# ***** BEGIN LICENSE BLOCK ***** # Version: MPL 1.1/GPL 2.0/LGPL 2.1 # # The contents of this file are subject to the Mozilla Public License Version # 1.1 (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # http://www.mozilla.org/MPL/ # # Software distributed under the License is distributed on an "AS IS" basis, # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License # for the specific language governing rights and limitations under the # License. # # The Original Code is the Network Security Services (NSS) # # The Initial Developer of the Original Code is Sun Microsystems, Inc. # Portions created by the Initial Developer are Copyright (C) 2009 # the Initial Developer. All Rights Reserved. # # Contributor(s): # Slavomir Katuscak , Sun Microsystems # # Alternatively, the contents of this file may be used under the terms of # either the GNU General Public License Version 2 or later (the "GPL"), or # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), # in which case the provisions of the GPL or the LGPL are applicable instead # of those above. If you wish to allow use of your version of this file only # under the terms of either the GPL or the LGPL, and not to allow others to # use your version of this file under the terms of the MPL, indicate your # decision by deleting the provisions above and replace them with the notice # and other provisions required by the GPL or the LGPL. If you do not delete # the provisions above, a recipient may use your version of this file under # the terms of any one of the MPL, the GPL or the LGPL. # # ***** END LICENSE BLOCK ***** scenario OCSP check_ocsp OCSPEE11:x db OCSPRoot import OCSPRoot:x:CT,C,C db OCSPCA1 import_key OCSPCA1 crl OCSPCA1 revoke OCSPCA1 serial 3 revoke OCSPCA1 serial 4 testdb OCSPRoot #EE - OK, CA - OK verify OCSPEE11:x cert OCSPCA1:x trust OCSPRoot rev_type leaf rev_flags requireFreshInfo rev_mtype ocsp result pass #EE - revoked, CA - OK verify OCSPEE12:x cert OCSPCA1:x trust OCSPRoot rev_type leaf rev_flags requireFreshInfo rev_mtype ocsp result fail #EE - unknown verify OCSPEE15:x cert OCSPCA1:x trust OCSPRoot rev_type leaf rev_mtype ocsp result pass #EE - unknown, requireFreshInfo verify OCSPEE15:x cert OCSPCA1:x trust OCSPRoot rev_type leaf rev_flags requireFreshInfo rev_mtype ocsp result fail #EE - OK, CA - revoked, leaf, no fresh info verify OCSPEE21:x cert OCSPCA2:x trust OCSPRoot rev_type leaf rev_mtype ocsp result pass #EE - OK, CA - revoked, leaf, requireFreshInfo verify OCSPEE21:x cert OCSPCA2:x trust OCSPRoot rev_type leaf rev_flags requireFreshInfo rev_mtype ocsp result fail #EE - OK, CA - revoked, chain, requireFreshInfo verify OCSPEE21:x cert OCSPCA2:x trust OCSPRoot rev_type chain rev_flags requireFreshInfo rev_mtype ocsp result fail #EE - OK, CA - unknown verify OCSPEE31:x cert OCSPCA3:x trust OCSPRoot rev_type leaf rev_mtype ocsp result pass #EE - OK, CA - unknown, requireFreshInfo verify OCSPEE31:x cert OCSPCA3:x trust OCSPRoot rev_type leaf rev_flags requireFreshInfo rev_mtype ocsp result fail #EE - revoked, doNotUse verify OCSPEE12:x cert OCSPCA1:x trust OCSPRoot rev_type leaf rev_mtype ocsp rev_mflags doNotUse result pass #EE - revoked, forbidFetching verify OCSPEE12:x cert OCSPCA1:x trust OCSPRoot rev_type leaf rev_mtype ocsp rev_mflags forbidFetching result pass #EE - unknown status, failIfNoInfo verify OCSPEE15:x cert OCSPCA1:x trust OCSPRoot rev_type leaf rev_mtype ocsp rev_mflags failIfNoInfo result fail #EE - OK, CA - revoked, leaf, failIfNoInfo verify OCSPEE21:x cert OCSPCA2:x trust OCSPRoot rev_type leaf rev_mtype ocsp rev_mflags failIfNoInfo result fail testdb OCSPCA1 #EE - OK on OCSP, revoked locally - should fail ?? # two things about this test: crl is not imported into the db and # cert 13 is not revoked by crl. verify OCSPEE13:x cert OCSPCA1:x trust OCSPCA1 rev_type leaf rev_flags testLocalInfoFirst rev_mtype ocsp result pass db OCSPRoot1 import OCSPRoot:x:CT,C,C verify OCSPEE23:x cert OCSPCA2:x trust OCSPRoot rev_type chain rev_mtype ocsp rev_type leaf rev_mtype ocsp result fail db OCSPRoot2 import OCSPRoot:x:T,, # bug 527438 # expected result of this test is FAIL verify OCSPEE23:x cert OCSPCA2:x trust OCSPRoot rev_type chain rev_mtype ocsp rev_type leaf rev_mtype ocsp result pass