build/pgo/certs/mochitest.certspec
author J.C. Jones <jjones@mozilla.com>
Mon, 23 Apr 2018 11:14:17 +0200
changeset 471170 ec5e5816593915cf9c4ce808b9006ae03457d24c
permissions -rw-r--r--
Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler r=franziskus (This also fixes Bug 879740 and Bug 1204543.) build/pgo/certs contains an NSS database set that has a bunch of hand-generated certificates, and many of these hand-generated certificates are specifically depended upon for a variety of unit tests. This patch changes all of these to use the "pycert.py" and "pykey.py" utilities that produce deterministic keys and certificates. The naming convention here is new, and defined in the README. It is based on the mochitest runtest.py naming convention that imports .ca and .client PEM-encoded certificates. Unfortunately, the updates to build/pgo/genpgocert.py to generate these files depends on OpenSSL in order to produce PKCS12 archives for pk11tool to import into NSS. This could be done with pure-NSS tooling, but it'd require some new command line functionality, which is out-of-scope for this change. Note that build/pgo/genpgocert.py no longer takes arguments when run. It's not run automatically anywhere that I can see, but could (reasonably) be, now. Differential Revision: https://phabricator.services.mozilla.com/D971

subject:Mochitest client
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
serialNumber:3