ocsp.cfg (3330B)
1 # This Source Code Form is subject to the terms of the Mozilla Public 2 # License, v. 2.0. If a copy of the MPL was not distributed with this 3 # file, You can obtain one at http://mozilla.org/MPL/2.0/. 4 5 scenario OCSP 6 7 check_ocsp OCSPEE11OCSPCA1:d 8 9 db OCSPRoot 10 import OCSPRoot:d:CT,C,C 11 12 db OCSPCA1 13 import_key OCSPCA1 14 15 crl OCSPCA1 16 17 revoke OCSPCA1 18 serial 3 19 20 revoke OCSPCA1 21 serial 4 22 23 testdb OCSPRoot 24 25 #EE - OK, CA - OK 26 verify OCSPEE11OCSPCA1:d 27 cert OCSPCA1OCSPRoot:d 28 trust OCSPRoot 29 rev_type leaf 30 rev_flags requireFreshInfo 31 rev_mtype ocsp 32 result pass 33 34 #EE - revoked, CA - OK 35 verify OCSPEE12OCSPCA1:d 36 cert OCSPCA1OCSPRoot:d 37 trust OCSPRoot 38 rev_type leaf 39 rev_flags requireFreshInfo 40 rev_mtype ocsp 41 result fail 42 43 #EE - unknown 44 verify OCSPEE15OCSPCA1:d 45 cert OCSPCA1OCSPRoot:d 46 trust OCSPRoot 47 rev_type leaf 48 rev_mtype ocsp 49 result pass 50 51 #EE - unknown, requireFreshInfo 52 verify OCSPEE15OCSPCA1:d 53 cert OCSPCA1OCSPRoot:d 54 trust OCSPRoot 55 rev_type leaf 56 rev_flags requireFreshInfo 57 rev_mtype ocsp 58 result fail 59 60 #EE - OK, CA - revoked, leaf, no fresh info 61 verify OCSPEE21OCSPCA2:d 62 cert OCSPCA2OCSPRoot:d 63 trust OCSPRoot 64 rev_type leaf 65 rev_mtype ocsp 66 result pass 67 68 #EE - OK, CA - revoked, leaf, requireFreshInfo 69 verify OCSPEE21OCSPCA2:d 70 cert OCSPCA2OCSPRoot:d 71 trust OCSPRoot 72 rev_type leaf 73 rev_flags requireFreshInfo 74 rev_mtype ocsp 75 result fail 76 77 #EE - OK, CA - revoked, chain, requireFreshInfo 78 verify OCSPEE21OCSPCA2:d 79 cert OCSPCA2OCSPRoot:d 80 trust OCSPRoot 81 rev_type chain 82 rev_flags requireFreshInfo 83 rev_mtype ocsp 84 result fail 85 86 #EE - OK, CA - unknown 87 verify OCSPEE31OCSPCA3:d 88 cert OCSPCA3OCSPRoot:d 89 trust OCSPRoot 90 rev_type leaf 91 rev_mtype ocsp 92 result pass 93 94 #EE - OK, CA - unknown, requireFreshInfo 95 verify OCSPEE31OCSPCA3:d 96 cert OCSPCA3OCSPRoot:d 97 trust OCSPRoot 98 rev_type leaf 99 rev_flags requireFreshInfo 100 rev_mtype ocsp 101 result fail 102 103 #EE - revoked, doNotUse 104 verify OCSPEE12OCSPCA1:d 105 cert OCSPCA1OCSPRoot:d 106 trust OCSPRoot 107 rev_type leaf 108 rev_mtype ocsp 109 rev_mflags doNotUse 110 result pass 111 112 #EE - revoked, forbidFetching 113 verify OCSPEE12OCSPCA1:d 114 cert OCSPCA1OCSPRoot:d 115 trust OCSPRoot 116 rev_type leaf 117 rev_mtype ocsp 118 rev_mflags forbidFetching 119 result pass 120 121 #EE - unknown status, failIfNoInfo 122 verify OCSPEE15OCSPCA1:d 123 cert OCSPCA1OCSPRoot:d 124 trust OCSPRoot 125 rev_type leaf 126 rev_mtype ocsp 127 rev_mflags failIfNoInfo 128 result fail 129 130 #EE - OK, CA - revoked, leaf, failIfNoInfo 131 verify OCSPEE21OCSPCA2:d 132 cert OCSPCA2OCSPRoot:d 133 trust OCSPRoot 134 rev_type leaf 135 rev_mtype ocsp 136 rev_mflags failIfNoInfo 137 result fail 138 139 testdb OCSPCA1 140 141 #EE - OK on OCSP, revoked locally - should fail ?? 142 # two things about this test: crl is not imported into the db and 143 # cert 13 is not revoked by crl. 144 verify OCSPEE13OCSPCA1:d 145 cert OCSPCA1OCSPRoot:d 146 trust OCSPCA1 147 rev_type leaf 148 rev_flags testLocalInfoFirst 149 rev_mtype ocsp 150 result pass 151 152 db OCSPRoot1 153 import OCSPRoot:d:CT,C,C 154 155 verify OCSPEE23OCSPCA2:d 156 cert OCSPCA2OCSPRoot:d 157 trust OCSPRoot 158 rev_type chain 159 rev_mtype ocsp 160 rev_type leaf 161 rev_mtype ocsp 162 result fail 163 164 db OCSPRoot2 165 import OCSPRoot:d:T,, 166 167 # bug 527438 168 # expected result of this test is FAIL 169 verify OCSPEE23OCSPCA2:d 170 cert OCSPCA2OCSPRoot:d 171 trust OCSPRoot 172 rev_type chain 173 rev_mtype ocsp 174 rev_type leaf 175 rev_mtype ocsp 176 result pass