def test_801_002(self):
md = TestStapling.mdA
TestStapling.configure_httpd(md, ssl_stapling=True).install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
#
# turn stapling on, wait for it to appear in connections
TestStapling.configure_httpd(md, "MDStapling on",
ssl_stapling=True).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(md)
assert stat["stapling"]
assert stat["cert"]["ocsp"]["status"] == "good"
assert stat["cert"]["ocsp"]["valid"]
#
# turn stapling off (explicitly) again, should disappear
TestStapling.configure_httpd(md, "MDStapling off",
ssl_stapling=True).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
def test_801_008(self):
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
conf = TestStapling.configure_httpd()
conf.add_line("MDStapling on")
conf.start_vhost(md)
conf.add_line("""
SSLCertificateKeyFile %s
SSLCertificateFile %s
""" % (TestEnv.store_domain_file(
md, 'privkey.pem'), TestEnv.store_domain_file(md, 'pubcert.pem')))
conf.end_vhost()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', 'other')
files = os.listdir(dir)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dir, name)
assert ocsp_file
def test_801_004(self):
mdA = TestStapling.mdA
mdB = TestStapling.mdB
conf = TestStapling.configure_httpd(ssl_stapling=True)
conf.add_line("""
<MDomain %s>
MDStapling on
</MDomain>
<MDomain %s>
</MDomain>
""" % (mdA, mdB))
conf.add_vhost(mdA)
conf.add_vhost(mdB)
conf.install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
# mdA has stapling
stat = TestEnv.await_ocsp_status(mdA)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(mdA)
assert stat["stapling"]
assert stat["cert"]["ocsp"]["status"] == "good"
assert stat["cert"]["ocsp"]["valid"]
# mdB has no md stapling, but mod_ssl kicks in
stat = TestEnv.get_ocsp_status(mdB)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(mdB)
assert not stat["stapling"]
def test_801_005(self):
# TODO: mod_watchdog seems to have problems sometimes with fast restarts
# stopping first works.
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
TestStapling.configure_httpd(md, "MDStapling on").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', md)
files = os.listdir(dir)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dir, name)
assert ocsp_file
mtime1 = os.path.getmtime(ocsp_file)
# wait a sec, restart and check that file does not change
time.sleep(1)
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
mtime2 = os.path.getmtime(ocsp_file)
assert mtime1 == mtime2
# configure a keep time of 1 second, restart, the file is gone
# (which is a side effec that we load it before the cleanup removes it.
# since it was valid, no new one needed fetching
TestStapling.configure_httpd(
md, """
MDStapling on
MDStaplingKeepResponse 1s
""").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert not os.path.exists(ocsp_file)
# if we restart again, a new file needs to appear
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
mtime3 = os.path.getmtime(ocsp_file)
assert mtime1 != mtime3
def test_801_006(self):
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
TestStapling.configure_httpd(md, "MDStapling on").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', md)
files = os.listdir(dir)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dir, name)
assert ocsp_file
mtime1 = os.path.getmtime(ocsp_file)
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
# wait a sec, restart and check that file does not change
time.sleep(1)
mtime2 = os.path.getmtime(ocsp_file)
assert mtime1 == mtime2
# configure a renew window of 10 days, restart, larger than any life time.
TestStapling.configure_httpd(
md, """
MDStapling on
MDStaplingRenewWindow 10d
""").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
# wait a sec, restart and check that file does change
time.sleep(1)
mtime3 = os.path.getmtime(ocsp_file)
assert mtime1 != mtime3
def test_901_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_line("MDStapling on")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
stat = TestEnv.await_ocsp_status(domain)
assert os.path.isfile(self.mlog)
nlines = open(self.mlog).readlines()
assert 2 == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
assert ("['%s', '%s', 'ocsp-renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[1].strip()
