зеркало из https://github.com/mozilla/gecko-dev.git
4cf1111f75
There's an intermittent on the call attestationCert.verify() to test the self- signed cert from our not-shipped software U2F implementation. Collection of the intermittents shows these certs are fine, and should verify correctly, but they don't. The bug must be in pki.js, which is out-of-scope as we only use it for mochitests. This patch removes the offending call to xxxx.verify(), because it doesn't really matter whether the self-signed-cert looks OK to pki.js; we just need the public key from inside it to proceed with the rest of the tests. As an example of a so-called "invalid" self-signed cert that failed, we have: https://treeherder.mozilla.org/logviewer.html#?repo=mozilla-central&job_id=134282931&lineNumber=2673 -----BEGIN CERTIFICATE----- MIIBMTCB2aADAgECAgUA55x6LTAKBggqhkjOPQQDAjAhMR8wHQYDVQQDExZGaXJl Zm94IFUyRiBTb2Z0IFRva2VuMB4XDTE3MDkzMDE5MjIzMloXDTE3MTAwMjE5MjIz MlowITEfMB0GA1UEAxMWRmlyZWZveCBVMkYgU29mdCBUb2tlbjBZMBMGByqGSM49 AgEGCCqGSM49AwEHA0IABIWu4L8ky7s8I7qVv+JwMRHpippH4b6h7rN0jlKpFbHK hnEwaCPLrTx04Eh9xT4GK9JWuuP759hnAxsWD5wk0H0wCgYIKoZIzj0EAwIDRwAw RAIgRIeRcn6LkwU8VOmX+mdQ3jUQrUOp5f2xH/qBECGi5EcCIADBjsm/EDKkAwLZ pGdX7+N+kgf9No4uuLV4dsNVJ1pa -----END CERTIFICATE----- There's nothing wrong with this cert, actually. Checking it with OpenSSL shows all OK: openssl verify -purpose any -CAfile /tmp/cert2.pem /tmp/cert2.pem /tmp/cert2.pem: OK So this intermittent is a bug outside of our U2F and U2F test soft token code. MozReview-Commit-ID: K142toVWtcv --HG-- extra : rebase_source : 3c31a407e27cd5c6e7a1a4f1287f17f56f80daaa |
||
|---|---|---|
| .. | ||
| tests | ||
| U2F.cpp | ||
| U2F.h | ||
| U2FAuthenticator.h | ||
| U2FManager.cpp | ||
| U2FManager.h | ||
| U2FTransactionChild.cpp | ||
| U2FTransactionChild.h | ||
| U2FTransactionParent.cpp | ||
| U2FTransactionParent.h | ||
| U2FUtil.h | ||
| moz.build | ||