tests: Fix openssl ocsp command and check for errors

Fix the openssl ocsp command line and check if it returns an error - so
that instead of having something unusable later we error out
immediately. Moving the -sha256 argument earlier fixes hash function use
for the OCSP request generation (the old version used SHA-1).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg 2017-04-18 21:18:14 +02:00 committed by Jouni Malinen
parent 85cff4b0d8
commit d40d959e48

View file

@ -4078,13 +4078,17 @@ def root_ocsp(cert):
fd2, fn2 = tempfile.mkstemp() fd2, fn2 = tempfile.mkstemp()
os.close(fd2) os.close(fd2)
arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert, arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
"-no_nonce", "-sha256", "-text" ] "-cert", cert, "-no_nonce", "-text" ]
logger.info(' '.join(arg))
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE, cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
stderr=subprocess.PIPE) stderr=subprocess.PIPE)
res = cmd.stdout.read() + "\n" + cmd.stderr.read() res = cmd.stdout.read() + "\n" + cmd.stderr.read()
cmd.stdout.close() cmd.stdout.close()
cmd.stderr.close() cmd.stderr.close()
cmd.wait()
if cmd.returncode != 0:
raise Exception("bad return code from openssl ocsp\n\n" + res)
logger.info("OCSP request:\n" + res) logger.info("OCSP request:\n" + res)
fd, fn = tempfile.mkstemp() fd, fn = tempfile.mkstemp()
@ -4099,6 +4103,9 @@ def root_ocsp(cert):
res = cmd.stdout.read() + "\n" + cmd.stderr.read() res = cmd.stdout.read() + "\n" + cmd.stderr.read()
cmd.stdout.close() cmd.stdout.close()
cmd.stderr.close() cmd.stderr.close()
cmd.wait()
if cmd.returncode != 0:
raise Exception("bad return code from openssl ocsp\n\n" + res)
logger.info("OCSP response:\n" + res) logger.info("OCSP response:\n" + res)
os.unlink(fn2) os.unlink(fn2)
return fn return fn
@ -4111,13 +4118,16 @@ def ica_ocsp(cert):
fd2, fn2 = tempfile.mkstemp() fd2, fn2 = tempfile.mkstemp()
os.close(fd2) os.close(fd2)
arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert, arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
"-no_nonce", "-sha256", "-text" ] "-cert", cert, "-no_nonce", "-text" ]
cmd = subprocess.Popen(arg, stdout=subprocess.PIPE, cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
stderr=subprocess.PIPE) stderr=subprocess.PIPE)
res = cmd.stdout.read() + "\n" + cmd.stderr.read() res = cmd.stdout.read() + "\n" + cmd.stderr.read()
cmd.stdout.close() cmd.stdout.close()
cmd.stderr.close() cmd.stderr.close()
cmd.wait()
if cmd.returncode != 0:
raise Exception("bad return code from openssl ocsp\n\n" + res)
logger.info("OCSP request:\n" + res) logger.info("OCSP request:\n" + res)
fd, fn = tempfile.mkstemp() fd, fn = tempfile.mkstemp()
@ -4132,6 +4142,9 @@ def ica_ocsp(cert):
res = cmd.stdout.read() + "\n" + cmd.stderr.read() res = cmd.stdout.read() + "\n" + cmd.stderr.read()
cmd.stdout.close() cmd.stdout.close()
cmd.stderr.close() cmd.stderr.close()
cmd.wait()
if cmd.returncode != 0:
raise Exception("bad return code from openssl ocsp\n\n" + res)
logger.info("OCSP response:\n" + res) logger.info("OCSP response:\n" + res)
os.unlink(fn2) os.unlink(fn2)
return fn return fn