Bug 1560353 - Add test for external session cache r=keeler
authorKershaw Chang <kershaw@mozilla.com>
Mon, 30 Sep 2019 13:25:03 +0000
changeset 495725 f472f9a312c98519c9e7efe2a8633455798b2356
parent 495724 73a76edb175f07d1160d35627cd0ca8bf8bd6d53
child 495726 053b16ef71e8a55eb5f31173a59304f8cad4685f
push id96821
push userkjang@mozilla.com
push dateTue, 01 Oct 2019 14:51:39 +0000
treeherderautoland@f472f9a312c9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1560353
milestone71.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1560353 - Add test for external session cache r=keeler Differential Revision: https://phabricator.services.mozilla.com/D47432
security/manager/ssl/tests/unit/test_session_resumption.js
--- a/security/manager/ssl/tests/unit/test_session_resumption.js
+++ b/security/manager/ssl/tests/unit/test_session_resumption.js
@@ -9,16 +9,17 @@
 
 do_get_profile();
 const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
   Ci.nsIX509CertDB
 );
 
 registerCleanupFunction(() => {
   Services.prefs.clearUserPref("security.OCSP.enabled");
+  Services.prefs.clearUserPref("network.ssl_tokens_cache_enabled");
 });
 
 Services.prefs.setIntPref("security.OCSP.enabled", 1);
 
 addCertFromFile(certdb, "bad_certs/evroot.pem", "CTu,,");
 addCertFromFile(certdb, "bad_certs/ev-test-intermediate.pem", ",,");
 
 // For expired.example.com, the platform will make a connection that will fail.
@@ -64,16 +65,21 @@ function add_resume_non_ev_with_override
       ok(
         !transportSecurityInfo.isUntrusted,
         "expired.example.com should not have isUntrusted set"
       );
       ok(
         !transportSecurityInfo.isExtendedValidation,
         "expired.example.com should not have isExtendedValidation set"
       );
+
+      let certOverrideService = Cc[
+        "@mozilla.org/security/certoverride;1"
+      ].getService(Ci.nsICertOverrideService);
+      certOverrideService.clearValidityOverride("expired.example.com", 8443);
     }
   );
 }
 
 // Helper function that adds a test that connects to ev-test.example.com and
 // verifies that it validates as EV (or not, if we're running a non-debug
 // build). This assumes that an appropriate OCSP responder is running or that
 // good responses are cached.
@@ -252,28 +258,40 @@ function add_origin_attributes_test(
         "Unexpected cache misses"
       );
     },
     null,
     originAttributes2
   );
 }
 
-function run_test() {
-  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+function add_resumption_tests() {
   add_resume_ev_test();
   add_resume_non_ev_test();
   add_resume_non_ev_with_override_test();
   add_origin_attributes_test({}, {}, true);
   add_origin_attributes_test({ userContextId: 1 }, { userContextId: 2 }, false);
   add_origin_attributes_test({ userContextId: 3 }, { userContextId: 3 }, true);
   add_origin_attributes_test(
     { firstPartyDomain: "foo.com" },
     { firstPartyDomain: "bar.com" },
     false
   );
   add_origin_attributes_test(
     { firstPartyDomain: "baz.com" },
     { firstPartyDomain: "baz.com" },
     true
   );
+}
+
+function run_test() {
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+  add_resumption_tests();
+  // Enable external session cache and reset the status.
+  add_test(function() {
+    Services.prefs.setBoolPref("network.ssl_tokens_cache_enabled", true);
+    certdb.clearOCSPCache();
+    run_next_test();
+  });
+  // Do tests again.
+  add_resumption_tests();
   run_next_test();
 }