]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.dnsdist/test_OCSP.py
6 from dnsdisttests
import DNSDistTest
8 class DNSDistOCSPStaplingTest(DNSDistTest
):
11 def checkOCSPStaplingStatus(cls
, addr
, port
, serverName
, caFile
):
12 testcmd
= ['openssl', 's_client', '-CAfile', caFile
, '-connect', '%s:%d' % (addr
, port
), '-status', '-servername', serverName
]
15 process
= subprocess
.Popen(testcmd
, stdout
=subprocess
.PIPE
, stdin
=subprocess
.PIPE
, stderr
=subprocess
.STDOUT
, close_fds
=True)
16 output
= process
.communicate(input='')
17 except subprocess
.CalledProcessError
as exc
:
18 raise AssertionError('dnsdist --check-config failed (%d): %s' % (exc
.returncode
, exc
.output
))
20 return output
[0].decode()
22 @unittest.skipIf('SKIP_DOH_TESTS' in os
.environ
, 'DNS over HTTPS tests are disabled')
23 class TestOCSPStaplingDOH(DNSDistOCSPStaplingTest
):
25 _serverKey
= 'server.key'
26 _serverCert
= 'server.chain'
27 _serverName
= 'tls.tests.dnsdist.org'
28 _ocspFile
= 'server.ocsp'
32 _config_template
= """
33 newServer{address="127.0.0.1:%s"}
35 -- generate an OCSP response file for our certificate, valid one day
36 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
37 addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, { ocspResponses={"%s"}})
39 _config_params
= ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_dohServerPort', '_serverCert', '_serverKey', '_ocspFile']
44 # for some reason, @unittest.skipIf() is not applied to derived classes with some versions of Python
45 if 'SKIP_DOH_TESTS' in os
.environ
:
46 raise unittest
.SkipTest('DNS over HTTPS tests are disabled')
52 print("Launching tests..")
54 def testOCSPStapling(self
):
58 output
= self
.checkOCSPStaplingStatus('127.0.0.1', self
._dohServerPort
, self
._serverName
, self
._caCert
)
59 self
.assertIn('OCSP Response Status: successful (0x0)', output
)
61 class TestOCSPStaplingTLSGnuTLS(DNSDistOCSPStaplingTest
):
63 _serverKey
= 'server.key'
64 _serverCert
= 'server.chain'
65 _serverName
= 'tls.tests.dnsdist.org'
66 _ocspFile
= 'server.ocsp'
70 _config_template
= """
71 newServer{address="127.0.0.1:%s"}
73 -- generate an OCSP response file for our certificate, valid one day
74 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
75 addTLSLocal("127.0.0.1:%s", "%s", "%s", { provider="gnutls", ocspResponses={"%s"}})
77 _config_params
= ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_tlsServerPort', '_serverCert', '_serverKey', '_ocspFile']
79 def testOCSPStapling(self
):
81 OCSP Stapling: TLS (GnuTLS)
83 output
= self
.checkOCSPStaplingStatus('127.0.0.1', self
._tlsServerPort
, self
._serverName
, self
._caCert
)
84 self
.assertIn('OCSP Response Status: successful (0x0)', output
)
86 class TestOCSPStaplingTLSOpenSSL(DNSDistOCSPStaplingTest
):
88 _serverKey
= 'server.key'
89 _serverCert
= 'server.chain'
90 _serverName
= 'tls.tests.dnsdist.org'
91 _ocspFile
= 'server.ocsp'
95 _config_template
= """
96 newServer{address="127.0.0.1:%s"}
98 -- generate an OCSP response file for our certificate, valid one day
99 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
100 addTLSLocal("127.0.0.1:%s", "%s", "%s", { provider="openssl", ocspResponses={"%s"}})
102 _config_params
= ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_tlsServerPort', '_serverCert', '_serverKey', '_ocspFile']
104 def testOCSPStapling(self
):
106 OCSP Stapling: TLS (OpenSSL)
108 output
= self
.checkOCSPStaplingStatus('127.0.0.1', self
._tlsServerPort
, self
._serverName
, self
._caCert
)
109 self
.assertIn('OCSP Response Status: successful (0x0)', output
)