gecko-dev

mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-07 18:04:46 +00:00

History

J.C. Jones 55cfe61a1d Bug 1666567 - land NSS 8ebee3cec9cf UPGRADE_NSS_RELEASE, r=kjacobs 2020-09-23 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: Bug 1665715 - (2/2) pass encoded signed certificate timestamp extension (if present) in CheckRevocation r=jcj This will allow Firefox to make decisions based on the earliest known time that a certificate exists (with respect to certificate transparency) that a CA is unlikely to back-date. In particular, this is essential for CRLite. Note that if the SCT signature isn't validated, a CA could still make a certificate appear to have existed for longer than it really has. However, this change is not an attempt to catch malicious CAs. The aim is to avoid false positives in CRLite resulting from CAs backdating the notBefore field on certificates they issue. Depends on D90595 [8ebee3cec9cf] [tip] 2020-09-18 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: Bug 1665715 - (1/2) revert e8f2720c8254 (bug 1593141) because it's no longer necessary r=jcj Bug 1593141 added the certificate's notBefore field as an argument to TrustDomain::CheckRevocation so that Firefox could use it with CRLite. However, since CAs can backdate that field, we need to use the earliest embedded SCT timestamp instead. [c1f4d565ceda] Differential Revision: https://phabricator.services.mozilla.com/D91211		2020-09-24 04:00:44 +00:00
..
certdb_gtest	Bug 1636656 - land NSS daa823a4a29b UPGRADE_NSS_RELEASE, r=kjacobs	2020-05-19 21:55:59 +00:00
certhigh_gtest
common	Bug 1649545 - land NSS 58c2abd7404e UPGRADE_NSS_RELEASE, r=jcj	2020-07-09 23:05:48 +00:00
cryptohi_gtest
der_gtest
freebl_gtest	Bug 1660509 - land NSS 2a17c8655a74 UPGRADE_NSS_RELEASE, r=jcj	2020-09-14 17:06:12 +00:00
google_test	Bug 1636656 - land NSS daa823a4a29b UPGRADE_NSS_RELEASE, r=kjacobs	2020-05-19 21:55:59 +00:00
mozpkix_gtest	Bug 1666567 - land NSS 8ebee3cec9cf UPGRADE_NSS_RELEASE, r=kjacobs	2020-09-24 04:00:44 +00:00
nss_bogo_shim
pk11_gtest	Bug 1649545 - land NSS 615362dff5ad UPGRADE_NSS_RELEASE, r=jcj	2020-07-20 17:19:03 +00:00
pkcs11testmodule	Bug 1636656 - land NSS daa823a4a29b UPGRADE_NSS_RELEASE, r=kjacobs	2020-05-19 21:55:59 +00:00
smime_gtest
softoken_gtest	Bug 1655105 - land NSS afa38fb2f0b5 UPGRADE_NSS_RELEASE, r=jcj	2020-08-04 19:54:56 +00:00
ssl_gtest	Bug 1660509 - land NSS c100e11991f6 UPGRADE_NSS_RELEASE, r=jcj	2020-08-31 15:56:19 +00:00
sysinit_gtest
util_gtest
__init__.py
.clang-format
Makefile
manifest.mn	Bug 1636656 - land NSS daa823a4a29b UPGRADE_NSS_RELEASE, r=kjacobs	2020-05-19 21:55:59 +00:00
README

README

GTest-based Unit Tests

This directory contains GTest-based unit tests for NSS libssl.

If your environment doesn't have C++ compiler suitable to build these tests,
you may disable them using ``NSS_DISABLE_GTESTS=1''

Once built, they are run as part of running ``test/all.sh''
You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''

They can be run standalone or under a debugger by invoking the ssl_gtest
executable with a ``-d'' option pointing to the directory created by either
of the above options.  You can find that in

  tests_results/security/${hostname}.${NUMBER}/ssl_gtests