[tests] Fix certificate tests after Apple started blocking the Thawte certificate. #19650
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… certificate.
The “Thawte SGC CA” certificate we're using for testing is now blocked by
Apple, evaluating trust results in this error:
> “Thawte SGC CA” certificate is blocked
So update the certificates to today: the mail_google_com certificate, and add
the corresponding two parent certificates (including the root certificate).
Then adjust the tests accordingly.
Finally delete all unused certificates from the code.
Fixes these test failures:
MonoTouchFixtures.Security.TrustTest
[FAIL] Trust_FullChain : GetTrustResult-2
Expected: RecoverableTrustFailure
But was: FatalTrustFailure
at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389
at MonoTouchFixtures.Security.TrustTest.Trust_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 321
[FAIL] Trust2_FullChain : GetTrustResult-2
Expected: RecoverableTrustFailure
But was: FatalTrustFailure
at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389
at MonoTouchFixtures.Security.TrustTest.Trust2_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 449
This comment has been minimized.
This comment has been minimized.
📚 [PR Build] Artifacts 📚Packages generatedView packagesPipeline on Agent |
💻 [CI Build] Windows Integration Tests passed 💻✅ All Windows Integration Tests passed. Pipeline on Agent |
💻 [CI Build] Windows Integration Tests passed 💻✅ All Windows Integration Tests passed. Pipeline on Agent |
📚 [PR Build] Artifacts 📚Packages generatedView packagesPipeline on Agent |
💻 [CI Build] Tests on macOS M1 - Mac Ventura (13.0) passed 💻✅ All tests on macOS M1 - Mac Ventura (13.0) passed. Pipeline on Agent |
💻 [CI Build] Tests on macOS M1 - Mac Big Sur (11.5) passed 💻✅ All tests on macOS M1 - Mac Big Sur (11.5) passed. Pipeline on Agent |
✅ API diff for current PR / commitLegacy Xamarin (No breaking changes)
NET (empty diffs)
✅ API diff vs stableLegacy Xamarin (No breaking changes).NET (No breaking changes)ℹ️ Generator diffGenerator Diff: vsdrops (html) vsdrops (raw diff) gist (raw diff) - Please review changes) Pipeline on Agent |
This was referenced Dec 15, 2023
🔥 [CI Build] Test results 🔥Test results❌ Tests failed on VSTS: simulator tests 0 tests crashed, 1 tests failed, 234 tests passed. Failures❌ monotouch tests
Html Report (VSDrops) Download Successes✅ bcl: All 69 tests passed. Html Report (VSDrops) Download Pipeline on Agent |
|
Test failure is unrelated: https://github.com/xamarin/maccore/issues/868 |
dalexsoto
approved these changes
Dec 18, 2023
|
/sudo backport release/8.0.1xx |
|
Backport Job to branch release/8.0.1xx Created! The magic is happening here |
|
Oh no! Backport failed! Please see https://devdiv.visualstudio.com/DevDiv/_build/results?buildId=8826430 for more details. |
rolfbjarne
added a commit
to rolfbjarne/xamarin-macios
that referenced
this pull request
Dec 18, 2023
…locking the Thawte certificate.
The “Thawte SGC CA” certificate we're using for testing is now blocked by
Apple, evaluating trust results in this error:
> “Thawte SGC CA” certificate is blocked
So update the mail_google_com certificates to what mail.google.com serves now, and also update the corresponding parent certificates (which have changed).
Then adjust the tests accordingly.
Finally delete all unused certificates from the code.
Fixes these test failures:
MonoTouchFixtures.Security.TrustTest
[FAIL] Trust_FullChain : GetTrustResult-2
Expected: RecoverableTrustFailure
But was: FatalTrustFailure
at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389
at MonoTouchFixtures.Security.TrustTest.Trust_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 321
[FAIL] Trust2_FullChain : GetTrustResult-2
Expected: RecoverableTrustFailure
But was: FatalTrustFailure
at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389
at MonoTouchFixtures.Security.TrustTest.Trust2_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 449
Backport of xamarin#19650.
mandel-macaque
pushed a commit
that referenced
this pull request
Dec 18, 2023
…locking the Thawte certificate. (#19665) The “Thawte SGC CA” certificate we're using for testing is now blocked by Apple, evaluating trust results in this error: > “Thawte SGC CA” certificate is blocked So update the mail_google_com certificates to what mail.google.com serves now, and also update the corresponding parent certificates (which have changed). Then adjust the tests accordingly. Finally delete all unused certificates from the code. Fixes these test failures: MonoTouchFixtures.Security.TrustTest [FAIL] Trust_FullChain : GetTrustResult-2 Expected: RecoverableTrustFailure But was: FatalTrustFailure at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389 at MonoTouchFixtures.Security.TrustTest.Trust_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 321 [FAIL] Trust2_FullChain : GetTrustResult-2 Expected: RecoverableTrustFailure But was: FatalTrustFailure at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389 at MonoTouchFixtures.Security.TrustTest.Trust2_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 449 Backport of #19650.
|
/sudo backport release/7.0.3xx |
|
Backport Job to branch release/7.0.3xx Created! The magic is happening here |
|
Oh no! Backport failed! Please see https://devdiv.visualstudio.com/DevDiv/_build/results?buildId=8913267 for more details. |
rolfbjarne
added a commit
to rolfbjarne/xamarin-macios
that referenced
this pull request
Jan 12, 2024
… certificate. (xamarin#19650) The “Thawte SGC CA” certificate we're using for testing is now blocked by Apple, evaluating trust results in this error: > “Thawte SGC CA” certificate is blocked So update the mail_google_com certificates to what mail.google.com serves now, and also update the corresponding parent certificates (which have changed). Then adjust the tests accordingly. Finally delete all unused certificates from the code. Fixes these test failures: MonoTouchFixtures.Security.TrustTest [FAIL] Trust_FullChain : GetTrustResult-2 Expected: RecoverableTrustFailure But was: FatalTrustFailure at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389 at MonoTouchFixtures.Security.TrustTest.Trust_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 321 [FAIL] Trust2_FullChain : GetTrustResult-2 Expected: RecoverableTrustFailure But was: FatalTrustFailure at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389 at MonoTouchFixtures.Security.TrustTest.Trust2_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 449
rolfbjarne
added a commit
that referenced
this pull request
Jan 15, 2024
…locking the Thawte certificate. (#19800) The “Thawte SGC CA” certificate we're using for testing is now blocked by Apple, evaluating trust results in this error: > “Thawte SGC CA” certificate is blocked So update the mail_google_com certificates to what mail.google.com serves now, and also update the corresponding parent certificates (which have changed). Then adjust the tests accordingly. Finally delete all unused certificates from the code. Fixes these test failures: MonoTouchFixtures.Security.TrustTest [FAIL] Trust_FullChain : GetTrustResult-2 Expected: RecoverableTrustFailure But was: FatalTrustFailure at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389 at MonoTouchFixtures.Security.TrustTest.Trust_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 321 [FAIL] Trust2_FullChain : GetTrustResult-2 Expected: RecoverableTrustFailure But was: FatalTrustFailure at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389 at MonoTouchFixtures.Security.TrustTest.Trust2_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 449 Backport of #19650.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The “Thawte SGC CA” certificate we're using for testing is now blocked by
Apple, evaluating trust results in this error:
So update the mail_google_com certificates to what mail.google.com serves now, and also update the corresponding parent certificates (which have changed).
Then adjust the tests accordingly.
Finally delete all unused certificates from the code.
Fixes these test failures: