763159 - Test failure 'secure.mur.at == erle.mur.at ' in testSecurity/testUnknownIssuer.js

Status: RESOLVED FIXED

(Mozilla QA Graveyard :: Mozmill Tests, defect, P2)

Description

[Henrik Skupin [:whimboo][⌚️UTC+2]]

This test is failing all the time now because mur.at has changed its certificate. Now it's not an unknown but untrusted one.

We should disable this test for now immediately to not cause more failure messages and find out how we can come up with a test case on mozqa.com.

I will push a band-aid fix right away which skips the test.

Comment 1

[Henrik Skupin [:whimboo][⌚️UTC+2]]

Attachment: Patch (skip) [checked-in]

Pushed:
http://hg.mozilla.org/qa/mozmill-tests/rev/baee00f2c0d0 (default)
http://hg.mozilla.org/qa/mozmill-tests/rev/7d0e352a12e1 (aurora)
http://hg.mozilla.org/qa/mozmill-tests/rev/111979880e3d (beta)
http://hg.mozilla.org/qa/mozmill-tests/rev/a890a4c28364 (release)
http://hg.mozilla.org/qa/mozmill-tests/rev/5322be838213 (esr10)

Comment 2

[Henrik Skupin [:whimboo][⌚️UTC+2]]

Remus, would you mind to disable the appropriate Litmus tests? I would appreciate that.

Also could you check how we could create such an unknown issuer certificate? Not sure if this page helps but I think the web should be full of examples.

http://stackoverflow.com/questions/275878/firefox-and-ssl-sec-error-unknown-issuer

We should then get an infrastructure bug filed to get this implemented on mozqa.com.

Comment 3

[Remus Pop (:RemusPop)]

Disabled Litmus tests ids:
esr10: 41457
release (13): 5632
beta (14): 64706
aurora (15): 16359

Comment 4

[Remus Pop (:RemusPop)]

Visiting the website we use for testing redirects me to https://sicher.mur.at/ . Couldn't we use this instead?

Comment 5

[Henrik Skupin [:whimboo][⌚️UTC+2]]

No, this is not an unkown issuer certificate. We have to create our own example on mozqa.com.

Comment 6

[Henrik Skupin [:whimboo][⌚️UTC+2]]

Remus, do you have an update? Nearly two weeks have been passed by.

Comment 7

[Maniac Vlad Florin (:vladmaniac)]

(In reply to Henrik Skupin (:whimboo) from comment #6)
> Remus, do you have an update? Nearly two weeks have been passed by.

Giving comment 5, we have to change the test page to one from mozqa.com right?

If so, adding bug 661121 to depencies

Comment 8

[Henrik Skupin [:whimboo][⌚️UTC+2]]

Not yet, as long as we do not have a valid cert for this test. I don't want to block the work on bug 661121 for that.

Comment 9

[Remus Pop (:RemusPop)]

In order to be able to connect to a server through ssl, a list of certificates must be presented. There are some intermediate certificates which if they aren't installed, Firefox will complain about this unknown issuer.

So basically we only need to install the root certificate leaving the intermediates (they should be supplied with the root, but as separate files) out.

This should give insight about how they look like:
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1182

Comment 10

[Henrik Skupin [:whimboo][⌚️UTC+2]]

We got a more important failure today we have to take care of. Lets drop this bug from this weeks sprint and do bug 810820 instead.

Comment 11

[Henrik Skupin [:whimboo][⌚️UTC+2]]

Lets follow up on Remus investigation and find a fix in the next two weeks so that we can get this test re-enabled.

Comment 12

[Henrik Skupin [:whimboo][⌚️UTC+2]]

When are you going to proceed on this bug?

Comment 13

[Daniela Petrovici]

I will work on this bug. I have looked at Remus' investigation and ran the test. 

It appears we need a page on mozqa.com where we can have a self signed SSL certificate with no issuer (added for CA) so that we can get the "sec_error_unknown_issuer" error. 

But just to make sure I will discuss with our IT and try to create such an SSL certificate locally and see if the test can be fixed by this.

Comment 14

[Daniela Petrovici]

Based on discussion with Dave in Ask an expert meeting, I will log a bug for Mozilla IT to create a certificate and add it to mozqa.com site. This will help to re-enable and update the test. I have logged bug 828981

Comment 15

[Henrik Skupin [:whimboo][⌚️UTC+2]]

Lets get this test updated and re-enabled now that we have such a broken SSL cert in-house.

Comment 16

[Daniela Petrovici]

Attachment: patch v1.0

Modified test with the new page. Reports for:
Windows: http://mozmill-crowd.blargon7.com/#/functional/report/ea82256a8ae9808d91b7e8145e486269
Linux: http://mozmill-crowd.blargon7.com/#/functional/report/ea82256a8ae9808d91b7e8145e46d0b3
MAC: http://mozmill-crowd.blargon7.com/#/functional/report/ea82256a8ae9808d91b7e8145e480ebf

Comment 17

[Andreea Matei [:AndreeaMatei]]

Comment on attachment 747378 [details] [diff] [review]
patch v1.0

Review of attachment 747378 [details] [diff] [review]:
-----------------------------------------------------------------

::: tests/functional/testSecurity/testUnknownIssuer.js
@@ +21,5 @@
>    controller.waitForPageLoad();
>  
>    var link = new elementslib.ID(controller.tabs.activeTab, "cert_domain_link");
>    controller.waitForElement(link);
> +  expect.equal(link.getNode().textContent, "ssl-selfsigned-unknownissuer.mozqa.com", "Domain name is visible");

I think this line exceeds 80 chars.

Comment 18

[Daniela Petrovici]

Attachment: patch v1.1

Modified patch based on review

Comment 19

[Henrik Skupin [:whimboo][⌚️UTC+2]]

Comment on attachment 747402 [details] [diff] [review]
patch v1.1

Review of attachment 747402 [details] [diff] [review]:
-----------------------------------------------------------------

::: tests/functional/testSecurity/testUnknownIssuer.js
@@ +9,3 @@
>  
> +var setupModule = function(aModule) {
> +  aModule.controller = mozmill.getBrowserController();

We should really only modify lines which are important to get the bug fixed. Please avoid those side-by changes in the future. It's not a blocker to get this patch landed through.

Comment 20

[Andreea Matei [:AndreeaMatei]]

Comment on attachment 747402 [details] [diff] [review]
patch v1.1

Review of attachment 747402 [details] [diff] [review]:
-----------------------------------------------------------------

Landed as:
http://hg.mozilla.org/qa/mozmill-tests/rev/7de23ec0585d (default)

Comment 21

[Daniela Petrovici]

Attachment: patch for Beta v1.0

The patch for default/Aurora does not apply cleanly on Beta branch due to changing of the TEST_DATA on default. This patch also does not apply cleanly on Release.

Reports for Beta:
- Linux: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c235d1e1
- MAC: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c2389341
- Windows: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c2387b65

Comment 22

[Daniela Petrovici]

Attachment: follow up patch v1.0 for Release and ESR17

This patch applies cleanly on Release and ESR17. Reports are below:
- Release:
MAC: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c23a5f83
Linux: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c2391e7d
Windows: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c23a08fb

- ESR17:
MAC: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c23fd028
Windows: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c23f3b28
Linux: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c2439699

Comment 23

[Andreea Matei [:AndreeaMatei]]

Comment on attachment 749842 [details] [diff] [review]
patch for Beta v1.0

Review of attachment 749842 [details] [diff] [review]:
-----------------------------------------------------------------

Landed as:
http://hg.mozilla.org/qa/mozmill-tests/rev/fdeccb0d8a5a (beta)
http://hg.mozilla.org/qa/mozmill-tests/rev/7c008b11117f (release)
http://hg.mozilla.org/qa/mozmill-tests/rev/9d5290880a26 (esr17)