W3C home > Mailing lists > Public > public-test-infra@w3.org > October to December 2013

Testing and certificates

From: James Graham <james@hoppipolla.co.uk>
Date: Fri, 11 Oct 2013 14:08:22 +0100
Message-ID: <5257F846.3010900@hoppipolla.co.uk>
To: "public-test-infra@w3.org" <public-test-infra@w3.org>
A number of our tests require resources to be avaliable over SSL, either 
as HTTP or WSS. This is problematic because it is unclear how to deal 
with the certificates. We have three main deployment scenarios:

1) On vendor automation

2) On w3c-test.org

3) On individual machines for development

1) is typically a solved problem for vendors. For example Mozilla has 
its own "CA" for test purposes. When starting a test run a new profile 
is created and the CA is added to the profile. At the end of the test 
run the profile is deleted. Therefore no real user profile ever trusts 
the fake CA.

2) Is easy. We get a real cert.

3) Is hard. The options are "make the user add a fake CA in their 
browser" (extreme badness), "make the test environment setup 
browser-specific so that we can act like the automation case above" 
(i.e, for each "supported" browser have the test environment setup 
launch that browser with the CA trusted for that session only, and force 
people to use that instance for testing), which is several other kinds 
of badness since it forces browser-specific code into web-platform-tests 
and rquires the user to carefully follow instructions, and "don't 
support ssl-requiring tests in this scenario", which makes developing 
tests and casually running specific tests hard.

Does anyone have another option for 3). Failing that do they have an 
opinion on the right way to proceed here?
Received on Friday, 11 October 2013 13:08:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:34:10 UTC