Closed Bug 1884400 Opened 3 months ago Closed 3 months ago

CCADB entries generated 2024-03-08T17:01:00Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ccadb2onercl, Assigned: bwilson)

Details

Attachments

(3 files)

Line delimited issuer/serial pairs
714 bytes, text/plain
Details
The additions to OneCRL proposed by this bug.
2.35 KB, text/plain
Details
Entries with their names decoded to plain text and hexadecimal serials/hashes.
1.67 KB, text/plain
Details

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

Assignee: nobody → bwilson
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1884400

Hi John,
These are the correct entries to add to OneCRL.
We do not need to run TLS Canary on this batch of changes.
Approve at Kinto Staging.
Use remote-settings-devtools in a development profile to confirm the OneCRL data in Staging Nightly is as intended. (It may take a while for the changes to show up.)
Run the onecrl-entry-checker tool and attach the output to this bug
I'll then take a look at everything using onecrl-entry-checker, and then we can move these changes into production, and then I'll check my Nightly/Beta profile using the cert-storage-inspector tool.
Let me know if you need me to do anything.
Thanks,
Ben

Flags: needinfo?(jschanck)
[18:35:51] Stage-Stage: 1608 Stage-Preview: 1608 Stage-Published: 1608                                                                                                                                                            compare.py:67
[18:35:53] Prod-Stage: 1608 Prod-Preview: 1608 Prod-Published: 1603                                                                                                                                                               compare.py:75
           Verifying stage against preview                                                                                                                                                                                        compare.py:82
           prod/security-state-staging (1608) and prod/security-state-preview (1608) are equivalent                                                                                                                               compare.py:87
           prod/security-state-staging (1608) and prod/security-state-staging (1608) are equivalent                                                                                                                               compare.py:87
           prod/security-state-staging (1608) and prod/security-state-preview (1608) are equivalent                                                                                                                               compare.py:87
           prod/security-state-preview (1608) and prod/security-state-staging (1608) are equivalent                                                                                                                               compare.py:87
[18:35:54] prod/security-state-preview (1608) and prod/security-state-preview (1608) are equivalent                                                                                                                               compare.py:87
           prod/security-state-staging (1608) and prod/security-state-preview (1608) are equivalent                                                                                                                               compare.py:87
           No changes are waiting in staging                                                                                                                                                                                      compare.py:90
           There are 5 changes waiting in production. Adding:                                                                                                                                                                     compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1884400', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEMxCzAJBgNVBAYTAkNOMRwwGgYDVQQKExNpVHJ1c0NoaW5hIENvLixMdGQuMRYwFAYDVQQDEw12VHJ1cyBSb290IENB',
    'serialNumber': 'VmPk4uhKrU+Ar6D+FKt4T+wADJs='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1884400', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEMxCzAJBgNVBAYTAkNOMRwwGgYDVQQKExNpVHJ1c0NoaW5hIENvLixMdGQuMRYwFAYDVQQDEw12VHJ1cyBSb290IENB',
    'serialNumber': 'H6Q9cmNee/OBNe7znM/J3cNHeYY='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1884400', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEoxCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxJzAlBgNVBAMTHklkZW5UcnVzdCBDb21tZXJjaWFsIFJvb3QgQ0EgMQ==',
    'serialNumber': 'fgr3g+MTaN10FgQg4sbqcA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1884400', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEcxCzAJBgNVBAYTAkNOMRwwGgYDVQQKExNpVHJ1c0NoaW5hIENvLixMdGQuMRowGAYDVQQDExF2VHJ1cyBFQ0MgUm9vdCBDQQ==',
    'serialNumber': 'baFk8S+rVizrFzxGvKqfqQvu0kY='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1884400', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEcxCzAJBgNVBAYTAkNOMRwwGgYDVQQKExNpVHJ1c0NoaW5hIENvLixMdGQuMRowGAYDVQQDExF2VHJ1cyBFQ0MgUm9vdCBDQQ==',
    'serialNumber': 'F7oJqB+ONoNowl5eHOOl8oSDne0='
}
           Staging is updated, and production changes are waiting, so Firefox can use                                                                                                                                            compare.py:110
           Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)
           and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test
           OneCRL.
Flags: needinfo?(jschanck)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1884400

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1884400

The additions listed in Comment #6 appear to be correct. Please proceed with approving the changes in Kinto Production.
Thanks,
Ben

Flags: needinfo?(jschanck)

Changes approved in prod.

Flags: needinfo?(jschanck)

Changes appear in Nightly and Beta Firefox profiles and at https://crt.sh/mozilla-onecrl.

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: