There are xpcshell tests to verify that the appropriate distrust flag is set
upon reaching an affected end entity certificate; this test checks that the
distrust flag prints a warning to console.
MozReview-Commit-ID: OMG246WOOT
--HG--
rename : devtools/client/webconsole/test/browser_webconsole_certificate_messages.js => devtools/client/webconsole/test/browser_console_certificate_imminent_distrust.js
extra : rebase_source : a5fed5457e7789e742ee461b988463b81cd2c214
The previous implementation regarding to the Flash Blocking Subdocument list blocked all subdocuments that matched the list. This patch changes that so that subdocuments are only blocked if they are on the Subdocument Block List and also are loaded in a Third-Party context.
The changes to cert8.db and key3.db add the https certificate for subdocument.example.com so that testing can verify that a scheme mismatch between the document and its parent results in a third-party classification.
MozReview-Commit-ID: IXnA4iPzB4y
--HG--
extra : rebase_source : 103c1e184d4219e6db9d00da1ea54674a0e216dd
This is a dump of the new certificate information obtained by running
`certutil -L -d . -n 'pgo server certificate'`:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Temporary Certificate Authority,O=Mozilla Testing,OU=Prof
ile Guided Optimization"
Validity:
Not Before: Mon Nov 07 20:38:29 2011
Not After : Sun Nov 07 20:38:29 2021
Subject: "CN=example.com"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
d8:43:79:cf:52:ce:49:08:47:9c:57:9b:f8:0b:de:7a:
ca:ba:1c:88:9f:fd:d8:0b:df:a8:98:92:22:46:08:3e:
d2:25:4c:09:c2:32:3f:51:f9:79:60:b6:ac:94:0e:7a:
33:13:e7:0b:f7:97:72:3b:37:8f:d4:e5:ea:0c:e2:9e:
4a:5b:28:1d:8c:eb:a1:b4:96:47:37:bf:fc:f0:87:d3:
ca:13:7e:38:45:f5:3f:75:1d:45:0d:72:36:b3:cf:57:
13:99:cd:6d:3c:b8:e9:9c:ec:af:2e:2c:25:3a:d5:13:
7e:6f:51:63:2a:eb:e1:4f:ee:68:42:63:c2:f4:e1:a3
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Subject Alt Name
DNS name: "example.com"
DNS name: "test1.example.com"
DNS name: "test2.example.com"
DNS name: "sub1.test1.example.com"
DNS name: "sub1.test2.example.com"
DNS name: "sub2.test1.example.com"
DNS name: "sub2.test2.example.com"
DNS name: "requestclientcert.example.com"
DNS name: "requireclientcert.example.com"
DNS name: "xn--hxajbheg2az3al.xn--jxalpdlp"
DNS name: "sub1.xn--hxajbheg2az3al.xn--jxalpdlp"
DNS name: "sectest1.example.org"
DNS name: "sub.sectest2.example.org"
DNS name: "sectest2.example.org"
DNS name: "sub.sectest1.example.org"
DNS name: "redirproxy.example.com"
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
a2:f1:08:1c:de:74:27:95:34:a0:1a:6c:9c:fe:8f:7f:
45:38:af:1f:bb:04:b6:e5:f8:e4:35:bf:ce:23:53:74:
ca:89:26:6b:22:d7:f3:f7:66:d4:f1:8b:95:7d:c4:27:
44:57:10:f3:3d:ea:bb:0c:88:d2:09:67:e3:d1:47:6c:
2c:2b:6d:78:41🆎7e:64:59:e3:df:05:fa:65:72:c9:
fd:5b:f6:0e:39:7d:02:31:99:5b:fb:29:17:9a:c9:0e:
64:4d:8c💿bf:6e:d0:9e:b0:68:a6:d9:ee:a0:16:ec:
50:dc:58:7e:7b:82:3e:ce:98:a6:20:4d:a6:bd:ad:05
Fingerprint (MD5):
CC:F2:AD:07:F9:B8:A5:3B:A6:BB:75:80:4E:E6:BB:08
Fingerprint (SHA1):
2D:E7:9A:AE:80:CB:FD:51:B1:23:E0:CF:6F:6B:51:19:E5:28:BB:95
Certificate Trust Flags:
SSL Flags:
Terminal Record
Trusted
User
Email Flags:
User
Object Signing Flags:
User
Tim Taubert
J.C. Jones
Kirk Steuber
Jonathan Kingston
Paolo Amadini
Cykesiopka
Ehsan Akhgari
Masatoshi Kimura
Ryan VanderMeulen
Mark Goodwin
Carsten "Tomcat" Book
Camilo Viecco
Marco Castelluccio
Ed Morley
Ted Mielczarek
Ms2ger
Reed Loden
Dave Townsend
L. David Baron
Honza Bambas
Honza Bambas