nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update op_test.sh usage; Add error count and custom library hook

Browse Source 
Signed-off-by: Richard Bonhomme <tincanteksup@gmail.com>
This commit is contained in:
Richard Bonhomme 2019-01-29 21:54:19 +00:00
parent 83ae8ad3e5
commit 9bdb97d5e3
No known key found for this signature in database
GPG Key ID: D7D49FA009D95091
1 changed files with 58 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
op_test.sh
View File

@ -10,10 +10,10 @@ cat << __EOF__
Actions taken: Actions taken:
* standard ca * standard ca
* standard server * standard server + renew
* standard server with SAN * standard server with SAN
* standard serverClient * standard serverClient
* standard client * standard client + renew
* standard sign imported server * standard sign imported server
* standard sign imported serverClient * standard sign imported serverClient
* standard sign imported client * standard sign imported client
@ -25,22 +25,6 @@ cat << __EOF__
* revoke * revoke
* CRLs * CRLs
EASYRSA_*
* All standard EASYRSA vars are avaiable.
Todo:
* test renew ()
Will not do:
* libressl
* openssl-dev
Do not burden Travis with these unnecessary stages.
Relevant hooks left for local implementations.
Note:
* Currently always completes, until easyrsa-prog_exit is fixed.
https://github.com/OpenVPN/easy-rsa/issues/282
Suggested options: Suggested options:
* "./op_test.sh -v" (verbose) * "./op_test.sh -v" (verbose)
* "ERSA_OUT=0 ./op_test.sh -vv" (very verbose but no SSL output) * "ERSA_OUT=0 ./op_test.sh -vv" (very verbose but no SSL output)
@ -61,7 +45,9 @@ init ()
exit 1 exit 1
fi fi
DIE=1 DIE="${DIE:-1}"
S_ERRORS=0
T_ERRORS=0
VERBOSE="${VERBOSE:-0}" VERBOSE="${VERBOSE:-0}"
VVERBOSE="${VVERBOSE:-0}" VVERBOSE="${VVERBOSE:-0}"
SHOW_CERT="${SHOW_CERT:-0}" SHOW_CERT="${SHOW_CERT:-0}"
@ -71,6 +57,7 @@ init ()
CUSTOM_VARS="${CUSTOM_VARS:-1}" CUSTOM_VARS="${CUSTOM_VARS:-1}"
UNSIGNED_PKI="${UNSIGNED_PKI:-1}" UNSIGNED_PKI="${UNSIGNED_PKI:-1}"
SYS_SSL_ENABLE="${SYS_SSL_ENABLE:-1}" SYS_SSL_ENABLE="${SYS_SSL_ENABLE:-1}"
SYS_SSL_LIBB="openssl"
BROKEN_PKI="${BROKEN_PKI:-0}" BROKEN_PKI="${BROKEN_PKI:-0}"
CUSTOM_OPTS="${CUSTOM_OPTS:-0}" CUSTOM_OPTS="${CUSTOM_OPTS:-0}"
export DEPS_DIR="$ROOT_DIR/testdeps" export DEPS_DIR="$ROOT_DIR/testdeps"
@ -80,6 +67,8 @@ init ()
export OPENSSL_BUILD="${OPENSSL_BUILD:-0}" export OPENSSL_BUILD="${OPENSSL_BUILD:-0}"
export OPENSSL_VERSION="${OPENSSL_VERSION:-git}" export OPENSSL_VERSION="${OPENSSL_VERSION:-git}"
export OSSL_LIBB="${OSSL_LIBB:-"$DEPS_DIR/openssl-dev/bin/openssl"}" export OSSL_LIBB="${OSSL_LIBB:-"$DEPS_DIR/openssl-dev/bin/openssl"}"
export CUST_SSL_ENABLE="${CUST_SSL_ENABLE:-0}"
