Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tests: Fix openssl ocsp command and check for errors

Fix the openssl ocsp command line and check if it returns an error - so
that instead of having something unusable later we error out
immediately. Moving the -sha256 argument earlier fixes hash function use
for the OCSP request generation (the old version used SHA-1).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg 8 years ago
parent
85cff4b0d8
commit
d40d959e48
1 changed files with 17 additions and 4 deletions
Split View Show Diff Stats
  1. 17 4
      tests/hwsim/test_ap_eap.py

+ 17 - 4
tests/hwsim/test_ap_eap.py
View File 

@@ -4078,13 +4078,17 @@ def root_ocsp(cert):
 
     fd2, fn2 = tempfile.mkstemp()
 
     os.close(fd2)
 
 
-    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert,
 
-            "-no_nonce", "-sha256", "-text" ]
 
+    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
 
+            "-cert", cert, "-no_nonce", "-text" ]
 
+    logger.info(' '.join(arg))
 
     cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
 
                            stderr=subprocess.PIPE)
 
     res = cmd.stdout.read() + "\n" + cmd.stderr.read()
 
     cmd.stdout.close()
 
     cmd.stderr.close()
 
+    cmd.wait()
 
+    if cmd.returncode != 0:
 
+        raise Exception("bad return code from openssl ocsp\n\n" + res)
 
     logger.info("OCSP request:\n" + res)
 
 
     fd, fn = tempfile.mkstemp()
 
@@ -4099,6 +4103,9 @@ def root_ocsp(cert):
 
     res = cmd.stdout.read() + "\n" + cmd.stderr.read()
 
     cmd.stdout.close()
 
     cmd.stderr.close()
 
+    cmd.wait()
 
+    if cmd.returncode != 0:
 
+        raise Exception("bad return code from openssl ocsp\n\n" + res)
 
     logger.info("OCSP response:\n" + res)
 
     os.unlink(fn2)
 
     return fn
 
@@ -4111,13 +4118,16 @@ def ica_ocsp(cert):
 
     fd2, fn2 = tempfile.mkstemp()
 
     os.close(fd2)
 
 
-    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert,
 
-            "-no_nonce", "-sha256", "-text" ]
 
+    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
 
+            "-cert", cert, "-no_nonce", "-text" ]
 
     cmd = subprocess.Popen(arg, stdout=subprocess.PIPE,
 
                            stderr=subprocess.PIPE)
 
     res = cmd.stdout.read() + "\n" + cmd.stderr.read()
 
     cmd.stdout.close()
 
     cmd.stderr.close()
 
+    cmd.wait()
 
+    if cmd.returncode != 0:
 
+        raise Exception("bad return code from openssl ocsp\n\n" + res)
 
     logger.info("OCSP request:\n" + res)
 
 
     fd, fn = tempfile.mkstemp()
 
@@ -4132,6 +4142,9 @@ def ica_ocsp(cert):
 
     res = cmd.stdout.read() + "\n" + cmd.stderr.read()
 
     cmd.stdout.close()
 
     cmd.stderr.close()
 
+    cmd.wait()
 
+    if cmd.returncode != 0:
 
+        raise Exception("bad return code from openssl ocsp\n\n" + res)
 
     logger.info("OCSP response:\n" + res)
 
     os.unlink(fn2)
 
     return fn