Closed
Bug 1146314
Opened 9 years ago
Closed 9 years ago
Test failure 'sec_error_expired_certificate != sec_error_unknown_issuer' in testSecurityNotification.js
Categories
(Mozilla QA Graveyard :: Mozmill Tests, defect, P1)
Mozilla QA Graveyard
Mozmill Tests
Tracking
(firefox37 unaffected, firefox38 fixed, firefox39 fixed)
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox37 | --- | unaffected |
firefox38 | --- | fixed |
firefox39 | --- | fixed |
People
(Reporter: whimboo, Assigned: whimboo)
References
()
Details
(Keywords: regression, Whiteboard: [mozmill-test-failure])
Attachments
(4 files)
1.01 KB,
patch
|
Details | Diff | Splinter Review | |
44.17 KB,
image/png
|
Details | |
47.75 KB,
image/png
|
Details | |
2.48 KB,
patch
|
chmanchester
:
review+
|
Details | Diff | Splinter Review |
This test failure started to happen over the weekend and totally breaks our tests across Nightly, and Aurora so far. I haven't tested with beta and release yet. ERROR | Test Failure | { "fail": { "message": "The error code is a SEC Expired certificate error - 'summitbook.mozilla.org uses an invalid security certificate.\n\nThe certificate is not trusted because the issuer certificate is unknown.\nThe server might not be sending the appropriate intermediate certificates.\nAn additional root certificate may need to be imported.\nThe certificate expired on 7/8/2011 5:41 AM. The current time is 3/22/2015 6:57 AM.\n\n(Error code: sec_error_unknown_issuer)\n' should contain 'sec_error_expired_certificate'", "fileName": "file:///c:/jenkins/workspace/mozilla-central_remote/data/mozmill-tests/firefox/tests/remote/testSecurity/testSecurityNotification.js", "name": "testSecNotification", "lineNumber": 70 }
Assignee | ||
Updated•9 years ago
|
Keywords: regression,
regressionwindow-wanted
Assignee | ||
Comment 1•9 years ago
|
||
Definitely a regression in our tests or in Firefox as started yesterday March 22nd. Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=b8e628af0b5c&tochange=82ae3b4e2215 It's worth investigating because it's our P1 test area for conversation to Marionette. I will skip this test on default and aurora for now.
Assignee | ||
Comment 2•9 years ago
|
||
Assignee | ||
Comment 3•9 years ago
|
||
Skip patch landed: https://hg.mozilla.org/qa/mozmill-tests/rev/2c26c90e52db (default) https://hg.mozilla.org/qa/mozmill-tests/rev/b1d615a2c8b9 (aurora)
Assignee: nobody → hskupin
Status: NEW → ASSIGNED
status-firefox37:
--- → unaffected
status-firefox38:
--- → disabled
status-firefox39:
--- → disabled
Whiteboard: [mozmill-test-failure] → [mozmill-test-failure][mozmill-test-skipped]
Assignee | ||
Comment 4•9 years ago
|
||
As it looks like an expired certificate is no longer listed as such in the certificate exception page. Instead it is marked as unknown issuer. The change in behavior came in via this merge from m-i: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=2a404169de2d&tochange=f949be6cd23e
Assignee | ||
Comment 5•9 years ago
|
||
This is clearly a regression in NSPR and started with the version bump to 3.18 via bug 1137470. https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=2da0cd9e724a&tochange=289fa2204f9f I will attach two screenshots for pre and post behavior. I assume that Kai will be able to tell us if something unusual is happening here or if we have to update our test.
Assignee | ||
Comment 6•9 years ago
|
||
Assignee | ||
Comment 7•9 years ago
|
||
Assignee | ||
Comment 8•9 years ago
|
||
Steps: 1. Take latest Nightly or Aurora 2. Open https://summitbook.mozilla.org/ 3. Expand the "Technical Details" section As you will notice the error code has been changed: the sec_error_expired_certificate => sec_error_unknown_issuer Kaie, if that is a problem I will get a new bug filed for NSPR. Please let me know. Thanks.
Assignee | ||
Updated•9 years ago
|
Summary: Test failure 'The error code is a SEC Expired certificate error...' in testSecurityNotification.js → Test failure 'sec_error_expired_certificate != sec_error_unknown_issuer' in testSecurityNotification.js
Comment 9•9 years ago
|
||
Henrik, the change in behaviour is expected. The upgrade to NSS included bug 986019. We removed an old Equifax root CA certificate from the NSS and Firefox trust store, because we are phasing out CA certificates that use a weaker key with only 1024 bit. The server certificate used by summitbook.mozilla.org was issued by the CA that we removed. Issuer: "OU=Equifax Secure Certificate Authority,O=Equifax,C=US" Subject: "CN=summitbook.mozilla.org,O=Mozilla Corporation,L=Mountain View,ST=California,C=US,serialNumber=-csW8OPdwDOZBFy1pK2SKOEzx7o9IqlO"
Flags: needinfo?(kaie)
Assignee | ||
Comment 10•9 years ago
|
||
I see! Thanks a lot for this information Kai. As it looks like we are badly blocked on running this test until IT is able to give us a new expired certificate via bug 1106077. :(
Depends on: 1106077
Whiteboard: [mozmill-test-failure][mozmill-test-skipped] → [mozmill-test-failure][mozmill-test-skipped][blocked by bug 1106077]
Assignee | ||
Comment 11•9 years ago
|
||
Similar to the test for Marionette lets skip the code part which checks for the expired certificate only. Would be good to keep the other tests running.
Attachment #8581680 -
Flags: review?(cmanchester)
Comment 12•9 years ago
|
||
Comment on attachment 8581680 [details] [diff] [review] security_notification v1 Review of attachment 8581680 [details] [diff] [review]: ----------------------------------------------------------------- This patch trades one mode of skipping a test for another that skips less of the test. Is review for changes like these really necessary?
Attachment #8581680 -
Flags: review?(cmanchester) → review+
Assignee | ||
Comment 13•9 years ago
|
||
Maybe not. So in the future we should only ask for review if code changes are involved. But thanks for doing the review. Landed the changes as: https://hg.mozilla.org/qa/mozmill-tests/rev/b1589c37920a (default) https://hg.mozilla.org/qa/mozmill-tests/rev/27944d3cca56 (aurora) I will remove the skipped whiteboard entry given that only parts of the test are skipped now. The bug will stay open until we can make use of the code again. Syd, maybe you will have to re-enable it once the dependent bug has been fixed.
Whiteboard: [mozmill-test-failure][mozmill-test-skipped][blocked by bug 1106077] → [mozmill-test-failure][blocked by bug 1106077]
Whiteboard: [mozmill-test-failure][blocked by bug 1106077] → [mozmill-test-failure]
Assignee | ||
Comment 14•9 years ago
|
||
Bug 1148182 finally fixed that issue.
Updated•5 years ago
|
Product: Mozilla QA → Mozilla QA Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•