Closed Bug 1196853 Opened 10 years ago Closed 10 years ago

convert test_cert_signatures.js to generate certificates at build time

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla43

Tracking Flags:

Tracking

Status

firefox43

---

fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

Attachments

(1 file)

MozReview Request: bug 1196853 - convert test_cert_signatures.js to generate certificates at build time 10 years ago Dana Keeler (she/her) [:keeler] 40 bytes, text/x-review-board-request	jcj : review+	Details

Dana Keeler (she/her) [:keeler]

Assignee

Description

•

10 years ago

test_cert_signatures.js should generate certificates at build time. Also, while it covers tampered signatures, it doesn't cover tampered certificates (i.e. there are no cases where some part of the certificate is modified but the signature is kept intact). We should add those additional cases.

Dana Keeler (she/her) [:keeler]

Assignee

Comment 1

•

10 years ago

Attached file MozReview Request: bug 1196853 - convert test_cert_signatures.js to generate certificates at build time — Details

bug 1196853 - convert test_cert_signatures.js to generate certificates at build time Also add additional testcases that weren't in the original test (tampered signatures had been tested, but tampered certificates hadn't been covered).

Attachment #8651941 - Flags: review?(jjones)

J.C. Jones [:jcj] (he/they)

Comment 2

•

10 years ago

Comment on attachment 8651941 [details] MozReview Request: bug 1196853 - convert test_cert_signatures.js to generate certificates at build time https://reviewboard.mozilla.org/r/16657/#review15857 Everything's nitpicky; it looks good. I apologize that my workload has kept me overdue on this. ::: security/manager/ssl/tests/unit/test_cert_signatures.js:51 (Diff revision 1) > + let base64 = readAndTamperWithNthByte(certificatePath, -8); So the intent here is to modify one of the bytes representing the signature bit string at the end of the cert, right? Nit: May be good to say that. ::: security/manager/ssl/tests/unit/test_cert_signatures.js:65 (Diff revision 1) > +// Since we want to modify the serial number, we need to change something from Good walkthrough. ::: security/manager/ssl/tests/unit/test_cert_signatures.js:78 (Diff revision 1) > - do_print("cert_name=" + cert_name); > + let base64 = readAndTamperWithNthByte(certificatePath, 17); If these methods were any further apart, I'd recommend using a constant for 17 so that it's clear your helpful comment above applied to both. Nit: Still would be a good idea for posterity.

Attachment #8651941 - Flags: review?(jjones) → review+

Dana Keeler (she/her) [:keeler]

Assignee

Comment 3

•

10 years ago

Thanks for the review! https://treeherder.mozilla.org/#/jobs?repo=try&revision=70bacfe2c62e

Pulsebot

Comment 4

•

10 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/b82c3dd381db

Carsten Book [:Tomcat]

Comment 5

•

10 years ago

https://hg.mozilla.org/mozilla-central/rev/b82c3dd381db

Status: NEW → RESOLVED

Closed: 10 years ago

status-firefox43: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla43

You need to log in before you can comment on or make changes to this bug.

Bugzilla

convert test_cert_signatures.js to generate certificates at build time

Categories

(Core :: Security: PSM, defect)

Tracking

()

People

(Reporter: keeler, Assigned: keeler)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Attachment

General

Description

File Name

Content Type