1334069 - CCADB entries generated 2017-01-26

Status: RESOLVED FIXED

(Core :: Security Block-lists, Allow-lists, and other State, defect)

Description

[Mark Goodwin [:mgoodwin]]

Attachment: bug_data.txt

Please add the following new certificate blocklist items following review from Kathleen and Matt.

Comment 1

[Mark Goodwin [:mgoodwin]]

Attachment: revocations.txt

Matt, please can you perform a canary run with the attached revocations.txt - this is the set of current production revocations with the new entries appended.

Thanks!

Comment 2

[Kathleen Wilson]

Comment on attachment 8830663 [details]
bug_data.txt

Confirmed that these are the correct entries to add to OneCRL. Thanks!

Comment 3

[Matt Wobensmith [:mwobensmith][:matt:]]

Comment on attachment 8830667 [details]
revocations.txt

No new errors found via TLS Canary and Alexa top sites, as of 2017-01-27.

Comment 4

[Mark Goodwin [:mgoodwin]]

Can these six entries be added, please?

Comment 5

[:wezhou]

These have been added to the database.

Please check to see if there are issues.

Comment 6

[Kathleen Wilson]

How long should it take for the changes to propagate to user systems?
I just restarted Firefox to see if it would pick up the new version of revocations.txt, but it didn't. The revocations.txt for my Firefox profile was created/modified on January 19.

Comment 7

[:wezhou]

How do you check if they're propagated to user systems?

I go to https://blocklist.addons.mozilla.org/blocklist/3/x/x/x/ and can see them to the bottom of the page.

Comment 8

[Matt Wobensmith [:mwobensmith][:matt:]]

1. Go to about:config
2. devtools.chrome.enabled = true
3. Tools > Web Developer > Browser Console
4. Paste this into the bottom of the window:
 Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);
5. Find your profile on disk.
6. Examine contents of revocations.txt. 


I compared the contents of this file with that of the attachment on this bug (after sorting both files) and the changes appear to be live and propagating correctly.

Regarding Kathleen's question, I don't know at what interval the client checks for updates. I will look at my own config and see if an existing profile is updating correctly or not.

Comment 9

[Matt Wobensmith [:mwobensmith][:matt:]]

(In reply to Kathleen Wilson from comment #6)
> How long should it take for the changes to propagate to user systems?
> I just restarted Firefox to see if it would pick up the new version of
> revocations.txt, but it didn't. The revocations.txt for my Firefox profile
> was created/modified on January 19.

After checking my existing default profile, on release Fx51, my local revocations.txt file was updated today. I verified that the contents were correct by diffing that file with the attachment on this bug. So, it's working for me. If it's not working for you, let me know and we'll figure this out together.

Comment 10

[Mark Goodwin [:mgoodwin]]

(In reply to Kathleen Wilson from comment #6)
> How long should it take for the changes to propagate to user systems?

A blocklist ping typically happens every 24 hours.



(In reply to :wezhou from comment #7)
> How do you check if they're propagated to user systems?

You can check to see if the entries served by AMO or Kinto are present in the revocations.txt file in the profile in question.

Comment 11

[Kathleen Wilson]

revocations.txt got updated on my system a few moments ago, when I restarted Firefox to update to 53.0a2 (2017-02-01) (64-bit).

I also confirmed that the new 6 entries per this bug, and only those entries, have been added.

Thanks!

Comment 12

[BMO Automation]

Moving bug to Core::Security Block-lists, Allow-lists, and other State.