Certificate revocation blocklist: last entry in list does not get blocked

RESOLVED INVALID

Status

()

RESOLVED INVALID
4 years ago
4 years ago

People

(Reporter: mwobensmith, Unassigned)

Tracking

37 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

1. In Fx37, update your browser to point to the staging AMO site [1].
2. As above, force a download of the blocklist.
3. Navigate to https://uber.com.


Result:

Site loads.

Expected:

Site blocked.


We have been chasing this issue for a while and discovered that whatever entry is last on the list does not get blocked. A workaround could be to put a dummy value in the blocklist at the end.



[1] https://wiki.mozilla.org/Blocklisting/Testing
OK, wait a second. Now this is working as expected. 

I verified that the blocklist had been downloaded and that the revocations.txt file contained the entries for uber.com's cert. It did not block the site, hence this bug. However, I waited about 15 minutes and refreshed page, saw the site being blocked. Now I am baffled as to why.
Had you previously navigated to https://uber.com in this session?

If you had and you did not force-refresh, it may be reusing an existing connection (and thus cert would not be checked, so the error would not be seen). Might that have happened?
Yes, that is possible. 

I just did a clean test where the sites/certs blocked had never been accessed from this profile/browsing session before. Everything passed. Marking this invalid.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.