Closed
Bug 1724254
Opened 3 years ago
Closed 3 years ago
CCADB entries generated 2021-08-05T17:00:52Z
Categories
(Core :: Security Block-lists, Allow-lists, and other State, enhancement)
Core
Security Block-lists, Allow-lists, and other State
Tracking
()
RESOLVED
FIXED
People
(Reporter: ccadb2onercl, Unassigned)
Details
Attachments
(3 files)
Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.
|
Reporter | |
Comment 1•3 years ago
|
||
|
|
Reporter | |
Comment 2•3 years ago
|
||
|
|
Reporter | |
Comment 3•3 years ago
|
||
|
||
Comment 4•3 years ago
|
||
These are the correct entries to add to OneCRL.
We do not need to run TLS Canary on this batch of changes.
Ready for review/approval at Kinto Staging.
Approved at staging.
Output from onecrl-entry-checker:
[11:02:58] Stage-Stage: 1419 Stage-Preview: 1419 Stage-Published: 1419 compare.py:67
[11:02:59] Prod-Stage: 1419 Prod-Preview: 1419 Prod-Published: 1411 compare.py:75
[11:03:00] Verifying stage against preview compare.py:82
stage/security-state-staging (1419) and stage/security-state-preview (1419) are equivalent compare.py:87
stage/security-state-staging (1419) and prod/security-state-staging (1419) are equivalent compare.py:87
stage/security-state-staging (1419) and prod/security-state-preview (1419) are equivalent compare.py:87
stage/security-state-preview (1419) and prod/security-state-staging (1419) are equivalent compare.py:87
[11:03:01] stage/security-state-preview (1419) and prod/security-state-preview (1419) are equivalent compare.py:87
prod/security-state-staging (1419) and prod/security-state-preview (1419) are equivalent compare.py:87
No changes are waiting in staging compare.py:90
There are 8 changes waiting in production. Adding: compare.py:99
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName':
'MIGYMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZpZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0
'serialNumber': 'BntQUp3WX1ga1fXFWlp5GKFvkw=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDE=',
'serialNumber': 'BntQWB5VRYI8C6YvYwneX8pJTA=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
'serialNumber': 'fbycYVUFmocbhMf3pItxYg=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
'serialNumber': 'RZcy2PMYy3WTovRoD5Dq2Q=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
'serialNumber': 'fJ89pt+eKHEPYd6utwukkQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
'serialNumber': 'L+DBBkUO02gMUQKcjFQSXQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
'serialNumber': 'MDDVc2QS5c7G0NCvmmiplA=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1724254', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName':
'MIGyMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1xJ9yYSBFQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMSYwJAYDVQQLDB1FLVR1Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYGA1UEAwwfRS1
'serialNumber': 'Hw7EA7OAHK0='
}
Staging is updated, and production changes are waiting, so Firefox can use compare.py:110
Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)
and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test
OneCRL.
|
|
||
Comment 6•3 years ago
|
||
Looks correct. Please proceed with approving the changes at Kinto Production.
Approved in production.
|
|
||
Comment 8•3 years ago
|
||
Verified these changes in my Firefox Nightly and Release profiles.
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•