tests: EAP-TLS and server checking CRL
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
786722763d
commit
b197a8194b
2 changed files with 96 additions and 0 deletions
64
tests/hwsim/auth_serv/ca-and-crl.pem
Normal file
64
tests/hwsim/auth_serv/ca-and-crl.pem
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1)
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=FI, O=w1.fi, CN=Root CA
|
||||
Validity
|
||||
Not Before: Jun 29 16:41:22 2013 GMT
|
||||
Not After : Jun 27 16:41:22 2023 GMT
|
||||
Subject: C=FI, O=w1.fi, CN=Root CA
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (1024 bit)
|
||||
Modulus:
|
||||
00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28:
|
||||
90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff:
|
||||
f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7:
|
||||
db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c:
|
||||
81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b:
|
||||
0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16:
|
||||
c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad:
|
||||
38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7:
|
||||
ae:8a:b6:d1:e7:b3:15:02:b9
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Subject Key Identifier:
|
||||
B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
|
||||
|
||||
X509v3 Basic Constraints:
|
||||
CA:TRUE
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7:
|
||||
5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4:
|
||||
4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82:
|
||||
be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c:
|
||||
70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9:
|
||||
d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e:
|
||||
c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3:
|
||||
92:e8
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
|
||||
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2
|
||||
MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
|
||||
DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
|
||||
gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m
|
||||
Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA
|
||||
cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w
|
||||
HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K
|
||||
GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
|
||||
Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk
|
||||
uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0
|
||||
+qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBJTCBjwIBATANBgkqhkiG9w0BAQsFADAvMQswCQYDVQQGEwJGSTEOMAwGA1UE
|
||||
CgwFdzEuZmkxEDAOBgNVBAMMB1Jvb3QgQ0EXDTE1MDYyOTE5MDU1OVoXDTIzMDYy
|
||||
NzE5MDU1OVowHDAaAgkA2NPjpsvjzMMXDTEzMDYyOTE2NDEyMlqgDjAMMAoGA1Ud
|
||||
FAQDAgEKMA0GCSqGSIb3DQEBCwUAA4GBALN3DQj9bNTuulU/o8MH2wAATisnDSYt
|
||||
WD7W9S/26AgQDK2qySvp0+vz/Li0BMafbUd+opMu1smdyirjA6rDSjC8scaoVwUo
|
||||
kY2fFo7qNuUU1N3T25/UCfGu3/E3ynrBZWiQoSCX/8NvY+pzEEf8ZOKt5837VKmk
|
||||
EB1U3PrnNi7m
|
||||
-----END X509 CRL-----
|
||||
|
|
@ -3080,3 +3080,35 @@ def test_ap_wpa2_eap_no_workaround(dev, apdev):
|
|||
ca_cert="auth_serv/ca.pem", eap_workaround='0',
|
||||
phase2="auth=PAP")
|
||||
eap_reauth(dev[0], "TTLS")
|
||||
|
||||
def test_ap_wpa2_eap_tls_check_crl(dev, apdev):
|
||||
"""EAP-TLS and server checking CRL"""
|
||||
params = int_eap_server_params()
|
||||
params['check_crl'] = '1'
|
||||
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
|
||||
# check_crl=1 and no CRL available --> reject connection
|
||||
eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
|
||||
client_cert="auth_serv/user.pem",
|
||||
private_key="auth_serv/user.key", expect_failure=True)
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
|
||||
hapd.disable()
|
||||
hapd.set("ca_cert", "auth_serv/ca-and-crl.pem")
|
||||
hapd.enable()
|
||||
|
||||
# check_crl=1 and valid CRL --> accept
|
||||
eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
|
||||
client_cert="auth_serv/user.pem",
|
||||
private_key="auth_serv/user.key")
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
|
||||
hapd.disable()
|
||||
hapd.set("check_crl", "2")
|
||||
hapd.enable()
|
||||
|
||||
# check_crl=2 and valid CRL --> accept
|
||||
eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
|
||||
client_cert="auth_serv/user.pem",
|
||||
private_key="auth_serv/user.key")
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
|
|
|
|||
Loading…
Reference in a new issue