Skip to content

Commit 34ff9a9

Browse files
julek-wolfssljulek-wolfssl
committed
Better script logging
1 parent d5dcc34 commit 34ff9a9

2 files changed

Lines changed: 82 additions & 17 deletions

File tree

scripts/ocsp-responder-openssl-interop.test

Lines changed: 40 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -71,19 +71,36 @@ generate_port() {
7171
}
7272

7373
resp_pids=""
74+
resp_logs=""
7475

7576
cleanup() {
7677
for p in $resp_pids; do
7778
kill $p 2>/dev/null
7879
wait $p 2>/dev/null
7980
done
81+
# Clean up log files
82+
for log in $resp_logs; do
83+
rm -f "$log" 2>/dev/null
84+
done
8085
}
8186
trap cleanup EXIT INT TERM
8287

8388
tests_run=0
8489
tests_passed=0
8590
tests_failed=0
8691

92+
print_responder_logs() {
93+
echo "--- Responder Logs ---"
94+
for log in $resp_logs; do
95+
if [ -f "$log" ]; then
96+
echo "=== $(basename $log) ==="
97+
tail -50 "$log"
98+
echo
99+
fi
100+
done
101+
echo "----------------------"
102+
}
103+
87104
# query_ocsp ISSUER_CERT CERT_TO_CHECK PORT EXPECTED_STATUS DESCRIPTION
88105
query_ocsp() {
89106
local issuer="$1"
@@ -119,6 +136,7 @@ query_ocsp() {
119136
echo "--- openssl output ---"
120137
echo "$output" | tail -20
121138
echo "----------------------"
139+
print_responder_logs
122140
fi
123141
}
124142

@@ -128,37 +146,49 @@ query_ocsp() {
128146

129147
# Responder 1: intermediate1-ca (server1=valid, server2=revoked)
130148
generate_port; port1=$port
131-
$OCSP_RESPONDER -p $port1 \
149+
log1=$(mktemp /tmp/ocsp_resp1.XXXXXX)
150+
resp_logs="$resp_logs $log1"
151+
$OCSP_RESPONDER -p $port1 -v \
132152
-c $OCSP_DIR/intermediate1-ca-cert.pem \
133153
-k $OCSP_DIR/intermediate1-ca-key.pem \
134-
-i $OCSP_DIR/index-intermediate1-ca-issued-certs.txt &
154+
-i $OCSP_DIR/index-intermediate1-ca-issued-certs.txt \
155+
> "$log1" 2>&1 &
135156
pid1=$!
136157
resp_pids="$resp_pids $pid1"
137158

138159
# Responder 2: intermediate2-ca (server3=valid, server4=revoked)
139160
generate_port; port2=$port
140-
$OCSP_RESPONDER -p $port2 \
161+
log2=$(mktemp /tmp/ocsp_resp2.XXXXXX)
162+
resp_logs="$resp_logs $log2"
163+
$OCSP_RESPONDER -p $port2 -v \
141164
-c $OCSP_DIR/intermediate2-ca-cert.pem \
142165
-k $OCSP_DIR/intermediate2-ca-key.pem \
143-
-i $OCSP_DIR/index-intermediate2-ca-issued-certs.txt &
166+
-i $OCSP_DIR/index-intermediate2-ca-issued-certs.txt \
167+
> "$log2" 2>&1 &
144168
pid2=$!
145169
resp_pids="$resp_pids $pid2"
146170

147171
# Responder 3: intermediate3-ca (server5=valid)
148172
generate_port; port3=$port
149-
$OCSP_RESPONDER -p $port3 \
173+
log3=$(mktemp /tmp/ocsp_resp3.XXXXXX)
174+
resp_logs="$resp_logs $log3"
175+
$OCSP_RESPONDER -p $port3 -v \
150176
-c $OCSP_DIR/intermediate3-ca-cert.pem \
151177
-k $OCSP_DIR/intermediate3-ca-key.pem \
152-
-i $OCSP_DIR/index-intermediate3-ca-issued-certs.txt &
178+
-i $OCSP_DIR/index-intermediate3-ca-issued-certs.txt \
179+
> "$log3" 2>&1 &
153180
pid3=$!
154181
resp_pids="$resp_pids $pid3"
155182

156183
# Responder 4: root-ca (intermediate CAs: 1=valid, 2=valid, 3=revoked)
157184
generate_port; port4=$port
158-
$OCSP_RESPONDER -p $port4 \
185+
log4=$(mktemp /tmp/ocsp_resp4.XXXXXX)
186+
resp_logs="$resp_logs $log4"
187+
$OCSP_RESPONDER -p $port4 -v \
159188
-c $OCSP_DIR/root-ca-cert.pem \
160189
-k $OCSP_DIR/root-ca-key.pem \
161-
-i $OCSP_DIR/index-ca-and-intermediate-cas.txt &
190+
-i $OCSP_DIR/index-ca-and-intermediate-cas.txt \
191+
> "$log4" 2>&1 &
162192
pid4=$!
163193
resp_pids="$resp_pids $pid4"
164194

@@ -297,6 +327,7 @@ else
297327
echo "--- openssl output ---"
298328
echo "$output" | tail -20
299329
echo "----------------------"
330+
print_responder_logs
300331
fi
301332

