Closed
Bug 367288
Opened 19 years ago
Closed 19 years ago
write tests that covers existing OCSP functionality
Categories
(NSS :: Test, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)
References
Details
Attachments
(1 file)
|
47.42 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Currently there are not test that covers NSS functionality in the area of OCSP.
There are at least two scenarios that we can test using ocspclnt:
* test revocation status for a cert using trusted responder, ca and
designated responder certs as signers.
* fully verify cert and it's usage in a different period of time.
|
Assignee | |
Comment 1•19 years ago
|
||
ocsp interoperability tests with openca ocsp responder. Patch include only checking cert status, not cert validity. Some changes were made in ssl interoperability testing to reflect modification in configuration files on interoperability server side.
Attachment #251832 -
Flags: review?(nelson)
|
|
||
Comment 2•19 years ago
|
||
Comment on attachment 251832 [details] [diff] [review]
check a cert status via ocsp. patch v1.
Alexei, I am just starting the review, but I have one early question.
It appears to me that iopr/ocsp_iopr.sh is sourced from only one place,
namely from ocsp/ocsp.sh. So, why source it as a separate file?
Why not simply put the contents of file iopr/ocsp_iopr.sh into ocsp/ocsp.sh?
|
|
Assignee | |
Comment 3•19 years ago
|
||
OCSP tests based, partially depend on ssl interoperability tests(on a part that downloads files and installs certs) and they actually are the part of interoperability testing with a particular host invoked by listing a host in IOPR_HOSTADDR_LIST environment variable.
I'd like to keep all scripts related to interoperability in one place. From another hand, I'd like to have a starting point for ocsp testing, this is why ocsp/ocsp.sh has been created in tests directory.
|
|
Assignee | |
Updated•19 years ago
|
Priority: -- → P2
|
|
||
Comment 6•19 years ago
|
||
Comment on attachment 251832 [details] [diff] [review]
check a cert status via ocsp. patch v1.
I have given this patch cursory review. AFAIK, the i14y test only run
inside Sun, so even if there is an error, our exposure is minimal.
r=nelson for trunk.
Does this patch depend on functionality that is available only on the
trunk? Or could we also do this on the branch?
Attachment #251832 -
Flags: review?(nelson) → review+
|
|
Assignee | |
Comment 7•19 years ago
|
||
this patch is a part of interoperability testing suite and requires some script that were only integrated into trunk.
|
|
Assignee | |
Comment 8•19 years ago
|
||
Integrated into trunk.
/cvsroot/mozilla/security/nss/tests/common/init.sh,v <-- init.sh
new revision: 1.48; previous revision: 1.47
/cvsroot/mozilla/security/nss/tests/iopr/cert_iopr.sh,v <-- cert_iopr.sh
new revision: 1.2; previous revision: 1.1
/cvsroot/mozilla/security/nss/tests/iopr/ocsp_iopr.sh,v <-- ocsp_iopr.sh
initial revision: 1.1
/cvsroot/mozilla/security/nss/tests/iopr/ssl_iopr.sh,v <-- ssl_iopr.sh
new revision: 1.2; previous revision: 1.1
/cvsroot/mozilla/security/nss/tests/iopr/server_scr/cert_gen.sh,v <-- cert_gen.sh
new revision: 1.2; previous revision: 1.1
/cvsroot/mozilla/security/nss/tests/iopr/server_scr/iopr_server.cfg,v <-- iopr_server.cfg
initial revision: 1.1
/cvsroot/mozilla/security/nss/tests/ocsp/ocsp.sh,v <-- ocsp.sh
initial revision: 1.1
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 9•19 years ago
|
||
Additional change to all.sh to enable ocsp testing is integrated to the trunk:
-tests="cipher perf cert dbtests tools fips sdr crmf smime ssl"
+tests="cipher perf cert dbtests tools fips sdr crmf smime ssl ocsp"
/cvsroot/mozilla/security/nss/tests/all.sh,v <-- all.sh
new revision: 1.24; previous revision: 1.23
|
|
||
Comment 10•19 years ago
|
||
Alexei, Tinderbox went orange for 4 systems when you committed your
change to turn on ocsp checking in all.sh. There were numerous failures
and there were different failures on different systems. So, I backed
out your one line change to all.sh, rev 1.24, by checking in the contents
of rev 1.23 on top of it, again.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 11•19 years ago
|
||
Tinderbox is green after committing fix for solaris and windows. Closing the bug
/cvsroot/mozilla/security/nss/tests/all.sh,v <-- all.sh
new revision: 1.26; previous revision: 1.25
/cvsroot/mozilla/security/nss/tests/iopr/ocsp_iopr.sh,v <-- ocsp_iopr.sh
new revision: 1.3; previous revision: 1.2
Status: REOPENED → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•