From a18d58f47c31cc803909ae8201a34677a17f7727 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 27 Jan 2019 18:48:16 +0200 Subject: [PATCH] tests: EAP-TLS and server reloading CRL from ca_cert Signed-off-by: Jouni Malinen --- tests/hwsim/test_ap_eap.py | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 4d7fcb9b5..4215f3a9f 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -5295,6 +5295,40 @@ def test_ap_wpa2_eap_tls_check_crl(dev, apdev): private_key="auth_serv/user.key") dev[0].request("REMOVE_NETWORK all") +def test_ap_wpa2_eap_tls_crl_reload(dev, apdev, params): + """EAP-TLS and server reloading CRL from ca_cert""" + ca_cert = os.path.join(params['logdir'], + "ap_wpa2_eap_tls_crl_reload.ca_cert") + with open('auth_serv/ca.pem', 'r') as f: + only_cert = f.read() + with open('auth_serv/ca-and-crl.pem', 'r') as f: + cert_and_crl = f.read() + with open(ca_cert, 'w') as f: + f.write(only_cert) + params = int_eap_server_params() + params['ca_cert'] = ca_cert + params['check_crl'] = '1' + params['crl_reload_interval'] = '1' + hapd = hostapd.add_ap(apdev[0], params) + + # check_crl=1 and no CRL available --> reject connection + eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem", + client_cert="auth_serv/user.pem", + private_key="auth_serv/user.key", expect_failure=True) + dev[0].request("REMOVE_NETWORK all") + dev[0].dump_monitor() + + with open(ca_cert, 'w') as f: + f.write(cert_and_crl) + time.sleep(1) + + # check_crl=1 and valid CRL --> accept + eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem", + client_cert="auth_serv/user.pem", + private_key="auth_serv/user.key") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + def test_ap_wpa2_eap_tls_oom(dev, apdev): """EAP-TLS and OOM""" check_subject_match_support(dev[0])