def test_801_002(self):
md = TestStapling.mdA
TestStapling.configure_httpd(md, ssl_stapling=True).install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
#
# turn stapling on, wait for it to appear in connections
TestStapling.configure_httpd(md, "MDStapling on",
ssl_stapling=True).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(md)
assert stat["stapling"]
pkey = 'rsa'
assert stat["cert"][pkey]["ocsp"]["status"] == "good"
assert stat["cert"][pkey]["ocsp"]["valid"]
#
# turn stapling off (explicitly) again, should disappear
TestStapling.configure_httpd(md, "MDStapling off",
ssl_stapling=True).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
def test_801_001(self):
md = TestStapling.mdA
TestStapling.configure_httpd(md).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
#
# turn stapling on, wait for it to appear in connections
TestStapling.configure_httpd(
md, """
MDStapling on
LogLevel md:trace5
""").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(md)
assert stat["stapling"]
assert stat["cert"]["ocsp"]["status"] == "good"
assert stat["cert"]["ocsp"]["valid"]
#
# turn stapling off (explicitly) again, should disappear
TestStapling.configure_httpd(md, "MDStapling off").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
def test_800_004(self):
domain = TestMustStaple.domain
# mod_ssl stapling is off, expect no stapling
stat = TestEnv.get_ocsp_status(domain)
assert stat['ocsp'] == "no response sent"
# turn mod_ssl stapling on, expect an answer
domain = TestMustStaple.configure_httpd(
domain, """
LogLevel ssl:trace2
SSLUseStapling On
SSLStaplingCache \"shmcb:logs/ssl_stapling(32768)\"
""")
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(domain)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
def test_801_009(self):
assert TestEnv.apache_stop() == 0
md = TestStapling.mdA
domains = [md]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009')
# cert that is 30 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -60,
"notAfter": 30
},
serial=801009,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % cert_file)
conf.add_line("MDCertificateKeyFile %s" % pkey_file)
conf.add_line("MDStapling on")
conf.end_md()
conf.add_vhost(md)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
def test_801_004(self):
md_a = TestStapling.mdA
md_b = TestStapling.mdB
conf = TestStapling.configure_httpd(ssl_stapling=True)
conf.add_line("""
<MDomain %s>
MDStapling on
</MDomain>
<MDomain %s>
</MDomain>
""" % (md_a, md_b))
conf.add_vhost(md_a)
conf.add_vhost(md_b)
conf.install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
# mdA has stapling
stat = TestEnv.await_ocsp_status(md_a)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(md_a)
assert stat["stapling"]
pkey = 'rsa'
assert stat["cert"][pkey]["ocsp"]["status"] == "good"
assert stat["cert"][pkey]["ocsp"]["valid"]
# mdB has no md stapling, but mod_ssl kicks in
stat = TestEnv.get_ocsp_status(md_b)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md_b)
assert not stat["stapling"]
def test_801_003(self):
mdA = TestStapling.mdA
mdB = TestStapling.mdB
conf = TestStapling.configure_httpd()
conf.add_line("""
<MDomain %s>
MDStapling on
</MDomain>
<MDomain %s>
</MDomain>
""" % (mdA, mdB))
conf.add_vhost(mdA)
conf.add_vhost(mdB)
conf.install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
# mdA has stapling
stat = TestEnv.await_ocsp_status(mdA)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(mdA)
assert stat["stapling"]
assert stat["cert"]["ocsp"]["status"] == "good"
assert stat["cert"]["ocsp"]["valid"]
# mdB has no stapling
stat = TestEnv.get_ocsp_status(mdB)
assert stat['ocsp'] == "no response sent"
stat = TestEnv.get_md_status(mdB)
assert not stat["stapling"]
def test_800_002(self):
domain = TestMustStaple.domain
TestMustStaple.configure_httpd(domain, "MDMustStaple off")
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert not cert1.get_must_staple()
stat = TestEnv.get_ocsp_status(domain)
assert stat['ocsp'] == "no response sent"
