Skip to content

Commit c8156b0

Browse files
author
Divjot Arora
authored
GODRIVER-1650 Test OCSP on macos and Windows (#432)
1 parent 47996f3 commit c8156b0

File tree

2 files changed

+66
-37
lines changed

2 files changed

+66
-37
lines changed

.evergreen/config.yml

Lines changed: 56 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -419,15 +419,15 @@ functions:
419419
params:
420420
script: |
421421
cd ${DRIVERS_TOOLS}/.evergreen/ocsp
422-
/opt/mongodbtoolchain/v3/bin/python3 -m venv ./venv
423-
./venv/bin/pip3 install -r mock-ocsp-responder-requirements.txt
422+
${PYTHON3_BINARY} -m venv ./venv
423+
./venv/${VENV_BIN_DIR|bin}/pip3 install -r mock-ocsp-responder-requirements.txt
424424
- command: shell.exec
425425
params:
426426
background: true
427427
script: |
428428
cd ${DRIVERS_TOOLS}/.evergreen/ocsp
429429
430-
nohup ./venv/bin/python3 ocsp_mock.py \
430+
./venv/${VENV_BIN_DIR|bin}/python ocsp_mock.py \
431431
--ca_file ${OCSP_ALGORITHM}/ca.pem \
432432
--ocsp_responder_cert ${OCSP_ALGORITHM}/ca.crt \
433433
--ocsp_responder_key ${OCSP_ALGORITHM}/ca.key \
@@ -438,15 +438,15 @@ functions:
438438
params:
439439
script: |
440440
cd ${DRIVERS_TOOLS}/.evergreen/ocsp
441-
/opt/mongodbtoolchain/v3/bin/python3 -m venv ./venv
442-
./venv/bin/pip3 install -r mock-ocsp-responder-requirements.txt
441+
${PYTHON3_BINARY} -m venv ./venv
442+
./venv/${VENV_BIN_DIR|bin}/pip3 install -r mock-ocsp-responder-requirements.txt
443443
- command: shell.exec
444444
params:
445445
background: true
446446
script: |
447447
cd ${DRIVERS_TOOLS}/.evergreen/ocsp
448448
449-
nohup ./venv/bin/python3 ocsp_mock.py \
449+
./venv/${VENV_BIN_DIR|bin}/python ocsp_mock.py \
450450
--ca_file ${OCSP_ALGORITHM}/ca.pem \
451451
--ocsp_responder_cert ${OCSP_ALGORITHM}/ca.crt \
452452
--ocsp_responder_key ${OCSP_ALGORITHM}/ca.key \
@@ -459,15 +459,15 @@ functions:
459459
params:
460460
script: |
461461
cd ${DRIVERS_TOOLS}/.evergreen/ocsp
462-
/opt/mongodbtoolchain/v3/bin/python3 -m venv ./venv
463-
./venv/bin/pip3 install -r mock-ocsp-responder-requirements.txt
462+
${PYTHON3_BINARY} -m venv ./venv
463+
./venv/${VENV_BIN_DIR|bin}/pip3 install -r mock-ocsp-responder-requirements.txt
464464
- command: shell.exec
465465
params:
466466
background: true
467467
script: |
468468
cd ${DRIVERS_TOOLS}/.evergreen/ocsp
469469
470-
nohup ./venv/bin/python3 ocsp_mock.py \
470+
./venv/${VENV_BIN_DIR|bin}/python ocsp_mock.py \
471471
--ca_file ${OCSP_ALGORITHM}/ca.pem \
472472
--ocsp_responder_cert ${OCSP_ALGORITHM}/ocsp-responder.crt \
473473
--ocsp_responder_key ${OCSP_ALGORITHM}/ocsp-responder.key \
@@ -478,15 +478,15 @@ functions:
478478
params:
479479
script: |
480480
cd ${DRIVERS_TOOLS}/.evergreen/ocsp
481-
/opt/mongodbtoolchain/v3/bin/python3 -m venv ./venv
482-
./venv/bin/pip3 install -r mock-ocsp-responder-requirements.txt
481+
${PYTHON3_BINARY} -m venv ./venv
482+
./venv/${VENV_BIN_DIR|bin}/pip3 install -r mock-ocsp-responder-requirements.txt
483483
- command: shell.exec
484484
params:
485485
background: true
486486
script: |
487487
cd ${DRIVERS_TOOLS}/.evergreen/ocsp
488488
489-
nohup ./venv/bin/python3 ocsp_mock.py \
489+
./venv/${VENV_BIN_DIR|bin}/python ocsp_mock.py \
490490
--ca_file ${OCSP_ALGORITHM}/ca.pem \
491491
--ocsp_responder_cert ${OCSP_ALGORITHM}/ocsp-responder.crt \
492492
--ocsp_responder_key ${OCSP_ALGORITHM}/ocsp-responder.key \
@@ -898,7 +898,7 @@ tasks:
898898
MONGO_GO_DRIVER_COMPRESSOR: "zstd"
899899

