Closed
Bug 1085506
Opened 11 years ago
Closed 11 years ago
add telemetry for all TLS handshake certificate verification errors encountered
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla39
People
(Reporter: keeler, Assigned: keeler)
References
Details
Attachments
(1 file, 1 obsolete file)
|
7.03 KB,
patch
|
rbarnes
:
review+
lsblakk
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
We already have telemetry for overridable certificate errors (SSL_CERT_ERROR_OVERRIDES), but we don't have information on how often users encounter certificate verification errors that can't be overridden.
| Assignee | ||
Comment 1•11 years ago
|
||
This is a first pass at implementing this. I basically took all the error codes mozilla::pkix could return when verifying a certificate and mapped them linearly (leaving holes for the ones that are overridable, so if we change their overridability, we don't have to re-order everything).
Comment 2•11 years ago
|
||
Comment on attachment 8523244 [details] [diff] [review]
patch
Review of attachment 8523244 [details] [diff] [review]:
-----------------------------------------------------------------
Should we just do this for all errors? I don't see any reason we would want to *not* know about overrideable ones.
::: security/manager/ssl/src/SSLServerCertVerification.cpp
@@ +424,5 @@
> return SECFailure;
>
> default:
> + {
> + uint32_t probeValue = MapNonOverridableErrorToProbeValue(defaultErrorCodeToReport);
It seems like we could just put this right before the switch to measure everything.
Attachment #8523244 -
Flags: feedback?(rlb) → feedback+
| Assignee | ||
Comment 3•11 years ago
|
||
Attachment #8523244 -
Attachment is obsolete: true
Attachment #8570708 -
Flags: review?(rlb)
| Assignee | ||
Updated•11 years ago
|
Summary: add telemetry for non-overridable certificate errors → add telemetry for all TLS handshake certificate verification errors encountered
Comment 4•11 years ago
|
||
Comment on attachment 8570708 [details] [diff] [review]
patch v2
Review of attachment 8570708 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good. Just a couple of readability nits.
::: security/manager/ssl/src/SSLServerCertVerification.cpp
@@ +338,5 @@
> + // possible values in telemetry would be cumbersome.
> + // Right now there are ~50 non-fatal and 4 fatal errors mozilla::pkix might
> + // return. This transformation and the eventual telemetry probe the values
> + // will be stored in can handle 80 non-fatal and 20 fatal errors, which
> + // should be sufficient until we re-write everything in rust.
This comment is a little convoluted. I would suggest something of the form
> // Since FATAL_ERROR_FLAG is 0x800, fatal error codes are quite a bit larger
> // than non-fatal. To conserve space, we re-map these error codes so that
> // they start at 80 (decimal) instead of 0x800. Currently, there are ~50
> // non-fatal errors, so starting fatal errors at 80 should provide plenty
> // of space.
The 80/20 split seems slightly un-aesthetic, but I see why you're doing it.
@@ +342,5 @@
> + // should be sufficient until we re-write everything in rust.
> + static_assert(FATAL_ERROR_FLAG == 0x800,
> + "mozilla::pkix::FATAL_ERROR_FLAG is not what we were expecting");
> + if (probeValue & FATAL_ERROR_FLAG) {
> + probeValue -= FATAL_ERROR_FLAG;
Seems like it might read a little more clearly to unset the flag using an XOR:
> probeValue ^= FATAL_ERROR_FLAG
Attachment #8570708 -
Flags: review?(rlb) → review+
| Assignee | ||
Comment 5•11 years ago
|
||
Comment 6•11 years ago
|
||
[Feature/regressing bug #]: This telemetry is needed to measure the impact of removing the Equifax Secure CA, which currently shows high usage in telemetry (it is bin 4 of http://mzl.la/1KfvGLo). Thus we need to land this patch a few weeks before landing bug 1132496 in Firefox.
[User impact if declined]: Without this telemetry it will be difficult for us to tell whether the Equifax Secure CA removal is causing breakage for users, and thus whether we need to revert it.
[Describe test coverage new/current, TBPL]: Manual.
[Risks and why]: Low risk. Just adds a new telemetry histogram to collect TLS errors.
[String/UUID change made/needed]: None
Updated•11 years ago
|
Attachment #8570708 -
Flags: approval-mozilla-aurora?
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Updated•11 years ago
|
Attachment #8570708 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 8•11 years ago
|
||
status-firefox38:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•