tests: Fix openssl ocsp command and check for errors
Fix the openssl ocsp command line and check if it returns an error - so that instead of having something unusable later we error out immediately. Moving the -sha256 argument earlier fixes hash function use for the OCSP request generation (the old version used SHA-1). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
parent
85cff4b0d8
commit
d40d959e48
1 changed files with 17 additions and 4 deletions
|
@ -4078,13 +4078,17 @@ def root_ocsp(cert):
|
||||||
fd2, fn2 = tempfile.mkstemp()
|
fd2, fn2 = tempfile.mkstemp()
|
||||||
os.close(fd2)
|
os.close(fd2)
|
||||||
|
|
||||||
arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert,
|
arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
|
||||||
"-no_nonce", "-sha256", "-text" ]
|
"-cert", cert, "-no_nonce", "-text" ]
|
||||||
|
logger.info(' '.join(arg))
|
||||||
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
|
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
|
||||||
stderr=subprocess.PIPE)
|
stderr=subprocess.PIPE)
|
||||||
res = cmd.stdout.read() + "\n" + cmd.stderr.read()
|
res = cmd.stdout.read() + "\n" + cmd.stderr.read()
|
||||||
cmd.stdout.close()
|
cmd.stdout.close()
|
||||||
cmd.stderr.close()
|
cmd.stderr.close()
|
||||||
|
cmd.wait()
|
||||||
|
if cmd.returncode != 0:
|
||||||
|
raise Exception("bad return code from openssl ocsp\n\n" + res)
|
||||||
logger.info("OCSP request:\n" + res)
|
logger.info("OCSP request:\n" + res)
|
||||||
|
|
||||||
fd, fn = tempfile.mkstemp()
|
fd, fn = tempfile.mkstemp()
|
||||||
|
@ -4099,6 +4103,9 @@ def root_ocsp(cert):
|
||||||
res = cmd.stdout.read() + "\n" + cmd.stderr.read()
|
res = cmd.stdout.read() + "\n" + cmd.stderr.read()
|
||||||
cmd.stdout.close()
|
cmd.stdout.close()
|
||||||
cmd.stderr.close()
|
cmd.stderr.close()
|
||||||
|
cmd.wait()
|
||||||
|
if cmd.returncode != 0:
|
||||||
|
raise Exception("bad return code from openssl ocsp\n\n" + res)
|
||||||
logger.info("OCSP response:\n" + res)
|
logger.info("OCSP response:\n" + res)
|
||||||
os.unlink(fn2)
|
os.unlink(fn2)
|
||||||
return fn
|
return fn
|
||||||
|
@ -4111,13 +4118,16 @@ def ica_ocsp(cert):
|
||||||
fd2, fn2 = tempfile.mkstemp()
|
fd2, fn2 = tempfile.mkstemp()
|
||||||
os.close(fd2)
|
os.close(fd2)
|
||||||
|
|
||||||
arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert,
|
arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
|
||||||
"-no_nonce", "-sha256", "-text" ]
|
"-cert", cert, "-no_nonce", "-text" ]
|
||||||
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
|
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
|
||||||
stderr=subprocess.PIPE)
|
stderr=subprocess.PIPE)
|
||||||
res = cmd.stdout.read() + "\n" + cmd.stderr.read()
|
res = cmd.stdout.read() + "\n" + cmd.stderr.read()
|
||||||
cmd.stdout.close()
|
cmd.stdout.close()
|
||||||
cmd.stderr.close()
|
cmd.stderr.close()
|
||||||
|
cmd.wait()
|
||||||
|
if cmd.returncode != 0:
|
||||||
|
raise Exception("bad return code from openssl ocsp\n\n" + res)
|
||||||
logger.info("OCSP request:\n" + res)
|
logger.info("OCSP request:\n" + res)
|
||||||
|
|
||||||
fd, fn = tempfile.mkstemp()
|
fd, fn = tempfile.mkstemp()
|
||||||
|
@ -4132,6 +4142,9 @@ def ica_ocsp(cert):
|
||||||
res = cmd.stdout.read() + "\n" + cmd.stderr.read()
|
res = cmd.stdout.read() + "\n" + cmd.stderr.read()
|
||||||
cmd.stdout.close()
|
cmd.stdout.close()
|
||||||
cmd.stderr.close()
|
cmd.stderr.close()
|
||||||
|
cmd.wait()
|
||||||
|
if cmd.returncode != 0:
|
||||||
|
raise Exception("bad return code from openssl ocsp\n\n" + res)
|
||||||
logger.info("OCSP response:\n" + res)
|
logger.info("OCSP response:\n" + res)
|
||||||
os.unlink(fn2)
|
os.unlink(fn2)
|
||||||
return fn
|
return fn
|
||||||
|
|
Loading…
Reference in a new issue