Source code

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
"use strict";
do_get_profile(); // must be called before getting nsIX509CertDB
const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
Ci.nsIX509CertDB
);
function certFromFile(certName) {
return constructCertFromFile(`test_baseline_requirements/${certName}.pem`);
}
function loadCertWithTrust(certName, trustString) {
addCertFromFile(
gCertDB,
`test_baseline_requirements/${certName}.pem`,
trustString
);
}
function checkCertOn25August2016(cert, expectedResult) {
// (new Date("2016-08-25T00:00:00Z")).getTime() / 1000
const VALIDATION_TIME = 1472083200;
return checkCertErrorGenericAtTime(
gCertDB,
cert,
expectedResult,
certificateUsageSSLServer,
VALIDATION_TIME,
false,
"example.com"
);
}
add_task(async function () {
registerCleanupFunction(() => {
Services.prefs.clearUserPref("privacy.reduceTimerPrecision");
});
Services.prefs.setBoolPref("privacy.reduceTimerPrecision", false);
loadCertWithTrust("ca", "CTu,,");
// At one time there was a preference security.pki.name_matching_mode that
// controlled whether or not mozilla::pkix would fall back to using a
// certificate's subject common name during name matching. This no longer
// exists, and certificates that previously required the fallback should fail
// to verify.
await checkCertOn25August2016(
certFromFile("no-san-recent"),
SSL_ERROR_BAD_CERT_DOMAIN
);
await checkCertOn25August2016(
certFromFile("no-san-old"),
SSL_ERROR_BAD_CERT_DOMAIN
);
await checkCertOn25August2016(
certFromFile("no-san-older"),
SSL_ERROR_BAD_CERT_DOMAIN
);
await checkCertOn25August2016(
certFromFile("san-contains-no-hostnames-recent"),
SSL_ERROR_BAD_CERT_DOMAIN
);
await checkCertOn25August2016(
certFromFile("san-contains-no-hostnames-old"),
SSL_ERROR_BAD_CERT_DOMAIN
);
await checkCertOn25August2016(
certFromFile("san-contains-no-hostnames-older"),
SSL_ERROR_BAD_CERT_DOMAIN
);
});