automate regenerating netwerk/test/unit/client-cert.p12
Categories
(Core :: Security: PSM, enhancement, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox112 | --- | fixed |
People
(Reporter: jschanck, Assigned: keeler)
References
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
Details |
The patch for Bug 1770869 added netwerk/test/unit/client-cert.p12 without a mechanism to automatically regenerate the certificate embedded in that file. The current certificate expired on Feb 5, 2023 and netwerk/test/unit/test_tls_server.js has been failing since. The failing test was disabled in Bug 1815090.
We should automatically generate this p12 file as part of ./mach generate-test-certs.
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 1•2 years ago
|
||
This adds a rudimentary method of regenerating test PKCS12 files via mach generate-test-certs. Due to the complicated nature of the format, this
implementation ultimately relies on OpenSSL to implement the encryption and
encoding. genpgocert.py already relies on OpenSSL, so this is not a new
requirement. Additionally, due to the limited number of test PKCS12 files in
the tree, the options for creating these files are not very sophisticated. In
the future, it may be beneficial to create more kinds of files with various
properties, but at the moment this suffices.
|
||
Comment 3•2 years ago
|
||
| bugherder | ||
Description
•