diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2018-12-17 14:12:04 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-12-17 14:12:04 +0100 |
| commit | 51b821b3fdc5a7eab2369cb6a6680598a6264b08 (patch) | |
| tree | f3608a518bbb9e31b0a42b9a10742fb11ef5b39b /security/nss/tests/chains | |
| parent | 8e44bbb43789e585fab9fc1ce8becc94b45d566c (diff) | |
| parent | 680c3eadb6aaec1f3653636db081a519e0f62ef5 (diff) | |
| download | UXP-51b821b3fdc5a7eab2369cb6a6680598a6264b08.tar UXP-51b821b3fdc5a7eab2369cb6a6680598a6264b08.tar.gz UXP-51b821b3fdc5a7eab2369cb6a6680598a6264b08.tar.lz UXP-51b821b3fdc5a7eab2369cb6a6680598a6264b08.tar.xz UXP-51b821b3fdc5a7eab2369cb6a6680598a6264b08.zip | |
Merge branch 'master' into Sync-weave
Diffstat (limited to 'security/nss/tests/chains')
| -rwxr-xr-x | security/nss/tests/chains/chains.sh | 26 | ||||
| -rw-r--r-- | security/nss/tests/chains/scenarios/ipsec.cfg | 61 | ||||
| -rw-r--r-- | security/nss/tests/chains/scenarios/realcerts.cfg | 2 | ||||
| -rw-r--r-- | security/nss/tests/chains/scenarios/scenarios | 1 |
4 files changed, 83 insertions, 7 deletions
diff --git a/security/nss/tests/chains/chains.sh b/security/nss/tests/chains/chains.sh index 4c3fa57a0..32c7ef54c 100755 --- a/security/nss/tests/chains/chains.sh +++ b/security/nss/tests/chains/chains.sh @@ -51,13 +51,13 @@ is_httpserv_alive() wait_for_httpserv() { echo "trying to connect to httpserv at `date`" - echo "tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v" - ${BINDIR}/tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v + echo "tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v" + ${BINDIR}/tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v if [ $? -ne 0 ]; then sleep 5 echo "retrying to connect to httpserv at `date`" - echo "tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v" - ${BINDIR}/tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v + echo "tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v" + ${BINDIR}/tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v if [ $? -ne 0 ]; then html_failed "Waiting for Server" fi @@ -352,6 +352,12 @@ create_cert_req() -1 y " + else + CA_FLAG="-2" + EXT_DATA="n +-1 +y +" fi process_crldp @@ -974,8 +980,8 @@ check_ocsp() OCSP_HOST=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//") OCSP_PORT=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/^.*:.*:\/\/.*:\([0-9]*\).*$/\1/") - echo "tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20" - tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20 + echo "tstclnt -4 -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20" + tstclnt -4 -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20 return $? } @@ -1258,6 +1264,12 @@ process_scenario() rm ${AIA_FILES} } +# process ipsec.cfg separately +chains_ipsec() +{ + process_scenario "ipsec.cfg" +} + # process ocspd.cfg separately chains_ocspd() { @@ -1279,6 +1291,7 @@ chains_main() do [ `echo ${LINE} | cut -b 1` != "#" ] || continue + [ ${LINE} != 'ipsec.cfg' ] || continue [ ${LINE} != 'ocspd.cfg' ] || continue [ ${LINE} != 'method.cfg' ] || continue @@ -1292,6 +1305,7 @@ chains_init VERIFY_CLASSIC_ENGINE_TOO= chains_ocspd VERIFY_CLASSIC_ENGINE_TOO=1 +chains_ipsec chains_run_httpserv get chains_method chains_stop_httpserv diff --git a/security/nss/tests/chains/scenarios/ipsec.cfg b/security/nss/tests/chains/scenarios/ipsec.cfg new file mode 100644 index 000000000..811bf9c09 --- /dev/null +++ b/security/nss/tests/chains/scenarios/ipsec.cfg @@ -0,0 +1,61 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +scenario IPsec + +entity Root + type Root + +entity CA1 + type Intermediate + issuer Root + +entity NoKU + type EE + issuer CA1 + +entity DigSig + type EE + issuer CA1 + ku digitalSignature + +entity NonRep + type EE + issuer CA1 + ku nonRepudiation + +entity DigSigNonRepAndExtra + type EE + issuer CA1 + ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement + +entity NoMatch + type EE + issuer CA1 + ku keyEncipherment,dataEncipherment,keyAgreement + +db All + +import Root::C,, +import CA1:Root: + +verify NoKU:CA1 + usage 12 + result pass + +verify DigSig:CA1 + usage 12 + result pass + +verify NonRep:CA1 + usage 12 + result pass + +verify DigSigNonRepAndExtra:CA1 + usage 12 + result pass + +verify NoMatch:CA1 + usage 12 + result fail diff --git a/security/nss/tests/chains/scenarios/realcerts.cfg b/security/nss/tests/chains/scenarios/realcerts.cfg index d2a8c7143..305443fc3 100644 --- a/security/nss/tests/chains/scenarios/realcerts.cfg +++ b/security/nss/tests/chains/scenarios/realcerts.cfg @@ -21,7 +21,7 @@ verify TestUser51:x result pass verify PayPalEE:x - policy OID.2.16.840.1.114412.1.1 + policy OID.2.16.840.1.114412.2.1 result pass verify BrAirWaysBadSig:x diff --git a/security/nss/tests/chains/scenarios/scenarios b/security/nss/tests/chains/scenarios/scenarios index d26c3f92e..4eafd9c8d 100644 --- a/security/nss/tests/chains/scenarios/scenarios +++ b/security/nss/tests/chains/scenarios/scenarios @@ -22,3 +22,4 @@ ocsp.cfg crldp.cfg trustanchors.cfg nameconstraints.cfg +ipsec.cfg |