diff --git a/security/certverifier/ExtendedValidation.cpp b/security/certverifier/ExtendedValidation.cpp index e84f79046644..478a492740c5 100644 --- a/security/certverifier/ExtendedValidation.cpp +++ b/security/certverifier/ExtendedValidation.cpp @@ -118,11 +118,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "1.3.6.1.4.1.13769.666.666.666.1.500.9.1", "DEBUGtesting EV OID", SEC_OID_UNKNOWN, - { 0xE4, 0xFB, 0x04, 0x16, 0x10, 0x32, 0x67, 0x08, 0x6C, 0x84, 0x2E, - 0x91, 0xF3, 0xEF, 0x0E, 0x45, 0x99, 0xBC, 0xA8, 0x54, 0x73, 0xF5, - 0x03, 0x2C, 0x7B, 0xDC, 0x09, 0x70, 0x76, 0x49, 0xBF, 0xAA }, + { 0x85, 0x2A, 0x29, 0x38, 0x31, 0x09, 0x7D, 0x14, 0x0C, 0x83, 0xAB, + 0x8D, 0x6D, 0x54, 0x32, 0x77, 0x37, 0xC8, 0xBF, 0xB2, 0xC2, 0xEC, + 0xCC, 0x82, 0xC0, 0xA2, 0x5F, 0x24, 0x9D, 0xFD, 0xFB, 0xAB }, "MBExDzANBgNVBAMMBmV2cm9vdA==", - "W9j5PS8YoKgynZdYa9i2Kwexnp8=", + "GSsFG1fp8SGMxPjAQvdOBN26ij4=", nullptr }, { @@ -143,11 +143,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = { "1.3.6.1.4.1.13769.666.666.666.1.500.9.1", "DEBUGtesting EV OID", SEC_OID_UNKNOWN, - { 0x49, 0x46, 0x10, 0xF4, 0xF5, 0xB1, 0x96, 0xE7, 0xFB, 0xFA, 0x4D, - 0xA6, 0x34, 0x03, 0xD0, 0x99, 0x22, 0xD4, 0x77, 0x20, 0x3F, 0x84, - 0xE0, 0xDF, 0x1C, 0xAD, 0xB4, 0xC2, 0x76, 0xBB, 0x63, 0x24 }, + { 0x28, 0x79, 0xB9, 0x6C, 0x08, 0x71, 0x6C, 0x7D, 0xCE, 0x38, 0x8C, + 0xAB, 0x7E, 0xEB, 0x08, 0xA6, 0xF7, 0x2C, 0xCE, 0xE4, 0x47, 0xF5, + 0x72, 0xA1, 0xEB, 0x16, 0x9B, 0xC3, 0x49, 0x49, 0x72, 0x5D }, "MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDA=", - "P1iIBgxk6kH+x64EUBTV3qoHuas=", + "N2nWLMPfNebIktpezTGThHoXsDU=", nullptr }, #endif diff --git a/security/manager/ssl/tests/unit/pycert.py b/security/manager/ssl/tests/unit/pycert.py index 26afe509d569..2f111e2d88f9 100755 --- a/security/manager/ssl/tests/unit/pycert.py +++ b/security/manager/ssl/tests/unit/pycert.py @@ -329,6 +329,10 @@ class Certificate(object): hasher.update(str(self.notBefore)) hasher.update(str(self.notAfter)) hasher.update(self.subject) + # Bug 1194419: This is duplicated so as to not have to + # re-generate the EV testing root certificates. At some point + # we should clean this up and re-generate them. + hasher.update(self.signature) if self.extensions: for extension in self.extensions: hasher.update(str(extension)) diff --git a/security/manager/ssl/tests/unit/test_keysize_ev.js b/security/manager/ssl/tests/unit/test_keysize_ev.js index abcc7af27003..ff950e181f0f 100644 --- a/security/manager/ssl/tests/unit/test_keysize_ev.js +++ b/security/manager/ssl/tests/unit/test_keysize_ev.js @@ -135,8 +135,8 @@ function run_test() { let smallKeyEVRoot = constructCertFromFile("test_keysize_ev/ev_root_rsa_2040.pem"); equal(smallKeyEVRoot.sha256Fingerprint, - "49:46:10:F4:F5:B1:96:E7:FB:FA:4D:A6:34:03:D0:99:" + - "22:D4:77:20:3F:84:E0:DF:1C:AD:B4:C2:76:BB:63:24", + "28:79:B9:6C:08:71:6C:7D:CE:38:8C:AB:7E:EB:08:A6:" + + "F7:2C:CE:E4:47:F5:72:A1:EB:16:9B:C3:49:49:72:5D", "test sanity check: the small-key EV root must have the same " + "fingerprint as the corresponding entry in ExtendedValidation.cpp");