Firefox doesn't pick the certificate in OS certificate store even with security.enterprise_roots.enabled set to True
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
People
(Reporter: marius.tarlo, Assigned: keeler)
References
Details
(Keywords: regression, Whiteboard: [psm-assigned][psm-smartcard])
Attachments
(13 files, 1 obsolete file)
|
38.25 KB,
text/plain
|
Details | |
|
40.02 KB,
image/png
|
Details | |
|
42.04 KB,
image/png
|
Details | |
|
87.03 KB,
image/png
|
Details | |
|
13.87 KB,
text/plain
|
Details | |
|
22.18 KB,
text/plain
|
Details | |
|
1.54 MB,
text/plain
|
Details | |
|
1.56 MB,
text/plain
|
Details | |
|
872.00 KB,
application/octet-stream
|
Details | |
|
888.95 KB,
application/octet-stream
|
Details | |
|
583.17 KB,
application/octet-stream
|
Details | |
|
Bug 1612587 - (1/2) simplify flow of client auth certificate selection to enable future improvements
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review |
firefoxcertKO.png
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
Steps to reproduce:
We have an internal site where we can login using a PKCS11 token
We have security.enterprise_roots.enabled set to True in our autoconfig file
Actual results:
With Firefox ESR 68.x.x (or any Nightly build greater or equal than 67.0a1 20190202094451), when I click on the login button of our internal site, after having entered the PIN code of my PKI token, it adds "?redirect=/bad_ssl_client_certificate/" at the end of the URL in the address bar
If I import the certificate manually in Firefox, no issue: it logs on correctly (but I shouldn't have to do that if security.enterprise_roots.enabled is set to True, this option is meant to make Firefox able to search for it in the Windows cert store)
Expected results:
With Firefox ESR 60.x.x (or any Nightly build lower or equal than 67.0a1 20190201221223), it logs on correctly (after having entered the PIN code of my PKI token)
|
Reporter | |
Comment 1•1 year ago
|
||
|
|
Reporter | |
Comment 2•1 year ago
|
||
|
|
Reporter | |
Comment 3•1 year ago
|
||
|
|
Reporter | |
Comment 4•1 year ago
|
||
Additional note: It seems that this bug occurs since this one was resolved: https://bugzilla.mozilla.org/show_bug.cgi?id=1514118
|
||
Updated•1 year ago
|
|
Assignee | |
Comment 5•1 year ago
|
||
security.enterprise_roots.enabled doesn't import client certificates, so this sounds like the expected behavior. Incidentally, if you use a recent nightly (https://www.mozilla.org/en-US/firefox/channel/desktop/) and set security.osclientcerts.autoload to true, does it work?
|
|
Reporter | |
Comment 6•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #5)
security.enterprise_roots.enableddoesn't import client certificates, so this sounds like the expected behavior. Incidentally, if you use a recent nightly (https://www.mozilla.org/en-US/firefox/channel/desktop/) and setsecurity.osclientcerts.autoloadtotrue, does it work?
Yes it doesn't import it, but it should use it to authenticate
If I use a recent nightly and set security.osclientcerts.autoload to true, it still does not work
|
|
Assignee | |
Comment 7•1 year ago
|
||
When you visit the site, does Firefox ask you to select a client certificate? (what is the value of security.default_personal_cert in about:config?)
|
|
Reporter | |
Comment 8•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #7)
When you visit the site, does Firefox ask you to select a client certificate? (what is the value of
security.default_personal_certinabout:config?)
If I'm on a build which have the bug, it doesn't ask whether it's on "Ask every time" or "Select Automatically"
If I'm on a good build, it asks when it's on "Ask every time" and doesn't ask if it's on "Select Automatically"
|
|
Assignee | |
Comment 9•1 year ago
|
||
Can you run Firefox (both a working version and a not working version) with the environment variable MOZ_LOG set to pipnss:4, try to connect to the server, and attach the output here?
|
|
Reporter | |
Comment 10•1 year ago
|
||
|
|
Reporter | |
Comment 11•1 year ago
|
||
|
|
Reporter | |
Comment 12•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #9)
Can you run Firefox (both a working version and a not working version) with the environment variable
MOZ_LOGset topipnss:4, try to connect to the server, and attach the output here?
Hello,
That's done
The file pipnss_log_working.txt has been generated using Nightly 67.0a1 build 20190201221223
The file pipnss_log_notworking.txt has been generated using Firefox 68.4.2esr
|
|
Assignee | |
Comment 13•1 year ago
|
||
Can you re-do the not-working one with a recent Nightly, please. Thanks.
|
|
Reporter | |
Comment 14•1 year ago
|
||
|
|
Reporter | |
Comment 15•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #13)
Can you re-do the not-working one with a recent Nightly, please. Thanks.
Hello,
Done using Nightly 74.0a1 20200205215017
|
|
Assignee | |
Comment 16•1 year ago
|
||
Is the certificate with CN=Tarlo Marius the one you're expecting Firefox to send to the server?
|
|
Reporter | |
Comment 17•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #16)
Is the certificate with
CN=Tarlo Mariusthe one you're expecting Firefox to send to the server?
I don't think
FYI, if I import the following one manually into a version where security.enterprise_roots.enabled doesn't work anymore, it make it work again:
'CN=Groupe France Telecom Internal CA 1,OU=0002 380129866,OU=WesternEU MiddleEast Africa,O=France Telecom SA,C=FR'
|
|
Assignee | |
Comment 18•1 year ago
|
||
(In reply to Marius Tarlo from comment #17)
FYI, if I import the following one manually into a version where security.enterprise_roots.enabled doesn't work anymore, it make it work again:
'CN=Groupe France Telecom Internal CA 1,OU=0002 380129866,OU=WesternEU MiddleEast Africa,O=France Telecom SA,C=FR'
Is that certificate stored on an external token or in the Windows Certificate Store?
|
|
Reporter | |
Comment 19•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #18)
(In reply to Marius Tarlo from comment #17)
FYI, if I import the following one manually into a version where security.enterprise_roots.enabled doesn't work anymore, it make it work again:
'CN=Groupe France Telecom Internal CA 1,OU=0002 380129866,OU=WesternEU MiddleEast Africa,O=France Telecom SA,C=FR'Is that certificate stored on an external token or in the Windows Certificate Store?
It's stored in the Windows Certificate Store
|
|
Assignee | |
Comment 20•1 year ago
|
||
Using a recent version of Nightly, if you unload your third-party PKCS#11 modules and set security.osclientcerts.autoload to true, what do the logs say? Also, do you know specifically where in the Windows Certificate Store your client certificate is? (e.g. "Local Computer", "Current User", etc.)
|
|
Reporter | |
Comment 21•1 year ago
|
||
|
|
Reporter | |
Comment 22•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #20)
Using a recent version of Nightly, if you unload your third-party PKCS#11 modules and set
security.osclientcerts.autoloadtotrue, what do the logs say? Also, do you know specifically where in the Windows Certificate Store your client certificate is? (e.g. "Local Computer", "Current User", etc.)
Hello,
I've just attached a new log file with what you've asked
And the 'CN=Groupe France Telecom Internal CA 1,OU=0002 380129866,OU=WesternEU MiddleEast Africa,O=France Telecom SA,C=FR' is in Trusted Root Certification Authorities --> Certificates, I can find it in both "Current User" and "Local Computer"
The priority flag is not set for this bug.
:keeler, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Comment 24•1 year ago
|
||
What client certificate are you expecting Firefox to send to the server?
|
|
Reporter | |
Comment 25•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #24)
What client certificate are you expecting Firefox to send to the server?
I don't know
I think it's the one I've mentioned above (Groupe France telecom Internal CA 1)
The priority flag is not set for this bug.
:keeler, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 27•1 year ago
|
||
(In reply to Marius Tarlo from comment #25)
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #24)
What client certificate are you expecting Firefox to send to the server?
I don't know
I think it's the one I've mentioned above (Groupe France telecom Internal CA 1)
If I understand you correctly, what you're telling me is that the client certificate you're sending to a website to authenticate to it is a CA certificate (unless you're identifying that certificate by its issuer distinguished name? can you confirm that you're talking about its subject distinguished name?)
(In reply to Marius Tarlo from comment #22)
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #20)
Also, do you know specifically where in the Windows Certificate Store your client certificate is? (e.g. "Local Computer", "Current User", etc.)
...
And the 'CN=Groupe France Telecom Internal CA 1,OU=0002 380129866,OU=WesternEU MiddleEast Africa,O=France Telecom SA,C=FR' is in Trusted Root Certification Authorities --> Certificates, I can find it in both "Current User" and "Local Computer"
Is the client certificate you're intending to use listed in Current User -> Personal -> Certificates? (or any other Personal -> Certificates section?)
|
|
Reporter | |
Comment 28•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #27)
(In reply to Marius Tarlo from comment #25)
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #24)
What client certificate are you expecting Firefox to send to the server?
I don't know
I think it's the one I've mentioned above (Groupe France telecom Internal CA 1)If I understand you correctly, what you're telling me is that the client certificate you're sending to a website to authenticate to it is a CA certificate (unless you're identifying that certificate by its issuer distinguished name? can you confirm that you're talking about its subject distinguished name?)
(In reply to Marius Tarlo from comment #22)
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #20)
Also, do you know specifically where in the Windows Certificate Store your client certificate is? (e.g. "Local Computer", "Current User", etc.)
...
And the 'CN=Groupe France Telecom Internal CA 1,OU=0002 380129866,OU=WesternEU MiddleEast Africa,O=France Telecom SA,C=FR' is in Trusted Root Certification Authorities --> Certificates, I can find it in both "Current User" and "Local Computer"
Is the client certificate you're intending to use listed in Current User -> Personal -> Certificates? (or any other Personal -> Certificates section?)
I'm sorry for the wrong previous comment
When I've my PKI token plugged, I actually have 4 certificates in my Current User -> Personal -> Certificates and they are issued by the one I've mentioned previously, three of them are for the secured mails and I think that the following one, which is for authentication and login using PKI token, is the one which is sent to the server :
subject: 0.9.2342.19200300.100.1.1 = XSRB2490 / CN = Tarlo Marius / O = France Telecom SA / C = FR
valid until 3rd of September 2022
hash algorithm: sha1
|
|
Assignee | |
Comment 29•1 year ago
|
||
subject: 0.9.2342.19200300.100.1.1 = XSRB2490 / CN = Tarlo Marius / O = France Telecom SA / C = FR
Looking at attachment 9127030 [details], Nightly is finding that certificate. Is it not using that in the handshake? (you can see what Firefox is sending in the handshake by looking at the packets with Wireshark)
|
|
Reporter | |
Comment 30•1 year ago
|
||
Hello,
How should I configure Wireshark to see that ?
Thank you very much
|
|
Assignee | |
Comment 31•1 year ago
|
||
Here's the documentation for Wireshark: https://www.wireshark.org/docs/wsug_html/
Basically, you'll want to capture on the interface you're communicating to the server with. You can limit the capture to only that host if you include the filter host <hostname> && port 443 (assuming you connect on port 443, the normal one for https). When you've started the capture and visited the host, you can use a display filter of tls.handshake to look for TLS handshake packets. If you look at a handshake, you should be able to determine if Firefox is sending a client certificate when the server requests one.
|
|
Reporter | |
Comment 32•1 year ago
|
||
|
|
Reporter | |
Comment 33•1 year ago
|
||
Hello,
I've attached a capture.pcapng file
With both Firefox ESR 68.6.0 and Nightly 66.0a1 (2019-01-01) open, I first have tested on Firefox which has the bug, and then I have done the same on this old Nightly build where it works, both on the same Wireshark capture
I hope you'll find what you're searching for !
|
|
Assignee | |
Comment 34•1 year ago
|
||
There's basically no way for me to differentiate which packets came from what version of Firefox. Can you please attach one packet trace at a time (one for each version). Also, before connecting to the site, use "History" -> "Clear Recent History" to clear the TLS cache (using "last hour" should work). Finally, it looks like the server may be requesting the client certificate after negotiating the handshake, which means that we can't actually see what's going on. If you run a debug version of Firefox, you can set the environment variable SSLKEYLOGFILE to a file path where Firefox will log all of the pre-master secrets for TLS connections. If you send me that file (you probably don't want to post it publicly here), it may give me a better idea of what's going on.
|
|
Reporter | |
Comment 35•1 year ago
|
||
|
|
Reporter | |
Comment 36•1 year ago
|
||
|
|
Reporter | |
Updated•1 year ago
|
|
|
Reporter | |
Comment 37•1 year ago
|
||
Hello,
I've attached 2 different captures in this bug and sent you the SSL Keylog file by e-mail
Best regards
|
|
Assignee | |
Comment 38•1 year ago
|
||
I don't have anything from you in my email - where did you send it?
|
|
Reporter | |
Comment 39•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #38)
I don't have anything from you in my email - where did you send it?
|
|
Assignee | |
Comment 40•1 year ago
|
||
Can you also get a packet trace with a recent version of Nightly? (ideally 76)
|
|
Reporter | |
Comment 41•1 year ago
|
||
|
|
Reporter | |
Comment 42•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #40)
Can you also get a packet trace with a recent version of Nightly? (ideally 76)
Done!
With version 76.0a1 build 20200318213346
|
|
Assignee | |
Comment 43•1 year ago
|
||
When the server in question requests a client certificate, it specifies a set of distinguished names of CAs that it presumably considers valid issuers for client certificates. The problem with this feature is that if the client isn't aware of the right CAs, it can discard client certificates that would otherwise be considered valid by the server. I'm fairly sure that this is what's going on in this case, particularly since bug 1514118 essentially hid some certificates from NSS, which is what's going the filtering (more specifically, the problem appears to be that NSS doesn't know about these certificates, and even if it did, it wouldn't consider them as trusted issuers unless they're marked as such, which they aren't). I have the beginnings of an idea for how to solve this in a way that doesn't involve too much work and doesn't compromise too much on the goals of bug 1514118, but I need more time to develop it.
|
|
Reporter | |
Comment 44•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #43)
When the server in question requests a client certificate, it specifies a set of distinguished names of CAs that it presumably considers valid issuers for client certificates. The problem with this feature is that if the client isn't aware of the right CAs, it can discard client certificates that would otherwise be considered valid by the server. I'm fairly sure that this is what's going on in this case, particularly since bug 1514118 essentially hid some certificates from NSS, which is what's going the filtering (more specifically, the problem appears to be that NSS doesn't know about these certificates, and even if it did, it wouldn't consider them as trusted issuers unless they're marked as such, which they aren't). I have the beginnings of an idea for how to solve this in a way that doesn't involve too much work and doesn't compromise too much on the goals of bug 1514118, but I need more time to develop it.
OK thank you very much, I hope you now have everything you need to start to work on that !
|
|
Assignee | |
Comment 45•1 year ago
|
||
|
|
Assignee | |
Comment 46•1 year ago
|
||
When a server requests a client certificate, it can include a list of
distinguished names that it considers valid issuers for client certificates
(either as direct issuers or as transitive issuers). Before this patch, the
platform would call CERT_FilterCertListByCANames to filter potential client
certificates by this list of names. This function uses the "classic" NSS
certificate path-building algorithm and thus can't make use of other
certificates that gecko may know about, such as third-party intermediates and
preloaded intermediates.
This patch implements client certificate filtering by re-using the path building
implementation provided by mozilla::pkix to determine if each certificate has an
issuer with a name included in the acceptable list. These issuers include
third-party intermediates, preloaded intermediates, and all certificates known
to NSS. Note that this implementation does not actually verify the client
certificates - no signatures are checked and no particular key usages are
enforced. However, some properties are enforced, such as validity periods.
