Closed Bug 1194419 Opened 5 years ago Closed 5 years ago

remove signature algorithm duplicate use in serial number determination in pycert

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla44
Tracking Status
firefox43 --- affected
firefox44 --- fixed

People

(Reporter: keeler, Assigned: Cykesiopka)

References

Details

Attachments

(1 file, 1 obsolete file)

After bug 1190603 or bug 1183718 lands, the "signature" field (i.e. signature algorithm) will be used twice when determining the serial number of a certificate in pycert. This is unnecessary and should be fixed up. It will require regenerating and updating the EV test root certificate information, which is why we're avoiding it for the moment.
Assignee: nobody → cykesiopka.bmo
Status: NEW → ASSIGNED
Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert.
Attachment #8675292 - Flags: review?(dkeeler)
Comment on attachment 8675292 [details]
MozReview Request: Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert.

https://reviewboard.mozilla.org/r/22357/#review20025

Great - thanks!
Attachment #8675292 - Flags: review?(dkeeler) → review+
Thanks for the review.
Keywords: checkin-needed
sorry had to back this out for test failures like https://treeherder.mozilla.org/logviewer.html#?job_id=15928821&repo=mozilla-inbound
Flags: needinfo?(cykesiopka.bmo)
(In reply to Carsten Book [:Tomcat] from comment #6)
> sorry had to back this out for test failures like
> https://treeherder.mozilla.org/logviewer.html#?job_id=15928821&repo=mozilla-
> inbound

Thanks. test_cert_blocklist.js hard codes serial numbers, so it makes sense that this would fail.

Turns out using "--tags psm" when running tests locally and on try means that test_cert_blocklist.js didn't actually run because of https://hg.mozilla.org/mozilla-central/annotate/bd6226d81b60/security/manager/ssl/tests/unit/xpcshell.ini#l59.

I'll fix the patch, then investigate whether the "--tags" thing broke, or if I've misunderstood the feature since the start.
Flags: needinfo?(cykesiopka.bmo)
+ Update test_cert_blocklist.js as well
Attachment #8675292 - Attachment is obsolete: true
Attachment #8678076 - Flags: review+
With all the relevant xpcshell tests being run this time: https://treeherder.mozilla.org/#/jobs?repo=try&revision=e51e7d164828
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/06db05394add
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
You need to log in before you can comment on or make changes to this bug.