Test failure 'secure.mur.at == erle.mur.at ' in testSecurity/testUnknownIssuer.js

RESOLVED FIXED

Status

Mozilla QA
Mozmill Tests
P2
normal
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: whimboo, Assigned: Daniela Petrovici)

Tracking

unspecified
Bug Flags:
in-litmus -

Firefox Tracking Flags

(firefox21 fixed, firefox22 fixed, firefox23 fixed, firefox24 fixed, firefox-esr17 fixed)

Details

(Whiteboard: [mozmill-test-failure] s=121210 u=failure c=security p=1, URL)

Attachments

(4 attachments, 1 obsolete attachment)

(Reporter)

Description

5 years ago
This test is failing all the time now because mur.at has changed its certificate. Now it's not an unknown but untrusted one.

We should disable this test for now immediately to not cause more failure messages and find out how we can come up with a test case on mozqa.com.

I will push a band-aid fix right away which skips the test.
(Reporter)

Comment 1

5 years ago
Created attachment 631627 [details] [diff] [review]
Patch (skip) [checked-in]

Pushed:
http://hg.mozilla.org/qa/mozmill-tests/rev/baee00f2c0d0 (default)
http://hg.mozilla.org/qa/mozmill-tests/rev/7d0e352a12e1 (aurora)
http://hg.mozilla.org/qa/mozmill-tests/rev/111979880e3d (beta)
http://hg.mozilla.org/qa/mozmill-tests/rev/a890a4c28364 (release)
http://hg.mozilla.org/qa/mozmill-tests/rev/5322be838213 (esr10)
(Reporter)

Updated

5 years ago
Whiteboard: [mozmill-test-failure] → [mozmill-test-failure][mozmill-test-skipped]
(Reporter)

Comment 2

5 years ago
Remus, would you mind to disable the appropriate Litmus tests? I would appreciate that.

Also could you check how we could create such an unknown issuer certificate? Not sure if this page helps but I think the web should be full of examples.

http://stackoverflow.com/questions/275878/firefox-and-ssl-sec-error-unknown-issuer

We should then get an infrastructure bug filed to get this implemented on mozqa.com.
status-firefox-esr10: --- → affected
status-firefox13: --- → affected
status-firefox14: --- → affected
status-firefox15: --- → affected
status-firefox16: --- → affected
Flags: in-litmus?(remus.pop)
Disabled Litmus tests ids:
esr10: 41457
release (13): 5632
beta (14): 64706
aurora (15): 16359
Flags: in-litmus?(remus.pop) → in-litmus-
Visiting the website we use for testing redirects me to https://sicher.mur.at/ . Couldn't we use this instead?
(Reporter)

Comment 5

5 years ago
No, this is not an unkown issuer certificate. We have to create our own example on mozqa.com.
(Reporter)

Comment 6

5 years ago
Remus, do you have an update? Nearly two weeks have been passed by.
(In reply to Henrik Skupin (:whimboo) from comment #6)
> Remus, do you have an update? Nearly two weeks have been passed by.

Giving comment 5, we have to change the test page to one from mozqa.com right?

If so, adding bug 661121 to depencies
Depends on: 661121
(Reporter)

Comment 8

5 years ago
Not yet, as long as we do not have a valid cert for this test. I don't want to block the work on bug 661121 for that.
No longer depends on: 661121
In order to be able to connect to a server through ssl, a list of certificates must be presented. There are some intermediate certificates which if they aren't installed, Firefox will complain about this unknown issuer.

So basically we only need to install the root certificate leaving the intermediates (they should be supplied with the root, but as separate files) out.

This should give insight about how they look like:
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1182
(Reporter)

Updated

5 years ago
Priority: -- → P2
(Reporter)

Updated

5 years ago
Assignee: hskupin → nobody
Whiteboard: [mozmill-test-failure][mozmill-test-skipped] → [mozmill-test-failure][mozmill-test-skipped] s=121112 u=failure c=security p=1
Assignee: nobody → alex.lakatos
(Reporter)

Comment 10

5 years ago
We got a more important failure today we have to take care of. Lets drop this bug from this weeks sprint and do bug 810820 instead.
Assignee: alex.lakatos → nobody
Status: ASSIGNED → NEW
Whiteboard: [mozmill-test-failure][mozmill-test-skipped] s=121112 u=failure c=security p=1 → [mozmill-test-failure][mozmill-test-skipped]
(Reporter)

Comment 11

5 years ago
Lets follow up on Remus investigation and find a fix in the next two weeks so that we can get this test re-enabled.
Whiteboard: [mozmill-test-failure][mozmill-test-skipped] → [mozmill-test-failure][mozmill-test-skipped] s=121210 u=failure c=security p=1
(Assignee)

Updated

5 years ago
Assignee: nobody → andreea.matei
(Reporter)

Comment 12

5 years ago
When are you going to proceed on this bug?
Status: NEW → ASSIGNED
(Assignee)

Updated

5 years ago
Assignee: andreea.matei → dpetrovici
(Assignee)

Comment 13

5 years ago
I will work on this bug. I have looked at Remus' investigation and ran the test. 

It appears we need a page on mozqa.com where we can have a self signed SSL certificate with no issuer (added for CA) so that we can get the "sec_error_unknown_issuer" error. 

But just to make sure I will discuss with our IT and try to create such an SSL certificate locally and see if the test can be fixed by this.
(Assignee)

Comment 14

5 years ago
Based on discussion with Dave in Ask an expert meeting, I will log a bug for Mozilla IT to create a certificate and add it to mozqa.com site. This will help to re-enable and update the test. I have logged bug 828981
Depends on: 828981
(Reporter)

Updated

5 years ago
status-firefox-esr10: affected → wontfix
status-firefox13: affected → ---
status-firefox14: affected → ---
status-firefox15: affected → ---
status-firefox16: affected → ---
status-firefox18: --- → disabled
status-firefox19: --- → disabled
status-firefox20: --- → disabled
status-firefox21: --- → disabled
(Reporter)

Comment 15

5 years ago
Lets get this test updated and re-enabled now that we have such a broken SSL cert in-house.
status-firefox18: disabled → ---
status-firefox19: disabled → ---
status-firefox22: --- → disabled
status-firefox23: --- → disabled
status-firefox-esr17: --- → disabled
(Assignee)

Comment 16

5 years ago
Created attachment 747378 [details] [diff] [review]
patch v1.0

Modified test with the new page. Reports for:
Windows: http://mozmill-crowd.blargon7.com/#/functional/report/ea82256a8ae9808d91b7e8145e486269
Linux: http://mozmill-crowd.blargon7.com/#/functional/report/ea82256a8ae9808d91b7e8145e46d0b3
MAC: http://mozmill-crowd.blargon7.com/#/functional/report/ea82256a8ae9808d91b7e8145e480ebf
Attachment #747378 - Flags: review?(andreea.matei)
Comment on attachment 747378 [details] [diff] [review]
patch v1.0

Review of attachment 747378 [details] [diff] [review]:
-----------------------------------------------------------------

::: tests/functional/testSecurity/testUnknownIssuer.js
@@ +21,5 @@
>    controller.waitForPageLoad();
>  
>    var link = new elementslib.ID(controller.tabs.activeTab, "cert_domain_link");
>    controller.waitForElement(link);
> +  expect.equal(link.getNode().textContent, "ssl-selfsigned-unknownissuer.mozqa.com", "Domain name is visible");

I think this line exceeds 80 chars.
Attachment #747378 - Flags: review?(andreea.matei) → review-
(Assignee)

Comment 18

5 years ago
Created attachment 747402 [details] [diff] [review]
patch v1.1

Modified patch based on review
Attachment #747378 - Attachment is obsolete: true
Attachment #747402 - Flags: review?(andreea.matei)
(Reporter)

Comment 19

5 years ago
Comment on attachment 747402 [details] [diff] [review]
patch v1.1

Review of attachment 747402 [details] [diff] [review]:
-----------------------------------------------------------------

::: tests/functional/testSecurity/testUnknownIssuer.js
@@ +9,3 @@
>  
> +var setupModule = function(aModule) {
> +  aModule.controller = mozmill.getBrowserController();

We should really only modify lines which are important to get the bug fixed. Please avoid those side-by changes in the future. It's not a blocker to get this patch landed through.
Comment on attachment 747402 [details] [diff] [review]
patch v1.1

Review of attachment 747402 [details] [diff] [review]:
-----------------------------------------------------------------

Landed as:
http://hg.mozilla.org/qa/mozmill-tests/rev/7de23ec0585d (default)
Attachment #747402 - Flags: review?(andreea.matei) → review+
(Reporter)

Updated

5 years ago
status-firefox-esr10: wontfix → ---
status-firefox20: disabled → ---
status-firefox23: disabled → fixed
status-firefox24: --- → fixed
(Assignee)

Comment 21

5 years ago
Created attachment 749842 [details] [diff] [review]
patch for Beta v1.0

The patch for default/Aurora does not apply cleanly on Beta branch due to changing of the TEST_DATA on default. This patch also does not apply cleanly on Release.

Reports for Beta:
- Linux: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c235d1e1
- MAC: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c2389341
- Windows: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c2387b65
Attachment #749842 - Flags: review?(andreea.matei)
(Assignee)

Comment 22

5 years ago
Created attachment 749885 [details] [diff] [review]
follow up patch v1.0 for Release and ESR17

This patch applies cleanly on Release and ESR17. Reports are below:
- Release:
MAC: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c23a5f83
Linux: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c2391e7d
Windows: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c23a08fb

- ESR17:
MAC: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c23fd028
Windows: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c23f3b28
Linux: http://mozmill-crowd.blargon7.com/#/functional/report/14f8bc4e22e61353662cded4c2439699
Attachment #749885 - Flags: review?(andreea.matei)
Comment on attachment 749842 [details] [diff] [review]
patch for Beta v1.0

Review of attachment 749842 [details] [diff] [review]:
-----------------------------------------------------------------

Landed as:
http://hg.mozilla.org/qa/mozmill-tests/rev/fdeccb0d8a5a (beta)
http://hg.mozilla.org/qa/mozmill-tests/rev/7c008b11117f (release)
http://hg.mozilla.org/qa/mozmill-tests/rev/9d5290880a26 (esr17)
Attachment #749842 - Flags: review?(andreea.matei) → review+
Attachment #749885 - Flags: review?(andreea.matei) → review+
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
status-firefox21: disabled → fixed
status-firefox22: disabled → fixed
status-firefox-esr17: disabled → fixed
Resolution: --- → FIXED
Whiteboard: [mozmill-test-failure][mozmill-test-skipped] s=121210 u=failure c=security p=1 → [mozmill-test-failure] s=121210 u=failure c=security p=1
You need to log in before you can comment on or make changes to this bug.