Depends on D68100
|
||
Comment 47•1 year ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a11a2f9e10c6 (1/2) simplify flow of client auth certificate selection to enable future improvements r=kjacobs https://hg.mozilla.org/integration/autoland/rev/90b7c55d811d (2/2) incorporate all known potential issuing certificates when filtering client certificates r=kjacobs,jcj
|
|
||
Comment 48•1 year ago
|
||
Backout by btara@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/32bd6417e7ee Backed out 2 changesets for bustages complaining about Logging.h CLOSED TREE
|
||
Comment 49•1 year ago
|
||
Backed out 2 changesets (bug 1612587) for bustages complaining about Logging.h
Backout link: https://hg.mozilla.org/integration/autoland/rev/32bd6417e7ee31df9f3fa406b918bad96c946d9e
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=295138408&repo=autoland&lineNumber=32301
[task 2020-03-27T23:11:28.342Z] 23:11:28 INFO - make[4]: Entering directory '/builds/worker/workspace/obj-build/security/manager/ssl'
[task 2020-03-27T23:11:28.343Z] 23:11:28 INFO - /builds/worker/fetches/sccache/sccache /builds/worker/fetches/gcc/bin/g++ -std=gnu++17 -o Unified_cpp_security_manager_ssl2.o -c -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DNDEBUG=1 -DTRIMMED=1 -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES=True -DNSS_ENABLE_ECC=True -DOS_POSIX=1 -DOS_LINUX=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/security/manager/ssl -I/builds/worker/workspace/obj-build/security/manager/ssl -I/builds/worker/checkouts/gecko/dom/base -I/builds/worker/checkouts/gecko/dom/crypto -I/builds/worker/checkouts/gecko/netwerk/base -I/builds/worker/checkouts/gecko/security/certverifier -I/builds/worker/workspace/obj-build/dist/public/nss -I/builds/worker/workspace/obj-build/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/checkouts/gecko/ipc/glue -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Wall -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof -Wduplicated-cond -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=coverage-mismatch -Wno-error=free-nonheap-object -Wformat -Wformat-overflow=2 -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -freorder-blocks -O2 -fno-omit-frame-pointer -funwind-tables -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -Wextra -Wno-missing-field-initializers -Wno-unused-parameter -MD -MP -MF .deps/Unified_cpp_security_manager_ssl2.o.pp Unified_cpp_security_manager_ssl2.cpp
[task 2020-03-27T23:11:28.344Z] 23:11:28 INFO - In file included from /builds/worker/workspace/obj-build/dist/include/mozilla/BlockingResourceBase.h:10:0,
[task 2020-03-27T23:11:28.344Z] 23:11:28 INFO - from /builds/worker/workspace/obj-build/dist/include/mozilla/Mutex.h:10,
[task 2020-03-27T23:11:28.344Z] 23:11:28 INFO - from /builds/worker/checkouts/gecko/security/certverifier/OCSPCache.h:29,
[task 2020-03-27T23:11:28.344Z] 23:11:28 INFO - from /builds/worker/checkouts/gecko/security/certverifier/CertVerifier.h:14,
[task 2020-03-27T23:11:28.344Z] 23:11:28 INFO - from /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSCertificate.cpp:8,
[task 2020-03-27T23:11:28.344Z] 23:11:28 INFO - from Unified_cpp_security_manager_ssl2.cpp:11:
[task 2020-03-27T23:11:28.344Z] 23:11:28 INFO - /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp: In member function 'virtual void ClientAuthDataRunnable::RunOnTargetThread()':
[task 2020-03-27T23:11:28.350Z] 23:11:28 ERROR - /builds/worker/workspace/obj-build/dist/include/mozilla/Logging.h:281:61: error: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'mozilla::pkix::Result' [-Werror=format=]
[task 2020-03-27T23:11:28.351Z] 23:11:28 INFO - MOZ_LOG_EXPAND_ARGS _args); \
[task 2020-03-27T23:11:28.351Z] 23:11:28 INFO - ^
[task 2020-03-27T23:11:28.351Z] 23:11:28 INFO - /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2116:7: note: in expansion of macro 'MOZ_LOG'
[task 2020-03-27T23:11:28.352Z] 23:11:28 INFO - MOZ_LOG(
[task 2020-03-27T23:11:28.352Z] 23:11:28 INFO - ^
[task 2020-03-27T23:11:28.352Z] 23:11:28 ERROR - /builds/worker/workspace/obj-build/dist/include/mozilla/Logging.h:281:61: error: format '%u' expects argument of type 'unsigned int', but argument 5 has type 'mozilla::pkix::Result' [-Werror=format=]
[task 2020-03-27T23:11:28.352Z] 23:11:28 INFO - MOZ_LOG_EXPAND_ARGS _args); \
[task 2020-03-27T23:11:28.352Z] 23:11:28 INFO - ^
[task 2020-03-27T23:11:28.352Z] 23:11:28 INFO - /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2116:7: note: in expansion of macro 'MOZ_LOG'
[task 2020-03-27T23:11:28.352Z] 23:11:28 INFO - MOZ_LOG(
[task 2020-03-27T23:11:28.353Z] 23:11:28 INFO - ^
[task 2020-03-27T23:11:28.353Z] 23:11:28 INFO - cc1plus: all warnings being treated as errors
[task 2020-03-27T23:11:28.353Z] 23:11:28 INFO - /builds/worker/checkouts/gecko/config/rules.mk:750: recipe for target 'Unified_cpp_security_manager_ssl2.o' failed
[task 2020-03-27T23:11:28.353Z] 23:11:28 ERROR - make[4]: *** [Unified_cpp_security_manager_ssl2.o] Error 1
[task 2020-03-27T23:11:28.353Z] 23:11:28 INFO - make[4]: Leaving directory '/builds/worker/workspace/obj-build/security/manager/ssl'
[task 2020-03-27T23:11:28.353Z] 23:11:28 INFO - make[4]: *** Waiting for unfinished jobs....
[task 2020-03-27T23:11:28.353Z] 23:11:28 INFO - make[4]: Entering directory '/builds/worker/workspace/obj-build/toolkit/components/browser'
|
|
||
Comment 50•1 year ago
|
||
Also seeing hazard failures starting with the backed out changesets.
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=295138402&repo=autoland&lineNumber=51294
[task 2020-03-27T23:44:40.203Z] 46:25.49 toolkit/components/downloads/DownloadPlatform.o
[task 2020-03-27T23:44:40.203Z] 46:25.49 make[4]: Leaving directory '/builds/worker/checkouts/gecko/obj-analyzed/toolkit/components/downloads'
[task 2020-03-27T23:44:40.228Z] Received connection.
