#!/bin/sh

# Checking if the CRL is verified.
# The verifyChain option verifies the peer certificate starting from the root CA.
# The self-signed root CA certificate is stored in the file specified with CAfile.
# Certificate Revocation Lists file is stored in the file specified with CRLfile.
# The failure is expected because the server presents the revoked certificate.

. $(dirname $0)/../test_library

start() {
  ../../src/stunnel -fd 0 <<EOT
  debug = debug
  syslog = no
  pid = ${result_path}/stunnel.pid
  output = ${result_path}/stunnel.log

  [client]
  client = yes
  accept = 127.0.0.1:${http1}
  connect = 127.0.0.1:${https1}
  verifyChain = yes
  CAfile = ${script_path}/certs/CACert.pem
  CRLfile = ${script_path}/certs/CACertCRL.pem

  [server]
  accept = 127.0.0.1:${https1}
  connect = 127.0.0.1:${http_nc}
  cert = ${script_path}/certs/revoked_cert.pem
EOT
}

test_log_for "113_failure_CRL_file" "failure" "0" "$1" "$2" "$3" 2>> "stderr.log"
exit $?
