sslconnect_test.sh script does an end-to-end test for the CT log.
- creating a server certificate
- sending the certificate to the log server
- receiving a log proof
- setting up Apache to serve the certificate and the log proof
- verifying the log proof.
sslconnect_test.sh, you will need to do the following:
Compile the CT log server and client libraries, following the instructions in the top-level README.
Install Apache, which is needed to run a test SSL server; on Debian based systems installing the
apache2package should suffice. You may also need to modify
httpd-local.conf; see the
httpd-common.conffile for tips. (Historical instructions for building CT support into Apache are no longer necessary, as Apache now includes support.)
./sslconnect_test.sh. This will initially run client regression tests with existing certificates. Next, it will generate fresh test certificates and test:
- the submission of certificates and precertificates to the log server
- the retrieval of initial Signed Certificate Timestamps
- serving Signed Certificate Timestamps in a TLS handshake
- retrieving audit proofs for those SCTs from the log server.
The final output from the tests should be something like:
PASSED 38 tests FAILED 0 tests