diff options
Diffstat (limited to 'testing/fulltests/tls/STlsServerSession')
-rw-r--r-- | testing/fulltests/tls/STlsServerSession | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/testing/fulltests/tls/STlsServerSession b/testing/fulltests/tls/STlsServerSession new file mode 100644 index 0000000..acf68e5 --- /dev/null +++ b/testing/fulltests/tls/STlsServerSession @@ -0,0 +1,57 @@ +#!/bin/sh + +. STlsVars + +# this is usually something like "localhost:", so we need to strip the : +OURHOST=`echo $SNMP_TEST_DEST | sed 's/:.*//'` + +# create a CA + +CAPTURE $NSCERT genca --cn ca-net-snmp.org $NSCERTARGS +CAFP=`$NSCERT showcas --fingerprint --brief ca-net-snmp.org $NSCERTARGS` +CHECKVALUEISNT "$CAFP" "" "generated fingerprint for ca-net-snmp.org certificate" + +# create a server certificate using the CA certificate +CAPTURE $NSCERT gencert -t snmpd --with-ca ca-net-snmp.org $checknametype ${checknameprefix}$OURHOST $NSCERTARGS +SNMPDFP=`$NSCERT showcert --fingerprint --brief snmpd $NSCERTARGS` + +CONFIGAGENT '[snmp]' serverCert $SNMPDFP + +# create a user certificate +CAPTURE $NSCERT gencert -t snmpapp --cn 'testuser' $NSCERTARGS +TESTUSERFP=`$NSCERT showcerts --fingerprint --brief snmpapp $NSCERTARGS` +CHECKVALUEISNT "$TESTUSERFP" "" "generated fingerprint for testuser certificate" + +CONFIGAGENT certSecName 10 $TESTUSERFP --cn +CONFIGAGENT rwuser -s tsm testuser authpriv + +CONFIGAPP clientCert $TESTUSERFP + +# start the agent up +FLAGS="-On $SNMP_FLAGS $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT" + +# start up the agent +STARTAGENT + +######################################## +# Positive tests +# (should work) + +# ensure we can access it via a direct FP check +DOSETTEST fingerprintIdentity "-T their_identity=$SNMPDFP $FLAGS" + +# directly specify the host name +DOSETTEST hostnameIdentity "-T trust_cert=$CAFP -T their_hostname=$OURHOST $FLAGS" + +# This should also work because we: +# - trust the CA cert +# - use a session destname that matches the certificate +DOSETTEST sessionnameIdentity "-T trust_cert=$CAFP $FLAGS" + +######################################## +# DONE + +#sleep 500 +STOPAGENT + +FINISHED |