900900
- name: test-ocsp-rsa-valid-cert-server-staples
901-
tags: ["ocsp"]
901+
tags: ["ocsp", "ocsp-rsa", "ocsp-staple"]
902902
commands:
903903
- func: run-valid-ocsp-server
904904
vars:
@@ -912,7 +912,7 @@ tasks:
912912
OCSP_TLS_SHOULD_SUCCEED: "true"
913913

914914
- name: test-ocsp-rsa-invalid-cert-server-staples
915-
tags: ["ocsp"]
915+
tags: ["ocsp", "ocsp-rsa", "ocsp-staple"]
916916
commands:
917917
- func: run-revoked-ocsp-server
918918
vars:
@@ -926,7 +926,7 @@ tasks:
926926
OCSP_TLS_SHOULD_SUCCEED: "false"
927927

928928
- name: test-ocsp-rsa-valid-cert-server-does-not-staple
929-
tags: ["ocsp"]
929+
tags: ["ocsp", "ocsp-rsa"]
930930
commands:
931931
- func: run-valid-ocsp-server
932932
vars:
@@ -940,7 +940,7 @@ tasks:
940940
OCSP_TLS_SHOULD_SUCCEED: "true"
941941

942942
- name: test-ocsp-rsa-invalid-cert-server-does-not-staple
943-
tags: ["ocsp"]
943+
tags: ["ocsp", "ocsp-rsa"]
944944
commands:
945945
- func: run-revoked-ocsp-server
946946
vars:
@@ -954,7 +954,7 @@ tasks:
954954
OCSP_TLS_SHOULD_SUCCEED: "false"
955955

956956
- name: test-ocsp-rsa-soft-fail
957-
tags: ["ocsp"]
957+
tags: ["ocsp", "ocsp-rsa"]
958958
commands:
959959
- func: ocsp-bootstrap-mongo-orchestration
960960
vars:
@@ -965,7 +965,7 @@ tasks:
965965
OCSP_TLS_SHOULD_SUCCEED: "true"
966966

967967
- name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple
968-
tags: ["ocsp"]
968+
tags: ["ocsp", "ocsp-rsa"]
969969
commands:
970970
- func: run-revoked-ocsp-server
971971
vars:
@@ -979,7 +979,7 @@ tasks:
979979
OCSP_TLS_SHOULD_SUCCEED: "false"
980980

981981
- name: test-ocsp-rsa-malicious-no-responder-mustStaple-server-does-not-staple
982-
tags: ["ocsp"]
982+
tags: ["ocsp", "ocsp-rsa"]
983983
commands:
984984
- func: ocsp-bootstrap-mongo-orchestration
985985
vars:
@@ -990,7 +990,7 @@ tasks:
990990
OCSP_TLS_SHOULD_SUCCEED: "false"
991991

992992
- name: test-ocsp-rsa-delegate-valid-cert-server-staples
993-
tags: ["ocsp"]
993+
tags: ["ocsp", "ocsp-rsa", "ocsp-staple"]
994994
commands:
995995
- func: run-valid-delegate-ocsp-server
996996
vars:
@@ -1004,7 +1004,7 @@ tasks:
10041004
OCSP_TLS_SHOULD_SUCCEED: "true"
10051005

10061006
- name: test-ocsp-rsa-delegate-invalid-cert-server-staples
1007-
tags: ["ocsp"]
1007+
tags: ["ocsp", "ocsp-rsa", "ocsp-staple"]
10081008
commands:
10091009
- func: run-revoked-delegate-ocsp-server
10101010
vars:
@@ -1018,7 +1018,7 @@ tasks:
10181018
OCSP_TLS_SHOULD_SUCCEED: "false"
10191019

10201020
- name: test-ocsp-rsa-delegate-valid-cert-server-does-not-staple
1021-
tags: ["ocsp"]
1021+
tags: ["ocsp", "ocsp-rsa"]
10221022
commands:
10231023
- func: run-valid-delegate-ocsp-server
10241024
vars:
@@ -1032,7 +1032,7 @@ tasks:
10321032
OCSP_TLS_SHOULD_SUCCEED: "true"
10331033

10341034
- name: test-ocsp-rsa-delegate-invalid-cert-server-does-not-staple
1035-
tags: ["ocsp"]
1035+
tags: ["ocsp", "ocsp-rsa"]
10361036
commands:
10371037
- func: run-revoked-delegate-ocsp-server
10381038
vars:
@@ -1046,7 +1046,7 @@ tasks:
10461046
OCSP_TLS_SHOULD_SUCCEED: "false"
10471047

10481048
- name: test-ocsp-rsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple
1049-
tags: ["ocsp"]
1049+
tags: ["ocsp", "ocsp-rsa"]
10501050
commands:
10511051
- func: run-revoked-delegate-ocsp-server
10521052
vars:
@@ -1060,7 +1060,7 @@ tasks:
10601060
OCSP_TLS_SHOULD_SUCCEED: "false"
10611061

10621062
- name: test-ocsp-ecdsa-valid-cert-server-staples
1063-
tags: ["ocsp"]
1063+
tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"]
10641064
commands:
10651065
- func: run-valid-ocsp-server
10661066
vars:
@@ -1074,7 +1074,7 @@ tasks:
10741074
OCSP_TLS_SHOULD_SUCCEED: "true"
10751075

10761076
- name: test-ocsp-ecdsa-invalid-cert-server-staples
1077-
tags: ["ocsp"]
1077+
tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"]
10781078
commands:
10791079
- func: run-revoked-ocsp-server
10801080
vars:
@@ -1088,7 +1088,7 @@ tasks:
10881088
OCSP_TLS_SHOULD_SUCCEED: "false"
10891089

10901090
- name: test-ocsp-ecdsa-valid-cert-server-does-not-staple
1091-
tags: ["ocsp"]
1091+
tags: ["ocsp", "ocsp-ecdsa"]
10921092
commands:
10931093
- func: run-valid-ocsp-server
10941094
vars:
@@ -1102,7 +1102,7 @@ tasks:
11021102
OCSP_TLS_SHOULD_SUCCEED: "true"
11031103

11041104
- name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple
1105-
tags: ["ocsp"]
1105+
tags: ["ocsp", "ocsp-ecdsa"]
11061106
commands:
11071107
- func: run-revoked-ocsp-server
11081108
vars:
@@ -1116,7 +1116,7 @@ tasks:
11161116
OCSP_TLS_SHOULD_SUCCEED: "false"
11171117

11181118
- name: test-ocsp-ecdsa-soft-fail
1119-
tags: ["ocsp"]
1119+
tags: ["ocsp", "ocsp-ecdsa"]
11201120
commands:
11211121
- func: ocsp-bootstrap-mongo-orchestration
11221122
vars:
@@ -1127,7 +1127,7 @@ tasks:
11271127
OCSP_TLS_SHOULD_SUCCEED: "true"
11281128

11291129
- name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple
1130-
tags: ["ocsp"]
1130+
tags: ["ocsp", "ocsp-ecdsa"]
11311131
commands:
11321132
- func: run-revoked-ocsp-server
11331133
vars:
@@ -1141,7 +1141,7 @@ tasks:
11411141
OCSP_TLS_SHOULD_SUCCEED: "false"
11421142

11431143
- name: test-ocsp-ecdsa-malicious-no-responder-mustStaple-server-does-not-staple
1144-
tags: ["ocsp"]
1144+
tags: ["ocsp", "ocsp-ecdsa"]
11451145
commands:
11461146
- func: ocsp-bootstrap-mongo-orchestration
11471147
vars:
@@ -1152,7 +1152,7 @@ tasks:
11521152
OCSP_TLS_SHOULD_SUCCEED: "false"
11531153

11541154
- name: test-ocsp-ecdsa-delegate-valid-cert-server-staples
1155-
tags: ["ocsp"]
1155+
tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"]
11561156
commands:
11571157
- func: run-valid-delegate-ocsp-server
11581158
vars:
@@ -1166,7 +1166,7 @@ tasks:
11661166
OCSP_TLS_SHOULD_SUCCEED: "true"
11671167

11681168
- name: test-ocsp-ecdsa-delegate-invalid-cert-server-staples
1169-
tags: ["ocsp"]
1169+
tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"]
11701170
commands:
11711171
- func: run-revoked-delegate-ocsp-server
11721172
vars:
@@ -1180,7 +1180,7 @@ tasks:
11801180
OCSP_TLS_SHOULD_SUCCEED: "false"
11811181

