W3C home > Mailing lists > Public > public-test-infra@w3.org > October to December 2014

Re: https/wss testing in web-platform-tests

From: Brad Hill <hillbrad@gmail.com>
Date: Mon, 13 Oct 2014 14:57:26 -0700
Message-ID: <CAEeYn8jT9BsT06EdS14Mvw_5gg=VayXku2qTMb5_jgOxCuh0SA@mail.gmail.com>
To: James Graham <james@hoppipolla.co.uk>
Cc: public-test-infra <public-test-infra@w3.org>
I would guess you overestimate the barrier both of these would
present.  If you're installing wptserve as a developer, pulling
openssl as another dependency is pretty low friction - many will have
it already.

As far as installing the certificate into your browser - that only
matters if you want to run the https tests.  There should be no action
required to simply start a wptserve instance that also listens on
https with a locally-generated certificate.

On Mon, Oct 13, 2014 at 10:35 AM, James Graham <james@hoppipolla.co.uk> wrote:
> On 13/10/14 18:20, Brad Hill wrote:
>> Why would we not just always require an https endpoint to be running
>> if we're going to automatically generate a test certificate, anyway?
>> Why put the burden on test authors to mark every test that requires
>> https?
> I had assumed that it wasn't a good idea because a) it requires people
> to have openssl installed to generate the CA and host cert/keys, b)
> actually trusting the cert only works well with wptrunner since you
> don't want to trust the fake CA into your real browser profile (or run
> your normal browser in a special don't-check-certs mode) c) we don't
> necessarily have a code path to install the CA cert in all browsers.
> If I am overestimating the importance of these, that would be great to
> know, because I agree that putting any burden on test authors here sucks.
Received on Monday, 13 October 2014 21:57:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:34:11 UTC