[tor-bugs] #20149 [Applications/Quality Assurance and Testing]: Test that static public key pins are working
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 19 17:45:30 UTC 2016
#20149: Test that static public key pins are working
-------------------------------------------------+-------------------------
Reporter: gk | Owner: boklm
Type: enhancement | Status:
| assigned
Priority: High | Milestone:
Component: Applications/Quality Assurance and | Version:
Testing |
Severity: Major | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by boklm):
In 59782207d2e5976d11226496f3dec57917cc5962 I added a test that checks
that key pinning on https://pinning-test.badssl.com/ is working. We are
checking that the page fails to load, and that the error pages has
`MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE` as `errorCode`.
We are checking that it is working at the current date. I think I can add
an other test on Linux that uses libfaketime to check that it also works
at a date 2 or 3 months in the future.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20149#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list