[DEFAULT]
head = head_psm.js
tags = psm condprof
firefox-appdir = browser
skip-if = os == 'win' && msix # https://bugzilla.mozilla.org/show_bug.cgi?id=1809477
support-files =
  corrupted_crlite_helper.js
  bad_certs/**
  ocsp_certs/**
  test_baseline_requirements/**
  test_broken_fips/**
  test_cert_eku/**
  test_cert_embedded_null/**
  test_cert_isBuiltInRoot_reload/**
  test_cert_keyUsage/**
  test_cert_overrides_read_only/**
  test_cert_sha1/**
  test_cert_signatures/**
  test_cert_storage_direct/**
  test_cert_storage_preexisting/**
  test_cert_storage_preexisting_crlite/**
  test_cert_trust/**
  test_cert_utf8/**
  test_cert_version/**
  test_certDB_import/**
  test_client_auth_remember_service/**
  test_content_signing/**
  test_crlite_filters/**
  test_crlite_preexisting/**
  test_crlite_corrupted/**
  test_ct/**
  test_delegated_credentials/**
  test_encrypted_client_hello/**
  test_ev_certs/**
  test_faulty_server/**
  test_intermediate_basic_usage_constraints/**
  test_intermediate_preloads/**
  test_keysize/**
  test_keysize_ev/**
  test_missing_intermediate/**
  test_name_constraints/**
  test_ocsp_url/**
  test_onecrl/**
  test_sanctions/**
  test_sdr_preexisting/**
  test_sdr_preexisting_with_password/**
  test_self_signed_certs/**
  test_signed_apps/**
  test_validity/**
  tlsserver/**

[test_add_preexisting_cert.js]
[test_baseline_requirements_subject_common_name.js]
[test_blocklist_onecrl.js]
# Skip signature tests for Thunderbird (Bug 1341983).
skip-if = appname == "thunderbird"
tags = remote-settings blocklist psm
[test_broken_fips.js]
# FIPS has never been a thing on Android, so the workaround doesn't
# exist on that platform.
# FIPS still works on Linux, so this test doesn't make any sense there.
# FIPS still works on Windows, but running the test to ensure that it does not
# break with a non-ASCII profile path.
skip-if = toolkit == 'android' || os == 'linux'
[test_cert_storage.js]
tags = addons psm blocklist
[test_cert_storage_broken_db.js]
[test_cert_storage_direct.js]
[test_cert_storage_preexisting.js]
[test_cert_storage_preexisting_crlite.js]
# This test cannot succeed on 32-bit platforms. See bugs 1546361 and 1548956.
skip-if = bits != 64
[test_cert_chains.js]
run-sequentially = hardcoded ports
[test_cert_dbKey.js]
[test_cert_eku.js]
[test_cert_embedded_null.js]
[test_cert_expiration_canary.js]
run-if = nightly_build
[test_cert_keyUsage.js]
[test_cert_isBuiltInRoot.js]
[test_cert_isBuiltInRoot_reload.js]
[test_cert_overrides.js]
run-sequentially = hardcoded ports
[test_cert_overrides_read_only.js]
run-sequentially = hardcoded ports
[test_cert_override_read.js]
[test_cert_sha1.js]
[test_cert_signatures.js]
[test_cert_trust.js]
[test_cert_version.js]
[test_cert_utf8.js]
[test_certDB_export_pkcs12.js]
[test_certDB_export_pkcs12_with_primary_password.js]
[test_certDB_import.js]
# nsCertificateDialogs not available in geckoview, bug 1554276
skip-if = toolkit == 'android' && processor == 'x86_64'
[test_certDB_import_pkcs12.js]
[test_certDB_import_with_primary_password.js]
# nsCertificateDialogs not available in geckoview, bug 1554276
skip-if = toolkit == 'android' && processor == 'x86_64'
[test_client_auth_remember_service_read.js]
[test_constructX509FromBase64.js]
[test_content_signing.js]
[test_crlite_filters.js]
tags = remote-settings psm
[test_crlite_preexisting.js]
[test_crlite_filter_corrupted.js]
[test_crlite_stash_corrupted.js]
[test_crlite_enrollment_version.js]
[test_crlite_enrollment_trunc1.js]
[test_crlite_coverage_version.js]
[test_crlite_coverage_trunc1.js]
[test_crlite_coverage_trunc2.js]
[test_crlite_coverage_trunc3.js]
[test_crlite_coverage_missing.js]
[test_ct.js]
# Requires hard-coded debug-only data
skip-if = !debug
run-sequentially = hardcoded ports
[test_db_format_pref_new.js]
# Android always has and always will use the new format, so
# this test doesn't apply.
skip-if = toolkit == 'android'
  condprof  # Bug 1769154 - as designed
[test_delegated_credentials.js]
run-sequentially = hardcoded ports
[test_encrypted_client_hello.js]
run-sequentially = hardcoded ports
[test_encrypted_client_hello_client_only.js]
run-sequentially = hardcoded ports
[test_der.js]
[test_enterprise_roots.js]
# This feature is implemented for Windows and OS X. However, we don't currently
# have a way to test it on OS X.
skip-if = os != 'win'
[test_ev_certs.js]
tags = blocklist psm
run-sequentially = hardcoded ports
[test_forget_about_site_security_headers.js]
[test_hash_algorithms.js]
[test_hash_algorithms_wrap.js]
# bug 1124289 - run_test_in_child violates the sandbox on android
skip-if = toolkit == 'android'
[test_intermediate_basic_usage_constraints.js]
[test_intermediate_preloads.js]
run-sequentially = hardcoded ports
tags = blocklist psm remote-settings
[test_allow_all_cert_errors.js]
run-sequentially = hardcoded ports
[test_keysize.js]
[test_keysize_ev.js]
run-sequentially = hardcoded ports
[test_logoutAndTeardown.js]
skip-if = socketprocess_networking && os == "linux" && debug
run-sequentially = hardcoded ports
[test_missing_intermediate.js]
run-sequentially = hardcoded ports
[test_name_constraints.js]
[test_nonascii_path.js]
[test_nsCertType.js]
run-sequentially = hardcoded ports
[test_nsIX509Cert_utf8.js]
[test_nsIX509CertValidity.js]
[test_ocsp_caching.js]
run-sequentially = hardcoded ports
[test_ocsp_enabled_pref.js]
run-sequentially = hardcoded ports
[test_ocsp_must_staple.js]
run-sequentially = hardcoded ports
[test_ocsp_private_caching.js]
run-sequentially = hardcoded ports
skip-if = condprof  # Bug 1769154 - should look into this
[test_ocsp_no_hsts_upgrade.js]
run-sequentially = hardcoded ports
[test_ocsp_required.js]
run-sequentially = hardcoded ports
[test_ocsp_stapling.js]
run-sequentially = hardcoded ports
[test_ocsp_stapling_expired.js]
run-sequentially = hardcoded ports
[test_ocsp_stapling_with_intermediate.js]
run-sequentially = hardcoded ports
[test_ocsp_timeout.js]
skip-if = (os == "win" && socketprocess_networking)
run-sequentially = hardcoded ports
[test_ocsp_url.js]
run-sequentially = hardcoded ports
[test_oskeystore.js]
skip-if = apple_silicon # bug 1729538
[test_osreauthenticator.js]
# Reauthentication has been implemented on Windows and MacOS, so running this
# test results in the OS popping up a dialog, which means we can't run it in
# automation.
skip-if = os == 'win' || os == 'mac'
[test_password_prompt.js]
[test_pinning.js]
run-sequentially = hardcoded ports
[test_sdr.js]
[test_sdr_preexisting.js]
# Not relevant to Android. See the comment in the test.
skip-if = toolkit == 'android'
[test_sdr_preexisting_with_password.js]
# Not relevant to Android. See the comment in the test.
skip-if = toolkit == 'android'
[test_self_signed_certs.js]
[test_session_resumption.js]
skip-if = 
  os == "win" # Bug 1585916
run-sequentially = hardcoded ports
[test_signed_apps.js]
[test_ssl_status.js]
run-sequentially = hardcoded ports
[test_sss_eviction.js]
skip-if = condprof  # Bug 1769154 - as designed
[test_sss_originAttributes.js]
[test_sss_readstate.js]
skip-if = condprof  # Bug 1769154 - as designed
[test_sss_readstate_empty.js]
skip-if = condprof  # Bug 1769154 - as designed
[test_sss_readstate_garbage.js]
skip-if = condprof  # Bug 1769154 - as designed
[test_sss_readstate_huge.js]
skip-if = condprof  # Bug 1769154 - as designed
[test_sss_resetState.js]
[test_sss_savestate.js]
skip-if = condprof  # Bug 1769154 - as designed
[test_sss_sanitizeOnShutdown.js]
firefox-appdir = browser
# Sanitization works differently on Android - this doesn't apply.
# browser/modules/Sanitizer.jsm used by the test isn't available in Thunderbird.
skip-if = toolkit == 'android' || appname == 'thunderbird'
[test_sts_fqdn.js]
[test_sts_ipv4_ipv6.js]
[test_sts_parser.js]
[test_sts_preloadlist_perwindowpb.js]
[test_sts_preloadlist_selfdestruct.js]
[test_sanctions_symantec_apple_google.js]
run-sequentially = hardcoded ports
[test_validity.js]
run-sequentially = hardcoded ports
[test_x509.js]