def test_801_002(self): md = TestStapling.mdA TestStapling.configure_httpd(md, ssl_stapling=True).install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md) assert not stat["stapling"] # # turn stapling on, wait for it to appear in connections TestStapling.configure_httpd(md, "MDStapling on", ssl_stapling=True).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(md) assert stat["stapling"] pkey = 'rsa' assert stat["cert"][pkey]["ocsp"]["status"] == "good" assert stat["cert"][pkey]["ocsp"]["valid"] # # turn stapling off (explicitly) again, should disappear TestStapling.configure_httpd(md, "MDStapling off", ssl_stapling=True).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md) assert not stat["stapling"]
def test_801_001(self): md = TestStapling.mdA TestStapling.configure_httpd(md).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "no response sent" stat = TestEnv.get_md_status(md) assert not stat["stapling"] # # turn stapling on, wait for it to appear in connections TestStapling.configure_httpd( md, """ MDStapling on LogLevel md:trace5 """).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(md) assert stat["stapling"] assert stat["cert"]["ocsp"]["status"] == "good" assert stat["cert"]["ocsp"]["valid"] # # turn stapling off (explicitly) again, should disappear TestStapling.configure_httpd(md, "MDStapling off").install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "no response sent" stat = TestEnv.get_md_status(md) assert not stat["stapling"]
def test_800_004(self): domain = TestMustStaple.domain # mod_ssl stapling is off, expect no stapling stat = TestEnv.get_ocsp_status(domain) assert stat['ocsp'] == "no response sent" # turn mod_ssl stapling on, expect an answer domain = TestMustStaple.configure_httpd( domain, """ LogLevel ssl:trace2 SSLUseStapling On SSLStaplingCache \"shmcb:logs/ssl_stapling(32768)\" """) assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(domain) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)"
def test_801_009(self): assert TestEnv.apache_stop() == 0 md = TestStapling.mdA domains = [md] testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009') # cert that is 30 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -60, "notAfter": 30 }, serial=801009, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % cert_file) conf.add_line("MDCertificateKeyFile %s" % pkey_file) conf.add_line("MDStapling on") conf.end_md() conf.add_vhost(md) conf.install() assert TestEnv.apache_restart() == 0 time.sleep(1) stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "no response sent"
def test_801_004(self): md_a = TestStapling.mdA md_b = TestStapling.mdB conf = TestStapling.configure_httpd(ssl_stapling=True) conf.add_line(""" <MDomain %s> MDStapling on </MDomain> <MDomain %s> </MDomain> """ % (md_a, md_b)) conf.add_vhost(md_a) conf.add_vhost(md_b) conf.install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 # mdA has stapling stat = TestEnv.await_ocsp_status(md_a) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(md_a) assert stat["stapling"] pkey = 'rsa' assert stat["cert"][pkey]["ocsp"]["status"] == "good" assert stat["cert"][pkey]["ocsp"]["valid"] # mdB has no md stapling, but mod_ssl kicks in stat = TestEnv.get_ocsp_status(md_b) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md_b) assert not stat["stapling"]
def test_801_003(self): mdA = TestStapling.mdA mdB = TestStapling.mdB conf = TestStapling.configure_httpd() conf.add_line(""" <MDomain %s> MDStapling on </MDomain> <MDomain %s> </MDomain> """ % (mdA, mdB)) conf.add_vhost(mdA) conf.add_vhost(mdB) conf.install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 # mdA has stapling stat = TestEnv.await_ocsp_status(mdA) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(mdA) assert stat["stapling"] assert stat["cert"]["ocsp"]["status"] == "good" assert stat["cert"]["ocsp"]["valid"] # mdB has no stapling stat = TestEnv.get_ocsp_status(mdB) assert stat['ocsp'] == "no response sent" stat = TestEnv.get_md_status(mdB) assert not stat["stapling"]
def test_800_002(self): domain = TestMustStaple.domain TestMustStaple.configure_httpd(domain, "MDMustStaple off") assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) assert not cert1.get_must_staple() stat = TestEnv.get_ocsp_status(domain) assert stat['ocsp'] == "no response sent"