Closed
Bug 1484351
Opened 6 years ago
Closed 6 years ago
CCADB entries generated 2018-08-17T22:24:14Z
Categories
(Core :: Security Block-lists, Allow-lists, and other State, defect)
Core
Security Block-lists, Allow-lists, and other State
Tracking
()
RESOLVED
FIXED
People
(Reporter: omphalos, Assigned: cr)
References
Details
Attachments
(2 files)
No description provided.
Revocations data for new records
Attachment #9002109 -
Flags: review?(kwilson)
Attachment #9002109 -
Flags: review?(cr)
Revocations data for new and existing records
Attachment #9002110 -
Flags: review?(kwilson)
Attachment #9002110 -
Flags: review?(cr)
(3, 61F263F68DC83C12, AC Firmaprofesional - CFEA) no match found in CRL: (5, 1EF001DC1C2163C8, AC Firmaprofesional - OTC) no match found in CRL:
Comment 4•6 years ago
|
||
(In reply to omphalos from comment #3) > (3, 61F263F68DC83C12, AC Firmaprofesional - CFEA) no match found in CRL: > > (5, 1EF001DC1C2163C8, AC Firmaprofesional - OTC) no match found in CRL: Not Revoked, but these two certs are not intended for TLS, so CA asked to add to OneCRL via Bug #1465531.
Comment 5•6 years ago
|
||
Comment on attachment 9002109 [details]
Intermediates to be revoked
I confirm that these are the correct entries to add to OneCRL.
Attachment #9002109 -
Flags: review?(kwilson) → review+
Comment 6•6 years ago
|
||
Comment on attachment 9002110 [details]
existing and new revocations in the form of a revocations.txt file
I confirm that this revocations.txt file has the new entries, and is ready for compatibility testing.
Thanks!
Attachment #9002110 -
Flags: review?(kwilson) → review+
Comment 7•6 years ago
|
||
Downloading intermediates to be revoked from bug # 1484351 Results: Pending Kinto Dataset (Found): 790 Added Entries (Expected): 38 [GOOD] Expected But Not Pending (Not Found): 0 Deleted: 0 [GOOD] Entries In Production But Lost Without Being Deleted (Missing): 0 [GOOD] The Expected file matches the change between the staged Kinto and production. [GOOD] The Kinto dataset found at production equals the union of the expected file and the live list. Nothing not found. Nothing deleted.
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → cr
Assignee | ||
Comment 8•6 years ago
|
||
I ran a regression on test on nightly against The Umbrella Top 1M over the weekend, and there are two regressions: "host": "betplay.com.co", "rank": 460890, "short_error_message": "SEC_ERROR_UNKNOWN_ISSUER", "ssl_status": "issuerCommonName": "COMODO RSA Domain Validation Secure Server CA", "issuerName": "CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB", "sha1Fingerprint": "EB:87:BE:3D:1E:B0:BE:CE:CA:12:DB:76:FA:E4:93:CE:E4:45:FE:09", "sha256Fingerprint": "04:31:02:6C:EA:C3:EC:B6:0E:AF:1A:B0:0F:F9:8E:99:2B:13:F9:F9:CA:F2:90:6D:69:8F:A0:32:25:D0:FA:93", "status": 2153390067, "host": "stage.crystalcruises.com", "rank": 836362, "short_error_message": "SEC_ERROR_REVOKED_CERTIFICATE", "status": 2153390068, Expected?
Assignee | ||
Updated•6 years ago
|
Attachment #9002109 -
Flags: review?(cr) → review+
Assignee | ||
Updated•6 years ago
|
Attachment #9002110 -
Flags: review?(cr) → review+
Comment 9•6 years ago
|
||
(In reply to Christiane Ruetten [:cr] from comment #8) > I ran a regression on test on nightly against The Umbrella Top 1M over the > weekend Thanks! > and there are two regressions: > > "host": "betplay.com.co", > "rank": 460890, > "short_error_message": "SEC_ERROR_UNKNOWN_ISSUER", > "ssl_status": > "issuerCommonName": "COMODO RSA Domain Validation Secure Server CA", > "issuerName": "CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO > CA Limited,L=Salford,ST=Greater Manchester,C=GB", > "sha1Fingerprint": > "EB:87:BE:3D:1E:B0:BE:CE:CA:12:DB:76:FA:E4:93:CE:E4:45:FE:09", > "sha256Fingerprint": > "04:31:02:6C:EA:C3:EC:B6:0E:AF:1A:B0:0F:F9:8E:99:2B:13:F9:F9:CA:F2:90:6D:69: > 8F:A0:32:25:D0:FA:93", > "status": 2153390067, False alarm -- maybe their were updating there webserver SSL cert last weekend. > > "host": "stage.crystalcruises.com", > "rank": 836362, > "short_error_message": "SEC_ERROR_REVOKED_CERTIFICATE", > "status": 2153390068, Same error on release, so not caused by these changes to OneCRL. So, looks like these changes to OneCRL are ready to go. Thanks!
Comment 10•6 years ago
|
||
Approved at Kinto, change is rolling out.
Comment 11•6 years ago
|
||
I have verified that the changes showed up in revocations.txt for a new Firefox profile, and all looks correct. I still have not received the updated revocations.txt for my existing Firefox profile.
Comment 12•6 years ago
|
||
(In reply to Kathleen Wilson from comment #11) > I still have not received the updated revocations.txt for my existing > Firefox profile. Received and verified. Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Comment 13•3 years ago
|
||
Moving bug to Core::Security Block-lists, Allow-lists, and other State.
Component: Blocklist Policy Requests → Security Block-lists, Allow-lists, and other State
Product: Toolkit → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•