In CTT version 18.104.22.1681 description of the test case 010 of Security Certificate Validation is as following:
"[...] Description: Attempt a secure channel and send a [untrusted] certificate which has an invalid signature, e.g. signed with wrong certificate.
Expectation: ServiceResult = BadSecurityChecksFailed [...]"
This test case makes use of a self-signed ctt_appTSincorrect certificate as client certificate.
However the certificate is actually present in trusted certificate list of the server PKI as it can be found in PKI\copyToServer\ApplicationInstance_PKI\trusted\certs. Therefore it is in fact a trusted certificate with invalid signature.
- Could it be a mistake in the test case description?
- The ctt_appTSincorrect certificate is a self-signed certificate and therefore it is also its own issuer. As the ctt_appTSincorrect certificate is trusted and hence its issuer is also trusted, isn't it?
this sound like an issue in the test case. Of course, the certificate needs to be in the trust list, otherwise the trust list check would probably already return the Bad_SecurityChecksFailed and the invalid signature would not be noticed by the application.
Could you please enter a Mantis Issue in our Bug Tracking system for the test cases unter mantis.opcfoundation.org in the CTT UA Test Cases project?