mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1047177 - Treat v4 certs as v3 certs. Tests (2/2). r=keeler.
--HG-- extra : rebase_source : 58be8a1ac652636fea80e83fc8eae2b7092c6edd
This commit is contained in:
Camilo Viecco
parent
ae0bde15f8
commit
bc4c9ba169
@ -214,6 +214,47 @@ def init_nss_db(db_dir):
|
||||
os.system("certutil -d sql:" + db_dir + " -N -f " + pwd_file);
|
||||
return [noise_file, pwd_file]
|
||||
|
||||
def generate_self_signed_cert(db_dir, dest_dir, noise_file, name, version, do_bc, is_ca):
|
||||
"""
|
||||
Creates a new self-signed certificate in an sql NSS database and as a der file
|
||||
Arguments:
|
||||
db_dir -- the location of the nss database (in sql format)
|
||||
dest_dir -- the location of for the output file
|
||||
noise_file -- the location of a noise file.
|
||||
name -- the nickname of the new certificate in the database and the
|
||||
common name of the certificate
|
||||
version -- the version number of the certificate (valid certs must use
|
||||
3)
|
||||
do_bc -- if the certificate should include the basic constraints
|
||||
(valid ca's should be true)
|
||||
is_ca -- mark the extenstion true or false
|
||||
output:
|
||||
outname -- the location of the der file.
|
||||
"""
|
||||
out_name = dest_dir + "/" + name + ".der"
|
||||
base_exec_string = ("certutil -S -z " + noise_file + " -g 2048 -d sql:" +
|
||||
db_dir + "/ -n " + name + " -v 120 -s 'CN=" + name +
|
||||
",O=PSM Testing,L=Mountain View,ST=California,C=US'" +
|
||||
" -t C,C,C -x --certVersion=" + str(int(version)))
|
||||
if (do_bc):
|
||||
child = pexpect.spawn(base_exec_string + " -2")
|
||||
child.logfile = sys.stdout
|
||||
child.expect('Is this a CA certificate \[y/N\]?')
|
||||
if (is_ca):
|
||||
child.sendline('y')
|
||||
else:
|
||||
child.sendline('N')
|
||||
child.expect('Enter the path length constraint, enter to skip \[<0 for unlimited path\]: >')
|
||||
child.sendline('')
|
||||
child.expect('Is this a critical extension \[y/N\]?')
|
||||
child.sendline('')
|
||||
child.expect(pexpect.EOF)
|
||||
else:
|
||||
os.system(base_exec_string)
|
||||
os.system("certutil -d sql:" + db_dir + "/ -L -n " + name + " -r > " +
|
||||
out_name)
|
||||
return out_name
|
||||
|
||||
def generate_ca_cert(db_dir, dest_dir, noise_file, name, version, do_bc):
|
||||
"""
|
||||
Creates a new CA certificate in an sql NSS database and as a der file
|
||||
@ -230,26 +271,8 @@ def generate_ca_cert(db_dir, dest_dir, noise_file, name, version, do_bc):
|
||||
output:
|
||||
outname -- the location of the der file.
|
||||
"""
|
||||
out_name = dest_dir + "/" + name + ".der"
|
||||
base_exec_string = ("certutil -S -z " + noise_file + " -g 2048 -d sql:" +
|
||||
db_dir + "/ -n " + name + " -v 120 -s 'CN=" + name +
|
||||
",O=PSM Testing,L=Mountain View,ST=California,C=US'" +
|
||||
" -t C,C,C -x --certVersion=" + str(int(version)))
|
||||
if (do_bc):
|
||||
child = pexpect.spawn(base_exec_string + " -2")
|
||||
child.logfile = sys.stdout
|
||||
child.expect('Is this a CA certificate \[y/N\]?')
|
||||
child.sendline('y')
|
||||
child.expect('Enter the path length constraint, enter to skip \[<0 for unlimited path\]: >')
|
||||
child.sendline('')
|
||||
child.expect('Is this a critical extension \[y/N\]?')
|
||||
child.sendline('')
|
||||
child.expect(pexpect.EOF)
|
||||
else:
|
||||
os.system(base_exec_string)
|
||||
os.system("certutil -d sql:" + db_dir + "/ -L -n " + name + " -r > " +
|
||||
out_name)
|
||||
return out_name
|
||||
return generate_self_signed_cert(db_dir, dest_dir, noise_file, name, version, do_bc, True)
|
||||
|
||||
|
||||
def generate_child_cert(db_dir, dest_dir, noise_file, name, ca_nick, version,
|
||||
do_bc, is_ee, ocsp_url):
|
||||
|
||||
@ -84,7 +84,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v1_int-v1_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v1_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v1_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v1_ca.der'), ee_error);
|
||||
|
||||
// v1 intermediate with v3 extensions. CA is invalid.
|
||||
check_ca_err(cert_from_file('v1_int_bc-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
@ -106,7 +106,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v2_int-v1_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v2_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v2_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v1_ca.der'), ee_error);
|
||||
|
||||
// A v2 intermediate with basic constraints (not allowed in mozilla::pkix)
|
||||
check_ca_err(cert_from_file('v2_int_bc-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
@ -129,7 +129,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v3_int_missing_bc-v1_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int_missing_bc-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int_missing_bc-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v1_ca.der'), ee_error);
|
||||
|
||||
// It is valid for a v1 ca to sign a v3 intemediate.
|
||||
check_ok_ca(cert_from_file('v3_int-v1_ca.der'));
|
||||
@ -139,7 +139,7 @@ function run_test() {
|
||||
check_ok(cert_from_file('v3_bc_ee-v3_int-v1_ca.der'));
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int-v1_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_ok(cert_from_file('v4_bc_ee-v3_int-v1_ca.der'));
|
||||
|
||||
// The next groups change the v1 ca for a v1 ca with base constraints
|
||||
// (invalid trust anchor). The error pattern is the same as the groups
|
||||
@ -155,7 +155,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v1_int-v1_ca_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v1_int-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v1_int-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v1_ca_bc.der'), ee_error);
|
||||
|
||||
// Using a v1 intermediate with v3 extenstions (invalid).
|
||||
check_ca_err(cert_from_file('v1_int_bc-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
@ -177,7 +177,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v2_int-v1_ca_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v2_int-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v2_int-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v1_ca_bc.der'), ee_error);
|
||||
|
||||
// Using a v2 intermediate with basic constraints (invalid)
|
||||
check_ca_err(cert_from_file('v2_int_bc-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
@ -199,7 +199,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v3_int_missing_bc-v1_ca_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int_missing_bc-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int_missing_bc-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v1_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v1_ca_bc.der'), ee_error);
|
||||
|
||||
// these should pass assuming we are OK with v1 ca signing v3 intermediates
|
||||
ca_error = SEC_ERROR_EXTENSION_VALUE_INVALID;
|
||||
@ -228,7 +228,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v1_int-v2_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v1_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v1_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v2_ca.der'), ee_error);
|
||||
|
||||
// v2 ca, v1 intermediate with basic constraints (invalid)
|
||||
check_ca_err(cert_from_file('v1_int_bc-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
@ -250,7 +250,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v2_int-v2_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v2_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v2_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v2_ca.der'), ee_error);
|
||||
|
||||
// v2 ca, v2 intermediate with basic constraints (invalid)
|
||||
check_ca_err(cert_from_file('v2_int_bc-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
@ -272,7 +272,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v3_int_missing_bc-v2_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int_missing_bc-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int_missing_bc-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v2_ca.der'), ee_error);
|
||||
|
||||
// v2 ca, v3 intermediate
|
||||
ca_error = SEC_ERROR_CA_CERT_INVALID;
|
||||
@ -284,7 +284,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v3_int-v2_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int-v2_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int-v2_ca.der'), ee_error);
|
||||
|
||||
// v2 ca, v1 intermediate
|
||||
ca_error = SEC_ERROR_CA_CERT_INVALID;
|
||||
@ -296,7 +296,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v1_int-v2_ca_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v1_int-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v1_int-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v2_ca_bc.der'), ee_error);
|
||||
|
||||
// v2 ca, v1 intermediate with bc (invalid)
|
||||
check_ca_err(cert_from_file('v1_int_bc-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
@ -318,7 +318,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v2_int-v2_ca_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v2_int-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v2_int-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v2_ca_bc.der'), ee_error);
|
||||
|
||||
// v2 ca, v2 intermediate with bc (invalid)
|
||||
check_ca_err(cert_from_file('v2_int_bc-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
@ -340,7 +340,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v3_int_missing_bc-v2_ca_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int_missing_bc-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int_missing_bc-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v2_ca_bc.der'), ee_error);
|
||||
|
||||
// v2 ca, valid v3 intermediate (is OK if we use 'classic' semantics)
|
||||
check_ca_err(cert_from_file('v3_int-v2_ca_bc.der'), SEC_ERROR_BAD_DER);
|
||||
@ -366,7 +366,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v1_int-v3_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v1_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v1_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v3_ca.der'), ee_error);
|
||||
|
||||
// A v1 intermediate with v3 extensions
|
||||
check_ca_err(cert_from_file('v1_int_bc-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
@ -388,7 +388,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v2_int-v3_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v2_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v2_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v3_ca.der'), ee_error);
|
||||
|
||||
// v2 intermediate with bc (invalid)
|
||||
check_ca_err(cert_from_file('v2_int_bc-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
@ -410,7 +410,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v3_int_missing_bc-v3_ca.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int_missing_bc-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int_missing_bc-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v3_ca.der'), ee_error);
|
||||
|
||||
// I dont think that v3 intermediates should be allowed to sign v1 or v2
|
||||
// certs, but other thanthat this is what we usually get in the wild.
