Opened 3 years ago
Closed 3 years ago
#18912 closed defect (fixed)
add automated tests for updater cert pinning
| Reported by: | mcs | Owned by: | mcs |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | ff45-esr, TorBrowserTeam201605R, tbb-6.0-must |
| Cc: | gk, brade, arthuredelstein | Actual Points: | |
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
This is a spinoff of #17442. We want to add automated tests to ensure that we notice if Mozilla changes something that breaks the updater cert pinning.
Child Tickets
Change History (5)
comment:1 Changed 3 years ago by
| Keywords: | TorBrowserTeam201605 added |
|---|
comment:2 Changed 3 years ago by
| Keywords: | tbb-6.0-must added |
|---|
comment:3 follow-up: 5 Changed 3 years ago by
| Keywords: | TorBrowserTeam201605R added; TorBrowserTeam201605 removed |
|---|---|
| Status: | new → needs_review |
Kathy and I created a test:
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug18912-01&id=c84f29c2f1cf26cd676d786d6f5e65ee67095170
Please review. There are a couple of caveats though:
- This test is affected by #18087.
- We do not have a way to run tests like this automatically against our nightly builds. We should fix that (as well as #18087) so we can be sure to catch regressions. At the very least, we should find a way to run the tests that we have created such as this one, Arthur's isolation tests, and so on.
comment:4 Changed 3 years ago by
| Cc: | arthuredelstein added |
|---|
comment:5 Changed 3 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | needs_review → closed |
Replying to mcs:
Kathy and I created a test:
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug18912-01&id=c84f29c2f1cf26cd676d786d6f5e65ee67095170
Looks good to me. Applied to tor-browser-45.1.0esr-6.0-1 (commit 351b3c16c1581771e724156f43c5bee32ec42f51).
Please review. There are a couple of caveats though:
- This test is affected by #18087.
- We do not have a way to run tests like this automatically against our nightly builds. We should fix that (as well as #18087) so we can be sure to catch regressions. At the very least, we should find a way to run the tests that we have created such as this one, Arthur's isolation tests, and so on.
Yes, I think we have #15994 for that one.
Dragging into May to have it on our 6.0 radar.