Closed
Bug 1773371
Opened 2 years ago
Closed 2 years ago
Enforce CRLite revoked status when OCSP confirmation fails
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
103 Branch
Tracking | Status | |
---|---|---|
firefox103 | --- | fixed |
People
(Reporter: jschanck, Assigned: jschanck)
Details
Attachments
(1 file)
CRLite is currently deployed in "check revocations" mode on nightly and early beta (Bug 1753071). This mode overrides CRLite "revoked" responses when OCSP returns "not revoked". For the initial deployment we have retained the fail-open behavior of OCSP, meaning that CRLite "revoked" responses are discarded when the OCSP responder is offline, etc. Now that we have more confidence in CRLite, we should fail closed.
Assignee | ||
Comment 1•2 years ago
|
||
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9d9edda47a3a Enforce CRLite revoked status when OCSP confirmation fails. r=keeler
Comment 3•2 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox103:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 103 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•