Commit 82d112d0 authored by Arthur Sonzogni's avatar Arthur Sonzogni Committed by Commit Bot

Fix cert errors on the official WPT test runner.

On the official WPT test runner, we can't test reporting at all.
See https://crbug.com/1121605

The "Report-To" header isn't parsed at all, due to an SSL certificate
error.
We are already using "--ignore-certificate-errors", but apparently this
isn't enough, we also need: "--ignore-certificate-errors-spki-list=XXXX"

Where XXX can be generated with:
```
openssl x509 -noout -pubkey -in ./tools/certs/web-platform.test.pem |
openssl pkey -pubin -outform der |
openssl dgst -sha256 -binary |
base64
```

This is adapted from the internal chrome test runner:
third_party/blink/tools/blinkpy/web_tests/port/base.py
(Search for WPT_FINGERPRINT)

Along the way, I found this issue:
https://github.com/web-platform-tests/wpt/issues/24180
which I think might also be fixed by this patch.

BUG=1121605

Change-Id: Ia6e98a5050c8d2513d605a45cd349a52314282cc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2390748
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: default avatarRobert Ma <robertma@chromium.org>
Reviewed-by: default avatarStephen McGruer <smcgruer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#804377}
parent 9bfef22b
......@@ -23,6 +23,24 @@ __wptrunner__ = {"product": "chrome",
"env_options": "env_options",
"timeout_multiplier": "get_timeout_multiplier",}
# This is generated using:
# ```
# openssl x509 -noout -pubkey -in ./tools/certs/web-platform.test.pem |
# openssl pkey -pubin -outform der |
# openssl dgst -sha256 -binary |
# base64
# ```
# TODO(https://github.com/web-platform-tests/wpt/issues/21968):
# Automate the regeneration of this value.
WPT_FINGERPRINT = 'VPzsk0tdACJMqhsnPpMDesIkQYZrI2RGR+UlPK4emE4='
# And one for signed-exchange/resources/127.0.0.1.sxg.pem
SXG_WPT_FINGERPRINT = '0Rt4mT6SJXojEMHTnKnlJ/hBKMBcI4kteBlhR1eTTdk='
IGNORE_CERTIFICATE_ERRORS_SPKI_LIST = [
WPT_FINGERPRINT,
SXG_WPT_FINGERPRINT
]
def check_args(**kwargs):
require_arg(kwargs, "webdriver_binary")
......@@ -67,7 +85,12 @@ def executor_kwargs(test_type, server_config, cache_manager, run_info_data,
# Here we set a few Chrome flags that are always passed.
# ChromeDriver's "acceptInsecureCerts" capability only controls the current
# browsing context, whereas the CLI flag works for workers, too.
chrome_options["args"] = ["--ignore-certificate-errors"]
chrome_options["args"] = []
chrome_options["args"].append("--ignore-certificate-errors")
chrome_options["args"].append("--ignore-certificate-errors-spki-list=%s" %
','.join(IGNORE_CERTIFICATE_ERRORS_SPKI_LIST))
# Allow audio autoplay without a user gesture.
chrome_options["args"].append("--autoplay-policy=no-user-gesture-required")
# Allow WebRTC tests to call getUserMedia.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment