1. 14 Jan, 2021 1 commit
  2. 26 Feb, 2020 1 commit
  3. 05 Feb, 2020 1 commit
    • J.C. Jones's avatar
      Bug 1613275 - Regenerate expired certs not handled by Bug 1607845 a=RyanVM CLOSED TREE · 3a0a8e27
      J.C. Jones authored
      commands:
      
      openssl x509 -in security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem -outform der -out security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.der
      
      mach python ./build/pgo/genpgocert.py
      
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec >security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec >security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_intermediate_preloads/ee.pem.certspec >security/manager/ssl/tests/unit/test_intermediate_preloads/ee.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem.certspec >security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem.certspec >security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem.certspec >security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem
      
      
      Differential Revision: https://phabricator.services.mozilla.com/D61653
      
      --HG--
      extra : amend_source : ba63f416c91785a479695f342cf8db70ccd49cba
      3a0a8e27
  4. 02 Nov, 2019 1 commit
  5. 01 Nov, 2019 2 commits
  6. 15 May, 2019 1 commit
  7. 18 Apr, 2019 1 commit
  8. 11 Apr, 2019 2 commits
  9. 14 Mar, 2019 1 commit
  10. 05 Feb, 2019 1 commit
  11. 06 Feb, 2019 1 commit
  12. 17 Nov, 2018 1 commit
  13. 16 Nov, 2018 3 commits
  14. 06 Nov, 2018 1 commit
  15. 05 Nov, 2018 1 commit
  16. 07 Oct, 2018 1 commit
  17. 26 Feb, 2018 1 commit
    • J.C. Jones's avatar
      Bug 1439378 - Re-enable the imminent distrust browser-console test r=fkiefer,keeler · 4bc9fe0d
      J.C. Jones authored
      This patch does a few things:
      1) It removes the symantecRoot and symantec_affected certs from build/pgo/certs'
         DB.
      2) It upgrades that DB from the old format to SQLite (and this 8/3 to 9/4).
      3) It adds a new cert "imminently_distrusted" to that DB for the bc test.
      4) It changes the Subject of the immient distrust test to only have the CN
         field: this is because certutil reorders C to come after CN, and just like
         with the real Symantec certs, I had put C first. So rather than deal with
         importing the end entity for the pgo tests, I decided to just make things
         simple and change the tested subject.
      5) Finally, it re-enables the test that was disabled in Bug 1434300.
      
      MozReview-Commit-ID: Bt2RKyInJje
      
      --HG--
      rename : build/pgo/certs/cert8.db => build/pgo/certs/cert9.db
      rename : build/pgo/certs/key3.db => build/pgo/certs/key4.db
      extra : rebase_source : efceb67ae16f0af617bbd8bec201d52eee0f467d
      4bc9fe0d
  18. 23 Apr, 2018 1 commit
    • J.C. Jones's avatar
      Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler r=franziskus · 6fad8e3f
      J.C. Jones authored
      (This also fixes Bug 879740 and Bug 1204543.)
      
      build/pgo/certs contains an NSS database set that has a bunch of hand-generated
      certificates, and many of these hand-generated certificates are specifically
      depended upon for a variety of unit tests. This patch changes all of these to
      use the "pycert.py" and "pykey.py" utilities that produce deterministic keys
      and certificates.
      
      The naming convention here is new, and defined in the README. It is based on
      the mochitest runtest.py naming convention that imports .ca and .client
      PEM-encoded certificates.
      
      Unfortunately, the updates to build/pgo/genpgocert.py to generate these files
      depends on OpenSSL in order to produce PKCS12 archives for pk11tool to import
      into NSS. This could be done with pure-NSS tooling, but it'd require some new
      command line functionality, which is out-of-scope for this change.
      
      Note that build/pgo/genpgocert.py no longer takes arguments when run. It's not
      run automatically anywhere that I can see, but could (reasonably) be, now.
      
      Differential Revision: https://phabricator.services.mozilla.com/D971
      
      --HG--
      extra : amend_source : bc389b9b0a807a4889feb14db439daa28635dfe9
      6fad8e3f
  19. 05 Feb, 2020 1 commit
    • J.C. Jones's avatar
      Bug 1613275 - Regenerate expired certs not handled by Bug 1607845 a=RyanVM CLOSED TREE · 814ad019
      J.C. Jones authored
      commands:
      
      openssl x509 -in security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.pem -outform der -out security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.der
      
      mach python ./build/pgo/genpgocert.py
      
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec >security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec >security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_intermediate_preloads/ee.pem.certspec >security/manager/ssl/tests/unit/test_intermediate_preloads/ee.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem.certspec >security/manager/ssl/tests/unit/test_intermediate_preloads/ee2.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem.certspec >security/manager/ssl/tests/unit/test_intermediate_preloads/int.pem
      ./mach python ./security/manager/ssl/tests/unit/pycert.py <security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem.certspec >security/manager/ssl/tests/unit/test_intermediate_preloads/int2.pem
      
      
      Differential Revision: https://phabricator.services.mozilla.com/D61653
      
      --HG--
      extra : source : 2319a64a3cd8ef4ac0b5a3204da43f8c12bb48fc
      814ad019
  20. 05 Feb, 2019 1 commit
  21. 23 Apr, 2018 1 commit
    • J.C. Jones's avatar
      Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler... · 420b7c89
      J.C. Jones authored
      Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler r=franziskus a=jcristau
      
      (This also fixes Bug 879740 and Bug 1204543.)
      
      build/pgo/certs contains an NSS database set that has a bunch of hand-generated
      certificates, and many of these hand-generated certificates are specifically
      depended upon for a variety of unit tests. This patch changes all of these to
      use the "pycert.py" and "pykey.py" utilities that produce deterministic keys
      and certificates.
      
      The naming convention here is new, and defined in the README. It is based on
      the mochitest runtest.py naming convention that imports .ca and .client
      PEM-encoded certificates.
      
      Unfortunately, the updates to build/pgo/genpgocert.py to generate these files
      depends on OpenSSL in order to produce PKCS12 archives for pk11tool to import
      into NSS. This could be done with pure-NSS tooling, but it'd require some new
      command line functionality, which is out-of-scope for this change.
      
      Note that build/pgo/genpgocert.py no longer takes arguments when run. It's not
      run automatically anywhere that I can see, but could (reasonably) be, now.
      
      (This patch rebased for Beta)
      
      Differential Revision: https://phabricator.services.mozilla.com/D971
      420b7c89
  22. 05 Feb, 2019 1 commit