|
||||
@ -421,7 +421,7 @@ function run_test() {
|
||||
check_ok(cert_from_file('v3_bc_ee-v3_int-v3_ca.der'));
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int-v3_ca.der'), SEC_ERROR_BAD_DER);
|
||||
check_ok(cert_from_file('v4_bc_ee-v3_int-v3_ca.der'));
|
||||
|
||||
// v3 CA, invalid v3 intermediate
|
||||
ca_error = SEC_ERROR_CA_CERT_INVALID;
|
||||
@ -433,7 +433,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v1_int-v3_ca_missing_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v1_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v1_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v1_int-v3_ca_missing_bc.der'), ee_error);
|
||||
|
||||
// Int v1 with BC that is just invalid (classic fail insanity OK)
|
||||
check_ca_err(cert_from_file('v1_int_bc-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
@ -455,7 +455,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v2_int-v3_ca_missing_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v2_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v2_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v2_int-v3_ca_missing_bc.der'), ee_error);
|
||||
|
||||
// v2 intermediate (even with basic constraints) is invalid
|
||||
check_ca_err(cert_from_file('v2_int_bc-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
@ -477,7 +477,7 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v3_int_missing_bc-v3_ca_missing_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int_missing_bc-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int_missing_bc-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int_missing_bc-v3_ca_missing_bc.der'), ee_error);
|
||||
|
||||
// With a v3 root missing bc and valid v3 intermediate
|
||||
ca_error = SEC_ERROR_CA_CERT_INVALID;
|
||||
@ -489,5 +489,11 @@ function run_test() {
|
||||
check_cert_err(cert_from_file('v3_bc_ee-v3_int-v3_ca_missing_bc.der'), ee_error);
|
||||
check_cert_err(cert_from_file('v1_bc_ee-v3_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v2_bc_ee-v3_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int-v3_ca_missing_bc.der'), SEC_ERROR_BAD_DER);
|
||||
check_cert_err(cert_from_file('v4_bc_ee-v3_int-v3_ca_missing_bc.der'), ee_error);
|
||||
|
||||
// self-signed
|
||||
check_cert_err(cert_from_file('v3_self_signed.der'), SEC_ERROR_UNKNOWN_ISSUER);
|
||||
check_cert_err(cert_from_file('v3_self_signed_bc.der'), SEC_ERROR_UNKNOWN_ISSUER);
|
||||
check_cert_err(cert_from_file('v4_self_signed.der'), SEC_ERROR_UNKNOWN_ISSUER);
|
||||
check_cert_err(cert_from_file('v4_self_signed_bc.der'), SEC_ERROR_UNKNOWN_ISSUER);
|
||||
}
|
||||
|
||||
@ -74,4 +74,13 @@ def generate_certs():
|
||||
generate_ca(db, srcdir, noise_file, "v3_ca", 3, True )
|
||||
generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False)
|
||||
|
||||
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v3_self_signed",
|
||||
3, False, False)
|
||||
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v3_self_signed_bc",
|
||||
3, True, False)
|
||||
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v4_self_signed",
|
||||
4, False, False);
|
||||
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v4_self_signed_bc",
|
||||
4, True, False);
|
||||
|
||||
generate_certs();
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user