test_missing_intermediate.js (1793B)
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*- 2 // This Source Code Form is subject to the terms of the Mozilla Public 3 // License, v. 2.0. If a copy of the MPL was not distributed with this 4 // file, You can obtain one at http://mozilla.org/MPL/2.0/. 5 6 "use strict"; 7 8 // Tests that if a server does not send a complete certificate chain, we can 9 // make use of cached intermediates to build a trust path. 10 11 do_get_profile(); // must be called before getting nsIX509CertDB 12 13 registerCleanupFunction(() => { 14 let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile); 15 certDir.append("bad_certs"); 16 Assert.ok(certDir.exists(), "bad_certs should exist"); 17 let args = ["-D", "-n", "manually-added-missing-intermediate"]; 18 run_certutil_on_directory(certDir.path, args, false); 19 }); 20 21 function run_test() { 22 add_tls_server_setup("BadCertAndPinningServer", "bad_certs"); 23 // If we don't know about the intermediate, we'll get an unknown issuer error. 24 add_connection_test( 25 "ee-from-missing-intermediate.example.com", 26 SEC_ERROR_UNKNOWN_ISSUER 27 ); 28 29 // Make BadCertAndPinningServer aware of the intermediate. 30 add_test(() => { 31 let args = [ 32 "-A", 33 "-n", 34 "manually-added-missing-intermediate", 35 "-i", 36 "test_missing_intermediate/missing-intermediate.pem", 37 "-a", 38 "-t", 39 ",,", 40 ]; 41 let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile); 42 certDir.append("bad_certs"); 43 Assert.ok(certDir.exists(), "bad_certs should exist"); 44 run_certutil_on_directory(certDir.path, args); 45 run_next_test(); 46 }); 47 48 // BadCertAndPinningServer should send the intermediate now, so the 49 // connection should succeed. 50 add_connection_test( 51 "ee-from-missing-intermediate.example.com", 52 PRErrorCodeSuccess 53 ); 54 55 run_next_test(); 56 }