Closed Bug 1797566 Opened 2 years ago Closed 2 years ago

CCADB entries generated 2022-10-26T17:01:00Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ccadb2onercl, Unassigned)

Details

Attachments

(3 files)

Line delimited issuer/serial pairs
1.82 KB, text/plain
Details
The additions to OneCRL proposed by this bug.
5.46 KB, text/plain
Details
Entries with their names decoded to plain text and hexadecimal serials/hashes.
4.07 KB, text/plain
Details

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

These are the correct entries to add to OneCRL.
We do not need to run TLS Canary on this batch of changes.

Ready for review/approval at Kinto Staging.

Flags: needinfo?(dkeeler)

Approved at staging. onecrl-entry-checker output:

[15:24:51] Stage-Stage: 1490 Stage-Preview: 1490 Stage-Published: 1490                                                                                                                                                                                             compare.py:67
           Prod-Stage: 1490 Prod-Preview: 1490 Prod-Published: 1479                                                                                                                                                                                                compare.py:75
           Verifying stage against preview                                                                                                                                                                                                                         compare.py:82
           stage/security-state-staging (1490) and stage/security-state-preview (1490) are equivalent                                                                                                                                                              compare.py:87
           stage/security-state-staging (1490) and prod/security-state-staging (1490) are equivalent                                                                                                                                                               compare.py:87
[15:24:52] stage/security-state-staging (1490) and prod/security-state-preview (1490) are equivalent                                                                                                                                                               compare.py:87
           stage/security-state-preview (1490) and prod/security-state-staging (1490) are equivalent                                                                                                                                                               compare.py:87
           stage/security-state-preview (1490) and prod/security-state-preview (1490) are equivalent                                                                                                                                                               compare.py:87
           prod/security-state-staging (1490) and prod/security-state-preview (1490) are equivalent                                                                                                                                                                compare.py:87
           No changes are waiting in staging                                                                                                                                                                                                                       compare.py:90
           There are 11 changes waiting in production. Adding:                                                                                                                                                                                                     compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0E=',
    'serialNumber': 'BDg2SqweGZEe3TK+yl8pgw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGExCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0Ex',
    'serialNumber': 'AQAAPggPTZo3'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGExCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0Ex',
    'serialNumber': 'AQAART30i+dG'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGExCzAJBgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0Ex',
    'serialNumber': 'AQAARzAgXda7'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0E=',
    'serialNumber': 'BJs5bzwFPCdTNiFgnspdPw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENB',
    'serialNumber': 'Bg1bPA4gYzI0+zXlAjzBaA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQQ==',
    'serialNumber': 'DFWl6NPPT7NZ8Asrci/u+Q=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENB',
    'serialNumber': 'A88eZXjGXrL3zaF3t/3DZQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEcxCzAJBgNVBAYTAkhLMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMQ==',
    'serialNumber': 'Wjs+TxAJkGNaRsp4NJA1o5GwjfI='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENB',
    'serialNumber': 'DaLXyI4fEuNfySxqGup6Yg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1797566', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'ME0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjElMCMGA1UEAxMcRGlnaUNlcnQgVExTIFJTQTQwOTYgUm9vdCBHNQ==',
    'serialNumber': 'AtNop7tpO9uOIlnnWF07FQ=='
}
           Staging is updated, and production changes are waiting, so Firefox can use                                                                                                                                                                             compare.py:110
           Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)                                                                                                                                                                            
           and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test                                                                                                                                                                             
           OneCRL.
Flags: needinfo?(dkeeler)

Looks correct. Please proceed with approving the changes at Kinto Production. Thanks!

Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1797566

Approved in production.

Flags: needinfo?(dkeeler)

Verified these changes in my Firefox Release profile.

Thanks!

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: