From: Richard Levitte Date: Thu, 29 Jan 2015 12:13:28 +0000 (+0100) Subject: VMS adjustments: X-Git-Tag: OpenSSL_1_1_0-pre1~1736 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=132536f96e1baba466baa7323c0d74bd7948dd5b;p=oweals%2Fopenssl.git VMS adjustments: catch up with the Unix build. A number of new tests, among others test/tocsp.com Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"' Reviewed-by: Andy Polyakov --- diff --git a/engines/makeengines.com b/engines/makeengines.com index 6329fbbf03..a0bd168fa2 100644 --- a/engines/makeengines.com +++ b/engines/makeengines.com @@ -94,12 +94,12 @@ $! library that isn't necessarely ported to VMS. $! $ ENGINES = "," + P6 $ IF ENGINES .EQS. "," THEN - - ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock," + ENGINES = ",4758cca,padlock,capi," $! $! GOST requires a 64-bit integer type, unavailable on VAX. $! $ IF (ARCH .NES. "VAX") THEN - - ENGINES = ENGINES+ ",ccgost" + ENGINES = ENGINES+ ",gost" $! $! Check options. $! @@ -156,20 +156,14 @@ $ TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ" $ TV_OBJ = ",''TV_OBJ_NAME'" $ ENDIF $ ENGINE_4758CCA = "e_4758cca" -$ ENGINE_aep = "e_aep" -$ ENGINE_atalla = "e_atalla" -$ ENGINE_cswift = "e_cswift" -$ ENGINE_chil = "e_chil" -$ ENGINE_nuron = "e_nuron" -$ ENGINE_sureware = "e_sureware" -$ ENGINE_ubsec = "e_ubsec" $ ENGINE_padlock = "e_padlock" -$ -$ ENGINE_ccgost_SUBDIR = "ccgost" -$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ - - "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ - - "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ - - "gost_sign" +$ ENGINE_capi = "e_capi" +$ +$ ENGINE_gost_SUBDIR = "ccgost" +$ ENGINE_gost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ - + "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ - + "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ - + "gost_sign" $! $! Define which programs need to be linked with a TCP/IP library $! diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 51e2b12522..b160a0aaaa 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -213,16 +213,15 @@ $ ENDIF $! $! Define The Different SSL "library" Files. $! -$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ - - "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ - - "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ - - "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ - - "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ - - "d1_both,d1_enc,d1_srtp,"+ - +$ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ - + "s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ - + "t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc, t1_ext,"+ - + "d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ - + "d1_both,d1_srtp,"+ - "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ - "ssl_ciph,ssl_stat,ssl_rsa,"+ - - "ssl_asn1,ssl_txt,ssl_algs,"+ - - "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce" + "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ - + "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst" $! $ COMPILEWITH_CC5 = "" $! @@ -240,7 +239,7 @@ $ NEXT_FILE: $! $! O.K, Extract The File Name From The File List. $! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL) +$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"TRIM") $! $! Check To See If We Are At The End Of The File List. $! diff --git a/test/maketests.com b/test/maketests.com index e7a686057e..5919374b62 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -142,47 +142,56 @@ $! $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ - "RC2TEST,RC4TEST,RC5TEST,"+ - - "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ - + "DESTEST,SHA1TEST,SHA256T,SHA512T,"+ - "MDC2TEST,RMDTEST,"+ - "RANDTEST,DHTEST,ENGINETEST,"+ - - "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - - "EVP_TEST,IGETEST,JPAKETEST,SRPTEST" + "GOST2814789TEST,"+ - + "BFTEST,CASTTEST,SSLTEST,"+ - + "EXPTEST,DSATEST,RSA_TEST,"+ - + "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ - + "V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ - + "CONSTANT_TIME_TEST" $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? $! $! Additional directory information. -$ T_D_BNTEST := [-.crypto.bn] -$ T_D_ECTEST := [-.crypto.ec] -$ T_D_ECDSATEST := [-.crypto.ecdsa] -$ T_D_ECDHTEST := [-.crypto.ecdh] -$ T_D_IDEATEST := [-.crypto.idea] -$ T_D_MD2TEST := [-.crypto.md2] -$ T_D_MD4TEST := [-.crypto.md4] -$ T_D_MD5TEST := [-.crypto.md5] -$ T_D_HMACTEST := [-.crypto.hmac] -$ T_D_WP_TEST := [-.crypto.whrlpool] -$ T_D_RC2TEST := [-.crypto.rc2] -$ T_D_RC4TEST := [-.crypto.rc4] -$ T_D_RC5TEST := [-.crypto.rc5] -$ T_D_DESTEST := [-.crypto.des] -$ T_D_SHATEST := [-.crypto.sha] -$ T_D_SHA1TEST := [-.crypto.sha] -$ T_D_SHA256T := [-.crypto.sha] -$ T_D_SHA512T := [-.crypto.sha] -$ T_D_MDC2TEST := [-.crypto.mdc2] -$ T_D_RMDTEST := [-.crypto.ripemd] -$ T_D_RANDTEST := [-.crypto.rand] -$ T_D_DHTEST := [-.crypto.dh] -$ T_D_ENGINETEST := [-.crypto.engine] -$ T_D_BFTEST := [-.crypto.bf] -$ T_D_CASTTEST := [-.crypto.cast] -$ T_D_SSLTEST := [-.ssl] -$ T_D_EXPTEST := [-.crypto.bn] -$ T_D_DSATEST := [-.crypto.dsa] -$ T_D_RSA_TEST := [-.crypto.rsa] -$ T_D_EVP_TEST := [-.crypto.evp] -$ T_D_IGETEST := [-.test] -$ T_D_JPAKETEST := [-.crypto.jpake] -$ T_D_SRPTEST := [-.crypto.srp] +$ T_D_BNTEST := [-.crypto.bn] +$ T_D_ECTEST := [-.crypto.ec] +$ T_D_ECDSATEST := [-.crypto.ecdsa] +$ T_D_ECDHTEST := [-.crypto.ecdh] +$ T_D_IDEATEST := [-.crypto.idea] +$ T_D_MD2TEST := [-.crypto.md2] +$ T_D_MD4TEST := [-.crypto.md4] +$ T_D_MD5TEST := [-.crypto.md5] +$ T_D_HMACTEST := [-.crypto.hmac] +$ T_D_WP_TEST := [-.crypto.whrlpool] +$ T_D_RC2TEST := [-.crypto.rc2] +$ T_D_RC4TEST := [-.crypto.rc4] +$ T_D_RC5TEST := [-.crypto.rc5] +$ T_D_DESTEST := [-.crypto.des] +$ T_D_SHATEST := [-.crypto.sha] +$ T_D_SHA1TEST := [-.crypto.sha] +$ T_D_SHA256T := [-.crypto.sha] +$ T_D_SHA512T := [-.crypto.sha] +$ T_D_MDC2TEST := [-.crypto.mdc2] +$ T_D_RMDTEST := [-.crypto.ripemd] +$ T_D_RANDTEST := [-.crypto.rand] +$ T_D_DHTEST := [-.crypto.dh] +$ T_D_ENGINETEST := [-.crypto.engine] +$ T_D_GOST2814789TEST := [-.engines.ccgost] +$ T_D_BFTEST := [-.crypto.bf] +$ T_D_CASTTEST := [-.crypto.cast] +$ T_D_SSLTEST := [-.ssl] +$ T_D_EXPTEST := [-.crypto.bn] +$ T_D_DSATEST := [-.crypto.dsa] +$ T_D_RSA_TEST := [-.crypto.rsa] +$ T_D_EVP_TEST := [-.crypto.evp] +$ T_D_IGETEST := [-.test] +$ T_D_JPAKETEST := [-.crypto.jpake] +$ T_D_SRPTEST := [-.crypto.srp] +$ T_D_V3NAMETEST := [-.crypto.x509v3] +$ T_D_HEARTBEAT_TEST := [-.ssl] +$ T_D_P5_CRPT2_TEST := [-.crypto.evp] +$ T_D_CONSTANT_TIME_TEST := [-.crypto] $! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - @@ -468,7 +477,7 @@ $ CHECK_OPTIONS: $! $! Set basic C compiler /INCLUDE directories. $! -$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" +$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" $! $! Check To See If P1 Is Blank. $! @@ -1060,10 +1069,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A $ __HERE = F$EDIT(__HERE,"UPCASE") $ __TOP = __HERE - "TEST]" $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" +$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]" $! $! Set up the logical name OPENSSL to point at the include directory $! $ DEFINE OPENSSL /NOLOG '__INCLUDE' +$ DEFINE INTERNAL /NOLOG '__INTERNAL' $! $! Done $! @@ -1076,6 +1087,7 @@ $! $ IF __SAVE_OPENSSL .EQS. "" $ THEN $ DEASSIGN OPENSSL +$ DEASSIGN INTERNAL $ ELSE $ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL' $ ENDIF diff --git a/test/tests.com b/test/tests.com index 62be1e7a46..ba947be3e5 100644 --- a/test/tests.com +++ b/test/tests.com @@ -27,6 +27,7 @@ $ endif $! $ texe_dir := sys$disk:[-.'__archd'.exe.test] $ exe_dir := sys$disk:[-.'__archd'.exe.apps] +$ engines_dir := sys$disk:[-.'__archd'.exe.engines] $ $ set default '__here' $ @@ -51,47 +52,55 @@ $! if there's a difference that needs to be taken care of. $ tests := - test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- test_md2,test_mdc2,test_wp,- - test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,- + test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,- test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,- - test_jpake,test_srp,test_cms + test_jpake,test_srp,test_cms,test_v3name,test_ocsp,- + test_gost2814789,test_heartbeat,test_p5_crpt2,- + test_constant_time $ endif $ tests = f$edit(tests,"COLLAPSE") $ -$ BNTEST := bntest -$ ECTEST := ectest -$ ECDSATEST := ecdsatest -$ ECDHTEST := ecdhtest -$ EXPTEST := exptest -$ IDEATEST := ideatest -$ SHATEST := shatest -$ SHA1TEST := sha1test -$ MDC2TEST := mdc2test -$ RMDTEST := rmdtest -$ MD2TEST := md2test -$ MD4TEST := md4test -$ MD5TEST := md5test -$ HMACTEST := hmactest -$ WPTEST := wp_test -$ RC2TEST := rc2test -$ RC4TEST := rc4test -$ RC5TEST := rc5test -$ BFTEST := bftest -$ CASTTEST := casttest -$ DESTEST := destest -$ RANDTEST := randtest -$ DHTEST := dhtest -$ DSATEST := dsatest -$ METHTEST := methtest -$ SSLTEST := ssltest -$ RSATEST := rsa_test -$ ENGINETEST := enginetest -$ EVPTEST := evp_test -$ IGETEST := igetest -$ JPAKETEST := jpaketest -$ SRPTEST := srptest +$ BNTEST := bntest +$ ECTEST := ectest +$ ECDSATEST := ecdsatest +$ ECDHTEST := ecdhtest +$ EXPTEST := exptest +$ IDEATEST := ideatest +$ SHA1TEST := sha1test +$ SHA256TEST := sha256t +$ SHA512TEST := sha512t +$ MDC2TEST := mdc2test +$ RMDTEST := rmdtest +$ MD2TEST := md2test +$ MD4TEST := md4test +$ MD5TEST := md5test +$ HMACTEST := hmactest +$ WPTEST := wp_test +$ RC2TEST := rc2test +$ RC4TEST := rc4test +$ RC5TEST := rc5test +$ BFTEST := bftest +$ CASTTEST := casttest +$ DESTEST := destest +$ RANDTEST := randtest +$ DHTEST := dhtest +$ DSATEST := dsatest +$ METHTEST := methtest +$ SSLTEST := ssltest +$ RSATEST := rsa_test +$ ENGINETEST := enginetest +$ GOST2814789TEST := gost2814789test +$ EVPTEST := evp_test +$ P5_CRPT2_TEST := p5_crpt2_test +$ IGETEST := igetest +$ JPAKETEST := jpaketest +$ SRPTEST := srptest +$ V3NAMETEST := v3nametest +$ HEARTBEATTEST := heartbeat_test +$ CONSTTIMETEST := constant_time_test $! $ tests_i = 0 $ loop_tests: @@ -105,6 +114,9 @@ $ $ test_evp: $ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt $ return +$ test_p5_crpt2: +$ mcr 'texe_dir''p5_crpt2_test' +$ return $ test_des: $ mcr 'texe_dir''destest' $ return @@ -112,8 +124,9 @@ $ test_idea: $ mcr 'texe_dir''ideatest' $ return $ test_sha: -$ mcr 'texe_dir''shatest' $ mcr 'texe_dir''sha1test' +$ mcr 'texe_dir''sha256test' +$ mcr 'texe_dir''sha512test' $ return $ test_mdc2: $ mcr 'texe_dir''mdc2test' @@ -154,6 +167,10 @@ $ return $ test_rand: $ mcr 'texe_dir''randtest' $ return +$ test_gost2814789: +$ define/user OPENSSL_ENGINES 'engines_dir' +$ mcr 'texe_dir''gost2814789test' +$ return $ test_enc: $ @testenc.com 'pointer_size' $ return @@ -361,7 +378,21 @@ $ test_srp: $ write sys$output "Test SRP" $ mcr 'texe_dir''srptest' $ return -$ +$ test_v3name: +$ write sys$output "Test X509v3_check_*" +$ mcr 'texe_dir''v3nametest' +$ return +$ test_ocsp: +$ write sys$output "Test OCSP" +$ @tocsp.com +$ return +$ test_heartbeat: +$ mcr 'texe_dir''heartbeattest' +$ return +$ test_constant_time: +$ write sys$output "Test constant time utilites" +$ mcr 'texe_dir''consttimetest' +$ return $ $ exit: $ mcr 'exe_dir'openssl version -a diff --git a/test/tocsp.com b/test/tocsp.com new file mode 100644 index 0000000000..97253fe464 --- /dev/null +++ b/test/tocsp.com @@ -0,0 +1,165 @@ +$! TOCSP.COM -- Test ocsp +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'" +$ ocspdir = "ocsp-tests" +$ +$! 17 December 2012 so we don't get certificate expiry errors. +$ check_time="-attime 1355875200" +$ +$ test_ocsp: +$ subroutine +$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin +$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' - + "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0: +$ if $severity .ne. p3+1 +$ then +$ write sys$error "OCSP test failed!" +$ exit 3 +$ endif +$ endsubroutine +$ +$ set noon +$ +$ write sys$output "=== VALID OCSP RESPONSES ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0 +$ +$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" +$! Expect success, because we're explicitly trusting the issuer certificate. +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0 +$ +$ write sys$output "ALL OCSP TESTS SUCCESSFUL" +$ +$ set on +$ +$ exit