[task 2020-03-27T23:44:47.077Z] 46:32.37 make[4]: Entering directory '/builds/worker/checkouts/gecko/obj-analyzed/security/manager/ssl'
[task 2020-03-27T23:44:47.077Z] 46:32.37 /builds/worker/fetches/sixgill/usr/libexec/sixgill/scripts/wrap_gcc/basecc /builds/worker/fetches/sixgill/usr/libexec/sixgill/scripts/wrap_gcc/g++ -std=gnu++17 -o Unified_cpp_security_manager_ssl2.o -c -I/builds/worker/checkouts/gecko/obj-analyzed/dist/stl_wrappers -I/builds/worker/checkouts/gecko/obj-analyzed/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DDEBUG=1 -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES=True -DNSS_ENABLE_ECC=True -DOS_POSIX=1 -DOS_LINUX=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/security/manager/ssl -I/builds/worker/checkouts/gecko/obj-analyzed/security/manager/ssl -I/builds/worker/checkouts/gecko/dom/base -I/builds/worker/checkouts/gecko/dom/crypto -I/builds/worker/checkouts/gecko/netwerk/base -I/builds/worker/checkouts/gecko/security/certverifier -I/builds/worker/checkouts/gecko/obj-analyzed/dist/public/nss -I/builds/worker/checkouts/gecko/obj-analyzed/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/checkouts/gecko/ipc/glue -I/builds/worker/checkouts/gecko/obj-analyzed/dist/include -I/builds/worker/checkouts/gecko/obj-analyzed/dist/include/nspr -I/builds/worker/checkouts/gecko/obj-analyzed/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/checkouts/gecko/obj-analyzed/mozilla-config.h -Wno-attributes -Wno-ignored-attributes -Wno-attributes -Wno-ignored-attributes -Wall -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof -Wduplicated-cond -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=coverage-mismatch -Wno-error=free-nonheap-object -Wno-multistatement-macros -Wno-error=class-memaccess -Wformat -Wformat-overflow=2 -fno-sized-deallocation -fno-aligned-new -Wno-attributes -Wno-ignored-attributes -Wno-attributes -Wno-ignored-attributes -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -freorder-blocks -Os -fno-omit-frame-pointer -funwind-tables -Werror -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -Wextra -Wno-missing-field-initializers -Wno-unused-parameter -MD -MP -MF .deps/Unified_cpp_security_manager_ssl2.o.pp Unified_cpp_security_manager_ssl2.cpp
[task 2020-03-27T23:44:47.077Z] 46:32.37 In file included from /builds/worker/checkouts/gecko/obj-analyzed/dist/include/mozilla/BlockingResourceBase.h:10,
[task 2020-03-27T23:44:47.077Z] 46:32.37 from /builds/worker/checkouts/gecko/obj-analyzed/dist/include/mozilla/Mutex.h:10,
[task 2020-03-27T23:44:47.077Z] 46:32.37 from /builds/worker/checkouts/gecko/security/certverifier/OCSPCache.h:29,
[task 2020-03-27T23:44:47.077Z] 46:32.37 from /builds/worker/checkouts/gecko/security/certverifier/CertVerifier.h:14,
[task 2020-03-27T23:44:47.077Z] 46:32.37 from /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSCertificate.cpp:8,
[task 2020-03-27T23:44:47.077Z] 46:32.37 from Unified_cpp_security_manager_ssl2.cpp:11:
[task 2020-03-27T23:44:47.077Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp: In member function 'virtual void ClientAuthDataRunnable::RunOnTargetThread()':
[task 2020-03-27T23:44:47.079Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2118:12: error: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'mozilla::pkix::Result' [-Werror=format=]
[task 2020-03-27T23:44:47.079Z] 46:32.37 ("client cert non-validation returned %u %u\n", eeResult, caResult));
[task 2020-03-27T23:44:47.079Z] 46:32.37 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
[task 2020-03-27T23:44:47.079Z] 46:32.37 /builds/worker/checkouts/gecko/obj-analyzed/dist/include/mozilla/Logging.h:218:34: note: in definition of macro 'MOZ_LOG_EXPAND_ARGS'
[task 2020-03-27T23:44:47.079Z] 46:32.37 #define MOZ_LOG_EXPAND_ARGS(...) __VA_ARGS__
[task 2020-03-27T23:44:47.079Z] 46:32.37 ^~~~~~~~~~~
[task 2020-03-27T23:44:47.079Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2116:7: note: in expansion of macro 'MOZ_LOG'
[task 2020-03-27T23:44:47.079Z] 46:32.37 MOZ_LOG(
[task 2020-03-27T23:44:47.080Z] 46:32.37 ^~~~~~~
[task 2020-03-27T23:44:47.080Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2118:12: error: format '%u' expects argument of type 'unsigned int', but argument 5 has type 'mozilla::pkix::Result' [-Werror=format=]
