[PATCH] tests: ocsp: fix openssl command, check for errors

Jouni Malinen j at w1.fi
Tue May 9 11:28:07 PDT 2017

On Tue, Apr 18, 2017 at 09:18:14PM +0200, Johannes Berg wrote:
> Fix the openssl ocsp command line and check if it returns
> an error - so that instead of having something unusable
> later we error out immediately.
> This still doesn't get the test to pass for me, but at
> least openssl is no longer complaining.

This breaks ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked ("Unexpected
EAP-Success") and
ap_wpa2_eap_tls_intermediate_ca_ocsp ("Connection timed out") for me.

> diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
> @@ -4078,13 +4078,17 @@ def root_ocsp(cert):
> -    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert,
> -            "-no_nonce", "-sha256", "-text" ]
> +    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
> +            "-cert", cert, "-no_nonce", "-text" ]

What does this fix? This moves the command line arguments "-sha256" to
be earlier, but the man page for openssl ocsp shows the hash algorithm
arguments to be at the end.. What did openssl complain for you and which
version of openssl is that?

Interestingly, I do see a difference here, i.e., the location of the
-sha256 argument does indeed change behavior for me. The current script
ends up using SHA-1 instead of SHA-256 which was the purpose and your
change does indeed make it use SHA-256. However, that does not remove
anyh warning of error message from openssl for me.

The fact that the test fails then is problematic, though..

> @@ -4111,13 +4118,16 @@ def ica_ocsp(cert):
> -    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert,
> -            "-no_nonce", "-sha256", "-text" ]
> +    arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-sha256",
> +            "-cert", cert, "-no_nonce", "-text" ]

And obviously the same here..

It looks like OpenSSL is rejecting the OCSP response in the SHA-256 case
("bad certificate status response"). Interestingly, the internal TLS
implementation in hostap.git does pass the test cases with the SHA-256
case as well.

Or to be more exact, the tls_openssl.c code in wpa_supplicant is failing
to find the current server certificate from the OCSP response when
SHA-256 hash is used instead of SHA-1. Looks like this is due to the
OCSP_cert_to_id() use there with NULL dgst argument. Hmph.. I guess that
needs to loop over different hash algorithms to make this more generic.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list