Merge branch 'master' of https://github.com/MoonchildProductions/UXP into js_dom_performance-resource-timing_1

author: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-29 09:07:42 +0200
committer: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-29 09:07:42 +0200
commit: aff03b0a67c41cf7af5df9c9eef715a8b27a2667 (patch)
tree: aa2909ae4718f81c83c8cfb68c1f5a23485b3173 /security/manager/ssl/tests/unit/test_cert_trust.js
parent: bdb4ff581677ad1cd411b55a68c87534f9a64882 (diff)
parent: 11caf6ecb3cb8c84d2355a6c6e9580a290147e92 (diff)
download: UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.gz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.lz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.xz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.zip
1 files changed, 25 insertions, 3 deletions
diff --git a/security/manager/ssl/tests/unit/test_cert_trust.js b/security/manager/ssl/tests/unit/test_cert_trust.js
index 622678c7a..bf081f1bd 100644
--- a/security/manager/ssl/tests/unit/test_cert_trust.js
+++ b/security/manager/ssl/tests/unit/test_cert_trust.js
@@ -208,9 +208,31 @@ function run_test() {
   setCertTrust(ca_cert, ",,");
   setCertTrust(int_cert, ",,");
 
-  // It turns out that if an end-entity certificate is manually trusted, it can
-  // be the root of its own verified chain. This will be removed in bug 1294580.
-  setCertTrust(ee_cert, "C,,");
+  // If an end-entity certificate is manually trusted, it may not be the root of
+  // its own verified chain. In general this will cause "unknown issuer" errors
+  // unless a CA trust anchor can be found.
+  setCertTrust(ee_cert, "CTu,CTu,CTu");
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER,
+                        certificateUsageObjectSigner);
+
+  // Now make a CA trust anchor available.
+  setCertTrust(ca_cert, "CTu,CTu,CTu");
   checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
                         certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
 }
author	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-29 09:07:42 +0200
committer	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-29 09:07:42 +0200
commit	aff03b0a67c41cf7af5df9c9eef715a8b27a2667 (patch)
tree	aa2909ae4718f81c83c8cfb68c1f5a23485b3173 /security/manager/ssl/tests/unit/test_cert_trust.js
parent	bdb4ff581677ad1cd411b55a68c87534f9a64882 (diff)
parent	11caf6ecb3cb8c84d2355a6c6e9580a290147e92 (diff)
download	UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.gz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.lz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.xz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.zip