Closed Bug 1854222 Opened 9 months ago Closed 8 months ago

CCADB entries generated 2023-09-20T18:04:55Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ccadb2onercl, Unassigned)

Details

Attachments

(3 files)

Line delimited issuer/serial pairs
3.07 KB, text/plain
Details
The additions to OneCRL proposed by this bug.
8.69 KB, text/plain
Details
Entries with their names decoded to plain text and hexadecimal serials/hashes.
6.66 KB, text/plain
Details

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

These are the correct entries to add to OneCRL.
We do not need to run TLS Canary on this batch of changes.
Dana, Please:
Approve at Kinto Staging.
Use remote-settings-devtools in a development profile to confirm the OneCRL data in Staging Nightly is as intended. (It may take a while for the changes to show up.)
Run the onecrl-entry-checker tool and attach the output to this bug.
Thanks,
Ben

Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1854222

Approved on staging.

[14:36:44] Stage-Stage: 1579 Stage-Preview: 1579 Stage-Published: 1579                                                                                                                                                                                             compare.py:67
[14:36:46] Prod-Stage: 1579 Prod-Preview: 1579 Prod-Published: 1562                                                                                                                                                                                                compare.py:75
           Verifying stage against preview                                                                                                                                                                                                                         compare.py:82
           prod/security-state-staging (1579) and prod/security-state-preview (1579) are equivalent                                                                                                                                                                compare.py:87
           prod/security-state-staging (1579) and prod/security-state-staging (1579) are equivalent                                                                                                                                                                compare.py:87
           prod/security-state-staging (1579) and prod/security-state-preview (1579) are equivalent                                                                                                                                                                compare.py:87
           prod/security-state-preview (1579) and prod/security-state-staging (1579) are equivalent                                                                                                                                                                compare.py:87
           prod/security-state-preview (1579) and prod/security-state-preview (1579) are equivalent                                                                                                                                                                compare.py:87
           prod/security-state-staging (1579) and prod/security-state-preview (1579) are equivalent                                                                                                                                                                compare.py:87
           No changes are waiting in staging                                                                                                                                                                                                                       compare.py:90
           There are 17 changes waiting in production. Adding:                                                                                                                                                                                                     compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzI=',
    'serialNumber': 'AIEIODzAB3XEDG1za+Mwiw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'AJBuE8344SrHVZEVqVicPc0='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'ZVQgp61GpFI5YQ4bRYdLwQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'JGSVSBLLB3o3k9sPvSI4mw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'WAE9mhEYoCYAhMiVAzSf2w=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'IyygpSElAUZRSSMeuADPTQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFQxCzAJBgNVBAYTAkNOMSYwJAYDVQQKDB1CRUlKSU5HIENFUlRJRklDQVRFIEFVVEhPUklUWTEdMBsGA1UEAwwUQkpDQSBHbG9iYWwgUm9vdCBDQTI=',
    'serialNumber': 'TpwBfSjFJUcBb/KpgVpdYQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'AIyKF6j474AWe01PLn9A6I8='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'Bw1L/czFd0GTl4v2bxUqqw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzI=',
    'serialNumber': 'APodqurJs6X6V5gLmXTaMQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'AO9kCADxUMyMns2lqg7Meks='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjg=',
    'serialNumber': 'JvosL2pTlZtYGv5T23DhhQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEcxCzAJBgNVBAYTAlVTMSIwIAYDVQQKExlHb29nbGUgVHJ1c3QgU2VydmljZXMgTExDMRQwEgYDVQQDEwtHVFMgUm9vdCBSMg==',
    'serialNumber': 'AhnBWsAlobClwdnVAQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEcxCzAJBgNVBAYTAlVTMSIwIAYDVQQKExlHb29nbGUgVHJ1c3QgU2VydmljZXMgTExDMRQwEgYDVQQDEwtHVFMgUm9vdCBSMw==',
    'serialNumber': 'AhZo2NZbxDIOW45edg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0E=',
    'serialNumber': 'QAE0sQ0AAAAAAAAMzpf7sg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAfBgNVBAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMg==',
    'serialNumber': 'a8MYySrNF2PrQchvr0f3'
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFAxJDAiBgNVBAsTG0dsb2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNDETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbg==',
    'serialNumber': 'AhZo8c0KKo+EfYqtNA=='
}
[14:36:47] Staging is updated, and production changes are waiting, so Firefox can use                                                                                                                                                                             compare.py:110
           Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)
           and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test
           OneCRL.
Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1854222

I have compared the output in Comment #6 with the attachment "The additions to OneCRL proposed by this bug" and they are consistent. Please proceed with approving the changes in Kinto Production.

Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1854222

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1854222

Approved in production.

Flags: needinfo?(dkeeler)

I verified that these changes are in my Firefox Nightly and Release profiles.

Status: UNCONFIRMED → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: