diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2013-03-24 21:49:12 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2013-03-25 22:42:48 +0000 |
commit | f5d786885721c374cc22a1f1311ca01408a496fd (patch) | |
tree | 528ec5ecb56fc077445855d16014bc9a9c86d967 /test/log/5601 | |
parent | 26e72755c101f59e24735e9ca9a320d5f1ebc2b7 (diff) |
OCSP-stapling enhancement and testing.
Server:
Honor environment variable as well as running_in_test_harness in permitting bogus staplings
Update server tests
Add "-ocsp" option to client-ssl.
Server side: add verification of stapled status.
First cut server-mode ocsp testing.
Fix some uninitialized ocsp-related data.
Client (new):
Verify stapling using only the chain that verified the server cert, not any acceptable chain.
Add check for multiple responses in a stapling, which is not handled
Refuse verification on expired and revoking staplings.
Handle OCSP client refusal on lack of stapling from server.
More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
Add transport hosts_require_ocsp option.
Log stapling responses.
Start on tests for client-side.
Testing support:
Add CRL generation code and documentation update
Initial CA & certificate set for testing.
BUGFIX:
Once a single OCSP response has been extracted the validation
routine return code is no longer about the structure, but the actual
returned OCSP status.
Diffstat (limited to 'test/log/5601')
-rw-r--r-- | test/log/5601 | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/test/log/5601 b/test/log/5601 new file mode 100644 index 000000000..40caa0f88 --- /dev/null +++ b/test/log/5601 @@ -0,0 +1,41 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER@test.ex R=client T=send_to_server2 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 Received TLS status response, null content +1999-03-02 09:44:33 10HmbB-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <<detail omitted>> +1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbC-0005vi-00 Server certificate revoked; reason: superseded +1999-03-02 09:44:33 10HmbC-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <<detail omitted>> +1999-03-02 09:44:33 10HmbC-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 Server OSCP dates invalid +1999-03-02 09:44:33 10HmbD-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <<detail omitted>> +1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <nostaple@test.ex> R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@test.ex> R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; not responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) |