3 cmd='../util/shlib_wrap.sh ../apps/openssl'
5 # 17 December 2012 so we don't get certificate expiry errors.
6 check_time="-attime 1355875200"
10 $cmd base64 -d -in $ocspdir/$1 | \
11 $cmd ocsp -respin - -partial_chain $check_time \
12 -CAfile $ocspdir/$2 -verify_other $ocspdir/$2 -CApath /dev/null
13 [ $? != $3 ] && exit 1
17 echo "=== VALID OCSP RESPONSES ==="
18 echo "NON-DELEGATED; Intermediate CA -> EE"
19 test_ocsp ND1.ors ND1_Issuer_ICA.pem 0
20 echo "NON-DELEGATED; Root CA -> Intermediate CA"
21 test_ocsp ND2.ors ND2_Issuer_Root.pem 0
22 echo "NON-DELEGATED; Root CA -> EE"
23 test_ocsp ND3.ors ND3_Issuer_Root.pem 0
24 echo "DELEGATED; Intermediate CA -> EE"
25 test_ocsp D1.ors D1_Issuer_ICA.pem 0
26 echo "DELEGATED; Root CA -> Intermediate CA"
27 test_ocsp D2.ors D2_Issuer_Root.pem 0
28 echo "DELEGATED; Root CA -> EE"
29 test_ocsp D3.ors D3_Issuer_Root.pem 0
31 echo "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
32 echo "NON-DELEGATED; Intermediate CA -> EE"
33 test_ocsp ISOP_ND1.ors ND1_Issuer_ICA.pem 1
34 echo "NON-DELEGATED; Root CA -> Intermediate CA"
35 test_ocsp ISOP_ND2.ors ND2_Issuer_Root.pem 1
36 echo "NON-DELEGATED; Root CA -> EE"
37 test_ocsp ISOP_ND3.ors ND3_Issuer_Root.pem 1
38 echo "DELEGATED; Intermediate CA -> EE"
39 test_ocsp ISOP_D1.ors D1_Issuer_ICA.pem 1
40 echo "DELEGATED; Root CA -> Intermediate CA"
41 test_ocsp ISOP_D2.ors D2_Issuer_Root.pem 1
42 echo "DELEGATED; Root CA -> EE"
43 test_ocsp ISOP_D3.ors D3_Issuer_Root.pem 1
45 echo "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
46 echo "NON-DELEGATED; Intermediate CA -> EE"
47 test_ocsp WRID_ND1.ors ND1_Issuer_ICA.pem 1
48 echo "NON-DELEGATED; Root CA -> Intermediate CA"
49 test_ocsp WRID_ND2.ors ND2_Issuer_Root.pem 1
50 echo "NON-DELEGATED; Root CA -> EE"
51 test_ocsp WRID_ND3.ors ND3_Issuer_Root.pem 1
52 echo "DELEGATED; Intermediate CA -> EE"
53 test_ocsp WRID_D1.ors D1_Issuer_ICA.pem 1
54 echo "DELEGATED; Root CA -> Intermediate CA"
55 test_ocsp WRID_D2.ors D2_Issuer_Root.pem 1
56 echo "DELEGATED; Root CA -> EE"
57 test_ocsp WRID_D3.ors D3_Issuer_Root.pem 1
59 echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
60 echo "NON-DELEGATED; Intermediate CA -> EE"
61 test_ocsp WINH_ND1.ors ND1_Issuer_ICA.pem 1
62 echo "NON-DELEGATED; Root CA -> Intermediate CA"
63 test_ocsp WINH_ND2.ors ND2_Issuer_Root.pem 1
64 echo "NON-DELEGATED; Root CA -> EE"
65 test_ocsp WINH_ND3.ors ND3_Issuer_Root.pem 1
66 echo "DELEGATED; Intermediate CA -> EE"
67 test_ocsp WINH_D1.ors D1_Issuer_ICA.pem 1
68 echo "DELEGATED; Root CA -> Intermediate CA"
69 test_ocsp WINH_D2.ors D2_Issuer_Root.pem 1
70 echo "DELEGATED; Root CA -> EE"
71 test_ocsp WINH_D3.ors D3_Issuer_Root.pem 1
73 echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
74 echo "NON-DELEGATED; Intermediate CA -> EE"
75 test_ocsp WIKH_ND1.ors ND1_Issuer_ICA.pem 1
76 echo "NON-DELEGATED; Root CA -> Intermediate CA"
77 test_ocsp WIKH_ND2.ors ND2_Issuer_Root.pem 1
78 echo "NON-DELEGATED; Root CA -> EE"