11821182
- name: test-ocsp-ecdsa-delegate-valid-cert-server-does-not-staple
1183-
tags: ["ocsp"]
1183+
tags: ["ocsp", "ocsp-ecdsa"]
11841184
commands:
11851185
- func: run-valid-delegate-ocsp-server
11861186
vars:
@@ -1194,7 +1194,7 @@ tasks:
11941194
OCSP_TLS_SHOULD_SUCCEED: "true"
11951195

11961196
- name: test-ocsp-ecdsa-delegate-invalid-cert-server-does-not-staple
1197-
tags: ["ocsp"]
1197+
tags: ["ocsp", "ocsp-ecdsa"]
11981198
commands:
11991199
- func: run-revoked-delegate-ocsp-server
12001200
vars:
@@ -1208,7 +1208,7 @@ tasks:
12081208
OCSP_TLS_SHOULD_SUCCEED: "false"
12091209

12101210
- name: test-ocsp-ecdsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple
1211-
tags: ["ocsp"]
1211+
tags: ["ocsp", "ocsp-ecdsa"]
12121212
commands:
12131213
- func: run-revoked-delegate-ocsp-server
12141214
vars:
@@ -1543,16 +1543,20 @@ axes:
15431543
variables:
15441544
GCC_PATH: "/cygdrive/c/mingw-w64/x86_64-4.9.1-posix-seh-rt_v3-rev1/mingw64/bin"
15451545
GO_DIST: "C:\\golang\\go1.13"
1546+
PYTHON3_BINARY: "C:/python/Python38/python.exe"
1547+
VENV_BIN_DIR: "Scripts"
15461548
- id: "ubuntu1604-64-go-1-13"
15471549
display_name: "Ubuntu 16.04"
15481550
run_on: ubuntu1604-build
15491551
variables:
15501552
GO_DIST: "/opt/golang/go1.13"
1553+
PYTHON3_BINARY: "/opt/python/3.8/bin/python3"
15511554
- id: "osx-go-1-13"
15521555
display_name: "MacOS 10.14"
15531556
run_on: macos-1014
15541557
variables:
15551558
GO_DIST: "/opt/golang/go1.13"
1559+
PYTHON3_BINARY: python3
15561560

15571561
- id: os-aws-auth
15581562
display_name: OS
@@ -1673,3 +1677,19 @@ buildvariants:
16731677
batchtime: 20160 # 14 days
16741678
tasks:
16751679
- name: ".ocsp"
1680+
1681+
- matrix_name: "ocsp-test-windows"
1682+
matrix_spec: { version: ["4.4", "latest"], os-ssl-32: ["windows-64-go-1-13"] }
1683+
display_name: "OCSP ${version} ${os-ssl-32}"
1684+
batchtime: 20160 # 14 days
1685+
tasks:
1686+
# Windows MongoDB servers do not staple OCSP responses and only support RSA.
1687+
- name: ".ocsp-rsa !.ocsp-staple"
1688+
1689+
- matrix_name: "ocsp-test-macos"
1690+
matrix_spec: { version: ["4.4", "latest"], os-ssl-32: ["osx-go-1-13"] }
1691+
display_name: "OCSP ${version} ${os-ssl-32}"
1692+
batchtime: 20160 # 14 days
1693+
tasks:
1694+
# macos MongoDB servers do not staple OCSP responses and only support RSA.
1695+
- name: ".ocsp-rsa !.ocsp-staple"

mongo/ocsp_test.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ package mongo
99
import (
1010
"crypto/tls"
1111
"os"
12+
"runtime"
1213
"strconv"
1314
"testing"
1415
"time"
@@ -56,7 +57,15 @@ func TestOCSP(t *testing.T) {
5657
}
5758

5859
func createOCSPClientOptions(uri string) *options.ClientOptions {
59-
return options.Client().ApplyURI(uri).SetServerSelectionTimeout(500 * time.Millisecond)
60+
opts := options.Client().ApplyURI(uri)
61+
62+
timeout := 500 * time.Millisecond
63+
if runtime.GOOS == "windows" {
64+
// Non-stapled OCSP endpoint checks are slow on Windows.
65+
timeout = 5 * time.Second
66+
}
67+
opts.SetServerSelectionTimeout(timeout)
68+
return opts
6069
}
6170

6271
func createInsecureOCSPClientOptions(uri string) *options.ClientOptions {

0 commit comments

Comments
 (0)