Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1686134 - Renew two chains libpkix test certificates. r=rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D102670

--HG--
extra : moz-landing-system : lando
  • Loading branch information
Kevin Jacobs committed Jan 23, 2021
1 parent 5fbb2d5 commit e24c7f2
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions tests/chains/scenarios/nameconstraints.cfg
Expand Up @@ -159,12 +159,20 @@ verify NameConstraints.dcissblocked:x
verify NameConstraints.dcissallowed:x
result pass

# Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem"
# Subject: "O = IPA.LOCAL 20200120, CN = OCSP and IPSEC"
# EKUs: OCSPSigning,ipsecUser
#
# This tests that a non server certificate (i.e. id-kp-serverAuth
# not present in EKU) does *NOT* have CN treated as dnsName for
# purposes of Name Constraints validation
# purposes of Name Constraints validation (certificateUsageStatusResponder)
# https://hg.mozilla.org/projects/nss/rev/0b30eb1c3650
verify NameConstraints.ocsp1:x
usage 10
result pass

# This tests that a non server certificate (i.e. id-kp-serverAuth
# not present in EKU) does *NOT* have CN treated as dnsName for
# purposes of Name Constraints validation (certificateUsageIPsec)
verify NameConstraints.ocsp1:x
usage 12
result pass
Binary file modified tests/libpkix/certs/NameConstraints.ipaca.cert
Binary file not shown.
Binary file modified tests/libpkix/certs/NameConstraints.ocsp1.cert
Binary file not shown.

0 comments on commit e24c7f2

Please sign in to comment.