79 test_ocsp WIKH_ND3.ors ND3_Issuer_Root.pem 1
80 echo "DELEGATED; Intermediate CA -> EE"
81 test_ocsp WIKH_D1.ors D1_Issuer_ICA.pem 1
82 echo "DELEGATED; Root CA -> Intermediate CA"
83 test_ocsp WIKH_D2.ors D2_Issuer_Root.pem 1
84 echo "DELEGATED; Root CA -> EE"
85 test_ocsp WIKH_D3.ors D3_Issuer_Root.pem 1
87 echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
88 echo "DELEGATED; Intermediate CA -> EE"
89 test_ocsp WKDOSC_D1.ors D1_Issuer_ICA.pem 1
90 echo "DELEGATED; Root CA -> Intermediate CA"
91 test_ocsp WKDOSC_D2.ors D2_Issuer_Root.pem 1
92 echo "DELEGATED; Root CA -> EE"
93 test_ocsp WKDOSC_D3.ors D3_Issuer_Root.pem 1
95 echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
96 echo "DELEGATED; Intermediate CA -> EE"
97 test_ocsp ISDOSC_D1.ors D1_Issuer_ICA.pem 1
98 echo "DELEGATED; Root CA -> Intermediate CA"
99 test_ocsp ISDOSC_D2.ors D2_Issuer_Root.pem 1
100 echo "DELEGATED; Root CA -> EE"
101 test_ocsp ISDOSC_D3.ors D3_Issuer_Root.pem 1
103 echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
104 echo "NON-DELEGATED; Intermediate CA -> EE"
105 test_ocsp ND1.ors WSNIC_ND1_Issuer_ICA.pem 1
106 echo "NON-DELEGATED; Root CA -> Intermediate CA"
107 test_ocsp ND2.ors WSNIC_ND2_Issuer_Root.pem 1
108 echo "NON-DELEGATED; Root CA -> EE"
109 test_ocsp ND3.ors WSNIC_ND3_Issuer_Root.pem 1
110 echo "DELEGATED; Intermediate CA -> EE"
111 test_ocsp D1.ors WSNIC_D1_Issuer_ICA.pem 1
112 echo "DELEGATED; Root CA -> Intermediate CA"
113 test_ocsp D2.ors WSNIC_D2_Issuer_Root.pem 1
114 echo "DELEGATED; Root CA -> EE"
115 test_ocsp D3.ors WSNIC_D3_Issuer_Root.pem 1
117 echo "=== WRONG KEY in the ISSUER CERTIFICATE ==="
118 echo "NON-DELEGATED; Intermediate CA -> EE"
119 test_ocsp ND1.ors WKIC_ND1_Issuer_ICA.pem 1
120 echo "NON-DELEGATED; Root CA -> Intermediate CA"
121 test_ocsp ND2.ors WKIC_ND2_Issuer_Root.pem 1
122 echo "NON-DELEGATED; Root CA -> EE"
123 test_ocsp ND3.ors WKIC_ND3_Issuer_Root.pem 1
124 echo "DELEGATED; Intermediate CA -> EE"
125 test_ocsp D1.ors WKIC_D1_Issuer_ICA.pem 1
126 echo "DELEGATED; Root CA -> Intermediate CA"
127 test_ocsp D2.ors WKIC_D2_Issuer_Root.pem 1
128 echo "DELEGATED; Root CA -> EE"
129 test_ocsp D3.ors WKIC_D3_Issuer_Root.pem 1
131 echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
132 # Expect success, because we're explicitly trusting the issuer certificate.
133 echo "NON-DELEGATED; Intermediate CA -> EE"
134 test_ocsp ND1.ors ISIC_ND1_Issuer_ICA.pem 0
135 echo "NON-DELEGATED; Root CA -> Intermediate CA"
136 test_ocsp ND2.ors ISIC_ND2_Issuer_Root.pem 0
137 echo "NON-DELEGATED; Root CA -> EE"
138 test_ocsp ND3.ors ISIC_ND3_Issuer_Root.pem 0
139 echo "DELEGATED; Intermediate CA -> EE"
140 test_ocsp D1.ors ISIC_D1_Issuer_ICA.pem 0
141 echo "DELEGATED; Root CA -> Intermediate CA"
142 test_ocsp D2.ors ISIC_D2_Issuer_Root.pem 0
143 echo "DELEGATED; Root CA -> EE"
144 test_ocsp D3.ors ISIC_D3_Issuer_Root.pem 0
146 echo "ALL OCSP TESTS SUCCESSFUL"
projects / openssl.git / blob