Closed Bug 1183065 Opened 9 years ago Closed 9 years ago

Certificate Blocklist lacks convenient logging on revocation checks

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla42
Tracking Flags:
Tracking Status
firefox42 --- fixed

People

(Reporter: mgoodwin, Assigned: mgoodwin)

Details

Attachments

(1 file, 1 obsolete file)

Bug 1183065.patch
2.92 KB, patch
mgoodwin
: review+
Details | Diff | Splinter Review 
It's tricker than it should be to diagnose why certificate blocklist items are not working correctly. This is easily fixed by adding some debug log messages.
Attached patch Bug 1183065.patch (obsolete) — Splinter Review 
Assignee: nobody → mgoodwin
Status: NEW → ASSIGNED

        Attachment #8632738 -
        Flags: review?(cykesiopka.bmo)

    
    

    
  
Comment on attachment 8632738 [details] [diff] [review]
Bug 1183065.patch

Review of attachment 8632738 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM, just some nits.

::: security/manager/ssl/CertBlocklist.cpp
@@ +574,5 @@
>      return rv;
>    }
>  
> +  nsAutoCString encDN;
> +  nsAutoCString encOther;

Optional: move these to just above where they're first used.

@@ +597,5 @@
> +  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
> +          ("CertBlocklist::IsCertRevoked issuer %s - serial %s",
> +           encDN.get(), encOther.get()));
> +
> +

Minor nit: unnecessary extra line.

@@ +602,5 @@
>    *_retval = mBlocklist.Contains(issuerSerial);
>  
>    if (*_retval) {
> +    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
> +            ("certblocklist::found by issuer / serial; returning"));

Nit: just for consistency, maybe "CertBlocklist::IsCertRevoked found by [...]"?

        Attachment #8632738 -
        Flags: review?(cykesiopka.bmo) → review+

    
    

    
  


  
Feedback addressed

        Attachment #8632738 -
        Attachment is obsolete: true

        Attachment #8634366 -
        Flags: review+

    
    

    
  
url:        https://hg.mozilla.org/integration/mozilla-inbound/rev/ec1b5a7d05e941f4b4bb4ef38d949011f877124f
changeset:  ec1b5a7d05e941f4b4bb4ef38d949011f877124f
user:       Mark Goodwin <mgoodwin@mozilla.com>
date:       Fri Jul 17 10:03:21 2015 +0100
description:
Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka)

    
    

    
  
url:        https://hg.mozilla.org/integration/mozilla-inbound/rev/d2f8da515976518f38bdb9916c3e22e9baafb013
changeset:  d2f8da515976518f38bdb9916c3e22e9baafb013
user:       Mark Goodwin <mgoodwin@mozilla.com>
date:       Fri Jul 17 10:37:00 2015 +0100
description:
Backed out changeset ec1b5a7d05e9 (bug 1183065)

    
    

    
  
url:        https://hg.mozilla.org/integration/mozilla-inbound/rev/598cb986c19724cb959ad34e9326970a17dcf9ce
changeset:  598cb986c19724cb959ad34e9326970a17dcf9ce
user:       Mark Goodwin <mgoodwin@mozilla.com>
date:       Fri Jul 17 17:07:47 2015 +0100
description:
Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka)

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/598cb986c197
Status: ASSIGNED → RESOLVED
Closed: 9 years ago

          status-firefox42:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: