mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-04-02 12:32:55 +00:00
bug 991209 - mozilla::pkix: allow non-end-entity certs to have OCSP signing EKU r=briansmith
This commit is contained in:
David Keeler
parent
58a1aa493e
commit
e23cf356dc
@ -305,18 +305,18 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-TS-int-EKU-CA_EP.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-TS-int-EKU-CA_EP.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
|
||||
checkCertErrorGeneric(certdb, load_cert('int-EKU-CA_EP_NS_OS_SA_TS', ',,'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, load_cert('int-EKU-CA_EP_NS_OS_SA_TS', ',,'), 0, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
@ -324,7 +324,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
@ -336,13 +336,13 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
@ -351,14 +351,14 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
@ -367,22 +367,22 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
@ -397,7 +397,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_OS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -427,13 +427,13 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-OS_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-OS_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-CA_EP_NS_OS_SA_TS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -586,13 +586,13 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-TS-int-EKU-CA_NS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
|
||||
checkCertErrorGeneric(certdb, load_cert('int-EKU-CA_OS', ',,'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_OS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_OS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
@ -604,7 +604,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-CA_OS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_OS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_NS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
@ -616,13 +616,13 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-CA_OS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_OS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_OS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
@ -658,7 +658,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_OS.der'), 0, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-CA_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
@ -1295,8 +1295,8 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-EP_OS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-EP_OS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_EP_NS_OS_SA_TS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
@ -1331,14 +1331,14 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-EP_OS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-EP_OS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-EP_OS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-EP_OS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_NS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
@ -1349,20 +1349,20 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-EP_OS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-EP_OS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-EP_OS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-EP_OS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-EP_OS.der'), 0, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-EP_OS.der'), 0, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS-int-EKU-EP_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
@ -1985,7 +1985,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-TS-int-EKU-NS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-TS-int-EKU-NS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
|
||||
checkCertErrorGeneric(certdb, load_cert('int-EKU-NS_OS', ',,'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, load_cert('int-EKU-NS_OS', ',,'), 0, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
@ -2017,7 +2017,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-NS_OS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-NS_OS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2047,7 +2047,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-NS_OS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-NS_OS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2059,7 +2059,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-NS_OS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2077,7 +2077,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_OS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_OS-int-EKU-NS_OS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-NS_OS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2107,13 +2107,13 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-OS_TS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-OS_TS-int-EKU-NS_OS.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-NS_OS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-NS_OS.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-NS_OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2545,7 +2545,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-TS-int-EKU-OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-TS-int-EKU-OS.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
|
||||
checkCertErrorGeneric(certdb, load_cert('int-EKU-OS_SA', ',,'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, load_cert('int-EKU-OS_SA', ',,'), 0, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
@ -2577,7 +2577,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_OS-int-EKU-OS_SA.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-OS_SA.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-CA_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2607,7 +2607,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_OS-int-EKU-OS_SA.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-OS_SA.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2619,7 +2619,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-EP_TS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-OS_SA.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NONE-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2637,7 +2637,7 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_OS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_OS-int-EKU-OS_SA.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-OS_SA.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-NS_SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
@ -2667,13 +2667,13 @@ function run_test() {
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-OS_TS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-OS_TS-int-EKU-OS_SA.der'), 0, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-OS_SA.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageStatusResponder);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLClient);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-OS_SA.der'), 0, certificateUsageSSLServer);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_KEY_USAGE, certificateUsageSSLCA);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailSigner);
|
||||
checkCertErrorGeneric(certdb, cert_from_file('ee-EKU-SA_TS-int-EKU-OS_SA.der'), SEC_ERROR_INADEQUATE_CERT_TYPE, certificateUsageEmailRecipient);
|
||||
|
||||
@ -81,10 +81,7 @@ def gen_int_js_output(int_string):
