{"id":12,"date":"2008-09-22T14:47:00","date_gmt":"2008-09-22T19:47:00","guid":{"rendered":"http:\/\/blog.mozilla.org\/ted\/?p=12"},"modified":"2008-09-22T14:47:00","modified_gmt":"2008-09-22T19:47:00","slug":"ssl-in-mochitest","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/ted\/2008\/09\/22\/ssl-in-mochitest\/","title":{"rendered":"SSL in Mochitest"},"content":{"rendered":"<p>Without a lot of fanfare, <a title=\" Bug 428009 -  hook up ssltunnel to mochitest\" href=\"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=428009\">a patch landed<\/a> recently that enables the use of SSL with the test HTTP server we use in our <a href=\"http:\/\/developer.mozilla.org\/en\/Mochitest\">Mochitest test harness<\/a>.<\/p>\n<p>About five months ago, I read <a href=\"http:\/\/fedoraproject.org\/wiki\/FedoraCryptoConsolidation\">an article<\/a> about how Fedora wanted to standardize on NSS as the cryptography solution for their distro in order to be able to leverage a common certificate database, among other things. The article went into detail on how they wrote<a href=\"http:\/\/fedoraproject.org\/wiki\/Nss_compat_ossl\"> an OpenSSL wrapper around NSS<\/a> so they could easily port applications that only supported OpenSSL to use NSS instead. As a concrete example, they showed a ported version of stunnel using NSS. This gave me pause, as one of the things we were lacking in our Mochitest harness was SSL support and stunnel would do exactly what we needed in this case. Considering we already build and ship NSS with every copy of Firefox, and it was clearly possible to implement the functionality we needed using NSS, I set out to figure out how to implement a bare-bones version of stunnel from scratch. After a bit of poking through the online <a title=\"NSPR API Reference\" href=\"http:\/\/developer.mozilla.org\/en\/NSPR_API_Reference\">NSPR<\/a> and <a title=\"NSS reference\" href=\"http:\/\/developer.mozilla.org\/En\/NSS_reference\">NSS<\/a> documentation, <a title=\"Bug 426867 - ssl proxy for mochitest \" href=\"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=426867\">I had a proof of concept application<\/a> which I called &#8220;ssltunnel.&#8221; After some insightful review comments from NSS developers I committed it to CVS.<\/p>\n<p>Unfortunately, that wasn&#8217;t the end. We still needed to hook this program up to the test harness, and I just didn&#8217;t have the motivation to do so. I filed <a title=\"Bug 428009 - hook up ssltunnel to mochitest\" href=\"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=428009\">the bug<\/a>, and hoped someone else would do the work. (as I often do!) Thankfully, that someone appeared in the person of Honza Bambas, whom I can only describe as a &#8220;programming rockstar.&#8221; He not only integrated ssltunnel into Mochitest, but he rewrote large sections of it to make it work robustly and made it work as an HTTP proxy while he was at it. After some reviews, and a couple of landings and backouts due to unrelated test failures, and some time spent languishing in bugzilla, we finally made his patch stick.<\/p>\n<p><img decoding=\"async\" title=\"Screenshot of Firefox showing an SSL connection to example.com, with the security info panel open\" src=\"http:\/\/people.mozilla.com\/~tmielczarek\/mochitest-ssl.png\" alt=\"\" \/><\/p>\n<p>Of course, now that we have this capability, we need tests to use it! Honza has written <a title=\"Mochitest - SSL and https enabled tests\" href=\"http:\/\/developer.mozilla.org\/en\/Mochitest#SSL_and_https_enabled_tests\">some great documentation<\/a> on what is currently available via Mochitest, and how to add custom servers and certificates other things you might want. If you get motivated to write some tests and hit a rough spot, feel free as always to track me down on IRC and ask me about it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Without a lot of fanfare, a patch landed recently that enables the use of SSL with the test HTTP server we use in our Mochitest test harness. About five months ago, I read an article about how Fedora wanted to standardize on NSS as the cryptography solution for their distro in order to be able [&hellip;]<\/p>\n","protected":false},"author":65,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,189],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/posts\/12"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/comments?post=12"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/posts\/12\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/media?parent=12"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/categories?post=12"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/ted\/wp-json\/wp\/v2\/tags?post=12"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}