RetroZilla/security/nss/tests/chains/scenarios/ocsp.cfg

178 lines
3.3 KiB
INI
Raw Normal View History

2018-05-04 16:08:28 +02:00
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
2015-10-21 05:03:22 +02:00
scenario OCSP
2018-05-04 16:08:28 +02:00
check_ocsp OCSPEE11OCSPCA1:d
2015-10-21 05:03:22 +02:00
db OCSPRoot
2018-05-04 16:08:28 +02:00
import OCSPRoot:d:CT,C,C
2015-10-21 05:03:22 +02:00
db OCSPCA1
import_key OCSPCA1
crl OCSPCA1
revoke OCSPCA1
serial 3
revoke OCSPCA1
serial 4
testdb OCSPRoot
#EE - OK, CA - OK
2018-05-04 16:08:28 +02:00
verify OCSPEE11OCSPCA1:d
cert OCSPCA1OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
2018-05-04 16:08:28 +02:00
rev_flags requireFreshInfo
2015-10-21 05:03:22 +02:00
rev_mtype ocsp
result pass
#EE - revoked, CA - OK
2018-05-04 16:08:28 +02:00
verify OCSPEE12OCSPCA1:d
cert OCSPCA1OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
2018-05-04 16:08:28 +02:00
rev_flags requireFreshInfo
2015-10-21 05:03:22 +02:00
rev_mtype ocsp
result fail
#EE - unknown
2018-05-04 16:08:28 +02:00
verify OCSPEE15OCSPCA1:d
cert OCSPCA1OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
rev_mtype ocsp
result pass
#EE - unknown, requireFreshInfo
2018-05-04 16:08:28 +02:00
verify OCSPEE15OCSPCA1:d
cert OCSPCA1OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
rev_flags requireFreshInfo
rev_mtype ocsp
result fail
2018-05-04 16:08:28 +02:00
#EE - OK, CA - revoked, leaf, no fresh info
verify OCSPEE21OCSPCA2:d
cert OCSPCA2OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
rev_mtype ocsp
result pass
2018-05-04 16:08:28 +02:00
#EE - OK, CA - revoked, leaf, requireFreshInfo
verify OCSPEE21OCSPCA2:d
cert OCSPCA2OCSPRoot:d
trust OCSPRoot
rev_type leaf
rev_flags requireFreshInfo
rev_mtype ocsp
result fail
#EE - OK, CA - revoked, chain, requireFreshInfo
verify OCSPEE21OCSPCA2:d
cert OCSPCA2OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type chain
rev_flags requireFreshInfo
rev_mtype ocsp
result fail
#EE - OK, CA - unknown
2018-05-04 16:08:28 +02:00
verify OCSPEE31OCSPCA3:d
cert OCSPCA3OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
rev_mtype ocsp
result pass
#EE - OK, CA - unknown, requireFreshInfo
2018-05-04 16:08:28 +02:00
verify OCSPEE31OCSPCA3:d
cert OCSPCA3OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
rev_flags requireFreshInfo
rev_mtype ocsp
result fail
#EE - revoked, doNotUse
2018-05-04 16:08:28 +02:00
verify OCSPEE12OCSPCA1:d
cert OCSPCA1OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
rev_mtype ocsp
rev_mflags doNotUse
result pass
#EE - revoked, forbidFetching
2018-05-04 16:08:28 +02:00
verify OCSPEE12OCSPCA1:d
cert OCSPCA1OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
rev_mtype ocsp
rev_mflags forbidFetching
result pass
#EE - unknown status, failIfNoInfo
2018-05-04 16:08:28 +02:00
verify OCSPEE15OCSPCA1:d
cert OCSPCA1OCSPRoot:d
trust OCSPRoot
rev_type leaf
rev_mtype ocsp
rev_mflags failIfNoInfo
result fail
#EE - OK, CA - revoked, leaf, failIfNoInfo
verify OCSPEE21OCSPCA2:d
cert OCSPCA2OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPRoot
rev_type leaf
rev_mtype ocsp
rev_mflags failIfNoInfo
result fail
testdb OCSPCA1
#EE - OK on OCSP, revoked locally - should fail ??
# two things about this test: crl is not imported into the db and
# cert 13 is not revoked by crl.
2018-05-04 16:08:28 +02:00
verify OCSPEE13OCSPCA1:d
cert OCSPCA1OCSPRoot:d
2015-10-21 05:03:22 +02:00
trust OCSPCA1
rev_type leaf
rev_flags testLocalInfoFirst
rev_mtype ocsp
result pass
2018-05-04 16:08:28 +02:00
db OCSPRoot1
import OCSPRoot:d:CT,C,C
verify OCSPEE23OCSPCA2:d
cert OCSPCA2OCSPRoot:d
trust OCSPRoot
rev_type chain
rev_mtype ocsp
rev_type leaf
rev_mtype ocsp
result fail
db OCSPRoot2
import OCSPRoot:d:T,,
# bug 527438
# expected result of this test is FAIL
verify OCSPEE23OCSPCA2:d
cert OCSPCA2OCSPRoot:d
trust OCSPRoot
rev_type chain
rev_mtype ocsp
rev_type leaf
rev_mtype ocsp
result pass