Use ready files for syncing

julek-wolfssl · julek-wolfssl · commit 4b4a7cc82f29 · 2026-02-16T22:45:13.000+01:00
diff --git a/examples/ocsp_responder/ocsp_responder.c b/examples/ocsp_responder/ocsp_responder.c
@@ -124,6 +124,7 @@ typedef struct {
     const char* certFile;
     const char* keyFile;
     const char* indexFile;
+    const char* readyFile;
     int nrequests;
     int verbose;
     int sendCerts;
@@ -142,6 +143,7 @@ static void Usage(void)
     LOG_MSG("  -c <file>    CA certificate\n");
     LOG_MSG("  -k <file>    CA private key\n");
     LOG_MSG("  -i <file>    Index file for cert status\n");
+    LOG_MSG("  -R <file>    Ready file for external monitor\n");
     LOG_MSG("  -n <num>     Exit after n requests\n");
     LOG_MSG("  -v           Verbose\n");
     LOG_MSG("  -x           Exclude certs from response\n");
@@ -445,52 +447,6 @@ static int PopulateResponderFromIndex(OcspResponder* responder, IndexEntry* inde
     return count;
 }
 
-/* Create TCP server socket */
-static SOCKET_T CreateServerSocket(word16 port)
-{
-    SOCKET_T sockfd;
-    struct sockaddr_in addr;
-    int yes = 1;
-
-#ifdef _WIN32
-    WSADATA wsaData;
-    if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) {
-        LOG_ERROR("WSAStartup failed\n");
-        return INVALID_SOCKET;
-    }
-#endif
-
-    sockfd = socket(AF_INET, SOCK_STREAM, 0);
-    if (sockfd == INVALID_SOCKET) {
-        LOG_ERROR("socket() failed\n");
-        return INVALID_SOCKET;
-    }
-
-    /* Allow reuse */
-    if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (const char*)&yes, sizeof(yes)) < 0) {
-        LOG_ERROR("setsockopt() failed\n");
-    }
-
-    XMEMSET(&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-    addr.sin_addr.s_addr = INADDR_ANY;
-    addr.sin_port = htons(port);
-
-    if (bind(sockfd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
-        LOG_ERROR("bind() failed\n");
-        close(sockfd);
-        return INVALID_SOCKET;
-    }
-
-    if (listen(sockfd, 5) < 0) {
-        LOG_ERROR("listen() failed\n");
-        close(sockfd);
-        return INVALID_SOCKET;
-    }
-
-    return sockfd;
-}
-
 /* Receive a complete HTTP request, looping until the full body arrives */
 static int RecvHttpRequest(SOCKET_T fd, byte* buf, int bufSz)
 {
@@ -688,9 +644,10 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
     opts.nrequests = 0;
     opts.verbose = 0;
     opts.sendCerts = 1;
+    opts.readyFile = NULL;
 
     /* Parse command line arguments */
-    while ((ch = mygetopt_long(argc, argv, "?p:c:k:i:n:vx", long_options, 0)) != -1) {
+    while ((ch = mygetopt_long(argc, argv, "?p:c:k:i:R:n:vx", long_options, 0)) != -1) {
         switch (ch) {
             case '?':
                 Usage();
@@ -708,6 +665,9 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
             case 'i':
                 opts.indexFile = myoptarg;
                 break;
+            case 'R':
+                opts.readyFile = myoptarg;
+                break;
             case 'n':
                 opts.nrequests = atoi(myoptarg);
                 break;
@@ -813,14 +773,23 @@ THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args)
         }
     }
 
-    /* Create server socket */
-    sockfd = CreateServerSocket(opts.port);
-    if (sockfd == INVALID_SOCKET) {
-        LOG_ERROR("Error creating server socket on port %d\n", opts.port);
-        ret = -1;
-        goto cleanup;
+    /* Create and listen on server socket */
+    tcp_listen(&sockfd, &opts.port, 1, 0, 0);
+
+    /* Write ready file if requested */
+    if (opts.readyFile != NULL) {
+        XFILE rf = XFOPEN(opts.readyFile, "w");
+        if (rf != NULL) {
+            fprintf(rf, "%d\n", (int)opts.port);
+            fclose(rf);
+            if (opts.verbose) {
+                LOG_MSG("Ready file created: %s\n", opts.readyFile);
+            }
+        }
+        else {
+            LOG_ERROR("Warning: Failed to create ready file: %s\n", opts.readyFile);
+        }
     }
-    LOG_MSG("OCSP Responder listening on port %d\n", opts.port);
 
 #ifndef _WIN32
     /* Install signal handlers for clean shutdown */
diff --git a/scripts/ocsp-responder-openssl-interop.test b/scripts/ocsp-responder-openssl-interop.test
@@ -72,6 +72,7 @@ generate_port() {
 
 resp_pids=""
 resp_logs=""
+ready_files=""
 
 cleanup() {
     for p in $resp_pids; do
@@ -82,6 +83,10 @@ cleanup() {
     for log in $resp_logs; do
         rm -f "$log" 2>/dev/null
     done
+    # Clean up ready files
+    for rf in $ready_files; do
+        rm -f "$rf" 2>/dev/null
+    done
 }
 trap cleanup EXIT INT TERM
 
@@ -101,6 +106,30 @@ print_responder_logs() {
     echo "----------------------"
 }
 
+# wait_for_ready_file READY_FILE PID PORT
+wait_for_ready_file() {
+    local ready_file="$1"
+    local pid="$2"
+    local port="$3"
+    local counter=0
+
+    while [ ! -s "$ready_file" ] && [ "$counter" -lt 20 ]; do
+        if ! kill -0 "$pid" 2>/dev/null; then
+            echo "ERROR: Responder pid $pid for port $port exited before creating ready file" 1>&2
+            print_responder_logs
+            exit 1
+        fi
+        sleep 0.1
+        counter=$((counter + 1))
+    done
+
+    if [ ! -s "$ready_file" ]; then
+        echo "ERROR: Ready file $ready_file not created after 2 seconds" 1>&2
+        print_responder_logs
+        exit 1
+    fi
+}
+
 # query_ocsp ISSUER_CERT CERT_TO_CHECK PORT EXPECTED_STATUS DESCRIPTION
 query_ocsp() {
     local issuer="$1"
@@ -148,7 +177,9 @@ query_ocsp() {
 generate_port; port1=$port
 log1=$(mktemp /tmp/ocsp_resp1.XXXXXX)
 resp_logs="$resp_logs $log1"
-$OCSP_RESPONDER -p $port1 -v \
+ready1=$(mktemp /tmp/ocsp_ready1.XXXXXX)
+ready_files="$ready_files $ready1"
+$OCSP_RESPONDER -p $port1 -v -R "$ready1" \
     -c $OCSP_DIR/intermediate1-ca-cert.pem \
     -k $OCSP_DIR/intermediate1-ca-key.pem \
     -i $OCSP_DIR/index-intermediate1-ca-issued-certs.txt \
@@ -160,7 +191,9 @@ resp_pids="$resp_pids $pid1"
 generate_port; port2=$port
 log2=$(mktemp /tmp/ocsp_resp2.XXXXXX)
 resp_logs="$resp_logs $log2"
-$OCSP_RESPONDER -p $port2 -v \
+ready2=$(mktemp /tmp/ocsp_ready2.XXXXXX)
+ready_files="$ready_files $ready2"
+$OCSP_RESPONDER -p $port2 -v -R "$ready2" \
     -c $OCSP_DIR/intermediate2-ca-cert.pem \
     -k $OCSP_DIR/intermediate2-ca-key.pem \
     -i $OCSP_DIR/index-intermediate2-ca-issued-certs.txt \
@@ -172,7 +205,9 @@ resp_pids="$resp_pids $pid2"
 generate_port; port3=$port
 log3=$(mktemp /tmp/ocsp_resp3.XXXXXX)
 resp_logs="$resp_logs $log3"
-$OCSP_RESPONDER -p $port3 -v \
+ready3=$(mktemp /tmp/ocsp_ready3.XXXXXX)
+ready_files="$ready_files $ready3"
+$OCSP_RESPONDER -p $port3 -v -R "$ready3" \
     -c $OCSP_DIR/intermediate3-ca-cert.pem \
     -k $OCSP_DIR/intermediate3-ca-key.pem \
     -i $OCSP_DIR/index-intermediate3-ca-issued-certs.txt \
@@ -184,7 +219,9 @@ resp_pids="$resp_pids $pid3"
 generate_port; port4=$port
 log4=$(mktemp /tmp/ocsp_resp4.XXXXXX)
 resp_logs="$resp_logs $log4"
-$OCSP_RESPONDER -p $port4 -v \
+ready4=$(mktemp /tmp/ocsp_ready4.XXXXXX)
+ready_files="$ready_files $ready4"
+$OCSP_RESPONDER -p $port4 -v -R "$ready4" \
     -c $OCSP_DIR/root-ca-cert.pem \
     -k $OCSP_DIR/root-ca-key.pem \
     -i $OCSP_DIR/index-ca-and-intermediate-cas.txt \
@@ -198,15 +235,13 @@ echo "  Responder 2 (intermediate2-ca): port $port2, pid $pid2"
 echo "  Responder 3 (intermediate3-ca): port $port3, pid $pid3"
 echo "  Responder 4 (root-ca):          port $port4, pid $pid4"
 
-sleep 0.1
+# Wait for all responders to be ready
+wait_for_ready_file "$ready1" "$pid1" "$port1"
+wait_for_ready_file "$ready2" "$pid2" "$port2"
+wait_for_ready_file "$ready3" "$pid3" "$port3"
+wait_for_ready_file "$ready4" "$pid4" "$port4"
 
