Closed Bug 1145844 Opened 5 years ago Closed 5 years ago

Fallback whitelist update: mid-May 2015

Categories

(Core :: Security: PSM, defect)

38 Branch
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla40
Tracking Status
firefox38 --- fixed
firefox38.0.5 --- fixed
firefox39 --- fixed
firefox40 --- fixed
firefox-esr38 --- fixed

People

(Reporter: emk, Assigned: emk)

References

Details

Attachments

(1 file, 2 obsolete files)

+++ This bug was initially created as a clone of Bug #1142769 +++

I would like to land this before the next merge.
Depends on: 1142769
Please add: jst.doded.mil
Attached patch Update fallback whitelist (obsolete) — Splinter Review
* Added sites from bug 1126620 blockers and bug 1138101 blockers.
* Removed fixed sites.
* Removed following sites due to consistent connection errors or unknown host errors (please double check):
  https://click2gov.alpharetta.ga.us
  https://developer.palm.com
  https://hypotheek.bankofscotland.nl
  https://startrekonline.com
  https://www.marenostrumresort.com
  https://www.partnerandaffinitycards.co.uk
  https://www.startrekonline.com
  https://www.torrecatalunya.com
Assignee: nobody → VYV03354
Status: NEW → ASSIGNED
Attachment #8598571 - Flags: review?(dkeeler)
Attached patch Update fallback whitelist (obsolete) — Splinter Review
* Added a site from bug 1159224.
* Added servers from comment #3.
Attachment #8598571 - Attachment is obsolete: true
Attachment #8598571 - Flags: review?(dkeeler)
Attachment #8598625 - Flags: review?(dkeeler)
Comment on attachment 8598625 [details] [diff] [review]
Update fallback whitelist

Review of attachment 8598625 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM, but see the comment on annotating ports (and, indeed, should we refine this mechanism to use {host,port} instead of all ports on a given host?)

::: security/manager/ssl/src/IntolerantFallbackList.inc
@@ +248,2 @@
>    "partnerweb.vmware.com", // bug 1142187
> +  "paslists.com", // :9211 bug 1155712

We should maybe be a bit more verbose in these cases: "for port 9211" or something
Attachment #8598625 - Flags: review?(dkeeler) → review+
Updated comments for non-default ports.
Attachment #8598625 - Attachment is obsolete: true
Attachment #8599042 - Flags: review+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/3e18d65b28c3
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
Comment on attachment 8599042 [details] [diff] [review]
patch for checkin

Approval Request Comment
[Feature/regressing bug #]: N/A
[User impact if declined]: Users can not connect some sites.
[Describe test coverage new/current, TreeHerder]: tested locally
[Risks and why]: Very low. Only trivial changes to static data.
[String/UUID change made/needed]: none
Attachment #8599042 - Flags: approval-mozilla-beta?
Attachment #8599042 - Flags: approval-mozilla-aurora?
Comment on attachment 8599042 [details] [diff] [review]
patch for checkin

[Triage Comment]
Should be in 38 RC1
Attachment #8599042 - Flags: approval-mozilla-release+
Attachment #8599042 - Flags: approval-mozilla-beta?
Attachment #8599042 - Flags: approval-mozilla-aurora?
Attachment #8599042 - Flags: approval-mozilla-aurora+
Keywords: checkin-needed
checkin-needed isn't necessary for uplifts (and adds noise to bug queries)
Keywords: checkin-needed
Blocks: 1165549
You need to log in before you can comment on or make changes to this bug.