Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp

2025-10-02 14:48:21 +00:00 · 2015-12-14 16:05:41 -08:00 · 2015-12-14 16:05:41 -08:00 · da9b5425e4
commit da9b5425e4
parent c93a9fbebd f0a28788ad
157 changed files with 1830 additions and 1130 deletions
--- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro
+++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro
@ -1,37 +0,0 @@
-# @TEST-SERIALIZE: comm
-#
-# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-run proxy-1   "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-1 bro %INPUT"
-# @TEST-EXEC: btest-bg-run proxy-2   "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-2 bro %INPUT"
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
-# @TEST-EXEC: btest-bg-run worker-2  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
-# @TEST-EXEC: btest-bg-wait 20
-# @TEST-EXEC: cat manager-1/ssl*.log > ssl.log
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-file-ids btest-diff ssl.log
-#
-
-redef Log::default_rotation_interval = 0secs;
-
-@TEST-START-FILE cluster-layout.bro
-redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
-	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1", $workers=set("worker-1", "worker-2")],
-	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1", $workers=set("worker-2")],
-	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth0"],
-	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth1"],
-};
-@TEST-END-FILE
-
-event terminate_me() {
-	terminate();
-}
-
-event remote_connection_closed(p: event_peer) {
-	schedule 1sec { terminate_me() };
-}
-
-
-@load base/frameworks/cluster
-@load protocols/ssl/validate-certs.bro
--- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro
+++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro
@ -1,5 +1,5 @@
-# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log
+# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log

@load protocols/ssl/validate-certs.bro

--- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
@ -1,7 +1,7 @@
-# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.bro %INPUT
 # @TEST-EXEC: cat ssl.log > ssl-all.log
-# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
+# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT
 # @TEST-EXEC: cat ssl.log >> ssl-all.log
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-all.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log

@load protocols/ssl/validate-certs.bro
--- a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.bro
+++ b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.bro
@ -1,10 +1,10 @@
-# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log
-# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT
+# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log
+# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT
 # @TEST-EXEC: mv ssl.log ssl-twimg.log
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-twimg.log
-# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log
+# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT
 # @TEST-EXEC: mv ssl.log ssl-digicert.log
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-digicert.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-digicert.log

@load protocols/ssl/validate-ocsp