-# Verify all responders are running
-for p in $resp_pids; do
-    if ! kill -0 "$p" 2>/dev/null; then
-        echo "FATAL: Responder pid $p failed to start" 1>&2
-        exit 1
-    fi
-done
+echo "All responders ready"
 
 echo "All responders running."
 echo
diff --git a/scripts/ocsp-stapling-with-wolfssl-responder.test b/scripts/ocsp-stapling-with-wolfssl-responder.test
@@ -141,11 +141,19 @@ ready_file2="$WORKSPACE"/wolf_ocsp_wr_readyF2$$
 ready_file3="$WORKSPACE"/wolf_ocsp_wr_readyF3$$
 ready_file4="$WORKSPACE"/wolf_ocsp_wr_readyF4$$
 ready_file5="$WORKSPACE"/wolf_ocsp_wr_readyF5$$
+ready_file_resp1="$WORKSPACE"/wolf_ocsp_resp_readyF1$$
+ready_file_resp2="$WORKSPACE"/wolf_ocsp_resp_readyF2$$
+ready_file_resp3="$WORKSPACE"/wolf_ocsp_resp_readyF3$$
+ready_file_resp4="$WORKSPACE"/wolf_ocsp_resp_readyF4$$
 printf '%s\n' "ready file 1:  $ready_file1"
 printf '%s\n' "ready file 2:  $ready_file2"
 printf '%s\n' "ready file 3:  $ready_file3"
 printf '%s\n' "ready file 4:  $ready_file4"
 printf '%s\n' "ready file 5:  $ready_file5"
+printf '%s\n' "ready file resp 1:  $ready_file_resp1"
+printf '%s\n' "ready file resp 2:  $ready_file_resp2"
+printf '%s\n' "ready file resp 3:  $ready_file_resp3"
+printf '%s\n' "ready file resp 4:  $ready_file_resp4"
 
 # Create temporary log files for responder output
 responder_log1=$(mktemp)
@@ -399,39 +407,42 @@ printf '%s\n' "-----------------------------------"
 ./examples/client/client -p $port4
 create_new_cnf $port1 $port2 $port3 $port4
 
-sleep 0.1
-
 # Start wolfSSL OCSP responders (CA signs responses directly)
 printf '%s\n' "Starting wolfSSL OCSP responders..."
 
 # Responder 1: intermediate1-ca (for server1, server2)
-$OCSP_RESPONDER -v -p $port1 \
+$OCSP_RESPONDER -v -p $port1 -R "$ready_file_resp1" \
     -i certs/ocsp/index-intermediate1-ca-issued-certs.txt \
     -c certs/ocsp/intermediate1-ca-cert.pem \
     -k certs/ocsp/intermediate1-ca-key.pem > "$responder_log1" 2>&1 &
+resp_pid1=$!
 
 # Responder 2: intermediate2-ca (for server3, server4)
-$OCSP_RESPONDER -v -p $port2 \
+$OCSP_RESPONDER -v -p $port2 -R "$ready_file_resp2" \
     -i certs/ocsp/index-intermediate2-ca-issued-certs.txt \
     -c certs/ocsp/intermediate2-ca-cert.pem \
     -k certs/ocsp/intermediate2-ca-key.pem > "$responder_log2" 2>&1 &
+resp_pid2=$!
 
 # Responder 3: intermediate3-ca (for server5)
-$OCSP_RESPONDER -v -p $port3 \
+$OCSP_RESPONDER -v -p $port3 -R "$ready_file_resp3" \
     -i certs/ocsp/index-intermediate3-ca-issued-certs.txt \
     -c certs/ocsp/intermediate3-ca-cert.pem \
     -k certs/ocsp/intermediate3-ca-key.pem > "$responder_log3" 2>&1 &
+resp_pid3=$!
 
 # Responder 4: root-ca (for intermediate CA certs)
-$OCSP_RESPONDER -v -p $port4 \
+$OCSP_RESPONDER -v -p $port4 -R "$ready_file_resp4" \
     -i certs/ocsp/index-ca-and-intermediate-cas.txt \
     -c certs/ocsp/root-ca-cert.pem \
     -k certs/ocsp/root-ca-key.pem > "$responder_log4" 2>&1 &
+resp_pid4=$!
 
-sleep 0.5
-# "jobs" is not portable for posix. Must use bash interpreter!
-[ $(jobs -r | wc -l) -ne 4 ] && \
-    printf '\n\n%s\n' "Setup wolfSSL OCSP responders failed" && exit 1
+# Wait for all responders to be ready
+wait_for_readyFile "$ready_file_resp1" "$resp_pid1" "$port1"
+wait_for_readyFile "$ready_file_resp2" "$resp_pid2" "$port2"
+wait_for_readyFile "$ready_file_resp3" "$resp_pid3" "$port3"
+wait_for_readyFile "$ready_file_resp4" "$resp_pid4" "$port4"
 
 printf '\n\n%s\n\n' "All wolfSSL OCSP responders started successfully!"
 
