Expired nss/test/libpkix/certs/PayPalEE.cert

RESOLVED FIXED in 3.19

Status

NSS
Test
P1
major
RESOLVED FIXED
3 years ago
a year ago

People

(Reporter: Elio Maldonado, Assigned: kaie)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

3 years ago
The PayPalEE.cert expired on April 02 2015.

$ pp -t c -i tests/libpkix/certs/PayPalEE.cert | grep 'Not After'
            Not After : Thu Apr 02 23:59:59 2015

We must update it.
(Reporter)

Updated

3 years ago
Priority: -- → P1
(Reporter)

Updated

3 years ago
Severity: critical → major
(Reporter)

Updated

3 years ago
Summary: Expired nss/test/linplix/cert/PayPalEE.cert → Expired nss/test/libpkix/cert/PayPalEE.cert
(Reporter)

Updated

3 years ago
Summary: Expired nss/test/libpkix/cert/PayPalEE.cert → Expired nss/test/libpkix/certs/PayPalEE.cert
(Reporter)

Updated

3 years ago
Assignee: nobody → kaie
(Assignee)

Comment 1

3 years ago
In general, I wonder if we should switch our tests to ones that we generate ourselves on the fly. On the other hand, maybe the purpose here is to ensure that we have at least real world certificate, instead of an artificially created one. Anyway...

There are several easy ways to download the latest certificate used by the paypal website.

You can simply use Firefox to connect to https://paypal.com use page security info, view the certificate details, and use the "export" functionality to save certificate to a file. The file in the NSS is binary, so use the "DER" file format in the save dialog.

Another way is to use the recently added tstclnt functionality that is able to dump a server's certificate to the terminal, e.g.: tstclnt -bD -CCC -h paypal.com -p 443

On purpose of this test is to verify the "EV policy OID". This time, Paypal has switched to a different issuer CA, which uses a different OID. That means we must change the expected OID, too.
(Assignee)

Comment 2

3 years ago
Created attachment 8590416 [details] [diff] [review]
patch v1
Attachment #8590416 - Flags: review?(emaldona)
(Assignee)

Comment 3

3 years ago
Comment on attachment 8590416 [details] [diff] [review]
patch v1

patch doesn't work, probably because the required different intermediates aren't imported yet
Attachment #8590416 - Attachment is obsolete: true
Attachment #8590416 - Flags: review?(emaldona)
(Assignee)

Comment 4

3 years ago
Created attachment 8590453 [details] [diff] [review]
patch v2

This patch works for me.

Given this is a bustage and test only, I'll check in without review.
(Assignee)

Comment 5

3 years ago
https://hg.mozilla.org/projects/nss/rev/9fca4f7066f8
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.18.1
(Assignee)

Updated

3 years ago
Target Milestone: 3.18.1 → 3.19

Comment 6

a year ago
This bug resurfaced today since the PayPal certificate expired again.

$ nss-pp -t c -i tests/libpkix/certs/PayPalEE.cert|grep After
             Not After : Fri Dec 16 12:00:00 2016
(Assignee)

Comment 7

a year ago
Already fixed on NSS trunk with bug 1323978
You need to log in before you can comment on or make changes to this bug.