Bug 1004149 - Add some missing OCSP URL tests. r=keeler
MozReview-Commit-ID: Iiyv6sMKEWV
--- a/security/manager/ssl/tests/unit/test_ocsp_url.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_url.js
@@ -36,30 +36,41 @@ function run_test() {
// Enabled so that we can force ocsp failure responses.
Services.prefs.setBoolPref("security.OCSP.require", true);
Services.prefs.setCharPref("network.dns.localDomains",
"www.example.com");
Services.prefs.setIntPref("security.OCSP.enabled", 1);
+ // Note: We don't test the case of a well-formed HTTP URL with an empty port
+ // because the OCSP code would then send a request to port 80, which we
+ // can't use in tests.
+
add_test(function() {
clearOCSPCache();
let ocspResponder = failingOCSPResponder();
check_cert_err("bad-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
ocspResponder.stop(run_next_test);
});
add_test(function() {
clearOCSPCache();
let ocspResponder = failingOCSPResponder();
check_cert_err("empty-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
ocspResponder.stop(run_next_test);
});
+ add_test(() => {
+ clearOCSPCache();
+ let ocspResponder = failingOCSPResponder();
+ check_cert_err("ftp-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+ ocspResponder.stop(run_next_test);
+ });
+
add_test(function() {
clearOCSPCache();
let ocspResponder = failingOCSPResponder();
check_cert_err("https-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
ocspResponder.stop(run_next_test);
});
add_test(function() {
@@ -107,10 +118,20 @@ function run_test() {
add_test(function() {
clearOCSPCache();
let ocspResponder = failingOCSPResponder();
check_cert_err("unknown-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
ocspResponder.stop(run_next_test);
});
+ // Note: We currently don't have anything that ensures user:pass sections
+ // weren't sent. The following test simply checks that such sections
+ // don't cause failures.
+ add_test(() => {
+ clearOCSPCache();
+ let ocspResponder = start_ocsp_responder(["user-pass"], [""]);
+ check_cert_err("user-pass", PRErrorCodeSuccess);
+ ocspResponder.stop(run_next_test);
+ });
+
run_next_test();
}
--- a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC4TCCAcugAwIBAgIUSVV8GuYeHmRKCpxw+z10gaAfdogwCwYJKoZIhvcNAQEL
+MIIC4jCCAcygAwIBAgIUCUgBNVFlUc2p60KMe3dO6FhMipkwCwYJKoZIhvcNAQEL
MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0MDAw
MDAwWjAVMRMwEQYDVQQDDApiYWQtc2NoZW1lMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
-Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBggrBgEFBQcB
-AQQgMB4wHAYIKwYBBQUHMAGGEC93d3cuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQEL
-A4IBAQCLMA8cA3de38Jrr3CeIeugTXhWp7iixVDjeskpXhcWBAB6r4saVgodouDd
-rGDd93XqsZ/91iInL5nS4+HrNgpa40SZ9u3nXZj1ji7bhnXGuKIkioeqVC85wZsZ
-k0MfNn26t/9GbgKi0EhlBYfLLh7n74Ipf2jW0rNWWX74JSB4vfIILlngHt/7/XLW
-HAKZriC+lTWk/Hg4sxd0hzR7YXS1BWf2XWQh8jZcUA826gFWvxOWoPw/fL37MzAJ
-JzAnanJ21+1BrFjUd/X3gyTaCrTtv6FFBExxaKCONGZ+fsQVz474RsOYQTkiWk4E
-6gHtp2Ms+ZQq8s4LpXHQLVdv5wtP
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozEwLzAtBggrBgEFBQcB
+AQQhMB8wHQYIKwYBBQUHMAGGES93d3cuZXhhbXBsZS5jb20vMAsGCSqGSIb3DQEB
+CwOCAQEAieSkH2D4uXmxuA+Mxs1Pt7GkcWSzzsyx7mohi7B/VPFeo8O+xseELYiZ
+dVMg4sUls18B1hBQmv1LmcCJDeLUMhlFSKzg8+YMbeVtmB+SeKrBDY/jihVFxe7R
+JzRZmnxIv0fo8IEI5yiLl/k/rLsJxhqQ3xjhVWVFkq6I+7dP6pmyAuW4Gb98Kil+
+7WjiLTxcQH9beepODFGemjJYhId5TjjH9PWgAK79BXbRvOise54pP5mS6gOG6Pmk
+KAI0c59vta09h8wBXsfDh3dYEPB15m9JAlsfHEc3BbAD9G9d1lRq3m3sBy7MQ6Sl
+tnXePhkS4Zs2u7iGvma6sR267hYQQw==
-----END CERTIFICATE-----
\ No newline at end of file
--- a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
@@ -1,3 +1,3 @@
issuer:int
subject:bad-scheme
-extension:authorityInformationAccess:/www.example.com
+extension:authorityInformationAccess:/www.example.com/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/test_ocsp_url/empty-port.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC6TCCAdOgAwIBAgIUa9Unq2D6UuzOdGrYZUJK1Cu/tAEwCwYJKoZIhvcNAQEL
-MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0MDAw
-MDAwWjAVMRMwEQYDVQQDDAplbXB0eS1wb3J0MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
-4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
-SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
-kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
-owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
-Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozgwNjA0BggrBgEFBQcB
-AQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly93d3cuZXhhbXBsZS5jb206LzALBgkq
-hkiG9w0BAQsDggEBACT8keBaJ83r+547Vnhz0Oeb7S5vUFgGD1ppqdRY61HGuH03
-NUeR6x185lFdgJgRj1fS420X3FML51UuldvrnKvBTqJGpVgAIfOKFDTe6myENDr5
-oXYArBR9vMsbafZFRZjskiqokjUmjp0wad6SFhGm+I9YoYI/iGF6zCg24mOmxpWg
-EHwoBQ3tF/o3X0oVQx6EAA2YvMdIffu+X++PWVV00GTIi5o2ihilq0ZQAFcsc3ua
-VDln/jmCl1KLS9Og4SCMnHIQDANJmBCB2vLBH9ZJDXK8GgqPwjd97LQiYLFApXyu
-BJn9Y2XHuJXr00/4sSnmmyPEyNYiVN54oBnAfYI=
------END CERTIFICATE-----
\ No newline at end of file
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/test_ocsp_url/empty-port.pem.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-issuer:int
-subject:empty-port
-extension:authorityInformationAccess:http://www.example.com:/
--- a/security/manager/ssl/tests/unit/test_ocsp_url/moz.build
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/moz.build
@@ -3,28 +3,28 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Temporarily disabled. See bug 1256495.
#test_certificates = (
# 'bad-scheme.pem',
# 'ca.pem',
-# 'empty-port.pem',
# 'empty-scheme-url.pem',
# 'ftp-url.pem',
# 'hTTp-url.pem',
# 'https-url.pem',
# 'int.pem',
# 'negative-port.pem',
# 'no-host-url.pem',
# 'no-path-url.pem',
# 'no-scheme-host-port.pem',
# 'no-scheme-url.pem',
# 'unknown-scheme.pem',
+# 'user-pass.pem',
#)
#
#for test_certificate in test_certificates:
# GeneratedTestCertificate(test_certificate)
#
#test_keys = (
# 'int.key',
#)
--- a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC7TCCAdegAwIBAgIUKxb1IEwl2xxr9eYRaSRuSOPVR80wCwYJKoZIhvcNAQEL
+MIIC7jCCAdigAwIBAgIUaRXYhHMxVLXv0jEa7DzCo4XP3kEwCwYJKoZIhvcNAQEL
MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0MDAw
MDAwWjAYMRYwFAYDVQQDDA1uZWdhdGl2ZS1wb3J0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
-BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozkwNzA1BggrBgEF
-BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly93d3cuZXhhbXBsZS5jb206LTEw
-CwYJKoZIhvcNAQELA4IBAQAw5TQzcQUOXkt6B7sPtCEbSZhYPTXT7S+tDmCOUbuu
-59pDHrqcicN6GHs2yjA0VQSppdHM4vJPBv73n3i/v0DtJeDAU0vDKXhL3XYoaiFc
-neLFP+igJVKVq+1YGFm6IJzQmAnWO3WaoVRal3i2Fsy9yzD9JfFPozhIDQSnQgOo
-jxB5zXAWfPCC6vZs6D2+ERDuGQ8U23iLGt93QRjA/1+jyEX+wVweHhQA0+ThEnQG
-P3dvmpxGJmEaN3VwQJJLX/Aa+HP8yIDgPfLWDlVD1GMIN+OzA/34uKUQCanBeKkk
-P+NSbiJAGbqck2GkhB1dJvAN4Rocxd1Zz2HwZOQqNEKw
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozowODA2BggrBgEF
+BQcBAQQqMCgwJgYIKwYBBQUHMAGGGmh0dHA6Ly93d3cuZXhhbXBsZS5jb206LTEv
+MAsGCSqGSIb3DQEBCwOCAQEASHTpE/+ZfMfU7A9B+PidfrUaHb1wIb1d56nLzZbw
+ZkaCWtos3W/foUS6fqh9N6IB/HnfrH5IYDKemYHX3bdVAKXEvdMIGFWbYq8DCh8G
