]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.dnsdist/test_OCSP.py
4 from dnsdisttests
import DNSDistTest
6 class DNSDistOCSPStaplingTest(DNSDistTest
):
9 def checkOCSPStaplingStatus(cls
, addr
, port
, serverName
, caFile
):
10 testcmd
= ['openssl', 's_client', '-CAfile', caFile
, '-connect', '%s:%d' % (addr
, port
), '-status', '-servername', serverName
]
13 process
= subprocess
.Popen(testcmd
, stdout
=subprocess
.PIPE
, stdin
=subprocess
.PIPE
, stderr
=subprocess
.STDOUT
, close_fds
=True)
14 output
= process
.communicate(input='')
15 except subprocess
.CalledProcessError
as exc
:
16 raise AssertionError('dnsdist --check-config failed (%d): %s' % (exc
.returncode
, exc
.output
))
18 return output
[0].decode()
20 class TestOCSPStaplingDOH(DNSDistOCSPStaplingTest
):
22 _serverKey
= 'server.key'
23 _serverCert
= 'server.chain'
24 _serverName
= 'tls.tests.dnsdist.org'
25 _ocspFile
= 'server.ocsp'
29 _config_template
= """
30 newServer{address="127.0.0.1:%s"}
32 -- generate an OCSP response file for our certificate, valid one day
33 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
34 addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, { ocspResponses={"%s"}})
36 _config_params
= ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_dohServerPort', '_serverCert', '_serverKey', '_ocspFile']
38 def testOCSPStapling(self
):
42 output
= self
.checkOCSPStaplingStatus('127.0.0.1', self
._dohServerPort
, self
._serverName
, self
._caCert
)
43 self
.assertIn('OCSP Response Status: successful (0x0)', output
)
45 class TestOCSPStaplingTLSGnuTLS(DNSDistOCSPStaplingTest
):
47 _serverKey
= 'server.key'
48 _serverCert
= 'server.chain'
49 _serverName
= 'tls.tests.dnsdist.org'
50 _ocspFile
= 'server.ocsp'
54 _config_template
= """
55 newServer{address="127.0.0.1:%s"}
57 -- generate an OCSP response file for our certificate, valid one day
58 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
59 addTLSLocal("127.0.0.1:%s", "%s", "%s", { provider="gnutls", ocspResponses={"%s"}})
61 _config_params
= ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_tlsServerPort', '_serverCert', '_serverKey', '_ocspFile']
63 def testOCSPStapling(self
):
65 OCSP Stapling: TLS (GnuTLS)
67 output
= self
.checkOCSPStaplingStatus('127.0.0.1', self
._tlsServerPort
, self
._serverName
, self
._caCert
)
68 self
.assertIn('OCSP Response Status: successful (0x0)', output
)
70 class TestOCSPStaplingTLSOpenSSL(DNSDistOCSPStaplingTest
):
72 _serverKey
= 'server.key'
73 _serverCert
= 'server.chain'
74 _serverName
= 'tls.tests.dnsdist.org'
75 _ocspFile
= 'server.ocsp'
79 _config_template
= """
80 newServer{address="127.0.0.1:%s"}
82 -- generate an OCSP response file for our certificate, valid one day
83 generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)
84 addTLSLocal("127.0.0.1:%s", "%s", "%s", { provider="openssl", ocspResponses={"%s"}})
86 _config_params
= ['_testServerPort', '_serverCert', '_caCert', '_caKey', '_ocspFile', '_tlsServerPort', '_serverCert', '_serverKey', '_ocspFile']
88 def testOCSPStapling(self
):
90 OCSP Stapling: TLS (OpenSSL)
92 output
= self
.checkOCSPStaplingStatus('127.0.0.1', self
._tlsServerPort
, self
._serverName
, self
._caCert
)
93 self
.assertIn('OCSP Response Status: successful (0x0)', output
)