Closed
Bug 1057128
Opened 10 years ago
Closed 10 years ago
generate_certs.sh shouldn't clobber existing certs that don't need to change
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla34
People
(Reporter: keeler, Assigned: keeler)
References
Details
Attachments
(2 files, 1 obsolete file)
9.35 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
9.22 KB,
patch
|
keeler
:
review+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
See bug 1034124 comment 9 and bug 1009161 comment 18, wherein it is pointed out that additions to generate_certs.sh that involve things like adding tests shouldn't affect other tests like pinning (if everything gets regenerated, then the key hash for the pinning tests need to be updated, which involves re-generating the built-in key pinning data, which is unnecessary).
Assignee | ||
Comment 1•10 years ago
|
||
Richard, do you have time to review this? Thanks. (This is the script that generates certificates for our tlsserver-involved xpcshell tests, if you weren't already familiar with it.)
Comment 2•10 years ago
|
||
Comment on attachment 8477100 [details] [diff] [review] patch Review of attachment 8477100 [details] [diff] [review]: ----------------------------------------------------------------- Couple of minor things. ::: security/manager/ssl/tests/unit/tlsserver/generate_certs.sh @@ +35,5 @@ > +if [ "${3}" == "--clobber" ]; then > + CLOBBER=1 > +else > + CLOBBER=0 > +fi Might be slightly clearer to reorder as > CLOBBER=0 > if [...]; then CLOBBER=1 @@ +72,5 @@ > + if [ $CLOBBER -eq 1 ]; then > + echo "Found pre-existing NSS DBs. Clobbering old OCSP certs." > + rm -f "$OUTPUT_DIR/cert9.db" "$OUTPUT_DIR/key4.db" "$OUTPUT_DIR/pkcs11.txt" > + $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -N -f $PASSWORD_FILE > + fi Should there be a message here (as below) to let the user know that old stuff is persisting?
Attachment #8477100 -
Flags: review?(rlb) → review+
Assignee | ||
Comment 3•10 years ago
|
||
Great - thanks! Addressed comments, carrying over r+. https://hg.mozilla.org/integration/mozilla-inbound/rev/0a25b15c2f8f
Attachment #8477100 -
Attachment is obsolete: true
Attachment #8477510 -
Flags: review+
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/0a25b15c2f8f
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
Assignee | ||
Comment 5•10 years ago
|
||
This is needed for bug 1009161.
Attachment #8483766 -
Flags: review+
Assignee | ||
Updated•10 years ago
|
status-firefox33:
--- → affected
status-firefox34:
--- → fixed
Comment 6•10 years ago
|
||
Comment on attachment 8483766 [details] [diff] [review] patch for beta (33) [Triage Comment]
Attachment #8483766 -
Flags: approval-mozilla-beta+
Comment 7•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-beta/rev/3f1e228fac54
status-firefox32:
--- → wontfix
You need to log in
before you can comment on or make changes to this bug.
Description
•