You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, guys. I need very very Your's help.
We are now trying to certify WiFi device with AFC test harness system, and got stuck with 8 server tests (our device did not passed them):
NonmatchSAN
Different root CA
MatchSuffixSAN
ServerCertRevoke
OCSPstaplingDisabled
StapledOCSPRespExpired
TLSCiperSuiteENULL
NoRootCA
So we have three questions:
General question, as I understand, the purpose of these tests is to verify, that DUT will not establish SSL/TLS session if something will be wrong with server, for example no root CA certificate, or changed CA certificate, so to verify security? Is it correct?
If I incorrectly understand purpose of the tests, could You please share link to documents from Wi-Fi Alliance where is described requirements about this 8 tests, to understand expected behavior of device in such cases.
The only I found in WiFi Alliance AFC Device (AFC DUT) Compliance Test Plan Version 1.5
3.5 AFCD.USV: Unsuccessful server validation
Incorporate adequate security measurements to prevent it from accessing AFC systems not approved
by the FCC
And the test expectation condition:
AFC DUT Test Harness waits 10 seconds, and verifies no Available Spectrum Inquiry Request is sent to it.
But if this is correct, seems there is a bug in python test code, because they are verifying that device sends SpectrunInquryRequest instead of don't sending it, if any of security issues is applied to server, like missing certificate or disabled OCSP.
Please help with it.
Thank You so much.
The text was updated successfully, but these errors were encountered:
Hello, guys. I need very very Your's help.
We are now trying to certify WiFi device with AFC test harness system, and got stuck with 8 server tests (our device did not passed them):
So we have three questions:
General question, as I understand, the purpose of these tests is to verify, that DUT will not establish SSL/TLS session if something will be wrong with server, for example no root CA certificate, or changed CA certificate, so to verify security? Is it correct?
About StapledOCSPRespExpired test.
@kntseng You added this test python code, so I hope You will help.
According to test: https://github.com/Wi-FiTestSuite/AFC-DUT/blame/891be5024005e77b1190c34c6077f7773ac4c41f/AFC-TestScript/CT_AFC_ServerValidation_STA_AFCDUSV35_StapledOCSPRespExpired_10666_1.py#L62
if device will not establish TLS/SSL session You are expecting that test will be failed. It's a little bit confusing, because our device just does not set up the SSL/TLS session, due to OCSP expiration. Also I noticed, that version of tests is 0.01 so probably they ar e in development, and shouldn't be used now for certification? Or I took a mistake, and incorrect understand the test purpose.
If I incorrectly understand purpose of the tests, could You please share link to documents from Wi-Fi Alliance where is described requirements about this 8 tests, to understand expected behavior of device in such cases.
The only I found in WiFi Alliance AFC Device (AFC DUT) Compliance Test Plan Version 1.5
3.5 AFCD.USV: Unsuccessful server validation
And the test expectation condition:
But if this is correct, seems there is a bug in python test code, because they are verifying that device sends SpectrunInquryRequest instead of don't sending it, if any of security issues is applied to server, like missing certificate or disabled OCSP.
Please help with it.
Thank You so much.
The text was updated successfully, but these errors were encountered: