Closed Bug 842064 Opened 8 years ago Closed 8 years ago

Build bustage caused by expired certificates in test_signed_apps.js

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla21
Tracking Status
firefox19 --- fixed
firefox20 --- fixed
firefox21 --- fixed
firefox-esr17 --- unaffected
b2g18 --- fixed
b2g18-v1.0.0 --- wontfix
b2g18-v1.0.1 --- fixed

People

(Reporter: briansmith, Assigned: briansmith)

Details

Attachments

(1 file)

No description provided.
I changed the script that generates the certs to make them valid for 40 years. We should all be retired by that point and then it will be somebody else's problem for sure.

I am going to check this in before it is reviewed because xpcshell is broken in tbpl now because of this bug.
Attachment #714816 - Flags: review?(rrelyea)
Attachment #714816 - Flags: checkin+
(In reply to Brian Smith (:bsmith) from comment #1)
> I changed the script that generates the certs to make them valid for 40
> years. We should all be retired by that point and then it will be somebody
> else's problem for sure.

Have you ever thought about running for Congress? :)
Comment on attachment 714816 [details] [diff] [review]
Make test certs expire in 40 years

Review of attachment 714816 [details] [diff] [review]:
-----------------------------------------------------------------

::: security/manager/ssl/tests/unit/test_signed_apps/generate.sh
@@ -75,5 @@
>  sign_app_with_new_cert trusted   $srcdir/unsigned.zip $srcdir/valid.zip
>  sign_app_with_new_cert untrusted $srcdir/unsigned.zip $srcdir/unknown_issuer.zip
>  certutil -d $tmpdir/trusted -f $passwordfile -L -n ca1 -r -o $srcdir/trusted_ca1.der
> -
> -rm -Rf $tmpdir

Surely you didn't mean to check this part in?
https://hg.mozilla.org/integration/mozilla-inbound/rev/fd897af2dd47
https://hg.mozilla.org/mozilla-central/rev/ff193fc3dc7d
https://hg.mozilla.org/releases/mozilla-aurora/rev/b9d8e56a0a96
https://hg.mozilla.org/releases/mozilla-beta/rev/eaebe0a84886
https://hg.mozilla.org/releases/mozilla-release/rev/e0075e80f2f6
https://hg.mozilla.org/releases/mozilla-b2g18/rev/1afaccd266ec
https://hg.mozilla.org/releases/mozilla-b2g18_v1_0_1/rev/059a7e0badf7

Skipped b2g-1.0.0 since I was told on IRC it was closed. I pushed to mozilla-beta after getting confirmation that all was OK, but then philor told me right after I did that push that I shouldn't have done it. I saw the comment on mozilla-release that said that only merged should be done on that tree but not sure of what all is involved and I'd already got approval to land the patch there too. Feel free to point out what I should have done differently.
(In reply to Nathan Froyd (:froydnj) from comment #3)
> Surely you didn't mean to check this part in?

I didn't really intend to check that part in. But, no harm, no foul. I will fix that part on Tuesday.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment on attachment 714816 [details] [diff] [review]
Make test certs expire in 40 years

r+ 

These are 2048 bit RSA with SHA256, there is no way they could be broken in 40 years:).... (he says facetiously about throw away test certs).
Attachment #714816 - Flags: review?(rrelyea) → review+
You need to log in before you can comment on or make changes to this bug.