Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures
authorCarsten "Tomcat" Book <cbook@mozilla.com>
Tue, 20 Oct 2015 12:40:18 +0200
changeset 303684 80f151ddd504ea383874c03415e44805e488d983
parent 303683 cef12730e4325a508546c0117f0886edf4a8fd3f
child 303685 4aa9e709ddf7d43575995dcccbb12f33a1c2792d
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1194419
milestone44.0a1
backs out11e681d48acde9fb42dd1d564a8136539d7cd4e8
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 11e681d48acd (bug 1194419) for S4 Test failures
security/certverifier/ExtendedValidation.cpp
security/manager/ssl/tests/unit/pycert.py
security/manager/ssl/tests/unit/test_keysize_ev.js
--- a/security/certverifier/ExtendedValidation.cpp
+++ b/security/certverifier/ExtendedValidation.cpp
@@ -113,21 +113,21 @@ static struct nsMyTrustedEVInfo myTruste
     // extension:basicConstraints:cA,
     // extension:keyUsage:keyCertSign,cRLSign
     //
     // If this ever needs to change, re-generate the certificate and update the
     // following entry with the new fingerprint, issuer, and serial number.
     "1.3.6.1.4.1.13769.666.666.666.1.500.9.1",
     "DEBUGtesting EV OID",
     SEC_OID_UNKNOWN,
-    { 0xE4, 0xFB, 0x04, 0x16, 0x10, 0x32, 0x67, 0x08, 0x6C, 0x84, 0x2E,
-      0x91, 0xF3, 0xEF, 0x0E, 0x45, 0x99, 0xBC, 0xA8, 0x54, 0x73, 0xF5,
-      0x03, 0x2C, 0x7B, 0xDC, 0x09, 0x70, 0x76, 0x49, 0xBF, 0xAA },
+    { 0x85, 0x2A, 0x29, 0x38, 0x31, 0x09, 0x7D, 0x14, 0x0C, 0x83, 0xAB,
+      0x8D, 0x6D, 0x54, 0x32, 0x77, 0x37, 0xC8, 0xBF, 0xB2, 0xC2, 0xEC,
+      0xCC, 0x82, 0xC0, 0xA2, 0x5F, 0x24, 0x9D, 0xFD, 0xFB, 0xAB },
     "MBExDzANBgNVBAMMBmV2cm9vdA==",
-    "W9j5PS8YoKgynZdYa9i2Kwexnp8=",
+    "GSsFG1fp8SGMxPjAQvdOBN26ij4=",
     nullptr
   },
   {
     // This is an RSA root with an inadequate key size. It is used to test that
     // minimum key sizes are enforced when verifying for EV. It can be
     // generated using pycert.py and the following specification:
     //
     // issuer:ev_root_rsa_2040
@@ -138,21 +138,21 @@ static struct nsMyTrustedEVInfo myTruste
     // extension:basicConstraints:cA,
     // extension:keyUsage:cRLSign,keyCertSign
     //
     // If this ever needs to change, re-generate the certificate and update the
     // following entry with the new fingerprint, issuer, and serial number.
     "1.3.6.1.4.1.13769.666.666.666.1.500.9.1",
     "DEBUGtesting EV OID",
     SEC_OID_UNKNOWN,
-    { 0x49, 0x46, 0x10, 0xF4, 0xF5, 0xB1, 0x96, 0xE7, 0xFB, 0xFA, 0x4D,
-      0xA6, 0x34, 0x03, 0xD0, 0x99, 0x22, 0xD4, 0x77, 0x20, 0x3F, 0x84,
-      0xE0, 0xDF, 0x1C, 0xAD, 0xB4, 0xC2, 0x76, 0xBB, 0x63, 0x24 },
+    { 0x28, 0x79, 0xB9, 0x6C, 0x08, 0x71, 0x6C, 0x7D, 0xCE, 0x38, 0x8C,
+      0xAB, 0x7E, 0xEB, 0x08, 0xA6, 0xF7, 0x2C, 0xCE, 0xE4, 0x47, 0xF5,
+      0x72, 0xA1, 0xEB, 0x16, 0x9B, 0xC3, 0x49, 0x49, 0x72, 0x5D },
     "MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDA=",
-    "P1iIBgxk6kH+x64EUBTV3qoHuas=",
+    "N2nWLMPfNebIktpezTGThHoXsDU=",
     nullptr
   },
 #endif
   {
     // OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
     "1.2.392.200091.100.721.1",
     "SECOM EV OID",
     SEC_OID_UNKNOWN,
--- a/security/manager/ssl/tests/unit/pycert.py
+++ b/security/manager/ssl/tests/unit/pycert.py
@@ -324,16 +324,20 @@ class Certificate(object):
         this file)."""
         hasher = hashlib.sha256()
         hasher.update(str(self.versionValue))
         hasher.update(self.signature)
         hasher.update(self.issuer)
         hasher.update(str(self.notBefore))
         hasher.update(str(self.notAfter))
         hasher.update(self.subject)
+        # Bug 1194419: This is duplicated so as to not have to
+        # re-generate the EV testing root certificates. At some point
+        # we should clean this up and re-generate them.
+        hasher.update(self.signature)
         if self.extensions:
             for extension in self.extensions:
                 hasher.update(str(extension))
         serialBytes = [ord(c) for c in hasher.digest()[:20]]
         # Ensure that the most significant bit isn't set (which would
         # indicate a negative number, which isn't valid for serial
         # numbers).
         serialBytes[0] &= 0x7f
--- a/security/manager/ssl/tests/unit/test_keysize_ev.js
+++ b/security/manager/ssl/tests/unit/test_keysize_ev.js
@@ -130,17 +130,17 @@ function checkRSAChains(inadequateKeySiz
 
 function run_test() {
   Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
   Services.prefs.setIntPref("security.OCSP.enabled", 1);
 
   let smallKeyEVRoot =
     constructCertFromFile("test_keysize_ev/ev_root_rsa_2040.pem");
   equal(smallKeyEVRoot.sha256Fingerprint,
-        "49:46:10:F4:F5:B1:96:E7:FB:FA:4D:A6:34:03:D0:99:" +
-        "22:D4:77:20:3F:84:E0:DF:1C:AD:B4:C2:76:BB:63:24",
+        "28:79:B9:6C:08:71:6C:7D:CE:38:8C:AB:7E:EB:08:A6:" +
+        "F7:2C:CE:E4:47:F5:72:A1:EB:16:9B:C3:49:49:72:5D",
         "test sanity check: the small-key EV root must have the same " +
         "fingerprint as the corresponding entry in ExtendedValidation.cpp");
 
   checkRSAChains(2040, 2048);
 
   run_next_test();
 }