From Fedora Project Wiki

Revision as of 08:57, 21 March 2013 by Stefw (talk | contribs) (Update for new paths)

Description

This test verifies that certificate trust still works as expected, given the default list of certificate authority anchors.

Setup

  1. Make sure to complete the prerequisites before starting this test.
  2. This test case connects to bugzilla.redhat.com on port 443

How to test

  1. Verify that openssl recognizes the system anchors:
    $ openssl s_client -verify 5 -connect bugzilla.redhat.com:443
    You should see: Verify return code: 0 (ok)
    Press Ctrl-C to exit
  2. Check that gnutls recognizes the system anchors:
    $ gnutls-cli -p 443 bugzilla.redhat.com
    You should see: Status: The certificate is trusted.
    Press Ctrl-C to exit
  3. Check that curl recognizes the system anchors:
    $ curl -w "Verify: %{ssl_verify_result}\n" --head https://bugzilla.redhat.com
    You should see: Verify: 0
  4. Firefox should use the system anchors:
    $ firefox https://bugzilla.redhat.com
    The page should load without an error message.
    Left of the URL should have a standard gray padlock, without a warning triangle.
    When you hover your mouse over the gray padlock, it should say "Verified by: GoTrust, Inc."
    Click on the icon, then click on More Information, then on View Certificate, , then on Details. Click on the top certificate (top line) in the Certificate Hierarchy. In certificate fields there should be a line that says: "Default Trust:GeoTrust Global CA"
    Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".
  5. Epiphany should use the system anchors:
    $ epiphany https://bugzilla.redhat.com
    Right of the URL bar should have a standard gray padlock
    Clicking on the padlock should show a window which says "The identity of this website has been verified"
    Messages on the console from firefox are probably unrelated to this test, unless they say "p11-kit".
  6. Java should use the system anchors:
    $ java -classpath ~/certificate-trust-test-cases TestCertTrust https://bugzilla.redhat.com/
    This uses the java test program that you compiled in the prerequisites.
    The output should say connection worked

Expected Results

While executing each of the above commands, check the output matches what's noted for each command. You should see no errors or warnings about invalid certificates or verification that failed.



Troubleshooting

  • No notes at this time