Closed
Bug 1181823
Opened 10 years ago
Closed 10 years ago
convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla42
| Tracking | Status | |
|---|---|---|
| firefox42 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
Details
Attachments
(1 file)
convert test_ev_certs.js to generate certificates at build time - see bug 1174288.
One issue is that the hash of the root test certificate is hard-coded into the browser in ExtendedValidation.cpp. My current approach is to specify a concrete validity period for the root certificate (rather than basing it on the current time), which (currently) means the same certificate should get generated every build. This may not be the best idea, and we should probably explore other options.
|
Assignee | |
Comment 1•10 years ago
|
||
bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r?Cykesiopka r?mgoodwin
Attachment #8637507 -
Flags: review?(mgoodwin)
|
|
Assignee | |
Comment 2•10 years ago
|
||
Comment on attachment 8637507 [details]
MozReview Request: bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r?Cykesiopka r?mgoodwin
bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r?Cykesiopka r?mgoodwin
Attachment #8637507 -
Flags: review?(cykesiopka.bmo)
|
|
Assignee | |
Comment 3•10 years ago
|
||
This ended up being a largish patch. I'm not sure there's a good way to break it up, though, because any change to how the testing EV root certificate works affects multiple tests. Take your time reviewing this and let me know what you think.
|
||
Updated•10 years ago
|
Attachment #8637507 -
Flags: review?(mgoodwin) → review+
|
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8637507 [details]
MozReview Request: bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r?Cykesiopka r?mgoodwin
https://reviewboard.mozilla.org/r/13863/#review12655
Ship It!
|
|
||
Comment 5•10 years ago
|
||
Comment on attachment 8637507 [details]
MozReview Request: bug 1181823 - convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time r?Cykesiopka r?mgoodwin
https://reviewboard.mozilla.org/r/13863/#review12753
LGTM.
::: security/manager/ssl/tests/unit/pycert.py:44
(Diff revision 1)
> generated certificate (for example, its validity period, signature
Nit: remove mention of validity period here, since this is no longer true.
::: security/manager/ssl/tests/unit/test_validity/ev_ee_40_months-ev_int_60_months-evroot.pem.certspec:3
(Diff revision 1)
> +validity:1215
Optional: same here.
::: security/manager/ssl/tests/unit/test_validity/ev_ee_39_months-ev_int_60_months-evroot.pem.certspec:3
(Diff revision 1)
> +validity:1185
Optional: not a big deal, but this doesn't match the 3 * 365 + 3 * 31 logic of the actual code.
Attachment #8637507 -
Flags: review?(cykesiopka.bmo) → review+
|
|
Assignee | |
Comment 6•10 years ago
|
||
https://reviewboard.mozilla.org/r/13863/#review12753
> Optional: not a big deal, but this doesn't match the 3 * 365 + 3 * 31 logic of the actual code.
I guess it's a good idea to be consistent here.
> Nit: remove mention of validity period here, since this is no longer true.
Good catch.
|
|
Assignee | |
Comment 7•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
|
|
||
Updated•10 years ago
|
Summary: convert test_ev_certs.js to generate certificates at build time → convert test_ev_certs.js, test_keysize_ev.js, and test_validity.js to generate certificates at build time
Blocks: 1227248
You need to log in
before you can comment on or make changes to this bug.
Description
•