| blob | 1a3af4d22e2c5a8104f96bc89457cf300425e422 |
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
2 // This Source Code Form is subject to the terms of the Mozilla Public
3 // License, v. 2.0. If a copy of the MPL was not distributed with this
4 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 "use strict";
8 // Tests that if a server does not send a complete certificate chain, we can
9 // make use of cached intermediates to build a trust path.
11 do_get_profile(); // must be called before getting nsIX509CertDB
13 registerCleanupFunction(() => {
14 let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
15 certDir.append("bad_certs");
16 Assert.ok(certDir.exists(), "bad_certs should exist");
17 let args = ["-D", "-n", "manually-added-missing-intermediate"];
18 run_certutil_on_directory(certDir.path, args, false);
19 });
21 function run_test() {
22 add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
23 // If we don't know about the intermediate, we'll get an unknown issuer error.
24 add_connection_test(
25 "ee-from-missing-intermediate.example.com",
26 SEC_ERROR_UNKNOWN_ISSUER
27 );
29 // Make BadCertAndPinningServer aware of the intermediate.
30 add_test(() => {
31 let args = [
32 "-A",
33 "-n",
34 "manually-added-missing-intermediate",
35 "-i",
36 "test_missing_intermediate/missing-intermediate.pem",
37 "-a",
38 "-t",
39 ",,",
40 ];
41 let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
42 certDir.append("bad_certs");
43 Assert.ok(certDir.exists(), "bad_certs should exist");
44 run_certutil_on_directory(certDir.path, args);
45 run_next_test();
46 });
48 // BadCertAndPinningServer should send the intermediate now, so the
49 // connection should succeed.
50 add_connection_test(
51 "ee-from-missing-intermediate.example.com",
52 PRErrorCodeSuccess
53 );
55 run_next_test();
56 }