bug 1435858 - add a canary test that will fail before all of the test certificates expire r=Alex_Gaynor,jcj
authorDana Keeler <dkeeler@mozilla.com>
Mon, 25 Feb 2019 22:51:47 +0000
changeset 518904 825dfac611b25553f36ee0da6d7e5b043087b7e3
parent 518903 eec82a970303374d6aab0430050016d20fe20ab9
child 518905 a716ff1b62ab72a859f1a016c6635919502d4abe
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersAlex_Gaynor, jcj
bugs1435858
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1435858 - add a canary test that will fail before all of the test certificates expire r=Alex_Gaynor,jcj This test should remind us to regenerate the test certificates next year before they actually expire. Differential Revision: https://phabricator.services.mozilla.com/D21065
security/manager/ssl/tests/unit/test_cert_expiration_canary.js
security/manager/ssl/tests/unit/xpcshell.ini
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_expiration_canary.js
@@ -0,0 +1,23 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Attempts to verify a certificate for a time a few weeks into the future in
+// the hopes of avoiding mass test failures when the certificates all expire.
+// If this test fails, the certificates probably need to be regenerated.
+// See bug 1525191.
+add_task(async function() {
+  do_get_profile();
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  addCertFromFile(certDB, "bad_certs/test-ca.pem", "CTu,,");
+  let threeWeeksFromNowInSeconds = (Date.now() / 1000) +
+                                   (3 * 7 * 24 * 60 * 60);
+  let ee = constructCertFromFile("bad_certs/default-ee.pem");
+  await checkCertErrorGenericAtTime(certDB, ee, PRErrorCodeSuccess,
+                                    certificateUsageSSLServer,
+                                    threeWeeksFromNowInSeconds, false,
+                                    "test.example.com");
+});
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -48,16 +48,18 @@ support-files =
 skip-if = os != 'mac'
 [test_cert_blocklist.js]
 tags = addons psm blocklist
 [test_cert_chains.js]
 run-sequentially = hardcoded ports
 [test_cert_dbKey.js]
 [test_cert_eku.js]
 [test_cert_embedded_null.js]
+[test_cert_expiration_canary.js]
+run-if = nightly_build
 [test_cert_keyUsage.js]
 [test_cert_isBuiltInRoot.js]
 [test_cert_isBuiltInRoot_reload.js]
 [test_cert_overrides.js]
 run-sequentially = hardcoded ports
 [test_cert_overrides_read_only.js]
 run-sequentially = hardcoded ports
 [test_cert_override_bits_mismatches.js]