]> git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.dnsdist/test_OCSP.py
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #8175 from rgacogne/dnsdist-max-outstanding
[thirdparty/pdns.git] / regression-tests.dnsdist / test_OCSP.py
1 #!/usr/bin/env python
2 import dns
3 import subprocess
4 from dnsdisttests import DNSDistTest
5
6 class DNSDistOCSPStaplingTest(DNSDistTest):
7
8 @classmethod
9 def checkOCSPStaplingStatus(cls, addr, port, serverName, caFile):
10 testcmd = ['openssl', 's_client', '-CAfile', caFile, '-connect', '%s:%d' % (addr, port), '-status', '-servername', serverName ]
11 output = None
12 try:
13 process = subprocess.Popen(testcmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True)
14 output = process.communicate(input='')
15 except subprocess.CalledProcessError as exc:
16 raise AssertionError('dnsdist --check-config failed (%d): %s' % (exc.returncode, exc.output))
17
18 return output[0].decode()
19
20 class TestOCSPStaplingDOH(DNSDistOCSPStaplingTest):
21
22 _serverKey = 'server.key'
23 _serverCert = 'server.chain'
24 _serverName = 'tls.tests.dnsdist.org'
25 _ocspFile = 'server.ocsp'
26 _caCert = 'ca.pem'
27 _caKey = 'ca.key'
28 _dohServerPort = 8443
29 _config_template = """
30 newServer{address="127.0.0.1:%s"}
31
32 -- generate an OCSP response file for our certificate, valid one day
33 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
34 addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, { ocspResponses={"%s"}})
35 """
36 _config_params = ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_dohServerPort', '_serverCert', '_serverKey', '_ocspFile']
37
38 def testOCSPStapling(self):
39 """
40 OCSP Stapling: DOH
41 """
42 output = self.checkOCSPStaplingStatus('127.0.0.1', self._dohServerPort, self._serverName, self._caCert)
43 self.assertIn('OCSP Response Status: successful (0x0)', output)
44
45 class TestOCSPStaplingTLSGnuTLS(DNSDistOCSPStaplingTest):
46
47 _serverKey = 'server.key'
48 _serverCert = 'server.chain'
49 _serverName = 'tls.tests.dnsdist.org'
50 _ocspFile = 'server.ocsp'
51 _caCert = 'ca.pem'
52 _caKey = 'ca.key'
53 _tlsServerPort = 8443
54 _config_template = """
55 newServer{address="127.0.0.1:%s"}
56
57 -- generate an OCSP response file for our certificate, valid one day
58 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
59 addTLSLocal("127.0.0.1:%s", "%s", "%s", { provider="gnutls", ocspResponses={"%s"}})
60 """
61 _config_params = ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_tlsServerPort', '_serverCert', '_serverKey', '_ocspFile']
62
63 def testOCSPStapling(self):
64 """
65 OCSP Stapling: TLS (GnuTLS)
66 """
67 output = self.checkOCSPStaplingStatus('127.0.0.1', self._tlsServerPort, self._serverName, self._caCert)
68 self.assertIn('OCSP Response Status: successful (0x0)', output)
69
70 class TestOCSPStaplingTLSOpenSSL(DNSDistOCSPStaplingTest):
71
72 _serverKey = 'server.key'
73 _serverCert = 'server.chain'
74 _serverName = 'tls.tests.dnsdist.org'
75 _ocspFile = 'server.ocsp'
76 _caCert = 'ca.pem'
77 _caKey = 'ca.key'
78 _tlsServerPort = 8443
79 _config_template = """
80 newServer{address="127.0.0.1:%s"}
81
82 -- generate an OCSP response file for our certificate, valid one day
83 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
84 addTLSLocal("127.0.0.1:%s", "%s", "%s", { provider="openssl", ocspResponses={"%s"}})
85 """
86 _config_params = ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_tlsServerPort', '_serverCert', '_serverKey', '_ocspFile']
87
88 def testOCSPStapling(self):
89 """
90 OCSP Stapling: TLS (OpenSSL)
91 """
92 output = self.checkOCSPStaplingStatus('127.0.0.1', self._tlsServerPort, self._serverName, self._caCert)
93 self.assertIn('OCSP Response Status: successful (0x0)', output)
Unnamed repository; edit this file 'description' to name the repository.