Bug 1463155 [wpt PR 11094] - Add a warning about trusting the root CA, a=testonly
authorjgraham <james@hoppipolla.co.uk>
Wed, 06 Jun 2018 14:33:39 +0000
changeset 422134 019681d3ab4fedcc78b4dc153ec2a778e9c091c1
parent 422133 59d0ee801ffad99e17a7e96d70ffa5e3020937c5
child 422135 37ffa67c86d1f9f8899bf56234602aa5c99db611
push id34122
push userebalazs@mozilla.com
push dateMon, 11 Jun 2018 09:37:00 +0000
treeherdermozilla-central@9941eb8c3b29 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1463155, 11094
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1463155 [wpt PR 11094] - Add a warning about trusting the root CA, a=testonly Automatic update from web-platform-testsAdd a warning about trusting the root CA (#11094) -- wpt-commits: 5d4f7853b9ae10fe7f4e0321b656ee7afb54aeb3 wpt-pr: 11094
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/README.md
testing/web-platform/tests/docs/_running-tests/chrome_android.md
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -402122,17 +402122,17 @@
    "cfedb92777a36954d6e285461bf224cb6d2b5407",
    "support"
   ],
   "./LICENSE.md": [
    "722729a1062b97ad2fdd43896b2c6a45b1fff144",
    "support"
   ],
   "./README.md": [
-   "2ecef188cb7cb27d10b6bf148eddb3f9a031771b",
+   "8ab843e17aa153bcf91282be3770ed2009061b11",
    "support"
   ],
   "./check_stability.ini": [
    "5addd67f09e895336644c5a9f5049c03e1ffe615",
    "support"
   ],
   "./lint.whitelist": [
    "f18a6bb277d2392446c790aa85eb008d5f3fe05d",
@@ -558906,17 +558906,17 @@
    "e1b4b49cbd7ea1fd703c7ab3814deee0669e9336",
    "support"
   ],
   "docs/_running-tests/chrome.md": [
    "a09c8a0ea4d5d2abfd93843176b3c81e22fdbf22",
    "support"
   ],
   "docs/_running-tests/chrome_android.md": [
-   "7a26348aabd414f1d8e2da68717dd0a16d3f6ce8",
+   "f1e09247c9f41cf3c55aa087b063e42d48d88319",
    "support"
   ],
   "docs/_running-tests/index.md": [
    "350437f8d19af554887d519013b4bed38fcb1a62",
    "support"
   ],
   "docs/_running-tests/safari.md": [
    "cc0d20587edd9d0e8550b4fa2666d056061d02ee",
--- a/testing/web-platform/tests/README.md
+++ b/testing/web-platform/tests/README.md
@@ -281,16 +281,24 @@ the path to the OpenSSL config file (typ
 ```
 
 ### Trusting Root CA
 
 To prevent browser SSL warnings when running HTTPS tests locally, the
 web-platform-tests Root CA file `cacert.pem` in [tools/certs](tools/certs)
 must be added as a trusted certificate in your OS/browser.
 
+**NOTE**: The CA should not be installed in any browser profile used
+outside of tests, since it may be used to generate fake
+certificates. For browsers that use the OS certificate store, tests
+should therefore not be run manually outside a dedicated OS instance
+(e.g. a VM). To avoid this problem when running tests in Chrome or
+Firefox use `wpt run`, which disables certificate checks and therefore
+doesn't require the root CA to be trusted.
+
 Publication
 ===========
 
 The master branch is automatically synced to http://w3c-test.org/.
 
 Pull requests are
 [automatically mirrored](http://w3c-test.org/submissions/) except those
 that modify sensitive resources (such as `.py`). The latter require
--- a/testing/web-platform/tests/docs/_running-tests/chrome_android.md
+++ b/testing/web-platform/tests/docs/_running-tests/chrome_android.md
@@ -31,14 +31,17 @@ to the phone. First, convert the certifi
 openssl x509 -outform der -in tools/certs/cacert.pem -out cacert.crt
 ```
 
 Then copy `cacert.crt` to your phone's external storage (preferably to
 Downloads/ as it'll be easier to find). Open Settings -> Security & location ->
 Encryption & credentials -> Install from storage. Find and install `cacert.crt`.
 (The setting entries might be slightly different based your Android version.)
 
+Note that having this CA installed on your device outside of a test
+environment represents a security risk.
+
 
 Finally, we may run wpt with the `chrome_android` product
 
 ```
 ./wpt run chrome_android [test_list]
 ```