Update code to v1.0.14 (10)

android/extern/wolfssl/scripts/ocsp.test

@@ -0,0 +1,105 @@
+#!/bin/sh
+
+# ocsp.test
+
+# Note, this script makes connection(s) to the public Internet.
+
+SCRIPT_DIR="$(dirname "$0")"
+
+server=www.globalsign.com
+ca=certs/external/ca-globalsign-root.pem
+
+[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \
+                                  && exit 1
+
+if ! ./examples/client/client -V | grep -q 3; then
+    echo 'skipping ocsp.test because TLS1.2 is not available.' 1>&2
+    exit 77
+fi
+
+GL_UNREACHABLE=0
+# Global Sign now requires server name indication extension to work, check
+# enabled prior to testing
+OUTPUT=$(eval "./examples/client/client -S check")
+if [ "$OUTPUT" = "SNI is: ON" ]; then
+    printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test"
+
+    if [ "$AM_BWRAPPED" != "yes" ]; then
+        # is our desired server there?
+        "${SCRIPT_DIR}/ping.test" $server 2
+        RESULT=$?
+        if [ $RESULT -ne 0 ]; then
+            GL_UNREACHABLE=1
+        fi
+    else
+        RESULT=0
+    fi
+
+    if [ $RESULT -eq 0 ]; then
+        # client test against the server
+        echo "./examples/client/client -X -C -h $server -p 443 -A \"$ca\" -g -o -N -v d -S $server"
+        ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server
+        GL_RESULT=$?
+        [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
+    else
+        GL_RESULT=1
+    fi
+else
+    printf '\n\n%s\n\n' "SNI disabled, skipping globalsign test"
+    GL_RESULT=0
+fi
+
+server=www.google.com
+ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem
+
+if [ "$AM_BWRAPPED" != "yes" ]; then
+    # is our desired server there?
+    ${SCRIPT_DIR}/ping.test $server 2
+    RESULT=$?
+else
+    RESULT=0
+fi
+
+if [ $RESULT -eq 0 ]; then
+    # client test against the server
+    echo "./examples/client/client -X -C -h $server -p 443 -A \"$ca\" -g -o -N"
+    ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N
+    GR_RESULT=$?
+    [ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
+else
+    GR_RESULT=1
+fi
+
+if test -n "$WOLFSSL_OCSP_TEST"; then
+    # check that both passed
+    if [ $GL_RESULT -eq 0 ] && [ $GR_RESULT -eq 0 ]; then
+        printf '\n\n%s\n' "Both OCSP connection to globalsign and google passed"
+        printf '%s\n' "Test Passed!"
+        exit 0
+    elif [ $GL_UNREACHABLE -eq 1 ] && [ $GR_RESULT -eq 0 ]; then
+         printf '%s\n' "Global Sign is currently unreachable. Logging it but if"
+         printf '%s\n' "this continues to occur should be investigated"
+        exit 0
+    else
+        # Unlike other environment variables the intent of WOLFSSL_OCSP_TEST
+        # is to indicate a requirement for both tests to pass. If variable is
+        # set and either tests fail then whole case fails. Do not set the
+        # variable if either case passing is to be considered a success.
+        printf '\n\n%s\n' "One of the OCSP connections to either globalsign or"
+        printf '%s\n' "google failed, however since WOLFSSL_OCSP_TEST is set"
+        printf '%s\n' "the test is considered to have failed"
+        printf '%s\n' "Test Failed!"
+        exit 1
+    fi
+else
+    # if environment variable is not set then just need one to pass
+    if [ $GL_RESULT -ne 0 ] && [ $GR_RESULT -ne 0 ]; then
+        printf '\n\n%s\n' "Both OCSP connection to globalsign and google failed"
+        printf '%s\n' "Test Failed!"
+        exit 1
+    else
+        printf '\n\n%s\n' "WOLFSSL_OCSP_TEST NOT set, and 1 of the tests passed"
+        printf '%s\n' "Test Passed!"
+        exit 0
+    fi
+fi