+L6KmHMX96GRHUt6APgj5HnKDGK/gTPCgL7S60Udgt802FCHoprFEOrDP4l3KNOA6
+RkLJVqyTenMr8CNAw6TKOV4mezm1FRRybqSlQesCy6UDQCTyTnp+36tzMS6/znGz
+Eg049InNUTKTKV53BJiad14SAG0xcYSDBJ3JOCGprdMSyXViyEgEKY4yXXOEX7T+
+Dx92b/Y6wxgZmrE5vUOxotSwoZl1HvegwtM+yv3oJlPghQ==
-----END CERTIFICATE-----
\ No newline at end of file
--- a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
@@ -1,3 +1,3 @@
issuer:int
subject:negative-port
-extension:authorityInformationAccess:http://www.example.com:-1
+extension:authorityInformationAccess:http://www.example.com:-1/
--- a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC7jCCAdigAwIBAgIUc3XxC3XHk7zit5PqvQJY/KINaQowCwYJKoZIhvcNAQEL
+MIIC6zCCAdWgAwIBAgIUI5Tv1e1YLCHEMZT5XJ1qU6KnNgAwCwYJKoZIhvcNAQEL
MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0MDAw
-MDAwWjAdMRswGQYDVQQDDBJ1bmtub3duLXNjaGVtZS11cmwwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
-V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
-0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
-fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
-W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
-TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjNTAzMDEG
-CCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVdHRwOi8vd3d3LmV4YW1wbGUuY29t
-MAsGCSqGSIb3DQEBCwOCAQEAbWjhsr44kEsgozAd7LKUBy1UfiLcuLRK1//mkONB
-Gu9YoOy+/Gh60/fqKUlhEu/xAMqHdJ+LoM5mQvFXIvrNNWjE1TRuew5j0LACSboX
-UxDacgbvYckU/wJRTHURimGSU6FHHnIczm/4AzlfRF+RWZL2kmOC5mn7f7aRC/RP
-TG1JZqDRt5/7iFOnuRsuR8V5f7vd8d3F29fmnhvZpjvMnoJqqs+rJQCbn/M9bEdM
-kRcWrD4X3fEksEFAFcTs6kiLsxJ/UuSAlSXtzYqXqWOgr22LMtqBaOAM1TMwEaba
-NjyoWmLVK2i9vTSdRlIfV1PSpiVGNfZL29XO5lR0oR2HMw==
+MDAwWjAZMRcwFQYDVQQDDA51bmtub3duLXNjaGVtZTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM2MDQwMgYIKwYB
+BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZ0dHA6Ly93d3cuZXhhbXBsZS5jb20vMAsG
+CSqGSIb3DQEBCwOCAQEAtcV1bIruR8rwWC+rA+336IIjHD7za6wzDVJzUMnrfZ7u
+7e1amMhToNnFHulMKjpVRQaKoYIdtnd32cvvTebwKsIe3fnCcT9JA4w5Lf3T62YF
+bPzeoDO+602npGl9br7OmImNqhOLXVO/ISahmfLIyW9kiPrDx/L0jdyulamLCzAh
+jsLfawEZdN9n9gWUwVQglboS/SmmNHNhfvutBv9ZnFT/zvrVoV8aBKjkXQOL0G2g
+sToq4N+L2O2ow4MTdp0OM7RufMgdJyfBqFHC4/07/xednWUhQ+MeG4gRIidx9lR/
+x/fYCLkAZ/NDyt3Md8lLAPimBkOFt5ce+VGFriZSCw==
-----END CERTIFICATE-----
\ No newline at end of file
--- a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
@@ -1,3 +1,3 @@
issuer:int
-subject:unknown-scheme-url
-extension:authorityInformationAccess:ttp://www.example.com
+subject:unknown-scheme
+extension:authorityInformationAccess:ttp://www.example.com/
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAeCgAwIBAgIUZwBIuhJsl6TtcbJBQ2j36UO5R+wwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE0MTEyNzAwMDAwMFoYDzIwMTcwMjA0MDAw
+MDAwWjAUMRIwEAYDVQQDDAl1c2VyLXBhc3MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjRjBEMEIGCCsGAQUFBwEB
+BDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL3VzZXI6cGFzc0B3d3cuZXhhbXBsZS5j
+b206ODg4OC8wCwYJKoZIhvcNAQELA4IBAQBVI4PnVdDg/lT6bZ/4COoPBbu9Ql0Q
+sGVhl/A1zH8xYx8OII0aI7U2OpXC1GNnESyt1nvsfEtnR6ETgGlaRdI8hXpOz0dI
+VXh1PZEv9ESdl4FWmqGFM26eOqSS1r6aU2oBfTSzO6Ki4cduSfmiBuCCFzGtuMdG
+pu+PWP7ffzgU9lteYvf+uXcD8u/Kz0WOtKwB4nuVWy0PcKlX8z/SizcoaCdG3v7+
+6j9GsLbD8G0mIZVM2Jyrv6M5+RSelp957gPXu3BoYG8QW5I9zSMfQg0w/Y81IR+5
+cXuQ0TBTvHx2QjkOHH4Iy8cIXKxCdiYyVUvlYS5UjTaaZLpcjmA5/Pl1
+-----END CERTIFICATE-----
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:user-pass
+extension:authorityInformationAccess:http://user:pass@www.example.com:8888/