Closed Bug 1825118 Opened 2 years ago Closed 2 years ago

libpkix/certs/PayPalEE.cert has expired and should be refreshed

Categories

(NSS :: Test, defect)

Product:
NSS
Component:
Test
Version:
3.89
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1750624

People

(Reporter: ctq, Unassigned)

Details

Steps to reproduce:

Running chain.sh causes failures.

https://hg.mozilla.org/projects/nss/file/tip/tests/libpkix/certs/PayPalEE.cert has an expiration of Wednesday, January 12, 2022 at 04:00:00 Pacific and is causing failures in chain.sh.

This certificate should be replaced with an updated copy.

See this previous bug for the last time the certificate expired:
https://bugzilla.mozilla.org/show_bug.cgi?id=1659792

Also see the last commit to update the cert:
https://hg.mozilla.org/projects/nss/file/52c965eaffa1272652a4ba765045b5193e586663/tests/libpkix/certs/PayPalEE.cert

Actual results:

Failures in chain.sh due to the PayPalEE.cert being expired, for example:

chains.sh: #826: RealCerts: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.2.1  - FAILED

Expected results:

No failure is expected, all tests should pass.

I thought we fixed this in Bug 1750624 by pinning the validation date. Can you confirm that your chains.sh has the patch from that bug?

Hello John, you are correct. After applying the patch from that bug, the test no longer fails. Our code base did not include that change. Thank you for the help and apologies for the false alarm.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1750624
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.