#20149: Test that static public key pins are working -------------------------------------------------+------------------------- Reporter: gk | Owner: boklm Type: enhancement | Status: | assigned Priority: High | Milestone: Component: Applications/Quality Assurance and | Version: Testing | Severity: Major | Resolution: Keywords: tbb-security | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by mcs): Replying to [comment:3 boklm]: > In 59782207d2e5976d11226496f3dec57917cc5962 I added a test that checks that key pinning on https://pinning-test.badssl.com/ is working. We are checking that the page fails to load, and that the error pages has `MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE` as `errorCode`. The above test looks OK to me. > We are checking that it is working at the current date. I think I can add an other test on Linux that uses libfaketime to check that it also works at a date 2 or 3 months in the future. That seems like a good idea. Should we also check, as part of our build process, that the timestamp in security/manager/ssl/StaticHPKPins.h is reasonable? I guess that would be a redundant check, but it might still be a good idea. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20149#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs