Hardcode intermediate addons stage cert
Categories
(Core :: Security: PSM, task, P1)
Tracking
()
People
(Reporter: robwu, Assigned: robwu)
References
Details
(Whiteboard: [addons-jira])
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr115+
|
Details | Review |
In order for the stage simulation to be as realistic as possible, we should hardcode the intermediate certificates in AppTrustDomain similar to what we do for production (introduced by https://hg.mozilla.org/mozilla-central/rev/c52835481c08 in bug 1549249).
The intermediate certificate of interest is cas-cur-intermediate-amo-2024-03-12.crt from bug 1882192.
|
||
Updated•2 months ago
|
|
Assignee | |
Comment 1•2 months ago
|
||
Generated from the crt file from bug 1882192 with:
openssl x509 -inform PEM -in /tmp/cas-cur-intermediate-amo-2024-03-12.crt -outform DER -out security/manager/ssl/addons-stage-intermediate.crt
Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/a98160b49fad Hardcode intermediate addons-stage cert r=jschanck
|
||
Comment 3•2 months ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 4•1 month ago
|
||
Comment on attachment 9391477 [details]
Bug 1885354 - Hardcode intermediate addons-stage cert
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: This is necessary to realistically test the root CA succession on ESR115.
- User impact if declined: QA results with stage/dev server of AMO does not match the production behavior.
- Fix Landed on Version: 125
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Behavior is behind a preference and only reached by QA.
|
||
Comment 5•1 month ago
|
||
Comment on attachment 9391477 [details]
Bug 1885354 - Hardcode intermediate addons-stage cert
Approved for 115.10esr.
|
|
||
Updated•1 month ago
|
Description
•