When executing ./start.sh with OpenSSL 1.1.0f, an OCSP operation fails.
Put "-sha256" ahead of "-serial" to fix this.
~# openssl version
OpenSSL 1.1.0f 25 May 2017
~# openssl ocsp -reqout /lkp/benchmarks/hwsim/tests/hwsim/logs/current/ocsp-req.der -issuer /lkp/benchmarks/hwsim/tests/hwsim/auth_serv/ca.pem -serial 0xD8D3E3A6CBE3CD12 -no_nonce -sha256
ocsp: Digest must be before -cert or -serial
ocsp: Use -help for summary.
~# openssl ocsp -reqout /lkp/benchmarks/hwsim/tests/hwsim/logs/current/ocsp-req.der -issuer /lkp/benchmarks/hwsim/tests/hwsim/auth_serv/ca.pem -sha256 -serial 0xD8D3E3A6CBE3CD12 -no_nonce
Signed-off-by: leishaoting <leist.fnst@cn.fujitsu.com>
mac80211_hwsim module typically dumps a lot of details into the kernel
message buffer. While it's probably okay in a dedicated VM, it's way too
chatty in other setups.
The kernel allows fine-tuning logging via the dynamic debugging
facility. Let's enable all logging locations in the mac80211_hwsim
module so that we don't loose debugging output when the kernel adopts
the dynamic debug mechanism for the driver.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. In addition, add a shell script (update.sh) and the
needed CA files to automate this full update process.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the run_tshark() operations more reliable while still
allowing to reduce the extra wait by forcing wlantest to flush the
packets to the pcapng file.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify OCSP stapling response that is signed by the CA rather than a
separate OCSP responder. In addition, verify that invalid signer
certificate (missing OCSP delegation) gets rejected.
Signed-off-by: Jouni Malinen <j@w1.fi>
Remove the duplicated -ddKt command line argument to avoid setting
hostapd debug level to EXCESSIVE.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This increases testing coverage for OCSP processing by confirming that
valid OCSP response showing revoked certificate status prevents
successful handshake completion. In addition, unknown certificate status
is verified to prevent connection if OCSP is required and allow
connection if OCSP is optional.
Signed-off-by: Jouni Malinen <j@w1.fi>
GnuTLS has a hardcoded three day limit on OCSP response age regardless
of the next update value in the response. To make this work in the test
scripts, try to generate a new response when starting the authentication
server. The old mechanism of a response without next update value is
used as a backup option if openssl is not available or fails to generate
the response for some reason.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows automated testing of the wpa_supplicant D-Bus interface. The
instance controlling wlan0 registers with D-Bus if dbus-daemon was
started successfully. This is only used in VM testing, i.e., not when
run-tests.sh is used on the host system with D-Bus running for normal
system purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the separate builds to not include
wpa_cli/hostapd_cli in the default location. Make sure hostapd_cli gets
built for --codecov cases and update both WPACLI and HAPDCLI paths to
match the alternative location.
Signed-off-by: Jouni Malinen <j@w1.fi>
Large number of test cases will fail if hostapd fails to start as the
RADIUS server. To make this more obvious, verify that the RADIUS server
instance is running and do not even start test execution if the setup if
not work properly.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to wait for one extra second to chown log files when
running as root which is always the case in VM execution.
Signed-off-by: Jouni Malinen <j@w1.fi>
The results for these are not currently verified, but this allows
--codecov runs to get more coverage for the command line argument
parsers.
Signed-off-by: Jouni Malinen <j@w1.fi>
When loading the hwsim module, disable support_p2p_device by default.
This will also become the default in the kernel, but until then it
makes sure it's not turned on by default.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add an option to run-all.sh and start.sh to get as an argument the
number of concurrent channels that mac80211_hwsim will be loaded with.
To start mac80211_hwsim with more than one channel, the following
parameter should be added to command line: channels=<num_channels>
The default is one channel (no concurrent channels).
The driver should be loaded with multi channel support in order to run
some tests.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Previously, only hostapd-AP and wpa_supplicant processed were run under
valgrind when valgrind testing was enabled. Extend this to include
hostapd as authentication server.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend EAP-SIM/AKA/AKA' test coverage by setting up another
authentication server instance to store dynamic SIM/AKA/AKA' information
into an SQLite database. This allows the stored reauth/pseudonym data to
be modified on the server side and by doing so, allows testing fallback
from reauth to pseudonym/permanent identity.
Signed-off-by: Jouni Malinen <j@w1.fi>
Fix updating of the current symbolic link when LOGDIR is already set.
The current symbolic link was only set, if LOGDIR has not been
previously defined. If the user had chosen to cancel the running test
iteration and run it again by running start.sh again, the current
symbolic link was not updated.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Enable hostapd control interface for the RADIUS server instance and
verify that the RADIUS server MIB counters are incremented.
Signed-off-by: Jouni Malinen <j@w1.fi>
This improves accuracy of the code coverage reports with hostapd-as-AS
and hlr_auc_gw getting analyzed separately.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a more robust design for collecting the gcov logs from the case
where test cases are run within a virtual machine. This generates a
writable-from-vm build tree for each component separately so that the
lcov and gcov can easily find the matching source code and data files.
In addition, prepare the reports automatically at the end of the
vm-run.sh --codecov execution.
Signed-hostap: Jouni Malinen <j@w1.fi>
These were not really used in practice and better quality test cases for
concurrent P2P operations are now available in tests_p2p_concurrency.py
using the standard test framework design. Remove the special concurrent
option for start.sh and the run-all.sh concurrent and
concurrent-valgrind operations to clean up scripts.
Signed-hostap: Jouni Malinen <j@w1.fi>
LOGDIR directory is created automatically if LOGDIR variable was not
set. If the variable is set, that directory is expected to exist.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_supplicant configuration files had a hardcoded GROUP=admin. The
start.sh script failed on a system without admin group (some systems
have it named adm).
Generate configuration files with appropriate GROUP in the log dir
and use them.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
This allows run-tests.py to use the same logs/<date> default logdir as
start.sh which is quite convenient for manual test runs.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to run a separate tcpdump process to capture frames
from hwsim0 since wlantest is already doing that can write the results
to a file.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If running in a VM with the logs going to a host filesystem
chown isn't actually possible, silence any warnings from it.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Instead of logging many files called "<timestamp>-*", log into
a new "<timestamp>/*" in the logs/ subdirectory and only put
the last-debug file into logs/. If a LOGDIR is specified in the
environment, instead just put everything into that directory
(so the caller should make sure to give it a timestamp or so)
and skip the creation of last-debug entirely.
Also clean up a bit and pass the LOGDIR from run-all.sh to
start.sh rather than having start.sh create the timestamp and
run-all.sh detect the latest one when having run start.sh.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Just like wpa_supplicant, give hostapd the -T option to
send all debug messages into the Linux tracing buffer.
Enable this option for hwsim test builds by default.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Instead of hard-coding four different cases, use variables
(and printf) to reduce the duplication.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Instead of hardcoding logs/, allow putting LOGDIR into
the environment. This helps run tests in a VM where the
rootfs might be mounted read-only.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>