#18912 closed defect (fixed)

add automated tests for updater cert pinning

Reported by: mcs Owned by: mcs
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff45-esr, TorBrowserTeam201605R, tbb-6.0-must
Cc: gk, brade, arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This is a spinoff of #17442. We want to add automated tests to ensure that we notice if Mozilla changes something that breaks the updater cert pinning.

Child Tickets

Change History (5)

comment:1 Changed 22 months ago by gk

Keywords: TorBrowserTeam201605 added

Dragging into May to have it on our 6.0 radar.

comment:2 Changed 21 months ago by gk

Keywords: tbb-6.0-must added

comment:3 Changed 21 months ago by mcs

Keywords: TorBrowserTeam201605R added; TorBrowserTeam201605 removed
Status: newneeds_review

Kathy and I created a test:
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug18912-01&id=c84f29c2f1cf26cd676d786d6f5e65ee67095170

Please review. There are a couple of caveats though:

  1. This test is affected by #18087.
  2. We do not have a way to run tests like this automatically against our nightly builds. We should fix that (as well as #18087) so we can be sure to catch regressions. At the very least, we should find a way to run the tests that we have created such as this one, Arthur's isolation tests, and so on.

comment:4 Changed 21 months ago by arthuredelstein

Cc: arthuredelstein added

comment:5 in reply to:  3 Changed 21 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Replying to mcs:

Kathy and I created a test:
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug18912-01&id=c84f29c2f1cf26cd676d786d6f5e65ee67095170

Looks good to me. Applied to tor-browser-45.1.0esr-6.0-1 (commit 351b3c16c1581771e724156f43c5bee32ec42f51).

Please review. There are a couple of caveats though:

  1. This test is affected by #18087.
  2. We do not have a way to run tests like this automatically against our nightly builds. We should fix that (as well as #18087) so we can be sure to catch regressions. At the very least, we should find a way to run the tests that we have created such as this one, Arthur's isolation tests, and so on.

Yes, I think we have #15994 for that one.

Note: See TracTickets for help on using tickets.