[task 2020-03-27T23:44:47.080Z] 46:32.37 ("client cert non-validation returned %u %u\n", eeResult, caResult));
[task 2020-03-27T23:44:47.080Z] 46:32.37 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
[task 2020-03-27T23:44:47.080Z] 46:32.37 /builds/worker/checkouts/gecko/obj-analyzed/dist/include/mozilla/Logging.h:218:34: note: in definition of macro 'MOZ_LOG_EXPAND_ARGS'
[task 2020-03-27T23:44:47.080Z] 46:32.37 #define MOZ_LOG_EXPAND_ARGS(...) __VA_ARGS__
[task 2020-03-27T23:44:47.080Z] 46:32.37 ^~~~~~~~~~~
[task 2020-03-27T23:44:47.080Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2116:7: note: in expansion of macro 'MOZ_LOG'
[task 2020-03-27T23:44:47.081Z] 46:32.37 MOZ_LOG(
[task 2020-03-27T23:44:47.081Z] 46:32.37 ^~~~~~~
[task 2020-03-27T23:44:47.081Z] 46:32.37 cc1plus: all warnings being treated as errors
[task 2020-03-27T23:44:47.081Z] 46:32.37 In file included from /builds/worker/checkouts/gecko/obj-analyzed/dist/include/mozilla/BlockingResourceBase.h:10,
[task 2020-03-27T23:44:47.081Z] 46:32.37 from /builds/worker/checkouts/gecko/obj-analyzed/dist/include/mozilla/Mutex.h:10,
[task 2020-03-27T23:44:47.081Z] 46:32.37 from /builds/worker/checkouts/gecko/security/certverifier/OCSPCache.h:29,
[task 2020-03-27T23:44:47.081Z] 46:32.37 from /builds/worker/checkouts/gecko/security/certverifier/CertVerifier.h:14,
[task 2020-03-27T23:44:47.081Z] 46:32.37 from /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSCertificate.cpp:8,
[task 2020-03-27T23:44:47.081Z] 46:32.37 from Unified_cpp_security_manager_ssl2.cpp:11:
[task 2020-03-27T23:44:47.082Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp: In member function 'virtual void ClientAuthDataRunnable::RunOnTargetThread()':
[task 2020-03-27T23:44:47.082Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2118:12: error: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'mozilla::pkix::Result' [-Werror=format=]
[task 2020-03-27T23:44:47.082Z] 46:32.37 ("client cert non-validation returned %u %u\n", eeResult, caResult));
[task 2020-03-27T23:44:47.082Z] 46:32.37 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
[task 2020-03-27T23:44:47.082Z] 46:32.37 /builds/worker/checkouts/gecko/obj-analyzed/dist/include/mozilla/Logging.h:218:34: note: in definition of macro 'MOZ_LOG_EXPAND_ARGS'
[task 2020-03-27T23:44:47.082Z] 46:32.37 #define MOZ_LOG_EXPAND_ARGS(...) __VA_ARGS__
[task 2020-03-27T23:44:47.082Z] 46:32.37 ^~~~~~~~~~~
[task 2020-03-27T23:44:47.082Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2116:7: note: in expansion of macro 'MOZ_LOG'
[task 2020-03-27T23:44:47.082Z] 46:32.37 MOZ_LOG(
[task 2020-03-27T23:44:47.082Z] 46:32.37 ^~~~~~~
[task 2020-03-27T23:44:47.082Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2118:12: error: format '%u' expects argument of type 'unsigned int', but argument 5 has type 'mozilla::pkix::Result' [-Werror=format=]
[task 2020-03-27T23:44:47.082Z] 46:32.37 ("client cert non-validation returned %u %u\n", eeResult, caResult));
[task 2020-03-27T23:44:47.083Z] 46:32.37 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
[task 2020-03-27T23:44:47.084Z] 46:32.37 /builds/worker/checkouts/gecko/obj-analyzed/dist/include/mozilla/Logging.h:218:34: note: in definition of macro 'MOZ_LOG_EXPAND_ARGS'
[task 2020-03-27T23:44:47.084Z] 46:32.37 #define MOZ_LOG_EXPAND_ARGS(...) __VA_ARGS__
[task 2020-03-27T23:44:47.085Z] 46:32.37 ^~~~~~~~~~~
[task 2020-03-27T23:44:47.085Z] 46:32.37 /builds/worker/checkouts/gecko/security/manager/ssl/nsNSSIOLayer.cpp:2116:7: note: in expansion of macro 'MOZ_LOG'
[task 2020-03-27T23:44:47.085Z] 46:32.37 MOZ_LOG(
[task 2020-03-27T23:44:47.085Z] 46:32.37 ^~~~~~~
[task 2020-03-27T23:44:47.085Z] 46:32.37 cc1plus: all warnings being treated as errors
[task 2020-03-27T23:44:47.085Z] 46:32.37 /builds/worker/checkouts/gecko/config/rules.mk:750: recipe for target 'Unified_cpp_security_manager_ssl2.o' failed
[task 2020-03-27T23:44:47.085Z] 46:32.37 make[4]: *** [Unified_cpp_security_manager_ssl2.o] Error 1
[task 2020-03-27T23:44:47.085Z] 46:32.37 make[4]: Leaving directory '/builds/worker/checkouts/gecko/obj-analyzed/security/manager/ssl'
[task 2020-03-27T23:44:47.085Z] 46:32.37 make[4]: *** Waiting for unfinished jobs....
