def test_801_002(self): md = TestStapling.mdA TestStapling.configure_httpd(md, ssl_stapling=True).install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md) assert not stat["stapling"] # # turn stapling on, wait for it to appear in connections TestStapling.configure_httpd(md, "MDStapling on", ssl_stapling=True).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(md) assert stat["stapling"] assert stat["cert"]["ocsp"]["status"] == "good" assert stat["cert"]["ocsp"]["valid"] # # turn stapling off (explicitly) again, should disappear TestStapling.configure_httpd(md, "MDStapling off", ssl_stapling=True).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md) assert not stat["stapling"]
def test_801_008(self): assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA conf = TestStapling.configure_httpd() conf.add_line("MDStapling on") conf.start_vhost(md) conf.add_line(""" SSLCertificateKeyFile %s SSLCertificateFile %s """ % (TestEnv.store_domain_file( md, 'privkey.pem'), TestEnv.store_domain_file(md, 'pubcert.pem'))) conf.end_vhost() conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', 'other') files = os.listdir(dir) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dir, name) assert ocsp_file
def test_801_004(self): mdA = TestStapling.mdA mdB = TestStapling.mdB conf = TestStapling.configure_httpd(ssl_stapling=True) conf.add_line(""" <MDomain %s> MDStapling on </MDomain> <MDomain %s> </MDomain> """ % (mdA, mdB)) conf.add_vhost(mdA) conf.add_vhost(mdB) conf.install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 # mdA has stapling stat = TestEnv.await_ocsp_status(mdA) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(mdA) assert stat["stapling"] assert stat["cert"]["ocsp"]["status"] == "good" assert stat["cert"]["ocsp"]["valid"] # mdB has no md stapling, but mod_ssl kicks in stat = TestEnv.get_ocsp_status(mdB) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(mdB) assert not stat["stapling"]
def test_801_005(self): # TODO: mod_watchdog seems to have problems sometimes with fast restarts # stopping first works. assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA TestStapling.configure_httpd(md, "MDStapling on").install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', md) files = os.listdir(dir) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dir, name) assert ocsp_file mtime1 = os.path.getmtime(ocsp_file) # wait a sec, restart and check that file does not change time.sleep(1) assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" mtime2 = os.path.getmtime(ocsp_file) assert mtime1 == mtime2 # configure a keep time of 1 second, restart, the file is gone # (which is a side effec that we load it before the cleanup removes it. # since it was valid, no new one needed fetching TestStapling.configure_httpd( md, """ MDStapling on MDStaplingKeepResponse 1s """).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert not os.path.exists(ocsp_file) # if we restart again, a new file needs to appear assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" mtime3 = os.path.getmtime(ocsp_file) assert mtime1 != mtime3
def test_801_006(self): assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA TestStapling.configure_httpd(md, "MDStapling on").install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', md) files = os.listdir(dir) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dir, name) assert ocsp_file mtime1 = os.path.getmtime(ocsp_file) assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" # wait a sec, restart and check that file does not change time.sleep(1) mtime2 = os.path.getmtime(ocsp_file) assert mtime1 == mtime2 # configure a renew window of 10 days, restart, larger than any life time. TestStapling.configure_httpd( md, """ MDStapling on MDStaplingRenewWindow 10d """).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" # wait a sec, restart and check that file does change time.sleep(1) mtime3 = os.path.getmtime(ocsp_file) assert mtime1 != mtime3
def test_901_020(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_drive_mode("auto") conf.add_md(domains) conf.add_line("MDStapling on") conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) stat = TestEnv.await_ocsp_status(domain) assert os.path.isfile(self.mlog) nlines = open(self.mlog).readlines() assert 2 == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() assert ("['%s', '%s', 'ocsp-renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[1].strip()