diff options
| author | Robert Relyea <rrelyea@redhat.com> | 2018-11-09 15:42:43 -0800 |
|---|---|---|
| committer | Robert Relyea <rrelyea@redhat.com> | 2018-11-09 15:42:43 -0800 |
| commit | 9dcbb13974272886b6e1499b092166aed6016bd4 (patch) | |
| tree | 263fd459dff9a2154e8bfcc6e954eb4d4749467d /tests/chains | |
| parent | 34805e5f374fb05deb2f4c04549904ade45bfdd6 (diff) | |
| download | nss-hg-9dcbb13974272886b6e1499b092166aed6016bd4.tar.gz | |
# Bug 1252891 Implement certUsageIPSec as defined in RFC 4945
Patch by Kai
r=rrelyea
Diffstat (limited to 'tests/chains')
| -rwxr-xr-x | tests/chains/chains.sh | 14 | ||||
| -rw-r--r-- | tests/chains/scenarios/ipsec.cfg | 61 | ||||
| -rw-r--r-- | tests/chains/scenarios/scenarios | 1 |
3 files changed, 76 insertions, 0 deletions
diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh index 62d961a29..32c7ef54c 100755 --- a/tests/chains/chains.sh +++ b/tests/chains/chains.sh @@ -352,6 +352,12 @@ create_cert_req() -1 y " + else + CA_FLAG="-2" + EXT_DATA="n +-1 +y +" fi process_crldp @@ -1258,6 +1264,12 @@ process_scenario() rm ${AIA_FILES} } +# process ipsec.cfg separately +chains_ipsec() +{ + process_scenario "ipsec.cfg" +} + # process ocspd.cfg separately chains_ocspd() { @@ -1279,6 +1291,7 @@ chains_main() do [ `echo ${LINE} | cut -b 1` != "#" ] || continue + [ ${LINE} != 'ipsec.cfg' ] || continue [ ${LINE} != 'ocspd.cfg' ] || continue [ ${LINE} != 'method.cfg' ] || continue @@ -1292,6 +1305,7 @@ chains_init VERIFY_CLASSIC_ENGINE_TOO= chains_ocspd VERIFY_CLASSIC_ENGINE_TOO=1 +chains_ipsec chains_run_httpserv get chains_method chains_stop_httpserv diff --git a/tests/chains/scenarios/ipsec.cfg b/tests/chains/scenarios/ipsec.cfg new file mode 100644 index 000000000..811bf9c09 --- /dev/null +++ b/tests/chains/scenarios/ipsec.cfg @@ -0,0 +1,61 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +scenario IPsec + +entity Root + type Root + +entity CA1 + type Intermediate + issuer Root + +entity NoKU + type EE + issuer CA1 + +entity DigSig + type EE + issuer CA1 + ku digitalSignature + +entity NonRep + type EE + issuer CA1 + ku nonRepudiation + +entity DigSigNonRepAndExtra + type EE + issuer CA1 + ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement + +entity NoMatch + type EE + issuer CA1 + ku keyEncipherment,dataEncipherment,keyAgreement + +db All + +import Root::C,, +import CA1:Root: + +verify NoKU:CA1 + usage 12 + result pass + +verify DigSig:CA1 + usage 12 + result pass + +verify NonRep:CA1 + usage 12 + result pass + +verify DigSigNonRepAndExtra:CA1 + usage 12 + result pass + +verify NoMatch:CA1 + usage 12 + result fail diff --git a/tests/chains/scenarios/scenarios b/tests/chains/scenarios/scenarios index d26c3f92e..4eafd9c8d 100644 --- a/tests/chains/scenarios/scenarios +++ b/tests/chains/scenarios/scenarios @@ -22,3 +22,4 @@ ocsp.cfg crldp.cfg trustanchors.cfg nameconstraints.cfg +ipsec.cfg |