Closed Bug 488646 Opened 15 years ago Closed 15 years ago

test errors in chains.sh

Categories

(NSS :: Test, defect, P2)

Product:
NSS
Component:
Test
Version:
3.12.3
Platform:
x86_64
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.4

People

(Reporter: wolfiR, Assigned: slavomir.katuscak+mozilla)

References

Details

Attachments

(1 file)

Patch v1.
2.94 KB, patch
alvolkov.bgs
: review+
Details | Diff | Splinter Review 
Running the testsuite (all.sh) on NSS 3.12.3 shows the following three
failures:

Returned value is 0, expected result is fail
chains.sh: #1875: OCSP: Verifying certificate(s)  OCSPEE12.cert
OCSPCA1.cert with flags  -g leaf -m ocsp -d OCSPRootDB    -t OCSPRoot
 - FAILED

Returned value is 0, expected result is fail
chains.sh: #3333: OCSP: Verifying certificate(s)  OCSPEE12.cert
OCSPCA1.cert with flags  -g leaf -m ocsp -d OCSPRootDB    -t OCSPRoot
 - FAILED

Returned value is 0, expected result is fail
chains.sh: #5362: OCSP: Verifying certificate(s)  OCSPEE12.cert
OCSPCA1.cert with flags  -g leaf -m ocsp -d OCSPRootDB    -t OCSPRoot
 - FAILED
Thanks for reporting this bug. 

I see now where's the problem, OCSPEE12.cert was expected to be revoked, and contains OCSP AIA link to pre-configured OCSP server, that is accessible only from Sun, as we test only from internal network, this was not noticed.

I'm going to prepare a patch to disable those tests from external network.
Assignee: nobody → slavomir.katuscak
Priority: -- → P2
Target Milestone: --- → 3.12.4
Attached patch Patch v1.Splinter Review 
Patch to disable OCSP tests when OCSP server is not accessible.

It parses one of certs and gets OCSP AIA hostname from it. Then try to ping it to check whether server is accessible or not (there was needed to add exceptions for Windows and HP-UX, because ping syntax is a bit different), and if server is not accessible, scenario doesn't continue (next scenarios are processed).

I haven't verified final patch on all supported platforms, I only tried to run there ping manually.
Attachment #373303 - Flags: review?(alexei.volkov.bugs)
Comment on attachment 373303 [details] [diff] [review]
Patch v1.

lets try it.
Attachment #373303 - Flags: review?(alexei.volkov.bugs) → review+
I can confirm that the testsuite doesn't fail anymore.
Checking in chains.sh;
/cvsroot/mozilla/security/nss/tests/chains/chains.sh,v  <--  chains.sh
new revision: 1.17; previous revision: 1.16
done
Checking in scenarios/ocsp.cfg;
/cvsroot/mozilla/security/nss/tests/chains/scenarios/ocsp.cfg,v  <--  ocsp.cfg
new revision: 1.5; previous revision: 1.4
done
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: