wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

bug 990603 - test override for server certificate with basic constraints: CA=true r=briansmith

Browse Source
This commit is contained in:
David Keeler 2014-04-08 09:51:45 -07:00
parent 179fc74542
commit 2f779bc64a
8 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
security/manager/ssl/tests/unit/test_cert_overrides.js
View File

@ -40,9 +40,9 @@ function check_telemetry() {
.getHistogramById("SSL_CERT_ERROR_OVERRIDES")
.snapshot();
do_check_eq(histogram.counts[ 0], 0);
do_check_eq(histogram.counts[ 2], 7 + 1); // SEC_ERROR_UNKNOWN_ISSUER
do_check_eq(histogram.counts[ 2], 8 + 1); // SEC_ERROR_UNKNOWN_ISSUER
do_check_eq(histogram.counts[ 3], 0 + 2); // SEC_ERROR_CA_CERT_INVALID
do_check_eq(histogram.counts[ 4], 0 + 4); // SEC_ERROR_UNTRUSTED_ISSUER
do_check_eq(histogram.counts[ 4], 0 + 5); // SEC_ERROR_UNTRUSTED_ISSUER
do_check_eq(histogram.counts[ 5], 0 + 1); // SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
do_check_eq(histogram.counts[ 6], 0 + 1); // SEC_ERROR_UNTRUSTED_CERT
do_check_eq(histogram.counts[ 7], 0 + 1); // SEC_ERROR_INADEQUATE_KEY_USAGE
@ -147,6 +147,15 @@ function add_simple_tests(useMozillaPKIX) {
Ci.nsICertOverrideService.ERROR_UNTRUSTED,
getXPCOMStatusFromNSS(SEC_ERROR_INADEQUATE_KEY_USAGE));
}
// Bug 990603: Apache documentation has recommended generating a self-signed
// test certificate with basic constraints: CA:true. For compatibility, this
// is a scenario in which an override is allowed.
add_cert_override_test("self-signed-end-entity-with-cA-true.example.com",
Ci.nsICertOverrideService.ERROR_UNTRUSTED,
getXPCOMStatusFromNSS(
useMozillaPKIX ? SEC_ERROR_UNKNOWN_ISSUER
: SEC_ERROR_UNTRUSTED_ISSUER));
}
function add_combo_tests(useMozillaPKIX) {

BIN
security/manager/ssl/tests/unit/tlsserver/cert8.db
View File

Binary file not shown.

1
security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
View File

@ -41,6 +41,7 @@ const BadCertHost sBadCertHosts[] =
{ "mismatch-untrusted-expired.example.com", "mismatch-untrusted-expired" },
{ "inadequatekeyusage.example.com", "inadequatekeyusage" },
{ "selfsigned-inadequateEKU.example.com", "selfsigned-inadequateEKU" },
{ "self-signed-end-entity-with-cA-true.example.com", "self-signed-EE-with-cA-true" },
{ nullptr, nullptr }
};

BIN
security/manager/ssl/tests/unit/tlsserver/default-ee.der
View File

Binary file not shown.

2
security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
View File

@ -147,4 +147,6 @@ NSS_ALLOW_WEAK_SIGNATURE_ALG=1 make_EE md5signature-expired 'CN=Test MD5Signatur
make_EE inadequatekeyusage 'CN=Inadequate Key Usage Test End-entity' testCA "inadequatekeyusage.example.com" "--keyUsage crlSigning"
make_EE selfsigned-inadequateEKU 'CN=Self-signed Inadequate EKU Test End-entity' unused "selfsigned-inadequateEKU.example.com" "--keyUsage keyEncipherment,dataEncipherment --extKeyUsage serverAuth" "-x"
make_INT self-signed-EE-with-cA-true 'CN=Test Self-signed End-entity with CA true' unused "-x -8 self-signed-end-entity-with-cA-true.example.com"
cleanup

BIN
security/manager/ssl/tests/unit/tlsserver/key3.db
View File

Binary file not shown.

BIN
security/manager/ssl/tests/unit/tlsserver/other-test-ca.der
View File

Binary file not shown.

BIN
security/manager/ssl/tests/unit/tlsserver/test-ca.der
View File

Binary file not shown.