Closed Bug 1552310 Opened 4 months ago Closed 4 months ago

fix deleting preloaded intermediates by using the right field

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla69
Tracking Status
firefox-esr60 --- unaffected
firefox66 --- unaffected
firefox67 --- unaffected
firefox68 + disabled
firefox69 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-blocked][psm-assigned])

Attachments

(1 file)

Due to some confusion, currently the code that removes preloaded intermediates uses the wrong field. Right now it's pubKeyHash, but it should be derHash when bug 1552304 lands.

[Tracking Requested - why for this release]: this is for intermediate preloading, which we're trying to ship in 68 (it's currently set to be enabled for early beta and before)

The initial implementation made some incorrect assumptions about the data that
was in our data set and used the wrong field to identify the certificates to
delete when they are removed from our preload list. Now that the data set has
the expected field (the hash of the whole certificate), we can use it instead.

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5ca3dedbdd6e
use the correct field to delete preloaded certificates that have been removed from the preload list r=jcj,KevinJacobs
Status: NEW → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69

Please request beta uplift when you get a chance.

Flags: needinfo?(dkeeler)

We're disabling cert_storage (and thus intermediate preloading) on non-nightly channels for now, so when bug 1555110 lands and is uplifted, we won't need this (I'll update the flags when the time comes).

Flags: needinfo?(dkeeler)
You need to log in before you can comment on or make changes to this bug.