mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-28 07:13:20 +00:00
Bug 1483626 - Checks if subjectAltNames has elements that are not empty string, and if it has them, they will be remove, preventing incomplete r=johannh
messages to show to the user. r=johannh Differential Revision: https://phabricator.services.mozilla.com/D21796 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
23317f68c0
commit
0f33068ca0
@ -184,6 +184,10 @@ class NetErrorChild extends ActorChild {
|
||||
if (input.data.isDomainMismatch) {
|
||||
let subjectAltNames = input.data.certSubjectAltNames.split(",");
|
||||
let numSubjectAltNames = subjectAltNames.length;
|
||||
|
||||
subjectAltNames = subjectAltNames.filter(name => name.length > 0);
|
||||
numSubjectAltNames = subjectAltNames.length;
|
||||
|
||||
let msgPrefix = "";
|
||||
if (numSubjectAltNames != 0) {
|
||||
if (numSubjectAltNames == 1) {
|
||||
|
@ -13,6 +13,7 @@ prefs =
|
||||
[browser_aboutCertError_clockSkew.js]
|
||||
[browser_aboutCertError_exception.js]
|
||||
[browser_aboutCertError_mitm.js]
|
||||
[browser_aboutCertError_noSubjectAltName.js]
|
||||
[browser_aboutCertError_telemetry.js]
|
||||
[browser_aboutHome_search_POST.js]
|
||||
[browser_aboutHome_search_composing.js]
|
||||
|
@ -0,0 +1,51 @@
|
||||
/* Any copyright is dedicated to the Public Domain.
|
||||
* http://creativecommons.org/publicdomain/zero/1.0/ */
|
||||
|
||||
"use strict";
|
||||
|
||||
const UNKNOWN_ISSUER = "https://no-subject-alt-name.example.com:443";
|
||||
|
||||
const checkAdvancedAndGetTechnicalInfoText = async () => {
|
||||
let doc = content.document;
|
||||
|
||||
let advancedButton = doc.getElementById("advancedButton");
|
||||
ok(advancedButton, "advancedButton found");
|
||||
is(advancedButton.hasAttribute("disabled"), false, "advancedButton should be clickable");
|
||||
advancedButton.click();
|
||||
|
||||
let badCertAdvancedPanel = doc.getElementById("badCertAdvancedPanel");
|
||||
ok(badCertAdvancedPanel, "badCertAdvancedPanel found");
|
||||
|
||||
let badCertTechnicalInfo = doc.getElementById("badCertTechnicalInfo");
|
||||
ok(badCertTechnicalInfo, "badCertTechnicalInfo found");
|
||||
|
||||
let errorCode = doc.getElementById("errorCode").innerHTML;
|
||||
is(errorCode, "SSL_ERROR_BAD_CERT_DOMAIN");
|
||||
|
||||
let viewCertificate = doc.getElementById("viewCertificate");
|
||||
ok(viewCertificate, "viewCertificate found");
|
||||
|
||||
return badCertTechnicalInfo.innerHTML;
|
||||
};
|
||||
|
||||
const checkCorrectMessages = (message) => {
|
||||
let isCorrectMessage =
|
||||
message.includes("Websites prove their identity via certificates."
|
||||
+ " Nightly does not trust this site because it uses a certificate that is"
|
||||
+ " not valid for no-subject-alt-name.example.com");
|
||||
is(isCorrectMessage, true, "That message should appear");
|
||||
let isWrongMessage =
|
||||
message.includes("The certificate is only valid for ");
|
||||
is(isWrongMessage, false, "That message shouldn't appear");
|
||||
};
|
||||
|
||||
add_task(async function checkUntrustedCertError() {
|
||||
info(`Loading ${UNKNOWN_ISSUER} which does not have a subject specified in the certificate`);
|
||||
let tab = await openErrorPage(UNKNOWN_ISSUER);
|
||||
let browser = tab.linkedBrowser;
|
||||
info("Clicking the exceptionDialogButton in advanced panel");
|
||||
let badCertTechnicalInfoText =
|
||||
await ContentTask.spawn(browser, null, checkAdvancedAndGetTechnicalInfoText);
|
||||
checkCorrectMessages(badCertTechnicalInfoText, browser);
|
||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||
});
|
Binary file not shown.
Binary file not shown.
2
build/pgo/certs/noSubjectAltName.certspec
Normal file
2
build/pgo/certs/noSubjectAltName.certspec
Normal file
@ -0,0 +1,2 @@
|
||||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
subject:certificate without subjectAlternativeNames
|
@ -119,6 +119,7 @@ https://mismatch.expired.example.com:443 privileged,cert=expired
|
||||
https://mismatch.untrusted.example.com:443 privileged,cert=untrusted
|
||||
https://untrusted-expired.example.com:443 privileged,cert=untrustedandexpired
|
||||
https://mismatch.untrusted-expired.example.com:443 privileged,cert=untrustedandexpired
|
||||
https://no-subject-alt-name.example.com:443 cert=noSubjectAltName
|
||||
|
||||
# Prevent safebrowsing tests from hitting the network for its-a-trap.html and
|
||||
# its-an-attack.html.
|
||||
|
Loading…
Reference in New Issue
Block a user