mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-22 17:55:50 +00:00
4bc9fe0d27
This patch does a few things: 1) It removes the symantecRoot and symantec_affected certs from build/pgo/certs' DB. 2) It upgrades that DB from the old format to SQLite (and this 8/3 to 9/4). 3) It adds a new cert "imminently_distrusted" to that DB for the bc test. 4) It changes the Subject of the immient distrust test to only have the CN field: this is because certutil reorders C to come after CN, and just like with the real Symantec certs, I had put C first. So rather than deal with importing the end entity for the pgo tests, I decided to just make things simple and change the tested subject. 5) Finally, it re-enables the test that was disabled in Bug 1434300. MozReview-Commit-ID: Bt2RKyInJje --HG-- rename : build/pgo/certs/cert8.db => build/pgo/certs/cert9.db rename : build/pgo/certs/key3.db => build/pgo/certs/key4.db extra : rebase_source : efceb67ae16f0af617bbd8bec201d52eee0f467d |
||
---|---|---|
.. | ||
alternateroot.ca | ||
cert9.db | ||
evintermediate.ca | ||
jartests-object.ca | ||
key4.db | ||
mochitest.client | ||
pgoca.ca | ||
pgoca.p12 | ||
README | ||
secmod.db |
The certificate authority and server certificates here are generated by $topsrcdir/build/pgo/genpgocert.py. You can generate a new CA cert by running: ./mach python build/pgo/genpgocert.py --gen-ca You can generate new server certificates by running: ./mach python build/pgo/genpgocert.py --gen-server These commands will modify cert9.db and key4.db. The changes to these should be committed. WARNING: These commands do not recreate all necessary certificates; some are mentioned only on their tests. Before completely replacing these DBs, you should be careful that you include all the correct certificates. Or fix genpgocert.py to create the correct certs. See bug 1441338.