|
||||
# have no EKU or have the Server Auth or Netscape Server Gated Crypto
|
||||
# usage (the second of which is deprecated but currently supported for
|
||||
# compatibility purposes).
|
||||
# TODO(bug 991209) Additionally, if it has the OCSP Signing usage, it is
|
||||
# considered not valid as a SSL CA.
|
||||
if (("NONE" in int_string or "SA" in int_string or "NS" in int_string) and
|
||||
"OS" not in int_string):
|
||||
if ("NONE" in int_string or "SA" in int_string or "NS" in int_string):
|
||||
expectedResult = "0"
|
||||
return (" checkCertErrorGeneric(certdb, load_cert('" + int_string +
|
||||
"', ',,'), " + expectedResult + ", certificateUsageSSLCA);\n")
|
||||
@ -129,10 +126,9 @@ def gen_ee_js_output(int_string, ee_string, cert_usage, ee_name):
|
||||
"SEC_ERROR_INADEQUATE_CERT_TYPE")
|
||||
return single_test_output(ee_name, cert_usage, "0")
|
||||
|
||||
# If the usage isn't Status Responder, if either the end-entity or
|
||||
# intermediate certificate has the OCSP Signing usage in its EKU,
|
||||
# it is not valid for any other usage.
|
||||
if ("OS" in ee_string or "OS" in int_string):
|
||||
# If the usage isn't Status Responder, if the end-entity certificate has
|
||||
# the OCSP Signing usage in its EKU, it is not valid for any other usage.
|
||||
if "OS" in ee_string:
|
||||
return single_test_output(ee_name, cert_usage,
|
||||
"SEC_ERROR_INADEQUATE_CERT_TYPE")
|
||||
|
||||
|
||||
@ -422,18 +422,23 @@ CheckExtendedKeyUsage(EndEntityOrCA endEntityOrCA, const SECItem* encodedEKUs,
|
||||
|
||||
// pkixocsp.cpp depends on the following additional checks.
|
||||
|
||||
if (foundOCSPSigning) {
|
||||
if (endEntityOrCA == MustBeEndEntity) {
|
||||
// When validating anything other than an delegated OCSP signing cert,
|
||||
// reject any cert that also claims to be an OCSP responder, because such
|
||||
// a cert does not make sense. For example, if an SSL certificate were to
|
||||
// assert id-kp-OCSPSigning then it could sign OCSP responses for itself,
|
||||
// if not for this check.
|
||||
if (requiredEKU != SEC_OID_OCSP_RESPONDER) {
|
||||
// That said, we accept CA certificates with id-kp-OCSPSigning because
|
||||
// some CAs in Mozilla's CA program have issued such intermediate
|
||||
// certificates, and because some CAs have reported some Microsoft server
|
||||
// software wrongly requires CA certificates to have id-kp-OCSPSigning.
|
||||
// Allowing this exception does not cause any security issues because we
|
||||
// require delegated OCSP response signing certificates to be end-entity
|
||||
// certificates.
|
||||
if (foundOCSPSigning && requiredEKU != SEC_OID_OCSP_RESPONDER) {
|
||||
PR_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE, 0);
|
||||
return RecoverableError;
|
||||
}
|
||||
} else if (requiredEKU == SEC_OID_OCSP_RESPONDER &&
|
||||
endEntityOrCA == MustBeEndEntity) {
|
||||
// http://tools.ietf.org/html/rfc6960#section-4.2.2.2:
|
||||
// "OCSP signing delegation SHALL be designated by the inclusion of
|
||||
// id-kp-OCSPSigning in an extended key usage certificate extension
|
||||
@ -443,8 +448,10 @@ CheckExtendedKeyUsage(EndEntityOrCA endEntityOrCA, const SECItem* encodedEKUs,
|
||||
// EKU extension is missing from an end-entity certificate. However, any CA
|
||||
// certificate can issue a delegated OCSP response signing certificate, so
|
||||
// we can't require the EKU be explicitly included for CA certificates.
|
||||
PR_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE, 0);
|
||||
return RecoverableError;
|
||||
if (!foundOCSPSigning && requiredEKU == SEC_OID_OCSP_RESPONDER) {
|
||||
PR_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE, 0);
|
||||
return RecoverableError;
|
||||
}
|
||||
}
|
||||
|
||||
return Success;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user