-
-
Notifications
You must be signed in to change notification settings - Fork 10.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chunk 12 of CMP contribution to OpenSSL: CLI-based test #11998
Conversation
Can we have the Perl module So far I'm using the |
The Travis s390x build keeps timing out after 50 minutes; everything else works fine. |
fbb7656
to
eaf5950
Compare
Again my question: So I had to restrict these sort of tests to Unix-like systems, where the shell ampersand operator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the preferred way of launching a test server to run in parallel to a client and shutting it down at the end of the test?
We do this in util/perl/TLSProxy.pm where we start instances of s_server and s_client and get them to talk to each other. You might like to take a look how it is done there.
…k_update() Bugfix: allow using extraCerts contained in msg already while checking signature Improve function name, simplify its return value, and update its documentation
Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c
as checking expected_sender and adding caPubs is not part of msg validation. Also constify a couple of internal and public functions related to cmp_vfy.c
… request template
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests.
eaf5950
to
d72364e
Compare
Thanks @mattcaswell for your yesterday's review comments! |
Thanks @mattcaswell for this hint. With the Perl module
As mentioned above, since unfortunately Would this be acceptable for the time being, |
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
…g numbers Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
…ate_msg() Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
…k_update() Bugfix: allow using extraCerts contained in msg already while checking signature Improve function name, simplify its return value, and update its documentation Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
…ted sender Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
as checking expected_sender and adding caPubs is not part of msg validation. Also constify a couple of internal and public functions related to cmp_vfy.c Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
… request template Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #11998)
Merged - thanks @mattcaswell! |
@DDvO I am seeing this error compiling with
|
@romen, I've been able to reproduce this, having configured with Among others, I've improved the range checking. A too large
|
Finally the last chunk of the CMP contribution,
adding numerous tests run via the
cmp
app.These tests address all previous contribution chunks:
cmp
app, contributed in chunk 11: Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface #11470.For part of the test cases the CMP client side is sufficient,
while many tests naturally also require a CMP server.
Therefore we made sure that our contribution contains
a simple CMP server that is sufficient for testing purposes.
The test bed is sufficiently flexible to support addressing also externals servers.
Throughout our development we have been testing against various EJBCA instances,
the Demo CA of the Insta Certifier, and Siemens-internal prototype RA implementations.
While updating and consolidating the many test cases that we have compiled earlier
I came across various issues mostly with the CMP code contributed so far but also
with the internal app library. So this PR also contains commits implementing fixes for
those as far as needed for successfully running all the CMP tests added in this PR.
The high number of lines added by the last commit is mostly due to large test data files.
Checklist