: Server does not staple an outdated response
  34 exim -bd -oX PORT_D -DSERVER=server \
  35  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
  36 ****
  37 # XXX test sequence might not be quite right; this is for a server refusal
  38 # and we're expecting a client refusal.
  39 client-ssl -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
  40 ??? 220
  41 ehlo rhu.barb
  42 ??? 250-
  43 ??? 250-
  44 ??? 250-
  45 ??? 250-
  46 ??? 250-
  47 ??? 250
  48 starttls
  49 ??? 220
  50 ****
  51 killdaemon
  52 #
  53 #
  54 #
  55 #
  56 #
  57 # 3: Server does not staple a response for a revoked cert
  58 exim -bd -oX PORT_D -DSERVER=server \
  59  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
  60 ****
  61 client-ssl \
  62  -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
  63  HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
  64 ??? 220
  65 ehlo rhu.barb
  66 ??? 250-
  67 ??? 250-
  68 ??? 250-
  69 ??? 250-
  70 ??? 250-
  71 ??? 250
  72 starttls
  73 ??? 220
  74 ****
  75 killdaemon
  76 #
  77 #
  78 #
  79 #
  80 #