Bug 987816 - test certificateUsageVerifyCA can return success. r=dkeeler
☠☠ backed out by dd433d12561b ☠ ☠
authorCamilo Viecco <cviecco@mozilla.com>
Fri, 28 Mar 2014 15:53:08 -0700
changeset 176014 b714220dd39d499d24d4955133332de267df84e4
parent 176013 ca413634eba3d4b9d7c493a6da41c78ab869b2c0
child 176015 245d0cb5a7b32e10fdbd1cbcb42ca7380c2bfbce
push id26505
push userphilringnalda@gmail.com
push dateSat, 29 Mar 2014 16:01:43 +0000
treeherdermozilla-central@8da3aabb044f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdkeeler
bugs987816
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 987816 - test certificateUsageVerifyCA can return success. r=dkeeler
security/manager/ssl/tests/unit/head_psm.js
security/manager/ssl/tests/unit/test_certificate_usages.js
toolkit/library/Makefile.in
toolkit/library/moz.build
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -95,16 +95,29 @@ function setCertTrust(cert, trustString)
 }
 
 function getXPCOMStatusFromNSS(statusNSS) {
   let nssErrorsService = Cc["@mozilla.org/nss_errors_service;1"]
                            .getService(Ci.nsINSSErrorsService);
   return nssErrorsService.getXPCOMFromNSSError(statusNSS);
 }
 
+function checkCertErrorGeneric(certdb, cert, expectedError, usage) {
+  let hasEVPolicy = {};
+  let verifiedChain = {};
+  let error = certdb.verifyCertNow(cert, usage, NO_FLAGS, verifiedChain,
+                                   hasEVPolicy);
+  // expected error == -1 is a special marker for any error is OK
+  if (expectedError != -1 ) {
+    do_check_eq(error, expectedError);
+  } else {
+    do_check_neq (error, 0);
+  }
+}
+
 function _getLibraryFunctionWithNoArguments(functionName, libraryName) {
   // Open the NSS library. copied from services/crypto/modules/WeaveCrypto.js
   let path = ctypes.libraryName(libraryName);
 
   // XXX really want to be able to pass specific dlopen flags here.
   let nsslib;
   try {
     nsslib = ctypes.open(path);
--- a/security/manager/ssl/tests/unit/test_certificate_usages.js
+++ b/security/manager/ssl/tests/unit/test_certificate_usages.js
@@ -119,17 +119,19 @@ function run_test_in_mode(useMozillaPKIX
   for (var i = 0; i < gNumCAs; i++) {
     var ca_name = "ca-" + (i + 1);
     var verified = {};
     var usages = {};
     var cert = certdb.findCertByNickname(null, ca_name);
     cert.getUsagesString(true, verified, usages);
     do_print("usages.value=" + usages.value);
     do_check_eq(ca_usages[i], usages.value);
-
+    if (ca_usages[i].indexOf('SSL CA') != -1) {
+      checkCertErrorGeneric(certdb, cert, 0, certificateUsageVerifyCA);
+    }
     //now the ee, names also one based
     for (var j = 0; j < ee_usages[i].length; j++) {
       var ee_name = "ee-" + (j + 1) + "-" + ca_name;
       var ee_filename = ee_name + ".der";
       //do_print("ee_filename" + ee_filename);
       addCertFromFile(certdb, "test_certificate_usages/" + ee_filename, ",,");
       var ee_cert;
       ee_cert = certdb.findCertByNickname(null, ee_name);