diff --git a/tests/hwsim/start.sh b/tests/hwsim/start.sh index f09f407c4..3cb80cf4e 100755 --- a/tests/hwsim/start.sh +++ b/tests/hwsim/start.sh @@ -155,17 +155,6 @@ if [ ! -r $LOGDIR/ocsp-server-cache.der ]; then cp $DIR/auth_serv/ocsp-server-cache.der $LOGDIR/ocsp-server-cache.der fi -openssl ocsp -index $DIR/auth_serv/index.txt \ - -rsigner $DIR/auth_serv/ocsp-responder.pem \ - -rkey $DIR/auth_serv/ocsp-responder.key \ - -resp_key_id \ - -CA $DIR/auth_serv/ca.pem \ - -issuer $DIR/auth_serv/ca.pem \ - -verify_other $DIR/auth_serv/ca.pem -trust_other \ - -ndays 7 \ - -reqin $DIR/auth_serv/ocsp-req.der \ - -respout $LOGDIR/ocsp-server-cache-key-id.der > $LOGDIR/ocsp.log 2>&1 - for i in unknown revoked; do openssl ocsp -index $DIR/auth_serv/index-$i.txt \ -rsigner $DIR/auth_serv/ocsp-responder.pem \ diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index c6e724ad3..0c0288a79 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -4118,11 +4118,40 @@ def int_eap_server_params(): "dh_file": "auth_serv/dh.conf"} return params +def run_openssl(arg): + logger.info(' '.join(arg)) + cmd = subprocess.Popen(arg, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + res = cmd.stdout.read().decode() + "\n" + cmd.stderr.read().decode() + cmd.stdout.close() + cmd.stderr.close() + cmd.wait() + if cmd.returncode != 0: + raise Exception("bad return code from openssl\n\n" + res) + logger.info("openssl result:\n" + res) + +def ocsp_cache_key_id(outfile): + if os.path.exists(outfile): + return + arg = ["openssl", "ocsp", "-index", "auth_serv/index.txt", + '-rsigner', 'auth_serv/ocsp-responder.pem', + '-rkey', 'auth_serv/ocsp-responder.key', + '-resp_key_id', + '-CA', 'auth_serv/ca.pem', + '-issuer', 'auth_serv/ca.pem', + '-verify_other', 'auth_serv/ca.pem', + '-trust_other', + '-ndays', '7', + '-reqin', 'auth_serv/ocsp-req.der', + '-respout', outfile] + run_openssl(arg) + def test_ap_wpa2_eap_tls_ocsp_key_id(dev, apdev, params): """EAP-TLS and OCSP certificate signed OCSP response using key ID""" check_ocsp_support(dev[0]) check_pkcs12_support(dev[0]) ocsp = os.path.join(params['logdir'], "ocsp-server-cache-key-id.der") + ocsp_cache_key_id(ocsp) if not os.path.exists(ocsp): raise HwsimSkip("No OCSP response available") params = int_eap_server_params()