Closed Bug 1740553 Opened 4 years ago Closed 4 years ago

CCADB entries generated 2021-11-10T17:00:47Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ccadb2onercl, Unassigned)

Details

Attachments

(3 files)

Line delimited issuer/serial pairs
2.77 KB, text/plain
Details
The additions to OneCRL proposed by this bug.
8.72 KB, text/plain
Details
Entries with their names decoded to plain text and hexadecimal serials/hashes.
6.24 KB, text/plain
Details

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

These are the correct entries to add to OneCRL.
We do not need to run TLS Canary on this batch of changes.

Ready for review/approval at Kinto Staging.

Flags: needinfo?(dkeeler)

Approved at staging. Here's the output of onecrl-entry-checker:

[15:19:29] Stage-Stage: 1437 Stage-Preview: 1437 Stage-Published: 1437                                                                                                                                                                                             compare.py:67
[15:19:30] Prod-Stage: 1437 Prod-Preview: 1437 Prod-Published: 1419                                                                                                                                                                                                compare.py:75
[15:19:31] Verifying stage against preview                                                                                                                                                                                                                         compare.py:82
           stage/security-state-staging (1437) and stage/security-state-preview (1437) are equivalent                                                                                                                                                              compare.py:87
           stage/security-state-staging (1437) and prod/security-state-staging (1437) are equivalent                                                                                                                                                               compare.py:87
           stage/security-state-staging (1437) and prod/security-state-preview (1437) are equivalent                                                                                                                                                               compare.py:87
           stage/security-state-preview (1437) and prod/security-state-staging (1437) are equivalent                                                                                                                                                               compare.py:87
           stage/security-state-preview (1437) and prod/security-state-preview (1437) are equivalent                                                                                                                                                               compare.py:87
           prod/security-state-staging (1437) and prod/security-state-preview (1437) are equivalent                                                                                                                                                                compare.py:87
           No changes are waiting in staging                                                                                                                                                                                                                       compare.py:90
           There are 18 changes waiting in production. Adding:                                                                                                                                                                                                     compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFAxCzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMQ==',
    'serialNumber': 'Ermw7g=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFAxCzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMQ==',
    'serialNumber': 'Ermw7A=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFAxCzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMQ==',
    'serialNumber': 'Ermw7w=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOQ==',
    'serialNumber': 'ShA9s+HZJmJlKzvcauXC8w=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'IrmxEAXK2OI4'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'IrmxB+QOrp3P'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'IrmxLgSn7Cvs'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGnMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnk=',
    'serialNumber': 'SUEs5AAn'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'Irmw/ofYnXPM'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOQ==',
    'serialNumber': 'YDQ5U886jKQrtEpEKSy69A=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'IrmxLQbUNQw0'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'IrmwzA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'Irmw6riAVioU'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'Irmw/QH4w0Am'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'IrmxDxYqdHHX'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFAxCzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMQ==',
    'serialNumber': 'Ermw3g=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'Irmw9RUMnLWK'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1740553', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MF0xCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTI=',
    'serialNumber': 'Irmwxw=='
}
           Staging is updated, and production changes are waiting, so Firefox can use                                                                                                                                                                             compare.py:110
           Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)                                                                                                                                                                            
           and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test                                                                                                                                                                             
           OneCRL.
Flags: needinfo?(dkeeler)

Looks correct. Please proceed with approving the changes at Kinto Production. Thanks!

Approved at prod.

Verified these changes in my Firefox Nightly and Release profiles. Thanks!

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: