Closed Bug 1692752 Opened 4 years ago Closed 4 years ago

crlite false-negative on bugs.kali.org

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
Firefox 85
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1683525

People

(Reporter: earthlng, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

Set security.pki.crlite_mode = 2 and load https://bugs.kali.org/

You also need to have security.remote_settings.crlite_filters.enabled=true and let Firefox run for a while to download the CRLite data

Actual results:

Secure Connection Failed due to a SEC_ERROR_REVOKED_CERTIFICATE

Expected results:

Site should've loaded.
When I disable the crlite_mode pref and let Firefox check the OCSP instead (even in hard-mode ie security.OCSP.require=true), the cert doesn't seem to be revoked

The Bugbug bot thinks this bug should belong to the 'Core::Security: PSM' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Security: PSM
Product: Firefox → Core

This is a known infrastructure issue. CRLite has been set to telemetry-only by default on all branches while that issue is addressed.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.