Closed Bug 1151037 Opened 10 years ago Closed 10 years ago

Expired nss/test/libpkix/certs/PayPalEE.cert

Categories

(NSS :: Test, defect, P1)

Product:
NSS
Component:
Test
Version:
3.18.1
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: elio.maldonado.batiz, Assigned: KaiE)

Details

Attachments

(1 file, 1 obsolete file)

patch v2
5.09 KB, patch
Details | Diff | Splinter Review
The PayPalEE.cert expired on April 02 2015. $ pp -t c -i tests/libpkix/certs/PayPalEE.cert | grep 'Not After' Not After : Thu Apr 02 23:59:59 2015 We must update it.
Priority: -- → P1
Severity: critical → major
Summary: Expired nss/test/linplix/cert/PayPalEE.cert → Expired nss/test/libpkix/cert/PayPalEE.cert
Summary: Expired nss/test/libpkix/cert/PayPalEE.cert → Expired nss/test/libpkix/certs/PayPalEE.cert
Assignee: nobody → kaie
In general, I wonder if we should switch our tests to ones that we generate ourselves on the fly. On the other hand, maybe the purpose here is to ensure that we have at least real world certificate, instead of an artificially created one. Anyway... There are several easy ways to download the latest certificate used by the paypal website. You can simply use Firefox to connect to https://paypal.com use page security info, view the certificate details, and use the "export" functionality to save certificate to a file. The file in the NSS is binary, so use the "DER" file format in the save dialog. Another way is to use the recently added tstclnt functionality that is able to dump a server's certificate to the terminal, e.g.: tstclnt -bD -CCC -h paypal.com -p 443 On purpose of this test is to verify the "EV policy OID". This time, Paypal has switched to a different issuer CA, which uses a different OID. That means we must change the expected OID, too.
Attached patch patch v1 (obsolete) — Splinter Review
Attachment #8590416 - Flags: review?(emaldona)
Comment on attachment 8590416 [details] [diff] [review] patch v1 patch doesn't work, probably because the required different intermediates aren't imported yet
Attachment #8590416 - Attachment is obsolete: true
Attachment #8590416 - Flags: review?(emaldona)
Attached patch patch v2Splinter Review
This patch works for me. Given this is a bustage and test only, I'll check in without review.
https://hg.mozilla.org/projects/nss/rev/9fca4f7066f8
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.18.1
Target Milestone: 3.18.1 → 3.19
This bug resurfaced today since the PayPal certificate expired again. $ nss-pp -t c -i tests/libpkix/certs/PayPalEE.cert|grep After Not After : Fri Dec 16 12:00:00 2016
Already fixed on NSS trunk with bug 1323978
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: