tests: EAP-TLS and server reloading CRL from ca_cert

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-01-27 18:48:16 +02:00
parent 159a7fbdea
commit a18d58f47c

View file

@ -5295,6 +5295,40 @@ def test_ap_wpa2_eap_tls_check_crl(dev, apdev):
private_key="auth_serv/user.key") private_key="auth_serv/user.key")
dev[0].request("REMOVE_NETWORK all") dev[0].request("REMOVE_NETWORK all")
def test_ap_wpa2_eap_tls_crl_reload(dev, apdev, params):
"""EAP-TLS and server reloading CRL from ca_cert"""
ca_cert = os.path.join(params['logdir'],
"ap_wpa2_eap_tls_crl_reload.ca_cert")
with open('auth_serv/ca.pem', 'r') as f:
only_cert = f.read()
with open('auth_serv/ca-and-crl.pem', 'r') as f:
cert_and_crl = f.read()
with open(ca_cert, 'w') as f:
f.write(only_cert)
params = int_eap_server_params()
params['ca_cert'] = ca_cert
params['check_crl'] = '1'
params['crl_reload_interval'] = '1'
hapd = hostapd.add_ap(apdev[0], params)
# check_crl=1 and no CRL available --> reject connection
eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
client_cert="auth_serv/user.pem",
private_key="auth_serv/user.key", expect_failure=True)
dev[0].request("REMOVE_NETWORK all")
dev[0].dump_monitor()
with open(ca_cert, 'w') as f:
f.write(cert_and_crl)
time.sleep(1)
# check_crl=1 and valid CRL --> accept
eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="auth_serv/ca.pem",
client_cert="auth_serv/user.pem",
private_key="auth_serv/user.key")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
def test_ap_wpa2_eap_tls_oom(dev, apdev): def test_ap_wpa2_eap_tls_oom(dev, apdev):
"""EAP-TLS and OOM""" """EAP-TLS and OOM"""
check_subject_match_support(dev[0]) check_subject_match_support(dev[0])