Closed Bug 972770 Opened 11 years ago Closed 11 years ago

Test failure 'Element.waitForElement(): Element 'ID: errorTitleText' has been found' in /testSecurity/testSSLDisabledErrorPage.js

Categories

(Mozilla QA Graveyard :: Mozmill Tests, defect, P1)

Product:
Mozilla QA Graveyard
Component:
Mozmill Tests
Type:
defect

Tracking

(firefox33 fixed, firefox34 fixed, firefox35 fixed, firefox36 fixed, firefox-esr31 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox33 --- fixed
firefox34 --- fixed
firefox35 --- fixed
firefox36 --- fixed
firefox-esr31 --- fixed

People

(Reporter: andrei, Assigned: cosmin-malutan)

References

(
URL
)

Details

(Keywords: reproducible, Whiteboard: [mozmill-test-failure])

Attachments

(3 files, 2 obsolete files)

skiptestssldisablederror.patch
1.15 KB, patch
AndreeaMatei
: review+
Details | Diff | Splinter Review
patch v2.0
2.08 KB, patch
AndreeaMatei
: review+
Details | Diff | Splinter Review
patch v2.0 [release]
1.23 KB, patch
AndreeaMatei
: review+
Details | Diff | Splinter Review
Module: testDisableSSL Test: /testSecurity/testSSLDisabledErrorPage.js Failure: Element.waitForElement(): Element 'ID: errorTitleText' has been found Branches: mozilla-release Platforms: Windows 7 Report: http://mozmill-release.blargon7.com/#/remote/report/e35f22a68fec3f6d144713f9abb4989e We only have 1 recorded failure. This doesn't reproduce (I've run it in the same environment). The page we are checking is a the Firefox SSL error page that should be triggered when accessing a page through https when the encryption algorithms versions do not match. I'm not sure what could have happened here. Before we search for the `errorTitleText` element we issue a waitForPageLoad() call. It's not clear to me how that call could pass and then failed to retrieve the wanted element. Either instead of the error page we loaded the mail.mozilla.org page. Which we requested through https. If it did load through https (and our settings for the versions were applied correctly) that would mean a regression. It could be that the request to https://mail.mozilla.org actually redirected to a non-secure version. (I'm not sure if this can actually happen). In this case we wouldn't have seen the error page at all. Or maybe we failed to correctly set up the preference for "security.tls.version.min" in which case we would have properly loaded up the requested page via https.
I think we should start to add the URL waitForPageLoad() was waiting for. This we can do beside the requested feature on bug 957973.
Keywords: intermittent-failure
(In reply to Henrik Skupin (:whimboo) from comment #1) > I think we should start to add the URL waitForPageLoad() was waiting for. That is a good idea!
status-firefox35: --- → affected
This fails a lot now, on all platforms, even on esr. Let's add a skip patch, Teodor could you please do that?
status-firefox36: --- → affected
status-firefox-esr31: --- → affected
OS: Windows 7 → All
Priority: P4 → P1
Attached patch skiptestssldisablederror.patch (obsolete) — Splinter Review
Attachment #8523841 - Flags: review?(andreea.matei)
Attachment #8523841 - Attachment is obsolete: true
Attachment #8523841 - Flags: review?(andreea.matei)
Attachment #8523842 - Flags: review?(andreea.matei)
Comment on attachment 8523842 [details] [diff] [review] skiptestssldisablederror.patch Review of attachment 8523842 [details] [diff] [review]: ----------------------------------------------------------------- Thanks, disabled: http://hg.mozilla.org/qa/mozmill-tests/rev/000a4e7f83bb (default) http://hg.mozilla.org/qa/mozmill-tests/rev/5ef88b926b71 (aurora)
Attachment #8523842 - Flags: review?(andreea.matei) → review+
This is not the same failure :( This failed once in February. We already had a fix up in bug 1099123 for the failure we're seeing since Thursday.
Right. This was a networking issue yesterday. So the skip for default and aurora can most likely backed-out again, right?
Flags: needinfo?(andreea.matei)
I can still see this failure even with the fix in bug 1099123. So we'll skip on beta too and Cosmin is looking into this now. Disabled: http://hg.mozilla.org/qa/mozmill-tests/rev/9174c2569816 (beta)
Assignee: nobody → cosmin.malutan
Status: NEW → ASSIGNED
status-firefox-esr31: affecteddisabled
Flags: needinfo?(andreea.matei)
What the test does: 1 Disable SSL 3.0, TLS 1.0 and TLS 1.1 for secure connections by forcing the use of TLS 1.2 2 Opens https://mozqa.com to test that setting an unsupported security protocol version returns an error page 3 Checks for an error title(which obviously appears if the certificate is not supported) The issue is that now https://mozqa.com has an TSL 1.2 certificate, and in setup we allowed only this certificate. Now I don't now why/where the certificate changed, but changing the preferences security.tls.version.min and security.tls.version.max to anything else than 3(which enables TSL 1.2) will make the test work again and test what it suppose to test. http://hg.mozilla.org/qa/mozmill-tests/file/000a4e7f83bb/firefox/tests/remote/testSecurity/testSSLDisabledErrorPage.js#l30 Right now the change is on server-side(we have different certificate) that's why it fails on all branches at the same time.
Attached patch patch v1.0 (obsolete) — Splinter Review
So this patch disables the TSL 1.2 and leaves only TSL 3.0 enabled. Since the tested page has a TSL 1.2 certificate we want it disabled so we can test the Error Page. http://mozmill-crowd.blargon7.com/#/remote/report/a6906174787fc0d722108aa1fac931cd
Attachment #8524531 - Flags: review?(andreea.matei)
Attached patch patch v2.0Splinter Review
Per bug 1099123 comment 15: I have to agree with Andrei it will be better to enforce the 1.2 which is the latest certificate and open and lower certificate version than to enforce an older version (3.0) and to load the latest certificate(1.2) to check that is disabled. http://mozmill-crowd.blargon7.com/#/remote/report/a6906174787fc0d722108aa1fad7d842
Attachment #8524531 - Attachment is obsolete: true
Attachment #8524531 - Flags: review?(andreea.matei)
Attachment #8524560 - Flags: review?(andrei.eftimie)
Attachment #8524560 - Flags: review?(andreea.matei)
Just to re-iterate here to make it clear what is happening. Last weekend we had an update of the Zeus Load Balancer (ZLB) which made all domains to use TLSv1.2. This was fixed by bug 1100236. Now our specific protocol versions work again. But I don't know which protocol was in use before for https://mozqa.com. But that doesn't matter. If we want to test specific protocol versions, we should clearly use the appropriate subdomains as setup in bug 891288. So the fix here would be to check which protocol version the current test is checking, and as best also updating the test name to make it visible. testDisableSSL is not that helpful here. Later with bug 1086334 we will get specific protocol version tests implemented for the other created sub domains.
Comment on attachment 8524560 [details] [diff] [review] patch v2.0 Review of attachment 8524560 [details] [diff] [review]: ----------------------------------------------------------------- ::: firefox/tests/remote/testSecurity/testSSLDisabledErrorPage.js @@ +9,5 @@ > var prefs = require("../../../lib/prefs"); > var tabs = require("../../../lib/tabs"); > var utils = require("../../../../lib/utils"); > > +const TEST_DATA = "https://tlsv1-0.mozqa.com"; Please see the comment inside of setupModule: // Disable SSL 3.0, TLS 1.0 and TLS 1.1 for secure connections // by forcing the use of TLS 1.2 So we currently test TLS 1.2, but not 1.0. So the chosen subdomain is not correct, and I don't see how this test could pass right now.
Attachment #8524560 - Flags: review?(andrei.eftimie)
Attachment #8524560 - Flags: review?(andreea.matei)
Attachment #8524560 - Flags: review-
(In reply to Henrik Skupin (:whimboo) from comment #15) > > +const TEST_DATA = "https://tlsv1-0.mozqa.com"; > > Please see the comment inside of setupModule: > > // Disable SSL 3.0, TLS 1.0 and TLS 1.1 for secure connections > // by forcing the use of TLS 1.2 > > So we currently test TLS 1.2, but not 1.0. So the chosen subdomain is not > correct, and I don't see how this test could pass right now. We currently test that TLS 1.0 won't work when is disabled, is disabled when we have 1.2 enforced(right now). What would be needed here as an follow up? Just to rename the test file?
Comment on attachment 8524560 [details] [diff] [review] patch v2.0 Review of attachment 8524560 [details] [diff] [review]: ----------------------------------------------------------------- I already pushed before the comments from Henrik, so please followup with the changes for the test name and comment if needed. All passes now: http://hg.mozilla.org/qa/mozmill-tests/rev/fc036d4dee12 (default) http://hg.mozilla.org/qa/mozmill-tests/rev/3764b4e42e5b (aurora) http://hg.mozilla.org/qa/mozmill-tests/rev/99b73aeb41af (beta) Release and esr will need separate fix with all included.
Attachment #8524560 - Flags: review- → review+
(In reply to Cosmin Malutan from comment #16) > We currently test that TLS 1.0 won't work when is disabled, is disabled when > we have 1.2 enforced(right now). > > What would be needed here as an follow up? Just to rename the test file? Ah I see. Lots of confusion when the test is not described via a comment. So it's fine for now but I would suggest we get requested additions via bug 1086334 implemented soon to make the test easier to read and to cover all protocol versions.
Here is the patch for release and esr31. Thanks
Attachment #8524589 - Flags: review?(andreea.matei)
Attachment #8524589 - Flags: review?(andreea.matei) → review+
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Product: Mozilla QA → Mozilla QA Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: