CCADB entries generated 2017-01-26

RESOLVED FIXED

Status

()

RESOLVED FIXED
2 years ago
a year ago

People

(Reporter: mgoodwin, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

2 years ago
Created attachment 8830663 [details]
bug_data.txt

Please add the following new certificate blocklist items following review from Kathleen and Matt.
Attachment #8830663 - Flags: review?(kwilson)
(Reporter)

Comment 1

2 years ago
Created attachment 8830667 [details]
revocations.txt

Matt, please can you perform a canary run with the attached revocations.txt - this is the set of current production revocations with the new entries appended.

Thanks!
Flags: needinfo?(mwobensmith)
Attachment #8830667 - Flags: review?(mwobensmith)

Comment 2

2 years ago
Comment on attachment 8830663 [details]
bug_data.txt

Confirmed that these are the correct entries to add to OneCRL. Thanks!
Attachment #8830663 - Flags: review?(kwilson) → review+
Comment on attachment 8830667 [details]
revocations.txt

No new errors found via TLS Canary and Alexa top sites, as of 2017-01-27.
Flags: needinfo?(mwobensmith)
Attachment #8830667 - Flags: review?(mwobensmith) → review+
(Reporter)

Comment 4

2 years ago
Can these six entries be added, please?
Flags: needinfo?(wezhou)

Comment 5

2 years ago
These have been added to the database.

Please check to see if there are issues.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(wezhou)
Resolution: --- → FIXED

Comment 6

2 years ago
How long should it take for the changes to propagate to user systems?
I just restarted Firefox to see if it would pick up the new version of revocations.txt, but it didn't. The revocations.txt for my Firefox profile was created/modified on January 19.

Comment 7

2 years ago
How do you check if they're propagated to user systems?

I go to https://blocklist.addons.mozilla.org/blocklist/3/x/x/x/ and can see them to the bottom of the page.
1. Go to about:config
2. devtools.chrome.enabled = true
3. Tools > Web Developer > Browser Console
4. Paste this into the bottom of the window:
 Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);
5. Find your profile on disk.
6. Examine contents of revocations.txt. 


I compared the contents of this file with that of the attachment on this bug (after sorting both files) and the changes appear to be live and propagating correctly.

Regarding Kathleen's question, I don't know at what interval the client checks for updates. I will look at my own config and see if an existing profile is updating correctly or not.
(In reply to Kathleen Wilson from comment #6)
> How long should it take for the changes to propagate to user systems?
> I just restarted Firefox to see if it would pick up the new version of
> revocations.txt, but it didn't. The revocations.txt for my Firefox profile
> was created/modified on January 19.

After checking my existing default profile, on release Fx51, my local revocations.txt file was updated today. I verified that the contents were correct by diffing that file with the attachment on this bug. So, it's working for me. If it's not working for you, let me know and we'll figure this out together.
(Reporter)

Comment 10

2 years ago
(In reply to Kathleen Wilson from comment #6)
> How long should it take for the changes to propagate to user systems?

A blocklist ping typically happens every 24 hours.



(In reply to :wezhou from comment #7)
> How do you check if they're propagated to user systems?

You can check to see if the entries served by AMO or Kinto are present in the revocations.txt file in the profile in question.

Comment 11

2 years ago
revocations.txt got updated on my system a few moments ago, when I restarted Firefox to update to 53.0a2 (2017-02-01) (64-bit).

I also confirmed that the new 6 entries per this bug, and only those entries, have been added.

Thanks!

Updated

a year ago
Blocks: 1155095
Summary: New certificate blocklist entries W/C 20170123 → CCADB entries generated 2017-01-26
You need to log in before you can comment on or make changes to this bug.