Closed Bug 2004418 Opened 6 months ago Closed 6 months ago

CCADB entries generated 2025-12-05T17:00:40Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ccadb2onercl, Assigned: bwilson)

Details

Attachments

(3 files)

Line delimited issuer/serial pairs
3.09 KB, text/plain
Details
The additions to OneCRL proposed by this bug.
8.37 KB, text/plain
Details
Entries with their names decoded to plain text and hexadecimal serials/hashes.
6.56 KB, text/plain
Details

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

Assignee: nobody → bwilson
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Here are the correct decoded entries to be added to OneCRL.
They are ready for review/approval at Kinto Staging.

issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority serial: 77cd2639de526c7f45e70d916aabe746
issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority serial: 00e8ae4fcdb1f3c1f14675d2539aeeb027
issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority serial: 0ba2d01dcbcb7776e8ac65097ac12541
issuer: /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA serial: 6c718aa1d684eca6
issuer: /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA serial: 4988021fa535f86a
issuer: /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA serial: 4981a6e353cfdaa5
issuer: /C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS ECC Root 2020 serial: 1fb28de1bc2ab67d217a82d01fe2247e
issuer: /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2 serial: 2aced5f91c42f2bf918b5b8093a8c024
issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority serial: 5b25ce6907c4265566d3390c99a954ad
issuer: /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA serial: 6720efb9b071e75b
issuer: /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2 serial: 0d0842db796ec39957e1c15ed8c783c7
issuer: /O=TeliaSonera/CN=TeliaSonera Root CA v1 serial: 4c462af6dbfbf7804f84c17cfea972b6
issuer: /C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS RSA Root 2023 serial: 12886f0045af0d4a4f066ce9ac25e000
issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority serial: 00dfb244e965a0402aaa0e06e9a1dd164f
issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority serial: 009159379e9e9bb1d981c90b89f69ab93a
issuer: /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA serial: 241c170b2464e018

Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2004418

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2004418

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2004418

Approved in stage.

% python compare.py
[16:23:02] Stage-Stage: 1749 Stage-Preview: 1749 Stage-Published: 1749                                                                                                                                                                                           compare.py:67
[16:23:04] Prod-Stage: 1749 Prod-Preview: 1749 Prod-Published: 1733                                                                                                                                                                                              compare.py:75
           Verifying stage against preview                                                                                                                                                                                                                       compare.py:82
           prod/security-state-staging (1749) and prod/security-state-preview (1749) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-staging (1749) and prod/security-state-staging (1749) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-staging (1749) and prod/security-state-preview (1749) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-preview (1749) and prod/security-state-staging (1749) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-preview (1749) and prod/security-state-preview (1749) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-staging (1749) and prod/security-state-preview (1749) are equivalent                                                                                                                                                              compare.py:87
           No changes are waiting in staging                                                                                                                                                                                                                     compare.py:90
           There are 16 changes waiting in production. Adding:                                                                                                                                                                                                   compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'JBwXCyRk4Bg='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'AJFZN56em7HZgckLifaauTo='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'AN+yROlloEAqqg4G6aHdFk8='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGMxCzAJBgNVBAYTAkRFMScwJQYDVQQKDB5EZXV0c2NoZSBUZWxla29tIFNlY3VyaXR5IEdtYkgxKzApBgNVBAMMIlRlbGVrb20gU2VjdXJpdHkgVExTIFJTQSBSb290IDIwMjM=',
    'serialNumber': 'EohvAEWvDUpPBmzprCXgAA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MDcxFDASBgNVBAoMC1RlbGlhU29uZXJhMR8wHQYDVQQDDBZUZWxpYVNvbmVyYSBSb290IENBIHYx',
    'serialNumber': 'TEYq9tv794BPhMF8/qlytg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGCMQswCQYDVQQGEwJERTErMCkGA1UECgwiVC1TeXN0ZW1zIEVudGVycHJpc2UgU2VydmljZXMgR21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjElMCMGA1UEAwwcVC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMg==',
    'serialNumber': 'DQhC23luw5lX4cFe2MeDxw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'ZyDvubBx51s='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'WyXOaQfEJlVm0zkMmalUrQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGCMQswCQYDVQQGEwJERTErMCkGA1UECgwiVC1TeXN0ZW1zIEVudGVycHJpc2UgU2VydmljZXMgR21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjElMCMGA1UEAwwcVC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMg==',
    'serialNumber': 'Ks7V+RxC8r+Ri1uAk6jAJA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGMxCzAJBgNVBAYTAkRFMScwJQYDVQQKDB5EZXV0c2NoZSBUZWxla29tIFNlY3VyaXR5IEdtYkgxKzApBgNVBAMMIlRlbGVrb20gU2VjdXJpdHkgVExTIEVDQyBSb290IDIwMjA=',
    'serialNumber': 'H7KN4bwqtn0heoLQH+Ikfg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'SYGm41PP2qU='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'SYgCH6U1+Go='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGsxCzAJBgNVBAYTAklUMQ4wDAYDVQQHDAVNaWxhbjEjMCEGA1UECgwaQWN0YWxpcyBTLnAuQS4vMDMzNTg1MjA5NjcxJzAlBgNVBAMMHkFjdGFsaXMgQXV0aGVudGljYXRpb24gUm9vdCBDQQ==',
    'serialNumber': 'bHGKodaE7KY='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'C6LQHcvLd3borGUJesElQQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'AOiuT82x88HxRnXSU5rusCc='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2004418', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
    'serialNumber': 'd80mOd5SbH9F5w2RaqvnRg=='
}
           Staging is updated, and production changes are waiting, so Firefox can use                                                                                                                                                                           compare.py:110
           Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)
           and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test
           OneCRL.
Flags: needinfo?(dkeeler)

These 16 additions to OneCRL all appear to be correct. Please proceed with approving the changes at Kinto Production.

Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2004418

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2004418

Approved in prod.

Flags: needinfo?(dkeeler)

Closing - I confirm that these are in my Firefox profiles.

Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: