Closed Bug 1724254 Opened 4 months ago Closed 4 months ago

CCADB entries generated 2021-08-05T17:00:52Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: ccadb2onercl, Unassigned)

Details

Attachments

(3 files)

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

These are the correct entries to add to OneCRL.
We do not need to run TLS Canary on this batch of changes.

Ready for review/approval at Kinto Staging.

Approved at staging.
Output from onecrl-entry-checker:

[11:02:58] Stage-Stage: 1419 Stage-Preview: 1419 Stage-Published: 1419                                                                                                                         compare.py:67
[11:02:59] Prod-Stage: 1419 Prod-Preview: 1419 Prod-Published: 1411                                                                                                                            compare.py:75
[11:03:00] Verifying stage against preview                                                                                                                                                     compare.py:82
           stage/security-state-staging (1419) and stage/security-state-preview (1419) are equivalent                                                                                          compare.py:87
           stage/security-state-staging (1419) and prod/security-state-staging (1419) are equivalent                                                                                           compare.py:87
           stage/security-state-staging (1419) and prod/security-state-preview (1419) are equivalent                                                                                           compare.py:87
           stage/security-state-preview (1419) and prod/security-state-staging (1419) are equivalent                                                                                           compare.py:87
[11:03:01] stage/security-state-preview (1419) and prod/security-state-preview (1419) are equivalent                                                                                           compare.py:87
           prod/security-state-staging (1419) and prod/security-state-preview (1419) are equivalent                                                                                            compare.py:87
           No changes are waiting in staging                                                                                                                                                   compare.py:90
           There are 8 changes waiting in production. Adding:                                                                                                                                  compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 
'MIGYMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZpZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0
    'serialNumber': 'BntQUp3WX1ga1fXFWlp5GKFvkw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDE=',
    'serialNumber': 'BntQWB5VRYI8C6YvYwneX8pJTA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'fbycYVUFmocbhMf3pItxYg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'RZcy2PMYy3WTovRoD5Dq2Q=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'fJ89pt+eKHEPYd6utwukkQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'L+DBBkUO02gMUQKcjFQSXQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'MDDVc2QS5c7G0NCvmmiplA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 
'MIGyMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1xJ9yYSBFQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMSYwJAYDVQQLDB1FLVR1Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYGA1UEAwwfRS1
    'serialNumber': 'Hw7EA7OAHK0='
}
           Staging is updated, and production changes are waiting, so Firefox can use                                                                                                         compare.py:110
           Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)                                                                                                        
           and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test                                                                                                         
           OneCRL.

Looks correct. Please proceed with approving the changes at Kinto Production.

Verified these changes in my Firefox Nightly and Release profiles.

Status: UNCONFIRMED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.