Closed
Bug 1253545
Opened 8 years ago
Closed 8 years ago
Create a decoder for incoming TLS Error Report data in the new data pipeline
Categories
(Webtools Graveyard :: Telemetry Server, defect)
Webtools Graveyard
Telemetry Server
Tracking
(firefox47 affected)
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | affected |
People
(Reporter: mgoodwin, Assigned: mgoodwin)
References
Details
TLS Error reports are small JSON documents containing the following information:
{
"build":"20160105164030", // the build ID of the client
"channel":"release", // the release channel the client is on
"errorCode":-8054, // the error that cause the TLS failure
"failedCertChain":[], // if there's a cert chain, this will contain base64 encoded certs
"hostname":"fr.yahoo.com", // The hostname the client attempted to connect to
"port":"", // If the connection was to a non-standard port, what was it?
"product":"Firefox", // Which product is this?
"timestamp":1455192160, // At what time does the client think it sent the report
"userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0", // The UA string
"version":1 // what version of the report schema is this?
}
There are two things we'd want to do to this data at collection time:
1) Record the difference between what time the client thinks it is and the server time (many TLS errors are as a result of clock issues on the client)
2) Unpack useful information from the certificate chain. In particular:
- From the root; what is the subject, public key hash
- From the end-entity; what is the subject, what are the SANs. Do any of the subject / SANs match the hostname.
|
||
Comment 2•8 years ago
|
||
(In reply to Mark Goodwin [:mgoodwin] from comment #1) > I have code. How do I get this deployed? Please either attach it to this bug or send a pull request to the data-pipeline repo at https://github.com/mozilla-services/data-pipeline You'll want to put the new decoder into the 'heka/sandbox/decoders' directory.
|
|
||
Updated•8 years ago
|
Flags: needinfo?(whd)
|
Assignee | |
Comment 3•8 years ago
|
||
Changes were made to Lua-openssl to allow for the host checks. See https://github.com/zhaozg/lua-openssl/commit/f561a8c4fedd15acd5d89e8f6825ee0b391f5dba The PR for the data-pipeline additions is here: https://github.com/mozilla-services/data-pipeline/pull/210
|
|
Assignee | |
Comment 4•8 years ago
|
||
PR was merged
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•