export CUST_SSL_LIBB="${CUST_SSL_LIBB:-"$DEPS_DIR/cust-ssl-inst/bin/openssl"}"
export LIBRESSL_ENABLE="${LIBRESSL_ENABLE:-0}" export LIBRESSL_ENABLE="${LIBRESSL_ENABLE:-0}"
export LIBRESSL_BUILD="${LIBRESSL_BUILD:-0}" export LIBRESSL_BUILD="${LIBRESSL_BUILD:-0}"
export LIBRESSL_VERSION="${LIBRESSL_VERSION:-2.8.3}" export LIBRESSL_VERSION="${LIBRESSL_VERSION:-2.8.3}"
@ -124,6 +113,9 @@ die ()
warn "$0 FATAL ERROR! exit 1: $1" warn "$0 FATAL ERROR! exit 1: $1"
[ $((DIE)) -eq 1 ] && tear_down && exit 1 [ $((DIE)) -eq 1 ] && tear_down && exit 1
warn "Ignored" warn "Ignored"
S_ERRORS=$((S_ERRORS + 1))
T_ERRORS=$((T_ERRORS + 1))
warn "$STAGE_NAME Errors: $S_ERRORS"
return 0 return 0
} }
@ -134,6 +126,12 @@ vverbose ()
print "|| :: $MSG" print "|| :: $MSG"
} }
vvverbose ()
{
[ $((VVERBOSE)) -eq 1 ] || return 0
print "|| :: $1"
}
vdisabled () vdisabled ()
{ {
[ $((VVERBOSE)) -eq 1 ] || return 0 [ $((VVERBOSE)) -eq 1 ] || return 0
@ -170,7 +168,7 @@ setup ()
vverbose "Setup" vverbose "Setup"
cd "$WORK_DIR" || die "cd $WORK_DIR" cd "$WORK_DIR" || die "cd $WORK_DIR"
[ $((VVERBOSE)) -eq 1 ] && print "|| ++ Working dir: $WORK_DIR" vvverbose "Working dir: $WORK_DIR"
destroy_data destroy_data
@ -200,7 +198,7 @@ setup ()
fi fi
STAGE_NAME="Sample requests" STAGE_NAME="Sample requests"
if [ $((UNSIGNED_PKI)) -eq 1 ] && [ $((SYS_SSL_ENABLE + OPENSSL_ENABLE + LIBRESSL_ENABLE)) -ne 0 ] if [ $((UNSIGNED_PKI)) -eq 1 ] && [ $((SYS_SSL_ENABLE + CUST_SSL_ENABLE + OPENSSL_ENABLE + LIBRESSL_ENABLE)) -ne 0 ]
then then
verb_off verb_off
NEW_PKI="pki-req" NEW_PKI="pki-req"
@ -322,14 +320,14 @@ move_ca ()
action () action ()
{ {
vverbose "$STEP_NAME" vverbose "$STEP_NAME"
if [ $((ERSA_OUT)) -eq 1 ] || [ $((SHOW_CERT_ONLY)) -eq 1 ] if [ $((ERSA_OUT + SHOW_CERT_ONLY)) -eq 0 ]
then then
newline newline
# shellcheck disable=SC2086 # shellcheck disable=SC2086
"$ERSA_BIN" $STEP_NAME || die "$STEP_NAME" "$ERSA_BIN" $STEP_NAME >/dev/null 2>&1 || die "$STEP_NAME"
else else
# shellcheck disable=SC2086 # shellcheck disable=SC2086
"$ERSA_BIN" $STEP_NAME >/dev/null 2>&1 || die "$STEP_NAME" "$ERSA_BIN" $STEP_NAME || die "$STEP_NAME"
fi fi
completed "$STEP_NAME" completed "$STEP_NAME"
} }
@ -447,6 +445,9 @@ create_pki ()
{ {
newline 1 newline 1
vverbose "$STAGE_NAME" vverbose "$STAGE_NAME"
vvverbose "EASYRSA_OPENSSL: $EASYRSA_OPENSSL"
verbose "$($EASYRSA_OPENSSL version 2> /dev/null)"
vverbose "$($EASYRSA_OPENSSL version 2> /dev/null)"
restore_req restore_req
@ -548,7 +549,8 @@ create_pki ()
unset EASYRSA_PKI unset EASYRSA_PKI
newline 1 newline 1
vcompleted "$STAGE_NAME" vcompleted "$STAGE_NAME (Errors: $S_ERRORS)"
S_ERRORS=0
newline 1 newline 1
} }
@ -561,13 +563,19 @@ create_pki ()
