tests/ocsp-tests/ocsp-must-staple-connection: no response case

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 586f1952d07b12562c031eed808c3acd6ca4c4dc..dd6f0298d39e70c1c43af2f97fd8ad0cab3333be 100644 (file)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -61,7 +61,9 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \
        ocsp-tests/response2.der ocsp-tests/response3.der ocsp-tests/certs/ocsp_index.txt ocsp-tests/certs/ocsp_index.txt.attr \
        ocsp-tests/response1.pem ocsp-tests/response2.pem \
        ocsp-tests/certs/server_good.key ocsp-tests/certs/server_bad.key ocsp-tests/certs/server_good.template \
-       ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der ocsp-tests/suppressions.valgrind \
+       ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der \
+       ocsp-tests/certs/ocsp-staple-empty.der \
+       ocsp-tests/suppressions.valgrind \
        ocsp-tests/signer-verify/response-ca.der \
        ocsp-tests/signer-verify/response-delegated.der \
        ocsp-tests/signer-verify/response-non-delegated.der \

diff --git a/tests/ocsp-tests/certs/ocsp-staple-empty.der b/tests/ocsp-tests/certs/ocsp-staple-empty.der
new file mode 100644 (file)
index 0000000..eccb9ec
Binary files /dev/null and b/tests/ocsp-tests/certs/ocsp-staple-empty.der differ

diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh
index 568aece2e1f03228f4cd54148da9354eebac92b3..8dcbb6869df15e43e577d88a995e5f948fbba9e0 100755 (executable)
--- a/tests/ocsp-tests/ocsp-must-staple-connection.sh
+++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh
@@ -317,6 +317,51 @@ kill "${TLS_SERVER_PID}"
 wait "${TLS_SERVER_PID}"
 unset TLS_SERVER_PID
 
+echo "=== Test 4.1: Server with valid certificate - no response staple ==="
+
+rm -f "${OCSP_RESPONSE_FILE}"
+cp "${srcdir}/ocsp-tests/certs/ocsp-staple-empty.der" "${OCSP_RESPONSE_FILE}"
+
+eval "${GETPORT}"
+# Port for gnutls-serv
+TLS_SERVER_PORT=$PORT
+PORT=${TLS_SERVER_PORT}
+launch_bare_server \
+       "${SERV}" --attime "${TESTDATE}" --echo --disable-client-cert \
+       --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \
+       --x509certfile="${SERVER_CERT_FILE}" \
+       --port="${TLS_SERVER_PORT}" \
+       --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors
+TLS_SERVER_PID="${!}"
+wait_server $TLS_SERVER_PID
+
+wait_for_port "${TLS_SERVER_PORT}"
+
+out=$(
+    echo "test 123456" | \
+        "${CLI}" --attime "${TESTDATE}" --ocsp \
+             --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \
+             --port="${TLS_SERVER_PORT}" localhost \
+             2>&1
+)
+rc=$?
+printf '%s\n' "$out"
+
+if test "${rc}" = "0"; then
+    echo "Connecting to server with valid certificate and no response staple succeeded"
+    exit 1
+fi
+
+if ! echo "${out}" | grep  "Got OCSP response with no certificates" > /dev/null
+then
+    echo '"Got OCSP response with no certificates" not found in output'
+    exit 1
+fi
+
+kill "${TLS_SERVER_PID}"
+wait "${TLS_SERVER_PID}"
+unset TLS_SERVER_PID
+
 echo "=== Test 5: Server with valid certificate - expired staple ==="
 
 rm -f "${OCSP_RESPONSE_FILE}"