Re: Testing and certificates

On 11/10/2013 15:08 , James Graham wrote:
> 3) Is hard. The options are "make the user add a fake CA in their
> browser" (extreme badness), "make the test environment setup
> browser-specific so that we can act like the automation case above"
> (i.e, for each "supported" browser have the test environment setup
> launch that browser with the CA trusted for that session only, and force
> people to use that instance for testing), which is several other kinds
> of badness since it forces browser-specific code into web-platform-tests
> and rquires the user to carefully follow instructions, and "don't
> support ssl-requiring tests in this scenario", which makes developing
> tests and casually running specific tests hard.

I haven't thought this through and I'm multitasking with a conference so 
it might be a daft idea; but on the off chance that we could make it 
work, I'll dump it here.

Adding a specific local hostname on individual machines is pretty easy 
on Unix-ish OSes (including Macs) and ISTR not much harder — possibly 
similar — on Windows. It's just a matter of adding a line to /etc/hosts, 
and the only difficulty is that it requires admin privileges (which you 
need to test against canonical Web ports anyway). We could have wptserve 
just add it on start (if it isn't there).

If we managed that, could we not simply decide that there is a canonical 
hostname for the tests when run on individual boxes, and have wptserve 
use a specific cert for that? Distributing the cert would allow anyone 
to impersonate that domain, but if we only use it for that it oughtn't 
be a problem. I wonder if we can push it so far as to get a cert for 
something that wouldn't be otherwise resolvable anyway, say "web.tests".

It's not impossible that I may be missing a key ingredient though.

-- 
Robin Berjon - http://berjon.com/ - @robinberjon

Received on Friday, 11 October 2013 14:46:30 UTC