Open
Description
Describe the feature you'd like supported
We support a number of scenarios related to certificates (and will have more coming with client certs in the queue) but we have minimal testing for these. We should add more positive and negative test cases in these areas.
- Accept valid server certificate (chain to trusted root)
- Accept valid client certificate (chain to trusted root)
- Specific invalid certificate failures (expired, wrong EKU, etc.)
- Expired server certificate
- Expired client certificate
- Untrusted server certificate
- Untrusted client certificate
- Specific look-up mechanisms (hash, principal name, different stores, etc.)
- Hash (MY store)
- Hash store (MY store)
- Context
- Principal name (Depends on Completely support Principal name for Schannel TLS #1329)
- OpenSSL file
- OpenSSL file with password
- OpenSSL PFX with password
- More coverage of the cert callback mechanism (at QUIC layer). Cover the flag for cert validation.
- Portable certificates flag
- Client certificate
- OpenSSL
- Schannel
- Server certificate
- OpenSSL
- Schannel
- Client certificate
- Ensure certificates are usable
- Client certificate
- OpenSSL
- Schannel
- Server certificate
- OpenSSL
- Schannel
- Client certificate
- Portable certificates flag
- Revocation checking
- Valid certificate
- CRL Offline
- Check the whole chain
- Check only the leaf
- Check chain excluding root
- Cache only
- Cache only with cache expired
- Revoked certificate
- CRL Offline
- Check the whole chain
- Check only the leaf
- Check chain excluding root
- Cache only
- Cache only with cache expired
- Valid certificate
- OCSP
How do different error codes get exposed to the app? Might need core work around exposing individual error codes (might be worth a separate task).
Metadata
Metadata
Assignees
Type
Projects
Status
No status
Status
No status