summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/chains
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/tests/chains')
-rwxr-xr-xsecurity/nss/tests/chains/chains.sh26
-rw-r--r--security/nss/tests/chains/scenarios/ipsec.cfg61
-rw-r--r--security/nss/tests/chains/scenarios/realcerts.cfg2
-rw-r--r--security/nss/tests/chains/scenarios/scenarios1
4 files changed, 83 insertions, 7 deletions
diff --git a/security/nss/tests/chains/chains.sh b/security/nss/tests/chains/chains.sh
index 4c3fa57a0..32c7ef54c 100755
--- a/security/nss/tests/chains/chains.sh
+++ b/security/nss/tests/chains/chains.sh
@@ -51,13 +51,13 @@ is_httpserv_alive()
wait_for_httpserv()
{
echo "trying to connect to httpserv at `date`"
- echo "tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
- ${BINDIR}/tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
+ echo "tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
+ ${BINDIR}/tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
if [ $? -ne 0 ]; then
sleep 5
echo "retrying to connect to httpserv at `date`"
- echo "tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
- ${BINDIR}/tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
+ echo "tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
+ ${BINDIR}/tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
if [ $? -ne 0 ]; then
html_failed "Waiting for Server"
fi
@@ -352,6 +352,12 @@ create_cert_req()
-1
y
"
+ else
+ CA_FLAG="-2"
+ EXT_DATA="n
+-1
+y
+"
fi
process_crldp
@@ -974,8 +980,8 @@ check_ocsp()
OCSP_HOST=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
OCSP_PORT=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/^.*:.*:\/\/.*:\([0-9]*\).*$/\1/")
- echo "tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20"
- tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20
+ echo "tstclnt -4 -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20"
+ tstclnt -4 -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20
return $?
}
@@ -1258,6 +1264,12 @@ process_scenario()
rm ${AIA_FILES}
}
+# process ipsec.cfg separately
+chains_ipsec()
+{
+ process_scenario "ipsec.cfg"
+}
+
# process ocspd.cfg separately
chains_ocspd()
{
@@ -1279,6 +1291,7 @@ chains_main()
do
[ `echo ${LINE} | cut -b 1` != "#" ] || continue
+ [ ${LINE} != 'ipsec.cfg' ] || continue
[ ${LINE} != 'ocspd.cfg' ] || continue
[ ${LINE} != 'method.cfg' ] || continue
@@ -1292,6 +1305,7 @@ chains_init
VERIFY_CLASSIC_ENGINE_TOO=
chains_ocspd
VERIFY_CLASSIC_ENGINE_TOO=1
+chains_ipsec
chains_run_httpserv get
chains_method
chains_stop_httpserv
diff --git a/security/nss/tests/chains/scenarios/ipsec.cfg b/security/nss/tests/chains/scenarios/ipsec.cfg
new file mode 100644
index 000000000..811bf9c09
--- /dev/null
+++ b/security/nss/tests/chains/scenarios/ipsec.cfg
@@ -0,0 +1,61 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario IPsec
+
+entity Root
+ type Root
+
+entity CA1
+ type Intermediate
+ issuer Root
+
+entity NoKU
+ type EE
+ issuer CA1
+
+entity DigSig
+ type EE
+ issuer CA1
+ ku digitalSignature
+
+entity NonRep
+ type EE
+ issuer CA1
+ ku nonRepudiation
+
+entity DigSigNonRepAndExtra
+ type EE
+ issuer CA1
+ ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
+
+entity NoMatch
+ type EE
+ issuer CA1
+ ku keyEncipherment,dataEncipherment,keyAgreement
+
+db All
+
+import Root::C,,
+import CA1:Root:
+
+verify NoKU:CA1
+ usage 12
+ result pass
+
+verify DigSig:CA1
+ usage 12
+ result pass
+
+verify NonRep:CA1
+ usage 12
+ result pass
+
+verify DigSigNonRepAndExtra:CA1
+ usage 12
+ result pass
+
+verify NoMatch:CA1
+ usage 12
+ result fail
diff --git a/security/nss/tests/chains/scenarios/realcerts.cfg b/security/nss/tests/chains/scenarios/realcerts.cfg
index d2a8c7143..305443fc3 100644
--- a/security/nss/tests/chains/scenarios/realcerts.cfg
+++ b/security/nss/tests/chains/scenarios/realcerts.cfg
@@ -21,7 +21,7 @@ verify TestUser51:x
result pass
verify PayPalEE:x
- policy OID.2.16.840.1.114412.1.1
+ policy OID.2.16.840.1.114412.2.1
result pass
verify BrAirWaysBadSig:x
diff --git a/security/nss/tests/chains/scenarios/scenarios b/security/nss/tests/chains/scenarios/scenarios
index d26c3f92e..4eafd9c8d 100644
--- a/security/nss/tests/chains/scenarios/scenarios
+++ b/security/nss/tests/chains/scenarios/scenarios
@@ -22,3 +22,4 @@ ocsp.cfg
crldp.cfg
trustanchors.cfg
nameconstraints.cfg
+ipsec.cfg