From 357fde9cee9eeead50b6b985f1d9792eba2db401 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Oct 01 2025 14:19:26 +0000 Subject: Temporarily stop testing the c (valid ca) flag due to NSS bug Replace C,c,p with C,,p in tests/007-certsave because the valid CA flag is not working as expected in NSS 3.115. RHBZ https://bugzilla.redhat.com/show_bug.cgi?id=2395904 Mozilla BZ https://bugzilla.mozilla.org/show_bug.cgi?id=1990444 This is a temporary workaround while upstream works on fixing the issue. Related: https://pagure.io/certmonger/issue/297 Signed-off-by: Rob Crittenden --- diff --git a/tests/007-certsave-sql/expected.out b/tests/007-certsave-sql/expected.out index 428a8f9..236c74d 100644 --- a/tests/007-certsave-sql/expected.out +++ b/tests/007-certsave-sql/expected.out @@ -31,9 +31,9 @@ Testing setting trust to CT,C,: right nickname, right subject: cert CT,C, wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, -Testing setting trust to C,c,p: - baseline: cert C,c,p - right nickname, right subject: cert C,c,p +Testing setting trust to C,,p: + baseline: cert C,,p + right nickname, right subject: cert C,,p wrong nickname, right subject: cert ,, wrong subject, right nickname: cert ,, Skipping rosubdir test. diff --git a/tests/007-certsave/run.sh b/tests/007-certsave/run.sh index 29b0215..1ad1a91 100755 --- a/tests/007-certsave/run.sh +++ b/tests/007-certsave/run.sh @@ -135,7 +135,10 @@ $toolsdir/certsave entry.openssl || true # Now tweak the trust settings on the NSS certificate. The "u" flag seems to # be tied to whether or not we have a matching private key, so we can't mess # with it. -for trust in ,, P,, ,P, CT,C, C,c,p ; do +# +# Oct 1, 2025: Replace C,c,p with C,,p because the valid CA flag is not +# working as expected in NSS 3.115. +for trust in ,, P,, ,P, CT,C, C,,p ; do echo Testing setting trust to "$trust": # Save the right certificate to NSS's database and read it back. initnssdb $scheme:$tmpdir