Closed
Bug 1004270
Opened 10 years ago
Closed 10 years ago
psm tests: use sql cert/key dbs so we can run tests on android
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla32
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
111.91 KB,
patch
|
briansmith
:
review+
|
Details | Diff | Splinter Review |
NSS in Firefox for Android apparently can only use the SQL cert/key DBs, so we need to update the psm tests in order to run them on Android. Basically, we need to set the environment variable NSS_DEFAULT_DB_TYPE=sql in generate_certs.sh and tlsserver.
Assignee | ||
Comment 1•10 years ago
|
||
Comment 2•10 years ago
|
||
Comment on attachment 8415642 [details] [diff] [review] patch Review of attachment 8415642 [details] [diff] [review]: ----------------------------------------------------------------- I'm assuming that all the binary files are just conversions of to sqlite. ::: security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp @@ +113,5 @@ > exit(EXIT_FAILURE); > } > const char* dbdir = argv[1]; > > + if (PR_SetEnv("NSS_DEFAULT_DB_TYPE=sql") != SECSuccess) { 1. Please add a comment describing why we're doing this. 2. I believe the same effect can be achieved by having the "sql:" prefix added to argv[1] by the calling application. It may be better to do that because then we could have this logic centralized into one place, instead of in every test program that needs access to private keys. (See https://wiki.mozilla.org/NSS_Shared_DB.) ::: security/manager/ssl/tests/unit/tlsserver/generate_certs.sh @@ +26,5 @@ > OUTPUT_DIR=${2} > RUN_MOZILLA="$OBJDIR/dist/bin/run-mozilla.sh" > CERTUTIL="$OBJDIR/dist/bin/certutil" > > +export NSS_DEFAULT_DB_TYPE=sql Does this need to be exported? NSS_DEFAULT_DB_TYPE=sql isn't good enough? Also, please add a comment about why we're doing this. ::: security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp @@ +243,5 @@ > if (callbackPort) { > gCallbackPort = atoi(callbackPort); > } > > + if (PR_SetEnv("NSS_DEFAULT_DB_TYPE=sql") != SECSuccess) { Ditto the comments for GenerateOCSPResponse.cpp.
Attachment #8415642 -
Flags: review?(brian) → review+
Assignee | ||
Comment 3•10 years ago
|
||
Ok - I switched to using "sql:<directory>" when running the test binaries. I thought it was also more clear to basically do the same thing in generate_certs.sh instead of messing with environment variables. This did involve changing each invocation of certutil, but I think it's clear this way. I also added comments.
Attachment #8415642 -
Attachment is obsolete: true
Attachment #8416749 -
Flags: review?(brian)
Assignee | ||
Comment 4•10 years ago
|
||
Here's a try run that tests the important things: https://tbpl.mozilla.org/?tree=Try&rev=a009d0845e30 (The android xpcshell oranges are because I attempted to enable these tests on that platform, but there's still more work to do for that to work (one is it looks like we can't use port 8080 for OCSP, because it's already in use by something else)).
Assignee | ||
Updated•10 years ago
|
Updated•10 years ago
|
Attachment #8416749 -
Flags: review?(brian) → review+
Assignee | ||
Comment 5•10 years ago
|
||
Awesome - thanks. https://hg.mozilla.org/integration/mozilla-inbound/rev/f1f88dcc871d
https://hg.mozilla.org/mozilla-central/rev/f1f88dcc871d
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
You need to log in
before you can comment on or make changes to this bug.
Description
•