Closed
Bug 1183065
Opened 9 years ago
Closed 9 years ago
Certificate Blocklist lacks convenient logging on revocation checks
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla42
Tracking | Status | |
---|---|---|
firefox42 | --- | fixed |
People
(Reporter: mgoodwin, Assigned: mgoodwin)
Details
Attachments
(1 file, 1 obsolete file)
2.92 KB,
patch
|
mgoodwin
:
review+
|
Details | Diff | Splinter Review |
It's tricker than it should be to diagnose why certificate blocklist items are not working correctly. This is easily fixed by adding some debug log messages.
Assignee | ||
Comment 1•9 years ago
|
||
Assignee: nobody → mgoodwin
Status: NEW → ASSIGNED
Attachment #8632738 -
Flags: review?(cykesiopka.bmo)
Comment 2•9 years ago
|
||
Comment on attachment 8632738 [details] [diff] [review] Bug 1183065.patch Review of attachment 8632738 [details] [diff] [review]: ----------------------------------------------------------------- LGTM, just some nits. ::: security/manager/ssl/CertBlocklist.cpp @@ +574,5 @@ > return rv; > } > > + nsAutoCString encDN; > + nsAutoCString encOther; Optional: move these to just above where they're first used. @@ +597,5 @@ > + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, > + ("CertBlocklist::IsCertRevoked issuer %s - serial %s", > + encDN.get(), encOther.get())); > + > + Minor nit: unnecessary extra line. @@ +602,5 @@ > *_retval = mBlocklist.Contains(issuerSerial); > > if (*_retval) { > + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, > + ("certblocklist::found by issuer / serial; returning")); Nit: just for consistency, maybe "CertBlocklist::IsCertRevoked found by [...]"?
Attachment #8632738 -
Flags: review?(cykesiopka.bmo) → review+
Assignee | ||
Comment 3•9 years ago
|
||
Feedback addressed
Attachment #8632738 -
Attachment is obsolete: true
Attachment #8634366 -
Flags: review+
Assignee | ||
Comment 4•9 years ago
|
||
url: https://hg.mozilla.org/integration/mozilla-inbound/rev/ec1b5a7d05e941f4b4bb4ef38d949011f877124f changeset: ec1b5a7d05e941f4b4bb4ef38d949011f877124f user: Mark Goodwin <mgoodwin@mozilla.com> date: Fri Jul 17 10:03:21 2015 +0100 description: Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka)
Assignee | ||
Comment 5•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=2e335112b28e <- try, for reference
Assignee | ||
Comment 6•9 years ago
|
||
url: https://hg.mozilla.org/integration/mozilla-inbound/rev/d2f8da515976518f38bdb9916c3e22e9baafb013 changeset: d2f8da515976518f38bdb9916c3e22e9baafb013 user: Mark Goodwin <mgoodwin@mozilla.com> date: Fri Jul 17 10:37:00 2015 +0100 description: Backed out changeset ec1b5a7d05e9 (bug 1183065)
Assignee | ||
Comment 7•9 years ago
|
||
url: https://hg.mozilla.org/integration/mozilla-inbound/rev/598cb986c19724cb959ad34e9326970a17dcf9ce changeset: 598cb986c19724cb959ad34e9326970a17dcf9ce user: Mark Goodwin <mgoodwin@mozilla.com> date: Fri Jul 17 17:07:47 2015 +0100 description: Bug 1183065 - Add logging on OneCRL revocation checks (r=Cykesiopka)
Assignee | ||
Comment 8•9 years ago
|
||
A clean try run <- https://treeherder.mozilla.org/#/jobs?repo=try&revision=8ee53e4a4aa4
https://hg.mozilla.org/mozilla-central/rev/598cb986c197
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
You need to log in
before you can comment on or make changes to this bug.
Description
•