From f5d786885721c374cc22a1f1311ca01408a496fd Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 24 Mar 2013 21:49:12 +0000 Subject: OCSP-stapling enhancement and testing. Server: Honor environment variable as well as running_in_test_harness in permitting bogus staplings Update server tests Add "-ocsp" option to client-ssl. Server side: add verification of stapled status. First cut server-mode ocsp testing. Fix some uninitialized ocsp-related data. Client (new): Verify stapling using only the chain that verified the server cert, not any acceptable chain. Add check for multiple responses in a stapling, which is not handled Refuse verification on expired and revoking staplings. Handle OCSP client refusal on lack of stapling from server. More fixing in client OCSP: use the server cert signing chain to verify the OCSP info. Add transport hosts_require_ocsp option. Log stapling responses. Start on tests for client-side. Testing support: Add CRL generation code and documentation update Initial CA & certificate set for testing. BUGFIX: Once a single OCSP response has been extracted the validation routine return code is no longer about the structure, but the actual returned OCSP status. --- test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt (limited to 'test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt') diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt new file mode 100644 index 000000000..434045ffe --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt @@ -0,0 +1,3 @@ +update=20130127152437Z +addcert 102 20130127152437Z +addcert 202 20130127152437Z -- cgit v1.2.3