Closed
Bug 773477
Opened 12 years ago
Closed 8 years ago
Create automated tests for verification of MD5-based certificates
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: briansmith, Unassigned)
Details
(Whiteboard: [good next bug][see comment 5])
In bug 650355, we soft-block MD5-based certificates because MD5 is not considered a secure hash algorithm anymore. We need to have automated tests for this bug we don't have the infrastructure for it yet. We need to build that infrastructure and then build tests on it.
|
||
Comment 1•12 years ago
|
||
Brian, how long will it take for you to setup the infrastructure? Is it a time frame of a couple of days or weeks only? I wonder if it is worth working on a Mozmill test, but don't want to waste our time if those tests in the tree could be implemented sooner than later.
|
Reporter | |
Comment 2•10 years ago
|
||
Is this not already being tested somewhere? Can you dupe this to the bug that added the test for this?
Flags: needinfo?(cviecco)
|
||
Comment 3•10 years ago
|
||
We dont check for md5 signaures. We do test for correctness of different signatures using sha256. signatures.
Flags: needinfo?(cviecco)
Well, we do have this: http://hg.mozilla.org/mozilla-central/diff/b6aa1e70e482/security/manager/ssl/tests/unit/test_cert_overrides.js#l1.73 added in bug 967975.
|
|
||
Comment 5•10 years ago
|
||
Why not enhance security/manager/ssl/tests/unit/test_cert_signatures.js ?
|
|
Reporter | |
Updated•10 years ago
|
Whiteboard: [good next bug][see comment 5]
I think we have sufficient coverage for this.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•