-u|-h|--help) usage ;; -u|-h|--help) usage ;;
-v) VERBOSE=1 ;; -v) VERBOSE=1 ;;
-vv) VVERBOSE=1; ERSA_OUT="${ERSA_OUT:-1}" ;; -vv) VVERBOSE=1; ERSA_OUT="${ERSA_OUT:-1}" ;;
-b) BROKEN_PKI=1; SYS_SSL_ENABLE="${SYS_SSL_ENABLE:-0}"; VVERBOSE=1; ERSA_OUT="${ERSA_OUT:-1}" ;; -b) DIE=0; BROKEN_PKI=1; SYS_SSL_ENABLE="${SYS_SSL_ENABLE:-0}";
VVERBOSE="${VVERBOSE:-1}"; ERSA_OUT="${ERSA_OUT:-1}" ;;
-f) DIE=0; CUST_SSL_ENABLE=1; OPENSSL_ENABLE=1; LIBRESSL_ENABLE=1;
VVERBOSE="${VVERBOSE:-1}"; ERSA_OUT="${ERSA_OUT:-1}" ;;
*) print "Unknown option: $i"; exit 1 ;; *) print "Unknown option: $i"; exit 1 ;;
esac esac
done done
init init
[ -f "$DEPS_DIR/custom-ssl.sh" ] || export CUST_SSL_ENABLE=0
[ $((CUST_SSL_ENABLE)) -eq 1 ] && "$DEPS_DIR/custom-ssl.sh"
[ -f "$DEPS_DIR/openssl.sh" ] || export OPENSSL_ENABLE=0 [ -f "$DEPS_DIR/openssl.sh" ] || export OPENSSL_ENABLE=0
[ $((OPENSSL_ENABLE)) -eq 1 ] && "$DEPS_DIR/openssl.sh" [ $((OPENSSL_ENABLE)) -eq 1 ] && "$DEPS_DIR/openssl.sh"
@ -576,33 +584,45 @@ create_pki ()
setup setup
STAGE_NAME="Default ssl" STAGE_NAME="System ssl"
if [ $((SYS_SSL_ENABLE)) -eq 1 ] if [ $((SYS_SSL_ENABLE)) -eq 1 ]
then then
NEW_PKI="pki-dssl" NEW_PKI="pki-sys-ssl"
create_pki create_pki
else else
vdisabled "$STAGE_NAME" vdisabled "$STAGE_NAME"
fi fi
STAGE_NAME="openssl" STAGE_NAME="Custom ssl"
if [ $((OPENSSL_ENABLE)) -eq 1 ] if [ $((CUST_SSL_ENABLE)) -eq 1 ]
then then
[ -f "$OSSL_LIBB" ] || DIE=1 die "$0: missing openssl: $OSSL_LIBB" [ -f "$CUST_SSL_LIBB" ] || die "$0: missing custom ssl: $CUST_SSL_LIBB"
export EASYRSA_OPENSSL="$OSSL_LIBB" export EASYRSA_OPENSSL="$CUST_SSL_LIBB"
NEW_PKI="pki-ossl" NEW_PKI="pki-custom-ssl"
create_pki create_pki
unset EASYRSA_OPENSSL unset EASYRSA_OPENSSL
else else
vdisabled "$STAGE_NAME" vdisabled "$STAGE_NAME"
fi fi
STAGE_NAME="libressl" STAGE_NAME="Openssl"
if [ $((OPENSSL_ENABLE)) -eq 1 ]
then
[ -f "$OSSL_LIBB" ] || die "$0: missing openssl: $OSSL_LIBB"
export EASYRSA_OPENSSL="$OSSL_LIBB"
NEW_PKI="pki-openssl"
create_pki
unset EASYRSA_OPENSSL
else
vdisabled "$STAGE_NAME"
fi
STAGE_NAME="Libressl"
if [ $((LIBRESSL_ENABLE)) -eq 1 ] if [ $((LIBRESSL_ENABLE)) -eq 1 ]
then then
[ -f "$LSSL_LIBB" ] || DIE=1 die "$0: missing libressl: $LSSL_LIBB" [ -f "$LSSL_LIBB" ] || die "$0: missing libressl: $LSSL_LIBB"
export EASYRSA_OPENSSL="$LSSL_LIBB" export EASYRSA_OPENSSL="$LSSL_LIBB"
NEW_PKI="pki-lssl" NEW_PKI="pki-libressl"
create_pki create_pki
unset EASYRSA_OPENSSL unset EASYRSA_OPENSSL
else else
@ -621,6 +641,6 @@ create_pki ()
tear_down tear_down
completed "Completed" completed "Completed (Total errors: $T_ERRORS)"
vcompleted "Completed" vcompleted "Completed (Total errors: $T_ERRORS)"
exit 0 exit 0