security/nss/tests/chains/scenarios/ocsp.cfg@b8a032363ba2
security/nss/tests/chains/scenarios/ocsp.cfg
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 # This Source Code Form is subject to the terms of the Mozilla Public
2 # License, v. 2.0. If a copy of the MPL was not distributed with this
3 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
5 scenario OCSP
7 check_ocsp OCSPEE11OCSPCA1:d
9 db OCSPRoot
10 import OCSPRoot:d:CT,C,C
12 db OCSPCA1
13 import_key OCSPCA1
15 crl OCSPCA1
17 revoke OCSPCA1
18 serial 3
20 revoke OCSPCA1
21 serial 4
23 testdb OCSPRoot
25 #EE - OK, CA - OK
26 verify OCSPEE11OCSPCA1:d
27 cert OCSPCA1OCSPRoot:d
28 trust OCSPRoot
29 rev_type leaf
30 rev_flags requireFreshInfo
31 rev_mtype ocsp
32 result pass
34 #EE - revoked, CA - OK
35 verify OCSPEE12OCSPCA1:d
36 cert OCSPCA1OCSPRoot:d
37 trust OCSPRoot
38 rev_type leaf
39 rev_flags requireFreshInfo
40 rev_mtype ocsp
41 result fail
43 #EE - unknown
44 verify OCSPEE15OCSPCA1:d
45 cert OCSPCA1OCSPRoot:d
46 trust OCSPRoot
47 rev_type leaf
48 rev_mtype ocsp
49 result pass
51 #EE - unknown, requireFreshInfo
52 verify OCSPEE15OCSPCA1:d
53 cert OCSPCA1OCSPRoot:d
54 trust OCSPRoot
55 rev_type leaf
56 rev_flags requireFreshInfo
57 rev_mtype ocsp
58 result fail
60 #EE - OK, CA - revoked, leaf, no fresh info
61 verify OCSPEE21OCSPCA2:d
62 cert OCSPCA2OCSPRoot:d
63 trust OCSPRoot
64 rev_type leaf
65 rev_mtype ocsp
66 result pass
68 #EE - OK, CA - revoked, leaf, requireFreshInfo
69 verify OCSPEE21OCSPCA2:d
70 cert OCSPCA2OCSPRoot:d
71 trust OCSPRoot
72 rev_type leaf
73 rev_flags requireFreshInfo
74 rev_mtype ocsp
75 result fail
77 #EE - OK, CA - revoked, chain, requireFreshInfo
78 verify OCSPEE21OCSPCA2:d
79 cert OCSPCA2OCSPRoot:d
80 trust OCSPRoot
81 rev_type chain
82 rev_flags requireFreshInfo
83 rev_mtype ocsp
84 result fail
86 #EE - OK, CA - unknown
87 verify OCSPEE31OCSPCA3:d
88 cert OCSPCA3OCSPRoot:d
89 trust OCSPRoot
90 rev_type leaf
91 rev_mtype ocsp
92 result pass
94 #EE - OK, CA - unknown, requireFreshInfo
95 verify OCSPEE31OCSPCA3:d
96 cert OCSPCA3OCSPRoot:d
97 trust OCSPRoot
98 rev_type leaf
99 rev_flags requireFreshInfo
100 rev_mtype ocsp
101 result fail
103 #EE - revoked, doNotUse
104 verify OCSPEE12OCSPCA1:d
105 cert OCSPCA1OCSPRoot:d
106 trust OCSPRoot
107 rev_type leaf
108 rev_mtype ocsp
109 rev_mflags doNotUse
110 result pass
112 #EE - revoked, forbidFetching
113 verify OCSPEE12OCSPCA1:d
114 cert OCSPCA1OCSPRoot:d
115 trust OCSPRoot
116 rev_type leaf
117 rev_mtype ocsp
118 rev_mflags forbidFetching
119 result pass
121 #EE - unknown status, failIfNoInfo
122 verify OCSPEE15OCSPCA1:d
123 cert OCSPCA1OCSPRoot:d
124 trust OCSPRoot
125 rev_type leaf
126 rev_mtype ocsp
127 rev_mflags failIfNoInfo
128 result fail
130 #EE - OK, CA - revoked, leaf, failIfNoInfo
131 verify OCSPEE21OCSPCA2:d
132 cert OCSPCA2OCSPRoot:d
133 trust OCSPRoot
134 rev_type leaf
135 rev_mtype ocsp
136 rev_mflags failIfNoInfo
137 result fail
139 testdb OCSPCA1
141 #EE - OK on OCSP, revoked locally - should fail ??
142 # two things about this test: crl is not imported into the db and
143 # cert 13 is not revoked by crl.
144 verify OCSPEE13OCSPCA1:d
145 cert OCSPCA1OCSPRoot:d
146 trust OCSPCA1
147 rev_type leaf
148 rev_flags testLocalInfoFirst
149 rev_mtype ocsp
150 result pass
152 db OCSPRoot1
153 import OCSPRoot:d:CT,C,C
155 verify OCSPEE23OCSPCA2:d
156 cert OCSPCA2OCSPRoot:d
157 trust OCSPRoot
158 rev_type chain
159 rev_mtype ocsp
160 rev_type leaf
161 rev_mtype ocsp
162 result fail
164 db OCSPRoot2
165 import OCSPRoot:d:T,,
167 # bug 527438
168 # expected result of this test is FAIL
169 verify OCSPEE23OCSPCA2:d
170 cert OCSPCA2OCSPRoot:d
171 trust OCSPRoot
172 rev_type chain
173 rev_mtype ocsp
174 rev_type leaf
175 rev_mtype ocsp
176 result pass
