The various test cases for the Shared System Certificates Test day require some preparation. Some of this is done for you by using the live CD.
TODO: Document what's included on the Live CD.
Necessary Software
Install this software:
$ sudo yum install gnutls-utils nss-tools openssl firefox epiphany java-1.7.0-openjdk-devel wget
Make sure the following software is at least these versions:
- p11-kit: 0.17.4
- p11-kit-trust: 0.17.4
- ca-certficates: 2012.87-9
- nss: 3.14.3-10
$ sudo yum update p11-kit p11-kit-trust ca-certificates nss
Ensure you have sudo permission
Because we are configuring the default system behaviour, the user account that you will use for testing needs permission to use the sudo command. You can test using
sudo bash
If it works, good. If not, you must login to your system as the root user, edit file /etc/sudoers and add the following line. Replace the word myself with the name of your user account.
myself ALL=(ALL) ALL
Firefox Profiles
For tests that involve firefox, please use a fresh Firefox profile (firefox -P) prior to a each new test cycle. This is to make sure that changes made to CA trust settings from earlier tests will be cleaned, and that you will get the exact behaviour as described on this page. An alternative to creating a fresh profile, quit Firefox and run
$ rm -f ~/.mozilla/firefox/*/*.db $ ls ~/.mozilla/firefox/*/*.db ls: cannot access ~/.mozilla/firefox/*/*.db: No such file or directory
Test Fixture Files
Install one file that we'll use for the entire time during our tests:
cd /etc/pki/ca-trust/source/ sudo wget http://kuix.de/fedora/p11-kit-f19/distrust-test-sub.p11-kit
Download a few files and tools that we'll use later:
cd /tmp/ wget http://kuix.de/fedora/p11-kit-f19/ca.pem wget http://kuix.de/fedora/p11-kit-f19/testing-default-distrust.p11-kit wget http://kuix.de/fedora/p11-kit-f19/test9430.java wget http://kuix.de/fedora/p11-kit-f19/test9431.java wget http://kuix.de/fedora/p11-kit-f19/testbz443.java javac test9430.java javac test9431.java javac testbz443.java
Test commands information
This section lists the commands that we will use to see the current system behaviour, and that we will re-run times whenever we modify the system configuration. These will be listed in the individual test cases, but to give an overview:
Test (A): Testing with OpenSSL command line tool:
openssl s_client -verify 5 -connect HOST:PORT
Test (B): Testing with GnuTLS command line tool:
gnutls-cli -p PORT HOST
Test (C): Testing curl curl command line tool:
curl --head https://HOST:PORT
Test (D): Testing with Firefox (uses NSS), open:
https://HOST:PORT
Test (E): Testing with Epiphany (uses GnuTLS), open:
https://HOST:PORT
Test (F): For Java we'll use our compiled minimal programs (above).