From f5d786885721c374cc22a1f1311ca01408a496fd Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 24 Mar 2013 21:49:12 +0000
Subject: OCSP-stapling enhancement and testing.

Server:
  Honor environment variable as well as running_in_test_harness in permitting bogus staplings
  Update server tests
  Add "-ocsp" option to client-ssl.
  Server side: add verification of stapled status.
  First cut server-mode ocsp testing.
  Fix some uninitialized ocsp-related data.

Client (new):
  Verify stapling using only the chain that verified the server cert, not any acceptable chain.
  Add check for multiple responses in a stapling, which is not handled
  Refuse verification on expired and revoking staplings.
  Handle OCSP client refusal on lack of stapling from server.
  More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
  Add transport hosts_require_ocsp option.
  Log stapling responses.
  Start on tests for client-side.

Testing support:
    Add CRL generation code and documentation update
    Initial CA & certificate set for testing.

BUGFIX:
    Once a single OCSP response has been extracted the validation
    routine return code is no longer about the structure, but the actual
    returned OCSP status.
---
 test/stderr/5600 | 2 ++
 test/stderr/5601 | 2 ++
 2 files changed, 4 insertions(+)
 create mode 100644 test/stderr/5600
 create mode 100644 test/stderr/5601

(limited to 'test/stderr')

diff --git a/test/stderr/5600 b/test/stderr/5600
new file mode 100644
index 000000000..045fadc9b
--- /dev/null
+++ b/test/stderr/5600
@@ -0,0 +1,2 @@
+
+******** SERVER ********
diff --git a/test/stderr/5601 b/test/stderr/5601
new file mode 100644
index 000000000..045fadc9b
--- /dev/null
+++ b/test/stderr/5601
@@ -0,0 +1,2 @@
+
+******** SERVER ********
-- 
cgit v1.2.3