View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005771 | CTT UA Test Case | 4 - Test Case Definition | public | 2020-07-01 07:44 | 2022-08-02 20:06 |
Reporter | Jan Murzyn | Assigned To | Sebastian Allmendinger | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | assigned | Resolution | reopened | ||
Summary | 0005771: Security Certificate Validation case 052 should allow an error response, or a different endpoint should be used. | ||||
Description | In this test CTT is expecting successful connection to the Basic128Rsa15 endpoint by sending a certificate with 4096-bit long key. Our server currently responds with BadSecurityConfig 0x81080000 (that's coming from the SDK), which, in my understanding, is not a code that should be used in the service response. If this test is going to allow the error response, what error code would be expected? | ||||
Tags | Security | ||||
Files Affected | |||||
|
Bad_SecurityChecksFailed is the error code that should be returned |
|
Updated the test case to allow server to reject the connection with BadSecurityChecksFailed if SecurityPolicy#Basic128Rsa15 or SecurityPolicy#Basic256 is used. |
|
As part of the review it was determined that the fix is a partial fix only. The actual fix should ensure that certificates that are above the max size are rejected. The checked in fix is being left as a work around until the final fixes are applied |
|
This issue shall result in a larger set of changes , in that each security policy has a range and all test case should be updated for this set of tests this will mean some test cases such as 49-52 will need to be marked as obsolete. |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-07-01 07:44 | Jan Murzyn | New Issue | |
2020-07-01 07:44 | Jan Murzyn | Tag Attached: Security | |
2020-07-10 17:34 | Paul Hunkar | Assigned To | => Alexander Allmendinger |
2020-07-10 17:34 | Paul Hunkar | Status | new => assigned |
2020-07-10 17:35 | Paul Hunkar | Note Added: 0012591 | |
2021-02-25 16:26 | Sebastian Allmendinger | Assigned To | Alexander Allmendinger => Sebastian Allmendinger |
2021-02-25 20:52 | Sebastian Allmendinger | Note Added: 0013829 | |
2021-02-25 20:53 | Sebastian Allmendinger | Status | assigned => resolved |
2021-02-25 20:53 | Sebastian Allmendinger | Resolution | open => fixed |
2021-02-25 20:53 | Sebastian Allmendinger | Fixed in Version | => 1.03.341.398 |
2021-03-25 15:30 | Paul Hunkar | Status | resolved => feedback |
2021-03-25 15:30 | Paul Hunkar | Resolution | fixed => reopened |
2021-03-25 15:30 | Paul Hunkar | Note Added: 0014073 | |
2021-03-25 15:30 | Paul Hunkar | Status | feedback => assigned |
2021-03-25 15:36 | Paul Hunkar | Note Added: 0014074 | |
2022-08-02 20:06 | Paul Hunkar | Project | Compliance Test Tool (CTT) Unified Architecture => CTT UA Test Case |