From 7a3a09085418b1e3f27f95aef7a975fd65b310f9 Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@briansmith.org>
Date: Mon, 6 Jan 2014 14:45:35 -0800
Subject: [PATCH] Bug 952876: Add test for bug 952808 (OCSP stapling not
 honored when there is a error entry in the OCSP cache), r=keeler

---
 ...nknown_caching.js => test_ocsp_caching.js} | 26 +++++++++++++++++++
 security/manager/ssl/tests/unit/xpcshell.ini  |  2 +-
 2 files changed, 27 insertions(+), 1 deletion(-)
 rename security/manager/ssl/tests/unit/{test_ocsp_unknown_caching.js => test_ocsp_caching.js} (75%)

diff --git a/security/manager/ssl/tests/unit/test_ocsp_unknown_caching.js b/security/manager/ssl/tests/unit/test_ocsp_caching.js
similarity index 75%
rename from security/manager/ssl/tests/unit/test_ocsp_unknown_caching.js
rename to security/manager/ssl/tests/unit/test_ocsp_caching.js
index 20654898876f..2df4cdcd635d 100644
--- a/security/manager/ssl/tests/unit/test_ocsp_unknown_caching.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_caching.js
@@ -81,6 +81,32 @@ function run_test() {
                       clearSessionCache);
   add_test(function() { do_check_eq(gFetchCount, 2); run_next_test(); });
 
+
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); gFetchCount = 0; run_next_test(); });
+
+  // A failure to retrieve an OCSP response will result in an error entry being
+  // added to the cache.
+  add_connection_test("ocsp-stapling-none.example.com", Cr.NS_OK,
+                      clearSessionCache);
+  add_test(function() { do_check_eq(gFetchCount, 1); run_next_test(); });
+
+  // The error entry will prevent a fetch from happening for a while.
+  add_connection_test("ocsp-stapling-none.example.com", Cr.NS_OK,
+                      clearSessionCache);
+  add_test(function() { do_check_eq(gFetchCount, 1); run_next_test(); });
+
+  // The error entry must not prevent a stapled OCSP response from being
+  // honored.
+  add_connection_test("ocsp-stapling-revoked.example.com",
+                      getXPCOMStatusFromNSS(SEC_ERROR_REVOKED_CERTIFICATE),
+                      clearSessionCache);
+  add_test(function() { do_check_eq(gFetchCount, 1); run_next_test(); });
+
+  //---------------------------------------------------------------------------
+
   add_test(function() { ocspResponder.stop(run_next_test); run_next_test(); });
 
   run_next_test();
diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini
index b1799c8f4a78..ecb3798ae79a 100644
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -37,7 +37,7 @@ fail-if = os == "android"
 run-sequentially = hardcoded ports
 # Bug 676972: test fails consistently on Android
 fail-if = os == "android"
-[test_ocsp_unknown_caching.js]
+[test_ocsp_caching.js]
 run-sequentially = hardcoded ports
 # Bug 676972: test fails consistently on Android
 fail-if = os == "android"