The Tor Browser / file comparison
comparison: security/manager/ssl/tests/unit/test_ocsp_required.js
security/manager/ssl/tests/unit/test_ocsp_required.js
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:c3b8bf62ef5f |
|---|---|
| 1 // -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- | |
| 2 // This Source Code Form is subject to the terms of the Mozilla Public | |
| 3 // License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 4 // file, You can obtain one at http://mozilla.org/MPL/2.0/. | |
| 5 "use strict"; | |
| 6 | |
| 7 // In which we connect to a domain (as faked by a server running locally) | |
| 8 // and start up an OCSP responder (also basically faked) that gives a | |
| 9 // response with a bad signature. With security.OCSP.require set to true, | |
| 10 // this should fail (but it also shouldn't cause assertion failures). | |
| 11 | |
| 12 let gOCSPRequestCount = 0; | |
| 13 | |
| 14 function run_test() { | |
| 15 do_get_profile(); | |
| 16 Services.prefs.setBoolPref("security.OCSP.require", true); | |
| 17 | |
| 18 // We don't actually make use of stapling in this test. This is just how we | |
| 19 // get a TLS connection. | |
| 20 add_tls_server_setup("OCSPStaplingServer"); | |
| 21 | |
| 22 let args = [["bad-signature", "localhostAndExampleCom", "unused"]]; | |
| 23 let ocspResponses = generateOCSPResponses(args, "tlsserver"); | |
| 24 let ocspResponseBadSignature = ocspResponses[0]; | |
| 25 | |
| 26 let ocspResponder = new HttpServer(); | |
| 27 ocspResponder.registerPrefixHandler("/", function (request, response) { | |
| 28 response.setStatusLine(request.httpVersion, 200, "OK"); | |
| 29 response.setHeader("Content-Type", "application/ocsp-response"); | |
| 30 response.write(ocspResponseBadSignature); | |
| 31 gOCSPRequestCount++; | |
| 32 }); | |
| 33 ocspResponder.start(8080); | |
| 34 | |
| 35 add_tests_in_mode(true); | |
| 36 add_tests_in_mode(false); | |
| 37 | |
| 38 add_test(function () { ocspResponder.stop(run_next_test); }); | |
| 39 | |
| 40 run_next_test(); | |
| 41 } | |
| 42 | |
| 43 function add_tests_in_mode(useMozillaPKIX) | |
| 44 { | |
| 45 add_test(function () { | |
| 46 Services.prefs.setBoolPref("security.use_mozillapkix_verification", | |
| 47 useMozillaPKIX); | |
| 48 run_next_test(); | |
| 49 }); | |
| 50 | |
| 51 add_connection_test("ocsp-stapling-none.example.com", | |
| 52 getXPCOMStatusFromNSS(SEC_ERROR_OCSP_BAD_SIGNATURE)); | |
| 53 add_connection_test("ocsp-stapling-none.example.com", | |
| 54 getXPCOMStatusFromNSS(SEC_ERROR_OCSP_BAD_SIGNATURE)); | |
| 55 add_test(function () { | |
| 56 do_check_eq(gOCSPRequestCount, 1); | |
| 57 gOCSPRequestCount = 0; | |
| 58 run_next_test(); | |
| 59 }); | |
| 60 } |
