From Fedora Project Wiki

(Initial test case page)
 
mNo edit summary
 
(5 intermediate revisions by one other user not shown)
Line 2: Line 2:
|description=This test verifies that certificate trust still works as expected, given the default list of certificate authority anchors.
|description=This test verifies that certificate trust still works as expected, given the default list of certificate authority anchors.
|setup=
|setup=
# Make sure to complete the [[Test_Day:2013-03-28_Shared_System_Certificates/Prerequisites|prerequisites before starting this test]].
# Make sure to complete the [[QA:Testcase_Certificate_Trust:Prerequisites|prerequisites before starting this test]].
# This test case connects to ''bugzilla.redhat.com'' on port ''443''
# This test case connects to ''bugzilla.redhat.com'' on port ''443''
|actions=
|actions=
# Verify that openssl recognizes the system anchors:
# Verify that openssl recognizes the system anchors:
#: <pre>openssl s_client -verify 5 -connect bugzilla.redhat.com:443</pre>
#: <pre>$ openssl s_client -verify 5 -connect bugzilla.redhat.com:443</pre>
#: You should see: <code>Verify return code: 0 (ok)</code>
#: You should see: <code>Verify return code: 0 (ok)</code>
#: Press Ctrl-C to exit
#: Press Ctrl-C to exit
# Check that gnutls recognizes the system anchors:
# Check that gnutls recognizes the system anchors:
#: <pre>gnutls-cli -p 443 bugzilla.redhat.com</pre>
#: <pre>$ gnutls-cli -p 443 bugzilla.redhat.com</pre>
#: You should see: <code>Status: The certificate is trusted.</code>
#: You should see: <code>Status: The certificate is trusted.</code>
#: Press Ctrl-C to exit
#: Press Ctrl-C to exit
# Check that curl recognizes the system anchors:
# Check that curl recognizes the system anchors:
#: <pre>curl --head https://bugzilla.redhat.com:443</pre>
#: <pre>$ curl -w "Verify: %{ssl_verify_result}\n" --head https://bugzilla.redhat.com</pre>
#: You should see: <code>HTTP/1.1 200 OK</code>
#: You should see: <code>Verify: 0</code>
# Firefox should use the system anchors:
# Firefox should use the system anchors:
#: <pre>firefox https://bugzilla.redhat.com</pre>
#: <pre>$ firefox https://bugzilla.redhat.com</pre>
#: The page should load without an error message.
#: The page should load without an error message.
#: Left of the URL should have a good padlock (xxxx)
#: Left of the URL should have a standard gray padlock, without a warning triangle.
#: When you hover your mouse over the gray padlock, it should say "Verified by: GeoTrust, Inc."
#: Click on the icon, then click on ''More Information'', then on ''View Certificate'', , then on ''Details''. Click on the top certificate (top line) in the ''Certificate Hierarchy''. In certificate fields there should be a line that says: "Default Trust:GeoTrust Global CA"
#: Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".
# Epiphany should use the system anchors:
# Epiphany should use the system anchors:
#: <pre>$ epiphany https://bugzilla.redhat.com</pre>
#: <pre>$ epiphany https://bugzilla.redhat.com</pre>
#: Right of the URL bar should have a gray padlock
#: Right of the URL bar should have a standard gray padlock
#: Clicking on the padlock should show a window which says "The identity of this website has been verified"
#: Messages on the console from epiphany are probably unrelated to this test, unless they say "p11-kit".
# Java should use the system anchors:
# Java should use the system anchors:
#: <pre>$ java testbz443</pre>
#: <pre>$ java -classpath ~/certificate-trust-test-cases TestCertTrust https://bugzilla.redhat.com/</pre>
#: This uses the java test program that you compiled in the prerequisites.
#: This uses the java test program that you compiled in the prerequisites.
#: The output should say <code>connection worked</code>
#: The output should say <code>connection worked</code>


|results=
|results=
While executing each of the above commands, check the output matches what's noted for each command.
While executing each of the above commands, check the output matches what's noted for each command. You should see no errors or warnings about invalid certificates or verification that failed.
}}
}}



Latest revision as of 11:47, 28 March 2013

Description

This test verifies that certificate trust still works as expected, given the default list of certificate authority anchors.

Setup

  1. Make sure to complete the prerequisites before starting this test.
  2. This test case connects to bugzilla.redhat.com on port 443

How to test

  1. Verify that openssl recognizes the system anchors:
    $ openssl s_client -verify 5 -connect bugzilla.redhat.com:443
    You should see: Verify return code: 0 (ok)
    Press Ctrl-C to exit
  2. Check that gnutls recognizes the system anchors:
    $ gnutls-cli -p 443 bugzilla.redhat.com
    You should see: Status: The certificate is trusted.
    Press Ctrl-C to exit
  3. Check that curl recognizes the system anchors:
    $ curl -w "Verify: %{ssl_verify_result}\n" --head https://bugzilla.redhat.com
    You should see: Verify: 0
  4. Firefox should use the system anchors:
    $ firefox https://bugzilla.redhat.com
    The page should load without an error message.
    Left of the URL should have a standard gray padlock, without a warning triangle.
    When you hover your mouse over the gray padlock, it should say "Verified by: GeoTrust, Inc."
    Click on the icon, then click on More Information, then on View Certificate, , then on Details. Click on the top certificate (top line) in the Certificate Hierarchy. In certificate fields there should be a line that says: "Default Trust:GeoTrust Global CA"
    Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".
  5. Epiphany should use the system anchors:
    $ epiphany https://bugzilla.redhat.com
    Right of the URL bar should have a standard gray padlock
    Clicking on the padlock should show a window which says "The identity of this website has been verified"
    Messages on the console from epiphany are probably unrelated to this test, unless they say "p11-kit".
  6. Java should use the system anchors:
    $ java -classpath ~/certificate-trust-test-cases TestCertTrust https://bugzilla.redhat.com/
    This uses the java test program that you compiled in the prerequisites.
    The output should say connection worked

Expected Results

While executing each of the above commands, check the output matches what's noted for each command. You should see no errors or warnings about invalid certificates or verification that failed.



Troubleshooting

  • No notes at this time