From d40d959e48384874cb9b3d41539b743b7b30057b Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Tue, 18 Apr 2017 21:18:14 +0200
Subject: [PATCH] tests: Fix openssl ocsp command and check for errors

Fix the openssl ocsp command line and check if it returns an error - so
that instead of having something unusable later we error out
immediately. Moving the -sha256 argument earlier fixes hash function use
for the OCSP request generation (the old version used SHA-1).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 tests/hwsim/test_ap_eap.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 754f7b0e7..aa4fdc002 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -4078,13 +4078,17 @@ def root_ocsp(cert):
     fd2, fn2 = tempfile.mkstemp()
     os.close(fd2)
 
-    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert,
-            "-no_nonce", "-sha256", "-text" ]
+    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
+            "-cert", cert, "-no_nonce", "-text" ]
+    logger.info(' '.join(arg))
     cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
                            stderr=subprocess.PIPE)
     res = cmd.stdout.read() + "\n" + cmd.stderr.read()
     cmd.stdout.close()
     cmd.stderr.close()
+    cmd.wait()
+    if cmd.returncode != 0:
+        raise Exception("bad return code from openssl ocsp\n\n" + res)
     logger.info("OCSP request:\n" + res)
 
     fd, fn = tempfile.mkstemp()
@@ -4099,6 +4103,9 @@ def root_ocsp(cert):
     res = cmd.stdout.read() + "\n" + cmd.stderr.read()
     cmd.stdout.close()
     cmd.stderr.close()
+    cmd.wait()
+    if cmd.returncode != 0:
+        raise Exception("bad return code from openssl ocsp\n\n" + res)
     logger.info("OCSP response:\n" + res)
     os.unlink(fn2)
     return fn
@@ -4111,13 +4118,16 @@ def ica_ocsp(cert):
     fd2, fn2 = tempfile.mkstemp()
     os.close(fd2)
 
-    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert,
-            "-no_nonce", "-sha256", "-text" ]
+    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
+            "-cert", cert, "-no_nonce", "-text" ]
     cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
                            stderr=subprocess.PIPE)
     res = cmd.stdout.read() + "\n" + cmd.stderr.read()
     cmd.stdout.close()
     cmd.stderr.close()
+    cmd.wait()
+    if cmd.returncode != 0:
+        raise Exception("bad return code from openssl ocsp\n\n" + res)
     logger.info("OCSP request:\n" + res)
 
     fd, fn = tempfile.mkstemp()
@@ -4132,6 +4142,9 @@ def ica_ocsp(cert):
     res = cmd.stdout.read() + "\n" + cmd.stderr.read()
     cmd.stdout.close()
     cmd.stderr.close()
+    cmd.wait()
+    if cmd.returncode != 0:
+        raise Exception("bad return code from openssl ocsp\n\n" + res)
     logger.info("OCSP response:\n" + res)
     os.unlink(fn2)
     return fn