convert test_name_constraints.js to generate certificates at build time

RESOLVED FIXED in Firefox 43

Status

()

defect
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: keeler, Assigned: keeler)

Tracking

Trunk
mozilla43
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox43 fixed)

Details

Attachments

(1 attachment)

See bug 1174288. test_name_constraints.js should generate certificates at build time.
bug 1194013 - convert test_name_constraints.js to generate certificates at build time
Attachment #8650021 - Flags: review?(mgoodwin)
Attachment #8650021 - Flags: review?(cykesiopka.bmo)
Comment on attachment 8650021 [details]
MozReview Request: bug 1194013 - convert test_name_constraints.js to generate certificates at build time

https://reviewboard.mozilla.org/r/15933/#review15005

Looks good to me.
Attachment #8650021 - Flags: review?(mgoodwin) → review+
Comment on attachment 8650021 [details]
MozReview Request: bug 1194013 - convert test_name_constraints.js to generate certificates at build time

https://reviewboard.mozilla.org/r/15933/#review15033

I only glanced over the various .certspec files (I think my eyes would bleed otherwise).

::: security/manager/ssl/tests/unit/moz.build:19
(Diff revision 1)
>      'test_pinning_dynamic',

Minor nit: Might as well sort this after test_ocsp_url.

::: security/manager/ssl/tests/unit/pycert.py:203
(Diff revision 1)
> +    if string.find('/') < 0:

Nit: Maybe |if '/' not in string|?

::: security/manager/ssl/tests/unit/pycert.py:497
(Diff revision 1)
> +            if name.startswith('/'):

Hmm, doesn't this mean directoryName specifications that explicitly specify their encoding will be treated as dNSNames?

::: security/manager/ssl/tests/unit/test_name_constraints/dcisscopy.pem.certspec:1
(Diff revision 1)
> +issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr

Optional, maybe a follow up: rename this, since it isn't actually a copy anymore.
Attachment #8650021 - Flags: review?(cykesiopka.bmo) → review+
https://reviewboard.mozilla.org/r/15933/#review15033

> Hmm, doesn't this mean directoryName specifications that explicitly specify their encoding will be treated as dNSNames?

Good catch.

> Optional, maybe a follow up: rename this, since it isn't actually a copy anymore.

This was an easy change, so I went ahead and did it.
https://hg.mozilla.org/mozilla-central/rev/7ca1f23e9685
Status: NEW → RESOLVED
Closed: 4 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
You need to log in before you can comment on or make changes to this bug.