2018-05-04 16:08:28 +02:00
|
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
scenario OCSP
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
check_ocsp OCSPEE11OCSPCA1:d
|
|
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
db OCSPRoot
|
2018-05-04 16:08:28 +02:00
|
|
|
import OCSPRoot:d:CT,C,C
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
db OCSPCA1
|
|
|
|
|
import_key OCSPCA1
|
|
|
|
|
|
|
|
|
|
crl OCSPCA1
|
|
|
|
|
|
|
|
|
|
revoke OCSPCA1
|
|
|
|
|
serial 3
|
|
|
|
|
|
|
|
|
|
revoke OCSPCA1
|
|
|
|
|
serial 4
|
|
|
|
|
|
|
|
|
|
testdb OCSPRoot
|
|
|
|
|
|
|
|
|
|
#EE - OK, CA - OK
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE11OCSPCA1:d
|
|
|
|
|
cert OCSPCA1OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
2018-05-04 16:08:28 +02:00
|
|
|
rev_flags requireFreshInfo
|
2015-10-21 05:03:22 +02:00
|
|
|
rev_mtype ocsp
|
|
|
|
|
result pass
|
|
|
|
|
|
|
|
|
|
#EE - revoked, CA - OK
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE12OCSPCA1:d
|
|
|
|
|
cert OCSPCA1OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
2018-05-04 16:08:28 +02:00
|
|
|
rev_flags requireFreshInfo
|
2015-10-21 05:03:22 +02:00
|
|
|
rev_mtype ocsp
|
|
|
|
|
result fail
|
|
|
|
|
|
|
|
|
|
#EE - unknown
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE15OCSPCA1:d
|
|
|
|
|
cert OCSPCA1OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result pass
|
|
|
|
|
|
|
|
|
|
#EE - unknown, requireFreshInfo
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE15OCSPCA1:d
|
|
|
|
|
cert OCSPCA1OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_flags requireFreshInfo
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result fail
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
#EE - OK, CA - revoked, leaf, no fresh info
|
|
|
|
|
verify OCSPEE21OCSPCA2:d
|
|
|
|
|
cert OCSPCA2OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result pass
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
#EE - OK, CA - revoked, leaf, requireFreshInfo
|
|
|
|
|
verify OCSPEE21OCSPCA2:d
|
|
|
|
|
cert OCSPCA2OCSPRoot:d
|
|
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_flags requireFreshInfo
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result fail
|
|
|
|
|
|
|
|
|
|
#EE - OK, CA - revoked, chain, requireFreshInfo
|
|
|
|
|
verify OCSPEE21OCSPCA2:d
|
|
|
|
|
cert OCSPCA2OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type chain
|
|
|
|
|
rev_flags requireFreshInfo
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result fail
|
|
|
|
|
|
|
|
|
|
#EE - OK, CA - unknown
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE31OCSPCA3:d
|
|
|
|
|
cert OCSPCA3OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result pass
|
|
|
|
|
|
|
|
|
|
#EE - OK, CA - unknown, requireFreshInfo
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE31OCSPCA3:d
|
|
|
|
|
cert OCSPCA3OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_flags requireFreshInfo
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result fail
|
|
|
|
|
|
|
|
|
|
#EE - revoked, doNotUse
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE12OCSPCA1:d
|
|
|
|
|
cert OCSPCA1OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
rev_mflags doNotUse
|
|
|
|
|
result pass
|
|
|
|
|
|
|
|
|
|
#EE - revoked, forbidFetching
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE12OCSPCA1:d
|
|
|
|
|
cert OCSPCA1OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
rev_mflags forbidFetching
|
|
|
|
|
result pass
|
|
|
|
|
|
|
|
|
|
#EE - unknown status, failIfNoInfo
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE15OCSPCA1:d
|
|
|
|
|
cert OCSPCA1OCSPRoot:d
|
|
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
rev_mflags failIfNoInfo
|
|
|
|
|
result fail
|
|
|
|
|
|
|
|
|
|
#EE - OK, CA - revoked, leaf, failIfNoInfo
|
|
|
|
|
verify OCSPEE21OCSPCA2:d
|
|
|
|
|
cert OCSPCA2OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
rev_mflags failIfNoInfo
|
|
|
|
|
result fail
|
|
|
|
|
|
|
|
|
|
testdb OCSPCA1
|
|
|
|
|
|
|
|
|
|
#EE - OK on OCSP, revoked locally - should fail ??
|
|
|
|
|
# two things about this test: crl is not imported into the db and
|
|
|
|
|
# cert 13 is not revoked by crl.
|
2018-05-04 16:08:28 +02:00
|
|
|
verify OCSPEE13OCSPCA1:d
|
|
|
|
|
cert OCSPCA1OCSPRoot:d
|
2015-10-21 05:03:22 +02:00
|
|
|
trust OCSPCA1
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_flags testLocalInfoFirst
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result pass
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
db OCSPRoot1
|
|
|
|
|
import OCSPRoot:d:CT,C,C
|
|
|
|
|
|
|
|
|
|
verify OCSPEE23OCSPCA2:d
|
|
|
|
|
cert OCSPCA2OCSPRoot:d
|
|
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type chain
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result fail
|
|
|
|
|
|
|
|
|
|
db OCSPRoot2
|
|
|
|
|
import OCSPRoot:d:T,,
|
|
|
|
|
|
|
|
|
|
# bug 527438
|
|
|
|
|
# expected result of this test is FAIL
|
|
|
|
|
verify OCSPEE23OCSPCA2:d
|
|
|
|
|
cert OCSPCA2OCSPRoot:d
|
|
|
|
|
trust OCSPRoot
|
|
|
|
|
rev_type chain
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
rev_type leaf
|
|
|
|
|
rev_mtype ocsp
|
|
|
|
|
result pass
|
|
|
|
|
|
