tests: Fix root_ocsp() for multi-OCSP test cases

Incorrect path and file name was used in the openssl command to generate
one of the OCSP responses. Also fix
ap_wpa2_eap_tls_intermediate_ca_ocsp_multi to expect success rather than
failure due to OCSP response. Based on the test description, this was
supposed to succeed, but apparently that root_ocsp() bug prevented this
from happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2016-03-09 19:38:26 +02:00 committed by Jouni Malinen
parent f85399f396
commit 40ae4a2ff2

View file

@ -3739,8 +3739,8 @@ def root_ocsp(cert):
fd, fn = tempfile.mkstemp() fd, fn = tempfile.mkstemp()
os.close(fd) os.close(fd)
arg = [ "openssl", "ocsp", "-index", "rootCA/index.txt", arg = [ "openssl", "ocsp", "-index", "auth_serv/rootCA/index.txt",
"-rsigner", ca, "-rkey", "auth_serv/caa-key.pem", "-rsigner", ca, "-rkey", "auth_serv/ca-key.pem",
"-CA", ca, "-issuer", ca, "-verify_other", ca, "-trust_other", "-CA", ca, "-issuer", ca, "-verify_other", ca, "-trust_other",
"-ndays", "7", "-reqin", fn2, "-resp_no_certs", "-respout", fn, "-ndays", "7", "-reqin", fn2, "-resp_no_certs", "-respout", fn,
"-text" ] "-text" ]
@ -3923,26 +3923,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi(dev, apdev, params):
ca_cert="auth_serv/iCA-user/ca-and-root.pem", ca_cert="auth_serv/iCA-user/ca-and-root.pem",
client_cert="auth_serv/iCA-user/user.pem", client_cert="auth_serv/iCA-user/user.pem",
private_key="auth_serv/iCA-user/user.key", private_key="auth_serv/iCA-user/user.key",
scan_freq="2412", ocsp=3, wait_connect=False) scan_freq="2412", ocsp=3)
count = 0
while True:
ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS",
"CTRL-EVENT-EAP-SUCCESS"])
if ev is None:
raise Exception("Timeout on EAP status")
if "CTRL-EVENT-EAP-SUCCESS" in ev:
raise Exception("Unexpected EAP-Success")
if 'bad certificate status response' in ev:
break
if 'certificate revoked' in ev:
break
count = count + 1
if count > 10:
raise Exception("Unexpected number of EAP status messages")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
if ev is None:
raise Exception("Timeout on EAP failure report")
dev[0].request("REMOVE_NETWORK all") dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected() dev[0].wait_disconnected()
finally: finally: