OpenSSL: full-chain OCSP stapling. Bug 1466

2 files changed, 58 insertions, 0 deletions

diff --git a/test/scripts/5615-OCSP-OpenSSL-1.3/5615 b/test/scripts/5615-OCSP-OpenSSL-1.3/5615
new file mode 100644
index 000000000..17d5f7a0e
--- /dev/null
+++ b/test/scripts/5615-OCSP-OpenSSL-1.3/5615
@@ -0,0 +1,54 @@
+# OCSP stapling, server, multiple chain-element OCSP
+#
+#
+#
+#
+exim -z '1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth'
+****
+#
+exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.2
+****
+#
+exim -odf -DOPT=rsa -DLIMIT=TLS1.2 rsa.auth@test.ex
+Subject: test
+
+.
+****
+killdaemon
+#
+#
+exim -z '2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth'
+****
+#
+# Works when the (single) proof file has an ocsp-response with 3 statusses.
+# Contrast with with GnuTLS which can do either that or have 3 proof files
+# each with one status.
+#
+exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3
+****
+exim -odf -DOPT=rsa rsa.auth@test.ex
+Subject: test
+
+.
+****
+killdaemon
+#
+##
+##
+#exim -z '3: TLS1.3 Server sends bad nonleaf staple, client detects it'
+#****
+##
+#EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 -DCONTROL=bad
+#****
+#exim -odf -DOPT=rsa rsa.auth@test.ex
+#Subject: test
+#
+#.
+#****
+#killdaemon
+##
+##
+#
+#
+sudo rm -fr tmp/
+no_msglog_check
diff --git a/test/scripts/5615-OCSP-OpenSSL-1.3/REQUIRES b/test/scripts/5615-OCSP-OpenSSL-1.3/REQUIRES
new file mode 100644
index 000000000..7df03fbe8
--- /dev/null
+++ b/test/scripts/5615-OCSP-OpenSSL-1.3/REQUIRES
@@ -0,0 +1,4 @@
+support OpenSSL
+support OCSP
+running IPv4
+feature _HAVE_TLS1_3