CCADB entries generated 2019-09-12T4:14:52Z
Categories
(Core :: Security Block-lists, Allow-lists, and other State, task)
Tracking
()
People
(Reporter: wthayer, Unassigned)
References
Details
Attachments
(3 files, 2 obsolete files)
Here are some entries: Please ensure that the entries are correct.
Reporter | ||
Comment 1•5 years ago
|
||
Reporter | ||
Comment 2•5 years ago
|
||
Changing content type
Reporter | ||
Updated•5 years ago
|
Reporter | ||
Comment 3•5 years ago
|
||
Comment on attachment 9092437 [details]
intermediates to be revoked
Worked, downloaded 1041 entries from the staging list.
Evaluating expected file = 'expected.txt'
Results:
Pending Kinto Dataset (Found): 1041
Added Entries (Expected): 53
[GOOD] Expected But Not Pending (Not Found): 0
Deleted: 0
[GOOD] Entries In Production But Lost Without Being Deleted (Missing): 0
[GOOD] The Expected file matches the change between the staged Kinto and production.
[GOOD] The Kinto dataset found at production equals the union of the expected file and the live list.
Nothing not found.
Nothing deleted.
Comment 4•5 years ago
|
||
Comment on attachment 9092437 [details]
intermediates to be revoked
This contains the correct entries to add to OneCRL.
Comment 5•5 years ago
|
||
Comment on attachment 9092435 [details]
existing and new revocations in the form of a revocations.txt file
This also has the correct entries to add to OneCRL.
Comment 6•5 years ago
|
||
CR, Would you please do a standard compat run with this set of OneCRL updates? We are adding 53 entries. This corresponds to PI-198. Thanks!
Reporter | ||
Comment 7•5 years ago
|
||
Fix content-type
Comment 8•5 years ago
|
||
Paul, per Comment #6, We will greatly appreciate it if your team will do a standard compat run with this set of OneCRL updates, just to make sure there are now surprises...
Comment 9•5 years ago
|
||
Sorry for the bad timing. I'm just back from PTO and Paul was OOO last week, too. I know this is awfully late, but I'll start a regression scan run today.
Comment 10•5 years ago
|
||
The test run just finished. It's based on Firefox Beta:
"buildid": "20190930132843"
"app_version": "70.0b11"
"nss_version": "NSS 3.46"
"NSPR_Version": "4.22"
The regression run yielded two potential regressions:
- wellmov.com (rank 65420) issued by Let's Encrypt
- cdn.1rtb.com (rank 745174) issued by Comodo
I suspect the first to be a false positive. The error looks like it was triggered by an expired certificate, and it seems it got renewed by the time I got to investigate it. The second result indicated as being produced by a timeout error, so might be a false positive, too.
Updated•5 years ago
|
Comment 11•5 years ago
|
||
(In reply to Christiane Ruetten [:cr] from comment #10)
Thanks!
This batch of changes to OneCRL is ready to go.
Comment 12•5 years ago
|
||
Approved at Kinto
Comment 13•5 years ago
|
||
I have confirmed that these entries are in cert-storage in Nightly and revocations.txt in Beta.
Comment 14•5 years ago
|
||
Comment 15•3 years ago
|
||
Moving bug to Core::Security Block-lists, Allow-lists, and other State.
Description
•