Closed Bug 1227970 Opened 4 years ago Closed 4 years ago

Perform preference checks to allow OCSP Bypass for OneCRL via Kinto

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla45
Tracking Status
firefox45 --- fixed

People

(Reporter: mgoodwin, Assigned: mgoodwin)

References

Details

Attachments

(1 file)

Bug 1224467 turns off OCSP bypass in cases were the AMO blocklist is not used for certificate blocklist updates.

We need to add the correct checks for the other case; when the blocklist is updated by Kinto.js
Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r?keeler
Attachment #8692048 - Flags: review?(dkeeler)
I should explain that other related parts are going on in bug 1227956 - in particular, the pref is updated by work going on in that bug.
Depends on: 1227956
Comment on attachment 8692048 [details]
MozReview Request: Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r?keeler

https://reviewboard.mozilla.org/r/26219/#review23639

LGTM.

::: security/manager/ssl/tests/unit/test_ev_certs.js:226
(Diff revision 1)
>      Services.prefs.clearUserPref("security.onecrl.maximum_staleness_in_seconds");

Should the other prefs be reset here as well?
Attachment #8692048 - Flags: review?(dkeeler) → review+
(In reply to Mark Goodwin [:mgoodwin] from comment #4)
> https://treeherder.mozilla.org/#/jobs?repo=try&revision=39590e625271

I have test failures that I can't reproduce due to bug 1226165
Depends on: 1226165
https://hg.mozilla.org/integration/mozilla-inbound/rev/beb1ebb12542681c7ad55f8ba1f69e26a01d1d25
Bug 1227970 - Perform preference checks to allow OCSP Bypass for OneCRL via Kinto r=keeler
https://hg.mozilla.org/mozilla-central/rev/beb1ebb12542
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.