Closed Bug 1137179 Opened 5 years ago Closed 5 years ago

Add wildcard list to the static fallback list

Categories

(Core :: Security: PSM, defect)

37 Branch
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla39
Tracking Status
firefox37 --- fixed
firefox38 --- fixed
firefox39 --- fixed

People

(Reporter: emk, Assigned: emk)

References

Details

Attachments

(2 files, 1 obsolete file)

This patch also contains a fallback list update because it is very likely to conflict with this.
I also removed bookstore.cleary.edu and buy.liker.com.tw because they consistently fail with NS_ERROR_UNKNOWN_HOST for me (please double check).
Attached patch patch (obsolete) — Splinter Review
Oops, forgot to attach the patch.
Attachment #8569846 - Flags: review?(dkeeler)
Comment on attachment 8569846 [details] [diff] [review]
patch

Review of attachment 8569846 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good to me with comments addressed.

(In reply to Masatoshi Kimura [:emk] from comment #0)
> I also removed bookstore.cleary.edu and buy.liker.com.tw because they
> consistently fail with NS_ERROR_UNKNOWN_HOST for me (please double check).

I can't resolve those hosts either.

::: security/manager/ssl/src/IntolerantFallbackList.inc
@@ -16,5 @@
>    "actiononline.stpete.org",
>    "actu.reunion.fr",
>    "ad401k.sbisec.co.jp",
>    "adman.you.gr",
> -  "adsearch.kuronekoyamato.co.jp", // bug 1128366

Should this bug be resolved worksforme or something now?

@@ -86,5 @@
>    "click2gov.alpharetta.ga.us",
>    "click2gov.sanangelotexas.us",
>    "clientes.chilectra.cl",
>    "club.guosen.com.cn",
> -  "cmypage.kuronekoyamato.co.jp", // bug 1112110

Same

@@ +290,5 @@
>    "secureonline.dwp.gov.uk",
>    "sems.hrd.ccsd.net",
>    "service.autoc-one.jp",
>    "services.apvma.gov.au",
> +  "services.geotrust.com",

We should definitely have a bug on this.

::: security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
@@ +586,5 @@
>    NS_NAMED_LITERAL_CSTRING(fallback_test, "fallback.test");
>    NS_NAMED_LITERAL_CSTRING(no_fallback_test, "no.fallback.test");
> +  NS_NAMED_LITERAL_CSTRING(wildcard_test, "wildcard.test");
> +  NS_NAMED_LITERAL_CSTRING(a_wildcard_test, "a.wildcard.test");
> +  NS_NAMED_LITERAL_CSTRING(b_wildcard_test, "b.wildcard.test");

Let's do something longer like "long.example.wildcard.test" for this second one.
Attachment #8569846 - Flags: review?(dkeeler) → review+
(In reply to David Keeler [:keeler] (use needinfo?) from comment #2)
> > I also removed bookstore.cleary.edu and buy.liker.com.tw because they
> > consistently fail with NS_ERROR_UNKNOWN_HOST for me (please double check).
> 
> I can't resolve those hosts either.

Thanks you.

> > -  "adsearch.kuronekoyamato.co.jp", // bug 1128366
> 
> Should this bug be resolved worksforme or something now?

It's just moved to the wildcard list.

> > +  "services.geotrust.com",
> 
> We should definitely have a bug on this.

Filed bug 1137677.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=e30008890f8f
Attachment #8569846 - Attachment is obsolete: true
Attachment #8570767 - Flags: review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/5801ebeeb3b6
Assignee: nobody → VYV03354
Status: NEW → ASSIGNED
Flags: in-testsuite+
https://hg.mozilla.org/mozilla-central/rev/5801ebeeb3b6
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Comment on attachment 8570767 [details] [diff] [review]
patch for checkin

Approval Request Comment
[Feature/regressing bug #]: 1124039
[User impact if declined]: Users can not connect some sites
[Describe test coverage new/current, TreeHerder]: Basic gtest
[Risks and why]: Low, minimal whitelist logic change only
[String/UUID change made/needed]: no
Attachment #8570767 - Flags: approval-mozilla-beta?
Attachment #8570767 - Flags: approval-mozilla-aurora?
Comment on attachment 8570767 [details] [diff] [review]
patch for checkin

approving for uplift to give better user experience.
Attachment #8570767 - Flags: approval-mozilla-beta?
Attachment #8570767 - Flags: approval-mozilla-beta+
Attachment #8570767 - Flags: approval-mozilla-aurora?
Attachment #8570767 - Flags: approval-mozilla-aurora+
Attached patch patch for betaSplinter Review
Rebase needed.
You need to log in before you can comment on or make changes to this bug.