Bug 1030204 - 2/2 Tests for Name constraints for ANSSI(DCISS) Root cert in psm. r=keeler a=sledru
☠☠ backed out by 470b9d3ffc0f ☠ ☠
authorCamilo Viecco <cviecco@mozilla.com>
Tue, 08 Jul 2014 16:16:22 -0700
changeset 200786 ff83e05223eb57c19253506433181958892e60b0
parent 200785 27f25e1d82adc9b66e55b3a091e492b2522e15be
child 200787 a56eae7ad1c2840818e03453ef2b1f12a33c4466
push id486
push userasasaki@mozilla.com
push dateMon, 14 Jul 2014 18:39:42 +0000
treeherdermozilla-release@d33428174ff1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, sledru
bugs1030204
milestone31.0
Bug 1030204 - 2/2 Tests for Name constraints for ANSSI(DCISS) Root cert in psm. r=keeler a=sledru
security/manager/ssl/tests/unit/test_name_constraints.js
security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.cert
security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.cert
security/manager/ssl/tests/unit/test_name_constraints/dcisscopy.der
--- a/security/manager/ssl/tests/unit/test_name_constraints.js
+++ b/security/manager/ssl/tests/unit/test_name_constraints.js
@@ -263,16 +263,23 @@ function run_test_in_mode(useMozillaPKIX
   // We don't enforce dNSName name constraints on CN unless we're validating
   // for the server EKU. libpkix gets this wrong but mozilla::pkix and classic
   // NSS get it right.
   {
     let cert = certFromFile('cn-www.foo.org-int-nc-perm-foo.com-ca-nc.der');
     check_cert_err_generic(cert, SEC_ERROR_CERT_NOT_IN_NAME_SPACE, certificateUsageSSLServer);
     check_cert_err_generic(cert, 0, certificateUsageSSLClient);
   }
+
+  // DCISS tests
+  // The certs used here were generated by the NSS test suite and are
+  // originally located as security/nss/tests/libpkix/cert/
+  load_cert("dcisscopy", "C,C,C");
+  check_ok(certFromFile('NameConstraints.dcissallowed.cert'));
+  check_fail(certFromFile('NameConstraints.dcissblocked.cert'));
 }
 
 function run_test() {
   load_cert("ca-nc-perm-foo.com", "CTu,CTu,CTu");
   load_cert("ca-nc", "CTu,CTu,CTu");
 
   run_test_in_mode(true);
   run_test_in_mode(false);
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..539adcfee927bdd583c848eea16281217f5b958a
GIT binary patch
literal 888
zc$_n6VlFXgVv1S7%*4pV#LRE|)qt0cQ>)FR?K>|cBP%O|L1U{Sw*e;`b0`a&Fq2!5
zAwN(7ki#L&=2n!Lmz-+IXTSpzU>9Z$NG!@MHWV=61M#_p*#ms_gWX;HU@EwUSzVli
zgFRt<W?@!OcV~S^LuCU+xSgDgVj`L8$%zid=_z@71-W|Z`K4ugX+;Kd;=G0?1||kZ
zhUP|wM&?oCyhg}e14krhh6ckp9KuY_j)pu2To5NQyXEH_iW`VRtmjM1&(}+>NX#wB
zNd;Na#HfVqdq!3U<|amd2B0_>QxhX2!`oX;CME`n%QO2!mv}wZXI~zE%YtQt=jS5T
z;`@cqJ{NvFD^zo0mG<_XpLV4#;WIkw>h}4lc6?2fOkw|zg50_9zA}g{O4c;G9`^TB
z^=q~N3l$Rz5|#M=F8KekxAUBNA?M;oy_<PHh8zChzP<QG_wiE0l8djeva%aYH_H9W
zkffNC@kl2%SHAvys#jOGO~kh6+^f8cU$0HK*t4fl<3=!BSGjpt{j{SR5|^{RvX<Pd
zF6_R2ZS9lK(>QL=2)VrVOTpv97{}tI4G-I%8EEs$EUo;ox5B&QPE2CBgH-L)+Q)sS
