Mercurial > build > buildbotcustom / changeset / 307646eb0970c5b048befeac1c9c46fd1b49e4e6
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug 1290319 - require hostname or releng_CA in signing ssl cert. r=rail
authorAki Sasaki <asasaki@mozilla.com>
Thu, 11 Aug 2016 10:33:45 -0700 (2016-08-11)
changeset 4964 307646eb0970c5b048befeac1c9c46fd1b49e4e6
parent 4962 61a1b16ba83dee481701005ba843b23b3c8ee5ba
child 4965 180edc586d794abeefd105e9d4b2b465c4793ab5
child 4967 b7e6153d3d8aa28e204ad8741ba905b83198c94a
push id4188
push userasasaki@mozilla.com
push dateThu, 11 Aug 2016 17:33:49 +0000 (2016-08-11)
reviewersrail
bugs1290319
bug 1290319 - require hostname or releng_CA in signing ssl cert. r=rail
steps/signing.py file | annotate | diff | comparison | revisions 
--- a/steps/signing.py
+++ b/steps/signing.py
@@ -31,18 +31,18 @@ class HTTPSVerifyingContextFactory(Conte
         ctx.set_verify(VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT,
                        self.verifyHostname)
         ctx.set_options(OP_NO_SSLv2)
         return ctx
 
     def verifyHostname(self, connection, x509, errno, depth, preverifyOK):
         if preverifyOK:
             # Accept a hostname that matches the cert's commonName,
-            # or 'mozilla.com' for the releng_CA, or None for the old cert.
-            if x509.get_subject().commonName not in (self.hostname, "mozilla.com", None):
+            # or 'mozilla.com' for the releng_CA
+            if x509.get_subject().commonName not in (self.hostname, "mozilla.com"):
                 return False
         return preverifyOK
 
 
 class SigningServerAuthenication(StringDownload):
     current_attempt = 0
     stdio_log = None
     uri = None
buildbotcustom
Deployed from 0549d7aefb93 at 2025-06-12T15:23:35Z.