[task 2020-03-27T23:44:47.085Z] 46:32.37 make[4]: Entering directory '/builds/worker/checkouts/gecko/obj-analyzed/toolkit/components/extensions'
[task 2020-03-27T23:44:47.085Z] 46:32.37 mkdir -p '.deps/'
[task 2020-03-27T23:44:47.085Z] 46:32.37 make[4]: Leaving directory '/builds/worker/checkouts/gecko/obj-analyzed/toolkit/components/extensions'
[task 2020-03-27T23:44:47.087Z] 46:32.38 make[4]: Entering directory '/builds/worker/checkouts/gecko/obj-analyzed/toolkit/components/extensions'
[task 2020-03-27T23:44:47.087Z] 46:32.38 toolkit/components/extensions/Unified_cpp_extensions0.o
[task 2020-03-27T23:44:47.087Z] 46:32.38 make[4]: Leaving directory '/builds/worker/checkouts/gecko/obj-analyzed/toolkit/components/extensions'
|
|
||
Comment 51•1 year ago
|
||
Also seeing a Test Verify failure starting with the backed out changes:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=295141339&repo=autoland&lineNumber=1982
[task 2020-03-27T23:22:17.438Z] 23:22:17 INFO - Entering test bound testCertChosenAutomatically
[task 2020-03-27T23:22:17.438Z] 23:22:17 INFO - old state: ASSERT_NOT_CALLED
[task 2020-03-27T23:22:17.441Z] 23:22:17 INFO - new state: ASSERT_NOT_CALLED
[task 2020-03-27T23:22:17.442Z] 23:22:17 INFO - Buffered messages logged at 23:22:15
[task 2020-03-27T23:22:17.442Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | Expected and actual URLs should match (got 'https://requireclientcert.example.com/', expected 'https://requireclientcert.example.com/') - true == true -
[task 2020-03-27T23:22:17.442Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | chooseCertificate should have been called if we were expecting it to be called - false == false -
[task 2020-03-27T23:22:17.442Z] 23:22:17 INFO - Leaving test bound testCertChosenAutomatically
[task 2020-03-27T23:22:17.443Z] 23:22:17 INFO - Entering test bound testCertNotChosenByUser
[task 2020-03-27T23:22:17.443Z] 23:22:17 INFO - old state: ASSERT_NOT_CALLED
[task 2020-03-27T23:22:17.443Z] 23:22:17 INFO - new state: RETURN_CERT_NOT_SELECTED
[task 2020-03-27T23:22:17.443Z] 23:22:17 INFO - Buffered messages logged at 23:22:16
[task 2020-03-27T23:22:17.445Z] 23:22:17 INFO - Console message: [JavaScript Error: "TypeError: can't access property "messageManager", this.docShell is null" {file: "resource:///actors/LightweightThemeChild.jsm" line: 28}]
[task 2020-03-27T23:22:17.445Z] 23:22:17 INFO - Buffered messages logged at 23:22:17
[task 2020-03-27T23:22:17.446Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | chooseCertificate() should be called only when expected - "RETURN_CERT_NOT_SELECTED" != "ASSERT_NOT_CALLED" -
[task 2020-03-27T23:22:17.446Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | Hostname should be 'requireclientcert.example.com' - "requireclientcert.example.com" == "requireclientcert.example.com" -
[task 2020-03-27T23:22:17.447Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | Port should be 443 - 443 == 443 -
[task 2020-03-27T23:22:17.447Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | Server cert Organization should be empty/not present - "" == "" -
[task 2020-03-27T23:22:17.447Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | Server cert issuer Organization should be 'Mozilla Testing' - "Mozilla Testing" == "Mozilla Testing" -
[task 2020-03-27T23:22:17.451Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | Cert list should not be null - {"QueryInterface":"function QueryInterface() {\n [native code]\n}","length":3,"queryElementAt":"function queryElementAt() {\n [native code]\n}","indexOf":"function indexOf() {\n [native code]\n}","enumerate":"function enumerate() {\n [native code]\n}"} != null -
[task 2020-03-27T23:22:17.452Z] 23:22:17 INFO - Buffered messages finished
[task 2020-03-27T23:22:17.452Z] 23:22:17 INFO - TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | 2 certificates should be available - 3 == 2 - JS frame :: chrome://mochitests/content/browser/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js :: chooseCertificate :: line 98
[task 2020-03-27T23:22:17.452Z] 23:22:17 INFO - Stack trace:
[task 2020-03-27T23:22:17.452Z] 23:22:17 INFO - chrome://mochitests/content/browser/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js:chooseCertificate:98
[task 2020-03-27T23:22:17.456Z] 23:22:17 INFO - TEST-PASS | security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js | Cert list should contain nsIX509Certs - {"emailAddress":"(no email address)","isBuiltInRoot":false,"getEmailAddresses":"function getEmailAddresses() {\n [native code]\n}","containsEmailAddress":"function containsEmailAddress() {\n [native code]\n}","subjectName":"CN=Mochitest client","subjectAltNames":"","commonName":"Mochitest client","organization":"","organizationalUnit":"","sha256Fingerprint":"D6:DD:7A:73:77:CB:0F:E3:E2:50:F9:1B:2B:BF:D6:45:61:62:2B:18:38:B1:9B:A5:BF:ED:67:C6:7C:FF:8D:C8","sha1Fingerprint":"E5:FF:C7:C2:0F:54:37:4B:EC:D6:E8:5D:2A:44:FC:18:5F:B4:81:15","tokenName":"Software Security Device","issuerName":"OU=Profile Guided Optimization,O=Mozilla Testing,CN=Temporary Certificate Authority","serialNumber":"03","issuerCommonName":"Temporary Certificate Authority","issuerOrganization":"Mozilla Testing","issuerOrganizationUnit":"Profile Guided Optimization","validity":{"QueryInterface":"function QueryInterface() {\n [native code]\n}","notBefore":1543276800000000,"notBeforeLocalTime":"November 27, 2018, 12:00:00 AM GMT","notBeforeLocalDay":"November 27, 2018","notBeforeGMT":"November 27, 2018, 12:00:00 AM GMT","notAfter":1612396800000000,"notAfterLocalTime":"February 4, 2021, 12:00:00 AM GMT","notAfterLocalDay":"February 4, 2021","notAfterGMT":"February 4, 2021, 12:00:00 AM GMT"},"dbKey":"AAAAAAAAAAAAAAABAAAAbAMwajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEYMBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRlZCBPcHRpbWl6YXRpb24=","displayName":"Mochitest client","certType":2,"isSelfSigned":false,"keyUsages":"","ASN1Structure":{"QueryInterface":"function QueryInterface() {\n [native code]\n}","type":0,"tag":0,"displayName":"Mochitest client","displayValue":"","ASN1_END_CONTENTS":0,"ASN1_BOOLEAN":1,"ASN1_INTEGER":2,"ASN1_BIT_STRING":3,"ASN1_OCTET_STRING":4,"ASN1_NULL":5,"ASN1_OBJECT_ID":6,"ASN1_ENUMERATED":10,"ASN1_UTF8_STRING":12,"ASN1_SEQUENCE":16,"ASN1_SET":17,"ASN1_PRINTABLE_STRING":19,"ASN1_T61_STRING":20,"ASN1_IA5_STRING":22,"ASN1_UTC_TIME":23,"ASN1_GEN_TIME":24,"ASN1_VISIBLE_STRING":26,"ASN1_UNIVERSAL_STRING":28,"ASN1_BMP_STRING":30,"ASN1_HIGH_TAG_NUMBER":31,"ASN1_CONTEXT_SPECIFIC":32,"ASN1_APPLICATION":33,"ASN1_PRIVATE":34},"getRawDER":"function getRawDER() {\n [native code]\n}","getBase64DERString":"function getBase64DERString() {\n [native code]\n}","equals":"function equals() {\n [native code]\n}","sha256SubjectPublicKeyInfoDigest":"VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=","markForPermDeletion":"function markForPermDeletion() {\n [native code]\n}","UNKNOWN_CERT":0,"CA_CERT":1,"USER_CERT":2,"EMAIL_CERT":4,"SERVER_CERT":8,"ANY_CERT":65535} != null -
|
|
Assignee | |
Comment 52•1 year ago
|
||
I'll re-land this next week after the merge.
