Open Bug 1416332 Opened 7 years ago Updated 2 years ago

modifying psm xpcshell test certificates breaks local tests

Categories

(Core :: Security: PSM, enhancement, P3)

enhancement

Tracking

()

People

(Reporter: keeler, Unassigned)

Details

(Whiteboard: [psm-backlog])

Attachments

(1 obsolete file)

When you run the psm xpcshell tests locally, it creates a number of NSS cert/key DBs in $objdir/_tests/xpcshell/security/manager/ssl/tests/unit/$testdir/. The way the test servers work right now is if there's a preexisting cert/key DB, they'll use the DBs rather than slurping up the test certs/keys in those directories (which is what normally happens). This means that if you change one of those certs/keys without removing the corresponding DB first, the change won't be reflected when you run the tests, and they'll fail.

I'm fairly sure the right way to fix this is to have the test servers clear or delete preexisting cert/key DBs (because we don't use them anymore, if I recall correctly).
Comment on attachment 8932280 [details]
bug 1416332 - refresh test NSS certificate databases so updates are picked up

https://reviewboard.mozilla.org/r/203300/#review208920

Looks good to me!
Attachment #8932280 - Flags: review?(mgoodwin) → review+
Assignee: nobody → dkeeler
Priority: P3 → P1
Whiteboard: [psm-backlog] → [psm-assigned]
Thanks for the review. Unfortunately, after running this on try, I discovered this significantly increases the time of any test that repeatedly uses generateOCSPResponses because now the binary will clear and re-load the certificates multiple times per test. I think perhaps it might be better to re-architect things so that certificates/keys are loaded on-demand so we don't end up doing unnecessary work. It's unclear exactly how that would work, though, since in some cases we're relying on NSS' path building capabilities, which don't give us the hooks to load additional certificates on-demand. In any case, I thought this would be a quick fix, but since it's not, I'm going to have to come back to it as there are more urgent tasks to address.
Assignee: dkeeler → nobody
Priority: P1 → P3
Whiteboard: [psm-assigned] → [psm-backlog]
Attachment #8932280 - Attachment is obsolete: true
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: