Closed Bug 1287862 Opened 8 years ago Closed 8 years ago

Updated Kinto OneCRL blocklist breaks all cert blocking

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
50 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1286600
Tracking Flags:
Tracking Status
firefox50 --- affected

People

(Reporter: mwobensmith, Unassigned)

Details

Start with some blocked certs on AMO staging.

1. Create new profile.
2. Set services.settings.server to https://kinto.stage.mozaws.net/v1
3. Leave other settings the same w/r/t signing (off) and via.amo (false)
4. Force blocklist update.

Navigate to sites that use above certs and you should see that your sites are blocked.

5. Go back to AMO and add or remove cert entries.
6. Wait for XML/JSON etc to update
7. Clear all browsing data in Fx.
8. Force blocklist update again.
9. Quit/restart Fx.
10. Navigate to blocked sites.

Result:
Nothing is blocked.

Expected:
Blocking of certs that are still in blocklist should be honored.
Bad data in blocklist throws uncaught error, causes the revocations.txt file not to be generated, and then bug 1286600.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.