Closed
Bug 1253545
Opened 8 years ago
Closed 8 years ago
Create a decoder for incoming TLS Error Report data in the new data pipeline
Categories
(Webtools Graveyard :: Telemetry Server, defect)
Webtools Graveyard
Telemetry Server
Tracking
(firefox47 affected)
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox47 | --- | affected |
People
(Reporter: mgoodwin, Assigned: mgoodwin)
References
Details
TLS Error reports are small JSON documents containing the following information: { "build":"20160105164030", // the build ID of the client "channel":"release", // the release channel the client is on "errorCode":-8054, // the error that cause the TLS failure "failedCertChain":[], // if there's a cert chain, this will contain base64 encoded certs "hostname":"fr.yahoo.com", // The hostname the client attempted to connect to "port":"", // If the connection was to a non-standard port, what was it? "product":"Firefox", // Which product is this? "timestamp":1455192160, // At what time does the client think it sent the report "userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0", // The UA string "version":1 // what version of the report schema is this? } There are two things we'd want to do to this data at collection time: 1) Record the difference between what time the client thinks it is and the server time (many TLS errors are as a result of clock issues on the client) 2) Unpack useful information from the certificate chain. In particular: - From the root; what is the subject, public key hash - From the end-entity; what is the subject, what are the SANs. Do any of the subject / SANs match the hostname.
Comment 2•8 years ago
|
||
(In reply to Mark Goodwin [:mgoodwin] from comment #1) > I have code. How do I get this deployed? Please either attach it to this bug or send a pull request to the data-pipeline repo at https://github.com/mozilla-services/data-pipeline You'll want to put the new decoder into the 'heka/sandbox/decoders' directory.
Updated•8 years ago
|
Flags: needinfo?(whd)
Assignee | ||
Comment 3•8 years ago
|
||
Changes were made to Lua-openssl to allow for the host checks. See https://github.com/zhaozg/lua-openssl/commit/f561a8c4fedd15acd5d89e8f6825ee0b391f5dba The PR for the data-pipeline additions is here: https://github.com/mozilla-services/data-pipeline/pull/210
Assignee | ||
Comment 4•8 years ago
|
||
PR was merged
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•