ocsp: add tests

wolfSSL · Feb 1, 2025 · 1a1dc0d · 1a1dc0d
1 parent 76b76b9
commit 1a1dc0d
Show file tree

Hide file tree

Showing 10 changed files with 1,720 additions and 1 deletion.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -2489,10 +2489,12 @@ if(WOLFSSL_EXAMPLES)
     add_executable(unit_test
         tests/api.c
         tests/api/ascon.c
+        tests/api/ocsp.c
         tests/hash.c
         tests/srp.c
         tests/suites.c
         tests/w64wrapper.c
+        tests/ocsp.c
         tests/unit.c
         tests/quic.c
         examples/server/server.c

diff --git a/certs/ocsp/include.am b/certs/ocsp/include.am
@@ -36,4 +36,5 @@ EXTRA_DIST += \
         certs/ocsp/test-response.der \
         certs/ocsp/test-response-rsapss.der \
         certs/ocsp/test-response-nointern.der \
-        certs/ocsp/test-multi-response.der
+        certs/ocsp/test-multi-response.der \
+        certs/ocsp/test-leaf-response.der
diff --git a/certs/ocsp/renewcerts.sh b/certs/ocsp/renewcerts.sh
@@ -100,6 +100,14 @@ openssl ocsp -issuer ./root-ca-cert.pem -cert ./intermediate1-ca-cert.pem -cert
 kill $PID
 wait $PID
 
+# Create a response DER buffer for testing leaf certificate
+openssl ocsp -port 22221 -ndays 1000 -index ./index-intermediate1-ca-issued-certs.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA intermediate1-ca-cert.pem -partial_chain &
+PID=$!
+sleep 1 # Make sure server is ready
+
+openssl ocsp -issuer ./intermediate1-ca-cert.pem -cert ./server1-cert.pem -url http://localhost:22221/ -respout test-leaf-response.der -noverify
+kill $PID
+wait $PID
 
 # now start up a responder that signs using rsa-pss
 openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -rsigopt rsa_padding_mode:pss &

diff --git a/certs/ocsp/test-leaf-response.der b/certs/ocsp/test-leaf-response.der
diff --git a/tests/api.c b/tests/api.c
@@ -288,6 +288,7 @@
 
 /* Gather test declarations to include them in the testCases array */
 #include <tests/api/ascon.h>
+#include <tests/api/ocsp.h>
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
@@ -102779,6 +102780,9 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_SSLDisableRead),
     TEST_DECL(test_wolfSSL_inject),
     TEST_DECL(test_wolfSSL_dtls_cid_parse),
+    TEST_DECL(test_ocsp_status_callback),
+    TEST_DECL(test_ocsp_basic_verify),
+    TEST_DECL(test_ocsp_response_parsing),
     /* This test needs to stay at the end to clean up any caches allocated. */
     TEST_DECL(test_wolfSSL_Cleanup)
 };