z=cbpbr`%}1{U$)a`yyL?&sv4uk&~`l<V4Bj#5dcn+RMbu$iTSRz(CJHkc~5;&4aP+
zhZ7?s3kx$7+W~Nt$_g_w{%2t_U@+hY@%TYf%sbFh6f-C&a}9TBu6fDS`CfF{;b+g7
zg?*d8e{<5`6%eBq9(AIk<SCQqWTi=)Zq!{}<GX)Pvj+b%Yf+h!#P^Gvr%(EnXUKTq
zsCC-H+U--$vL2Y!6Lk2>x<4CUNKBS_>#^`tz;c1)Bo0|sm7Run9W%ZKE0<j4UMib1
z;mCCdYsJU29_9w0sy8=$n%ACQdwQ*hpC&`diwdswKJ3b$r(TOSyW-fR*)J|uUN$X{
z{nu8P{rg0(ueo`5isoGH;=LPq_LMO^u#P;S-F`g(Q(}5rWAx=vGeeK->px1(+F9g2
yDMdTuq<u+#aZ?h1{*MW>s$N9sr$=1-`yy!9lbh>QnpCE)Ka;lKi6`^r+)n_fbVo!0
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..28f84919de2e82c0e0334e9da9c35b1c5482311b
GIT binary patch
literal 889
zc$_n6VlFjkVv1eB%*4pV#LRE|#ekQMQ>)FR?K>|cBP%O|L1U{Sw*e;`b0`a&Fq2!5
zAwN(7ki#L&=2n!Lmz-+IXTSpzU>9Z$NG!@MHWV=61M#_p*#ms_gWX;HU@EwUSzVli
zgFRt<W?@!OcV~S^LuCU+xSgDgVj`L8$%zid=_z@71-W|Z`K4ugX+;Kd;=G0?1||kZ
zhUP|wM&?oCyhg}e11BVBh6ckp9KuY_j)pu2To5NQyXEH_N*IVitmjY5&(}+>NX#wB
zN!3fv&oyXbR6_PXBP#=Q6C*zZP@IdYiII`vmRZo=FxG@AH?ty78~n4MaK?tKbcMBi
zlWF&l?l&Gc<~wPfdDh?ji)Z!?M~{Q16Xt}l&zS#(d-|_Ve}!AKcHMDWEy_3N_(O+A
zPw%HqM&aK6D}w#QFQ#10{W`^Dqo}O-=jTr|j#hF%{?$2O=82%PX2CfJ?i9g4$?3_(
zJbEwIGwOw2c6CgCe@@}nnxgUq{l~2mRSRW4owZx8u$$p6(*d)m<{z$nYTBLaYW<{M
z^D~#jwWn*3oUYk9`P;{320Pw;YV_<moS9_i{;fXpzwu_*S4-9>eL6HJc$Z%Pr*h`K
zlPumFe%CrHIm7AREmJoJ{TLQ~m%2AL>(mze?rhy)qps?7{V5YOBLm}N0|Pw+K{n2W
zHV?+OA5M&nEG*1SYzM$`Dl5#$_@9NzfWd$p#N!7^G4DW2Qp}*BjIS=ACEw>&_U+7<
zuG^wpzx>}X&DLQvXU?@|zUwoed_MJ@^X-9>lRM-2zGy{yo>!^yvz^~5UdP*DZ^6Fq
zcJD)unp@7ANB;Ewoz~>~aHXAtgA#kw_v#2K=LVb9iwE=1E#heVo-g?8WJFyn@ABuC
zC%Y7yFU+YaUvprB=-mm0M)&NUpU!MwueScO$?3n>zja%l3pOk$Gqk)c;q0uHxA(a5
z-&-@6Ey;e7{IaDpOmA9o{xO&MFP?TR0yh7;l(*k&_@y#CbbaZS4`LJFIbQlbFMkyW
z=bdmxmrwt_n*ZxnYsgMioAp*vvTIN9p(U|@wl7Re&N|}g`}$jv#itdm$MP)iE>Z&k
DnV?KP
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..a3fbd91f3fd4521875fafd981592dd6ea263e2b1
GIT binary patch
literal 957
zc$_n6V%}-c#I$e$GZP~d6EnZ<X9Hd~POUbNw(q=*jI68-292$T+y<O%%%Lo7!c1;K
zhWtPUKn{m6n_E$0UUI4-p8*d@fL)k1Ah9U3*igWL55(sZW)JYy4|aF)gQ?&aW_586
z4)%ocnT1(B-JSIv4V4WP;dXK|iiu>VCnq`-r>ErU73Aur=a-i0r4<>-iSrto7#JBC
z8JZgz8kt9l^BN&@2aP+M7?qHNkdc*vxrvdV0VvMJ)WpchaNyBrJ-^v;Kc0$T4lLxK
zzkRp2?L*^bKQFG0GCY;LHu|k(l#%R8!|3LB){@PWw#4wulsx_VUTN_Sr4_<_66R_l
ztKU^!yXxbVp40f3$F26p&F#J0WXgmE*j8<pDAD7bYPE3TjGq5$%2Q+87p};C)th#2
zwYam4t%!nv{;~gurd>W4KcD|fhwRpi8^0Y`C(k9bf6H{i`rPPckH7u7z4xG16Jw0H
z;a3gQKQ15iA9H-Yy;(pYuDJGn<?MhtpF)gYiANS|{<|bO@5XlJO?Kb>pQ&#C@bt5!
z(YhB4-x~j%vv-HPr&`mNNx^Bi93QPum{4+=eQHi>rK;%Ed4}bBPye4|xxJE+iJ6gs
zaj}7co`E16XF{6?W7`iWMn)DEW+n!9aCplKv#=U4Gcx`+;0E#dK~jutXvvZp6qNP{
zimqNi{VTHN>isy!*#4Ub6<icGGxk2-aKTAAMXM=m6SrwoS>cp_yH>s0Go_JV{`;!N
zxgD?OuJ#RD_eXBU9%nt>S*kCh4g|k?^~Ct&uRFdU<THL{Cwwkl?vlpt7`bopf`zO8
zSZ=l6=>BC^;r{=5M`mw--v8(Qs~LN~vlsW@;9zO`EM{P}C|t<9#&O$}X}@}6`co7Y
z|C*hC={KXJW@e7x9+~pu#c$i(f4_){kDRpslEhTgYhPc~@fF(rQj{0$TKM71^M|^J
zJWn559k!!=lWgwRlGHlk(<j)!z1x1_%npa!vr|tV_?k2!DX}W*c=4%+sanq2N!$W!
O6*L$77tdc%6%7ERwqNA{