0005154: DisableCertificateRevocationUnknown is not taken in account while validating "Security -> Security User X509 (015)" test case

ID	Project	Category	View Status	Date Submitted	Last Update

0005154	Compliance Test Tool (CTT) Unified Architecture	Api Change	public	2019-10-17 06:42	2020-07-09 14:54

Reporter	Khan Ahmed	Assigned To	Sebastian Allmendinger
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Platform	Windows	OS	Windows	OS Version	10
Product Version	1.03
Fixed in Version	1.03.341.391

Summary	0005154: DisableCertificateRevocationUnknown is not taken in account while validating "Security -> Security User X509 (015)" test case
Description	Test case in "Security -> Security User X509 (015)" contradicts the the validation with warning message that is being provided. In CTT if you enable the "DisableCertificateRevocationUnknown" and connect with server with this setting then expectation is that server will allow the connection and validation will except "Good" as response but in fact it expects "BadIdentityTokenRejected" which is wrong and which in turn fails the test case.
Tags	Security
Attached Files	TestCase015.png (17,768 bytes) TestCase015.png (17,768 bytes)

Files Affected

Paul Hunkar 2019-10-23 15:56 administrator ~0011142	This is a required function in a server, so setting the flag to skip revocation testing is only provided for internal testing. The script will be updated to switch to a warning if the DisableCertificateRevocationUnknown is set. The lab will clear the flag and require that a server does pass this test. The flag is provided for build environments where the on-line revocation may not be available. It is expected to be available in an actual test environment.

Sebastian Allmendinger 2019-11-04 10:28 developer ~0011189	Enhanced the warning/error messages to state clearly that the CertificateOverrides flags are for internal testing purposes only and a server have to pass all tests. Also added the accepted ServiceResult StatusCode.Good in the test script mentioned in the description of this Mantis entry and in one additional script (Security / Security User X509 / 005).

Paul Hunkar 2020-07-09 14:54 administrator ~0012579	Reviewed in CMP call

Date Modified	Username	Field	Change
2019-10-17 06:42	Khan Ahmed	New Issue
2019-10-17 06:42	Khan Ahmed	Tag Attached: Security
2019-10-17 06:42	Khan Ahmed	File Added: TestCase015.png
2019-10-22 15:44	Jim Luth	Project	10000-002: Security => Compliance Test Tool (CTT) Unified Architecture
2019-10-22 15:44	Jim Luth	Category	Spec => Api Change
2019-10-23 15:56	Paul Hunkar	Note Added: 0011142
2019-10-23 15:56	Paul Hunkar	Assigned To	=> Alexander Allmendinger
2019-10-23 15:56	Paul Hunkar	Status	new => assigned
2019-11-04 09:11	Sebastian Allmendinger	Assigned To	Alexander Allmendinger => Sebastian Allmendinger
2019-11-04 10:28	Sebastian Allmendinger	Status	assigned => resolved
2019-11-04 10:28	Sebastian Allmendinger	Resolution	open => fixed
2019-11-04 10:28	Sebastian Allmendinger	Fixed in Version	=> 1.03.341.391
2019-11-04 10:28	Sebastian Allmendinger	Note Added: 0011189
2020-07-09 14:54	Paul Hunkar	Status	resolved => closed
2020-07-09 14:54	Paul Hunkar	Note Added: 0012579