Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/7.0.3xx] [tests] Fix certificate tests after Apple started blocking the Thawte certificate. #19800

Merged
merged 1 commit into from
Jan 15, 2024
Merged

[release/7.0.3xx] [tests] Fix certificate tests after Apple started blocking the Thawte certificate. #19800

merged 1 commit into from
Jan 15, 2024

Conversation

rolfbjarne
Copy link
Member

The “Thawte SGC CA” certificate we're using for testing is now blocked by
Apple, evaluating trust results in this error:

“Thawte SGC CA” certificate is blocked

So update the mail_google_com certificates to what mail.google.com serves now, and also update the corresponding parent certificates (which have changed).

Then adjust the tests accordingly.

Finally delete all unused certificates from the code.

Fixes these test failures:

MonoTouchFixtures.Security.TrustTest
    [FAIL] Trust_FullChain :   GetTrustResult-2
        Expected: RecoverableTrustFailure
        But was:  FatalTrustFailure
           at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389
           at MonoTouchFixtures.Security.TrustTest.Trust_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 321
    [FAIL] Trust2_FullChain :   GetTrustResult-2
        Expected: RecoverableTrustFailure
        But was:  FatalTrustFailure
           at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389
           at MonoTouchFixtures.Security.TrustTest.Trust2_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 449

Backport of #19650.

@rolfbjarne
[tests] Fix certificate tests after Apple started blocking the Thawte…
83bff7b 
… certificate. (dotnet#19650)

The “Thawte SGC CA” certificate we're using for testing is now blocked by
Apple, evaluating trust results in this error:

> “Thawte SGC CA” certificate is blocked

So update the mail_google_com certificates to what mail.google.com serves now, and also update the corresponding parent certificates (which have changed).

Then adjust the tests accordingly.

Finally delete all unused certificates from the code.

Fixes these test failures:

    MonoTouchFixtures.Security.TrustTest
        [FAIL] Trust_FullChain :   GetTrustResult-2
            Expected: RecoverableTrustFailure
            But was:  FatalTrustFailure
               at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389
               at MonoTouchFixtures.Security.TrustTest.Trust_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 321
        [FAIL] Trust2_FullChain :   GetTrustResult-2
            Expected: RecoverableTrustFailure
            But was:  FatalTrustFailure
               at MonoTouchFixtures.Security.TrustTest.Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs) in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 389
               at MonoTouchFixtures.Security.TrustTest.Trust2_FullChain() in /Users/builder/azdo/_work/1/s/xamarin-macios/tests/monotouch-test/Security/TrustTest.cs:line 449
@rolfbjarne rolfbjarne mentioned this pull request Jan 12, 2024
Merged
@vs-mobiletools-engineering-service2
Copy link
Collaborator

💻 [CI Build] Windows Integration Tests passed 💻

All Windows Integration Tests passed.

Pipeline on Agent
Hash: 83bff7bb6c1467aefab4bf14aadbb22a4027b690 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

💻 [PR Build] Tests on macOS M1 - Mac Ventura (13.0) passed 💻

All tests on macOS M1 - Mac Ventura (13.0) passed.

Pipeline on Agent
Hash: 83bff7bb6c1467aefab4bf14aadbb22a4027b690 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

💻 [PR Build] Tests on macOS M1 - Mac Big Sur (11.5) passed 💻

All tests on macOS M1 - Mac Big Sur (11.5) passed.

Pipeline on Agent
Hash: 83bff7bb6c1467aefab4bf14aadbb22a4027b690 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

✅ API diff for current PR / commit

NET (empty diffs)
  • iOS: (empty diff detected)
  • tvOS: (empty diff detected)
  • MacCatalyst: (empty diff detected)
  • macOS: (empty diff detected)

✅ API diff vs stable

.NET (No breaking changes)

✅ Generator diff

Generator diff is empty

Pipeline on Agent
Hash: 83bff7bb6c1467aefab4bf14aadbb22a4027b690 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

📚 [PR Build] Artifacts 📚

Packages generated

View packages

Pipeline on Agent XAMMINI-011.Ventura
Hash: 83bff7bb6c1467aefab4bf14aadbb22a4027b690 [PR build]

@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2
Copy link
Collaborator

🚀 [CI Build] Test results 🚀

Test results

✅ All tests passed on VSTS: simulator tests.

🎉 All 79 tests passed 🎉

Tests counts

⚠️ bcl: No tests selected. Html Report (VSDrops) Download
✅ cecil: All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests: All 1 tests passed. [attempt 2] Html Report (VSDrops) Download
✅ fsharp: All 4 tests passed. Html Report (VSDrops) Download
✅ framework: All 4 tests passed. Html Report (VSDrops) Download
✅ generator: All 1 tests passed. Html Report (VSDrops) Download
✅ interdependent_binding_projects: All 4 tests passed. Html Report (VSDrops) Download
⚠️ install_source: No tests selected. [attempt 2] Html Report (VSDrops) Download
✅ introspection: All 4 tests passed. Html Report (VSDrops) Download
✅ linker: All 40 tests passed. Html Report (VSDrops) Download
⚠️ mac_binding_project: No tests selected. Html Report (VSDrops) Download
⚠️ mmp: No tests selected. Html Report (VSDrops) Download
⚠️ mononative: No tests selected. Html Report (VSDrops) Download
✅ monotouch: All 13 tests passed. Html Report (VSDrops) Download
✅ msbuild: All 2 tests passed. Html Report (VSDrops) Download
⚠️ mtouch: No tests selected. Html Report (VSDrops) Download
⚠️ xammac: No tests selected. Html Report (VSDrops) Download
✅ xcframework: All 4 tests passed. Html Report (VSDrops) Download
✅ xtro: All 1 tests passed. Html Report (VSDrops) Download

Pipeline on Agent
Hash: 83bff7bb6c1467aefab4bf14aadbb22a4027b690 [PR build]

@rolfbjarne rolfbjarne mentioned this pull request Jan 15, 2024
Merged
@rolfbjarne rolfbjarne merged commit 94c4fe7 into dotnet:release/7.0.3xx Jan 15, 2024
@rolfbjarne rolfbjarne deleted the backport-pr-19650-release/7.0.3xx branch January 15, 2024 15:52
@rolfbjarne rolfbjarne added the pr-change-not-shipping The PR only touch files that are not shipped to customers label Jan 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dalexsoto dalexsoto dalexsoto approved these changes

Assignees
No one assigned
Labels
pr-change-not-shipping The PR only touch files that are not shipped to customers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rolfbjarne @vs-mobiletools-engineering-service2 @dalexsoto