diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/https-first/test_bad_cert.html | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/https-first/test_bad_cert.html')
-rw-r--r-- | dom/security/test/https-first/test_bad_cert.html | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/dom/security/test/https-first/test_bad_cert.html b/dom/security/test/https-first/test_bad_cert.html new file mode 100644 index 0000000000..d7e9296d97 --- /dev/null +++ b/dom/security/test/https-first/test_bad_cert.html @@ -0,0 +1,67 @@ +<!DOCTYPE HTML> +<html> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=1719309 +Test that bad cert sites won't get upgraded by https-first +--> + +<head> + <title>HTTPS-FirstMode - Bad Certificates</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> + +<body> + <h1>HTTPS-First Mode</h1> + <p>Test: Downgrade bad certificates without warning page </p> + <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1706351">Bug 1719309</a> + + <script class="testbody" type="text/javascript"> + "use strict"; + /* + * We perform the following tests: + * 1. Request nocert.example.com which is a site without a certificate + * 2. Request a site with self-signed cert (self-signed.example.com) + * 3. Request a site with an untrusted cert (untrusted.example.com) + * 4. Request a site with an expired cert + * 5. Request a site with an untrusted and expired cert + * 6. Request a site with no subject alternative dns name matching + * + * Expected result: Https-first tries to upgrade each request. Receives for each one an SSL_ERROR_* + * and downgrades back to http. + */ + const badCertificates = ["nocert","self-signed", "untrusted","expired","untrusted-expired", "no-subject-alt-name"]; + let currentTest = 0; + let testWin; + window.addEventListener("message", receiveMessage); + + // Receive message and verify that it is from an http site. + // Verify that we got the correct message and an http scheme + async function receiveMessage(event) { + let data = event.data; + let currentBadCert = badCertificates[currentTest]; + ok(data.result === "downgraded", "Downgraded request " + currentBadCert); + ok(data.scheme === "http:", "Received 'http' for " + currentBadCert); + testWin.close(); + if (++currentTest < badCertificates.length) { + startTest(); + return; + } + window.removeEventListener("message", receiveMessage); + SimpleTest.finish(); + } + + async function startTest() { + const currentCode = badCertificates[currentTest]; + // make a request to a subdomain of example.com with a bad certificate + testWin = window.open(`http://${currentCode}.example.com/tests/dom/security/test/https-first/file_bad_cert.sjs`); + } + + // Set preference and start test + SpecialPowers.pushPrefEnv({ set: [ + ["dom.security.https_first", true], + ]}, startTest); + SimpleTest.waitForExplicitFinish(); + </script> +</body> +</html> |