|
|
||
Comment 53•1 year ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/71db6e900a94 (1/2) simplify flow of client auth certificate selection to enable future improvements r=kjacobs https://hg.mozilla.org/integration/autoland/rev/0df99ee3b674 (2/2) incorporate all known potential issuing certificates when filtering client certificates r=kjacobs,jcj
|
||
Comment 54•1 year ago
|
||
Backed out for causing mochitest failures on test_bug466080.html.
Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=296513324&repo=autoland
Backout link: https://hg.mozilla.org/integration/autoland/rev/b49a548d507c01610f8d4c2c902b911273e77b5f
[task 2020-04-06T22:34:31.973Z] 22:34:31 INFO - 386 INFO TEST-OK | dom/base/test/test_bug465767.html | took 68ms
[task 2020-04-06T22:34:31.973Z] 22:34:31 INFO - 387 INFO TEST-START | dom/base/test/test_bug466080.html
[task 2020-04-06T22:40:01.792Z] 22:40:01 INFO - processing:blockOn=A&body=runFirst();
[task 2020-04-06T22:40:01.792Z] 22:40:01 INFO - processing:blockOn=B&body=runSecond();
[task 2020-04-06T22:40:01.792Z] 22:40:01 INFO - processing:blockOn=C&body=runThird();
[task 2020-04-06T22:40:01.815Z] 22:40:01 INFO - processing:unblock=A
[task 2020-04-06T22:40:01.830Z] 22:40:01 INFO - processing:unblock=C
[task 2020-04-06T22:40:01.860Z] 22:40:01 INFO - processing:unblock=B
[task 2020-04-06T22:40:02.085Z] 22:40:02 INFO - processing:blockOn=R&body=runFirst();
[task 2020-04-06T22:40:02.086Z] 22:40:02 INFO - processing:blockOn=S&body=runThird();
[task 2020-04-06T22:40:02.087Z] 22:40:02 INFO - processing:blockOn=T&body=runForth();
[task 2020-04-06T22:40:02.090Z] 22:40:02 INFO - processing:unblock=R
[task 2020-04-06T22:40:02.092Z] 22:40:02 INFO - processing:unblock=S
[task 2020-04-06T22:40:02.135Z] 22:40:02 INFO - processing:unblock=T
[task 2020-04-06T22:40:07.220Z] 22:40:07 WARNING - 388 INFO TEST-UNEXPECTED-FAIL | dom/base/test/test_bug466080.html | Test timed out.
[task 2020-04-06T22:40:07.221Z] 22:40:07 INFO - SimpleTest.ok@SimpleTest/SimpleTest.js:299:16
[task 2020-04-06T22:40:07.221Z] 22:40:07 INFO - reportError@SimpleTest/TestRunner.js:128:22
[task 2020-04-06T22:40:07.221Z] 22:40:07 INFO - TestRunner._checkForHangs@SimpleTest/TestRunner.js:150:18
[task 2020-04-06T22:40:07.221Z] 22:40:07 INFO - 389 INFO TEST-OK | dom/base/test/test_bug466080.html | took 330000ms
Bugbug thinks this bug is a regression, but please revert this change in case of error.
|
|
Assignee | |
Updated•1 year ago
|
|
|
||
Comment 56•1 year ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7da361784a24 (1/2) simplify flow of client auth certificate selection to enable future improvements r=kjacobs https://hg.mozilla.org/integration/autoland/rev/5b42186a46c8 (2/2) incorporate all known potential issuing certificates when filtering client certificates r=kjacobs,jcj
|
||
Comment 57•1 year ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/7da361784a24
https://hg.mozilla.org/mozilla-central/rev/5b42186a46c8
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 58•1 year ago
|
||
Marius, does the latest version of Nightly work for you?
|
|
Reporter | |
Comment 59•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #58)
Marius, does the latest version of Nightly work for you?
Hello Dana,
I've still got an issue with the latest Nightly but it's not the same behavior than with the previous:
"An error occurred during a connection to bastion1.rd.francetelecom.fr. Peer does not recognize and trust the CA that issued your certificate.
Error code: SSL_ERROR_UNKNOWN_CA_ALERT"
|
|
Assignee | |
Comment 60•1 year ago
|
||
Thanks! Can you try this build out? https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/Udtk7ebMRn2_tYmx2IL9JA/runs/0/artifacts/public/build/install/sea/target.installer.exe
|
|
Reporter | |
Comment 61•1 year ago
|
||
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #60)
Thanks! Can you try this build out? https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/Udtk7ebMRn2_tYmx2IL9JA/runs/0/artifacts/public/build/install/sea/target.installer.exe
Yes, it works perfectly fine now, thank you very much!
|
|
Assignee | |
Comment 62•1 year ago
|
||
Great! I'll get that landed in bug 1630473 since that seems to be the same issue.
Description
•