Closed
Bug 1171819
Opened 8 years ago
Closed 8 years ago
Convert test_cert_eku-*.js to generate certificates at build time
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla41
Tracking | Status | |
---|---|---|
firefox41 | --- | fixed |
People
(Reporter: Cykesiopka, Assigned: Cykesiopka)
References
Details
Attachments
(1 file, 2 obsolete files)
1.37 MB,
patch
|
Cykesiopka
:
review+
|
Details | Diff | Splinter Review |
The EKU tests are another set of tests that can be converted. This depends on Bug 1171557 because Bug 1171557 will probably add some necessary KeyUsage parsing, and to avoid conflicts as noted in Bug 1171557 comment 0.
![]() |
Assignee | |
Comment 1•8 years ago
|
||
Bug 1171819 - Convert test_cert_eku-*.js to generate certificates at build time (Temp Part 1: interesting bits).
Attachment #8617945 -
Flags: review?(dkeeler)
![]() |
Assignee | |
Comment 2•8 years ago
|
||
Bug 1171819 - Convert test_cert_eku-*.js to generate certificates at build time (Temp Part 2: repetitive bits).
Attachment #8617946 -
Flags: review?(dkeeler)
![]() |
Assignee | |
Comment 3•8 years ago
|
||
I've split the patch into two parts temporarily to make review easier. I'll fold the patches before requesting check-in though. https://treeherder.mozilla.org/#/jobs?repo=try&revision=f87aed7d99d7
Comment on attachment 8617945 [details] MozReview Request: Bug 1171819 - Convert test_cert_eku-*.js to generate certificates at build time (Temp Part 1: interesting bits). https://reviewboard.mozilla.org/r/10709/#review9407 Looks great - just a few comments. ::: security/manager/ssl/tests/unit/test_cert_eku/generate.py:8 (Diff revision 1) > # classic NSS that actual testing on it is not very useful Since we're not testing classic verification at all, this comment doesn't make much sense anymore. This raises the question of if we should add in tests for codeSigning/certificateUsageObjectSigner. Since we do specifically handle it in CertVerifier, I think we should. This can be a follow-up, though. ::: security/manager/ssl/tests/unit/pycert.py:22 (Diff revision 1) > -extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection] > +extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection,nsSGC, We should probably document what "nsSGC" stands for here.
Attachment #8617945 -
Flags: review?(dkeeler) → review+
Attachment #8617946 -
Flags: review?(dkeeler) → review+
Comment on attachment 8617946 [details] MozReview Request: Bug 1171819 - Convert test_cert_eku-*.js to generate certificates at build time (Temp Part 2: repetitive bits). https://reviewboard.mozilla.org/r/10711/#review9415 LGTM.
Blocks: 1173565
![]() |
Assignee | |
Comment 6•8 years ago
|
||
+ Add comment documenting what "nsSGC" stands for.
Attachment #8617945 -
Attachment is obsolete: true
Attachment #8617946 -
Attachment is obsolete: true
Attachment #8620814 -
Flags: review+
![]() |
Assignee | |
Comment 7•8 years ago
|
||
(In reply to David Keeler [:keeler] (use needinfo?) from comment #4) > Since we're not testing classic verification at all, this comment doesn't > make much sense anymore. This raises the question of if we should add in > tests for codeSigning/certificateUsageObjectSigner. Since we do specifically > handle it in CertVerifier, I think we should. This can be a follow-up, > though. SGTM - I filed Bug 1173659.
![]() |
Assignee | |
Comment 8•8 years ago
|
||
Thanks for the review! (Try push is in comment 3)
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/a78836138b82
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Blocks: 1174288
Comment 11•8 years ago
|
||
Generating all the certs takes a fair 30-40 seconds on my system, and seems to happen for every ./mach build, even with no code changes. Is there any way of generating them only when the xpcshell-test needs them, or at build time, but _only_ if they don't already exist?
We're exploring options in bug 1179660.
You need to log in
before you can comment on or make changes to this bug.
Description
•