302333
# Test 2: Multiple requests in one OCSP request (should fail with OCSP error)
@@ -324,6 +355,7 @@ else
324355
echo "--- openssl output ---"
325356
echo "$output" | tail -20
326357
echo "----------------------"
358+
print_responder_logs
327359
fi
328360

329361
echo

scripts/ocsp-stapling-with-wolfssl-responder.test

Lines changed: 42 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,16 @@ printf '%s\n' "ready file 3: $ready_file3"
128128
printf '%s\n' "ready file 4: $ready_file4"
129129
printf '%s\n' "ready file 5: $ready_file5"
130130

131+
# Create temporary log files for responder output
132+
responder_log1=$(mktemp)
133+
responder_log2=$(mktemp)
134+
responder_log3=$(mktemp)
135+
responder_log4=$(mktemp)
136+
printf '%s\n' "responder log 1: $responder_log1"
137+
printf '%s\n' "responder log 2: $responder_log2"
138+
printf '%s\n' "responder log 3: $responder_log3"
139+
printf '%s\n' "responder log 4: $responder_log4"
140+
131141
test_cnf="ocsp_wolf_resp.cnf"
132142

133143
wait_for_readyFile(){
@@ -251,6 +261,29 @@ cleanup()
251261
done
252262
remove_ready_file
253263
rm -f $CERT_DIR/$test_cnf
264+
265+
# Print responder logs on failure
266+
if [ "$exit_status" -ne 0 ]; then
267+
printf '\n\n%s\n' "Test failed, printing responder logs..."
268+
if [ -f "$responder_log1" ]; then
269+
echo "=============== Responder 1 log ==============="
270+
cat "$responder_log1"
271+
fi
272+
if [ -f "$responder_log2" ]; then
273+
echo "=============== Responder 2 log ==============="
274+
cat "$responder_log2"
275+
fi
276+
if [ -f "$responder_log3" ]; then
277+
echo "=============== Responder 3 log ==============="
278+
cat "$responder_log3"
279+
fi
280+
if [ -f "$responder_log4" ]; then
281+
echo "=============== Responder 4 log ==============="
282+
cat "$responder_log4"
283+
fi
284+
fi
285+
286+
rm -f "$responder_log1" "$responder_log2" "$responder_log3" "$responder_log4"
254287
cd "$PARENTDIR" || return 1
255288
rm -r "$WORKSPACE" || return 1
256289

@@ -353,33 +386,33 @@ sleep 0.1
353386
printf '%s\n' "Starting wolfSSL OCSP responders..."
354387

355388
# Responder 1: intermediate1-ca (for server1, server2)
356-
$OCSP_RESPONDER -p $port1 \
389+
$OCSP_RESPONDER -v -p $port1 \
357390
-i certs/ocsp/index-intermediate1-ca-issued-certs.txt \
358391
-c certs/ocsp/intermediate1-ca-cert.pem \
359-
-k certs/ocsp/intermediate1-ca-key.pem &
392+
-k certs/ocsp/intermediate1-ca-key.pem > "$responder_log1" 2>&1 &
360393

361394
# Responder 2: intermediate2-ca (for server3, server4)
362-
$OCSP_RESPONDER -p $port2 \
395+
$OCSP_RESPONDER -v -p $port2 \
363396
-i certs/ocsp/index-intermediate2-ca-issued-certs.txt \
364397
-c certs/ocsp/intermediate2-ca-cert.pem \
365-
-k certs/ocsp/intermediate2-ca-key.pem &
398+
-k certs/ocsp/intermediate2-ca-key.pem > "$responder_log2" 2>&1 &
366399

367400
# Responder 3: intermediate3-ca (for server5)
368-
$OCSP_RESPONDER -p $port3 \
401+
$OCSP_RESPONDER -v -p $port3 \
369402
-i certs/ocsp/index-intermediate3-ca-issued-certs.txt \
370403
-c certs/ocsp/intermediate3-ca-cert.pem \
371-
-k certs/ocsp/intermediate3-ca-key.pem &
404+
-k certs/ocsp/intermediate3-ca-key.pem > "$responder_log3" 2>&1 &
372405

373406
# Responder 4: root-ca (for intermediate CA certs)
374-
$OCSP_RESPONDER -p $port4 \
407+
$OCSP_RESPONDER -v -p $port4 \
375408
-i certs/ocsp/index-ca-and-intermediate-cas.txt \
376409
-c certs/ocsp/root-ca-cert.pem \
377-
-k certs/ocsp/root-ca-key.pem &
410+
-k certs/ocsp/root-ca-key.pem > "$responder_log4" 2>&1 &
378411

379412
sleep 0.5
380413
# "jobs" is not portable for posix. Must use bash interpreter!
381414
[ $(jobs -r | wc -l) -ne 4 ] && \
382-
printf '\n\n%s\n' "Setup wolfSSL OCSP responders failed, skipping" && exit 0
415+
printf '\n\n%s\n' "Setup wolfSSL OCSP responders failed" && exit 1
383416

384417
printf '\n\n%s\n\n' "All wolfSSL OCSP responders started successfully!"
385418

0 commit comments

Comments
 (0)