| # This Source Code Form is subject to the terms of the Mozilla Public |
| # License, v. 2.0. If a copy of the MPL was not distributed with this |
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| |
| scenario OCSP |
| |
| check_ocsp OCSPEE11OCSPCA1:d |
| |
| db OCSPRoot |
| import OCSPRoot:d:CT,C,C |
| |
| db OCSPCA1 |
| import_key OCSPCA1 |
| |
| crl OCSPCA1 |
| |
| revoke OCSPCA1 |
| serial 3 |
| |
| revoke OCSPCA1 |
| serial 4 |
| |
| testdb OCSPRoot |
| |
| #EE - OK, CA - OK |
| verify OCSPEE11OCSPCA1:d |
| cert OCSPCA1OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_flags requireFreshInfo |
| rev_mtype ocsp |
| result pass |
| |
| #EE - revoked, CA - OK |
| verify OCSPEE12OCSPCA1:d |
| cert OCSPCA1OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_flags requireFreshInfo |
| rev_mtype ocsp |
| result fail |
| |
| #EE - unknown |
| verify OCSPEE15OCSPCA1:d |
| cert OCSPCA1OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_mtype ocsp |
| result pass |
| |
| #EE - unknown, requireFreshInfo |
| verify OCSPEE15OCSPCA1:d |
| cert OCSPCA1OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_flags requireFreshInfo |
| rev_mtype ocsp |
| result fail |
| |
| #EE - OK, CA - revoked, leaf, no fresh info |
| verify OCSPEE21OCSPCA2:d |
| cert OCSPCA2OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_mtype ocsp |
| result pass |
| |
| #EE - OK, CA - revoked, leaf, requireFreshInfo |
| verify OCSPEE21OCSPCA2:d |
| cert OCSPCA2OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_flags requireFreshInfo |
| rev_mtype ocsp |
| result fail |
| |
| #EE - OK, CA - revoked, chain, requireFreshInfo |
| verify OCSPEE21OCSPCA2:d |
| cert OCSPCA2OCSPRoot:d |
| trust OCSPRoot |
| rev_type chain |
| rev_flags requireFreshInfo |
| rev_mtype ocsp |
| result fail |
| |
| #EE - OK, CA - unknown |
| verify OCSPEE31OCSPCA3:d |
| cert OCSPCA3OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_mtype ocsp |
| result pass |
| |
| #EE - OK, CA - unknown, requireFreshInfo |
| verify OCSPEE31OCSPCA3:d |
| cert OCSPCA3OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_flags requireFreshInfo |
| rev_mtype ocsp |
| result fail |
| |
| #EE - revoked, doNotUse |
| verify OCSPEE12OCSPCA1:d |
| cert OCSPCA1OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_mtype ocsp |
| rev_mflags doNotUse |
| result pass |
| |
| #EE - revoked, forbidFetching |
| verify OCSPEE12OCSPCA1:d |
| cert OCSPCA1OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_mtype ocsp |
| rev_mflags forbidFetching |
| result pass |
| |
| #EE - unknown status, failIfNoInfo |
| verify OCSPEE15OCSPCA1:d |
| cert OCSPCA1OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_mtype ocsp |
| rev_mflags failIfNoInfo |
| result fail |
| |
| #EE - OK, CA - revoked, leaf, failIfNoInfo |
| verify OCSPEE21OCSPCA2:d |
| cert OCSPCA2OCSPRoot:d |
| trust OCSPRoot |
| rev_type leaf |
| rev_mtype ocsp |
| rev_mflags failIfNoInfo |
| result fail |
| |
| testdb OCSPCA1 |
| |
| #EE - OK on OCSP, revoked locally - should fail ?? |
| # two things about this test: crl is not imported into the db and |
| # cert 13 is not revoked by crl. |
| verify OCSPEE13OCSPCA1:d |
| cert OCSPCA1OCSPRoot:d |
| trust OCSPCA1 |
| rev_type leaf |
| rev_flags testLocalInfoFirst |
| rev_mtype ocsp |
| result pass |
| |
| db OCSPRoot1 |
| import OCSPRoot:d:CT,C,C |
| |
| verify OCSPEE23OCSPCA2:d |
| cert OCSPCA2OCSPRoot:d |
| trust OCSPRoot |
| rev_type chain |
| rev_mtype ocsp |
| rev_type leaf |
| rev_mtype ocsp |
| result fail |
| |
| db OCSPRoot2 |
| import OCSPRoot:d:T,, |
| |
| # bug 527438 |
| # expected result of this test is FAIL |
| verify OCSPEE23OCSPCA2:d |
| cert OCSPCA2OCSPRoot:d |
| trust OCSPRoot |
| rev_type chain |
| rev_mtype ocsp |
| rev_type leaf |
| rev_mtype ocsp |
| result pass |
| |
