Closed Bug 2022912 Opened 3 months ago Closed 3 months ago

CCADB entries generated 2026-03-12T17:02:14Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ccadb2onercl, Assigned: bwilson)

Details

Attachments

(3 files)

Line delimited issuer/serial pairs
900 bytes, text/plain
Details
The additions to OneCRL proposed by this bug.
2.86 KB, text/plain
Details
Entries with their names decoded to plain text and hexadecimal serials/hashes.
2.04 KB, text/plain
Details

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Using the Decode OneCRL Entries program, I've verified the issuer-serial pairs as follows:
issuer: /C=CN/O=UniTrust/CN=UniTrust Global TLS RSA Root CA R1 serial: 473ed069405c461d3fc9cd812e9220e9
issuer: /C=CN/O=UniTrust/CN=UniTrust Global TLS ECC Root CA R2 serial: 5fe08ee145771c42c9add82839eaa83e
issuer: /C=CN/O=UniTrust/CN=UniTrust Global TLS ECC Root CA R2 serial: 4127acca112c804249ef2b4fd06af0e3
issuer: /C=CN/O=UniTrust/CN=UniTrust Global TLS RSA Root CA R1 serial: 2b00373c198a3e45d360c6e2c3f37ed9
issuer: /C=CN/O=UniTrust/CN=UniTrust Global TLS ECC Root CA R2 serial: 7753cb808ba3bcc0d952ef0248df29d7
issuer: /C=CN/O=UniTrust/CN=UniTrust Global TLS RSA Root CA R1 serial: 6a5ef7e55be2507e107547b24fdc4350

These are the correct entries to add to OneCRL.
Ready for review/approval at Kinto Staging.

Assignee: nobody → bwilson
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

Approved in stage. compare.py output:

[14:24:40] Stage-Stage: 1799 Stage-Preview: 1799 Stage-Published: 1799                                                                                                                                                                                           compare.py:67
[14:24:41] Prod-Stage: 1799 Prod-Preview: 1799 Prod-Published: 1793                                                                                                                                                                                              compare.py:75
           Verifying stage against preview                                                                                                                                                                                                                       compare.py:82
           prod/security-state-staging (1799) and prod/security-state-preview (1799) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-staging (1799) and prod/security-state-staging (1799) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-staging (1799) and prod/security-state-preview (1799) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-preview (1799) and prod/security-state-staging (1799) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-preview (1799) and prod/security-state-preview (1799) are equivalent                                                                                                                                                              compare.py:87
           prod/security-state-staging (1799) and prod/security-state-preview (1799) are equivalent                                                                                                                                                              compare.py:87
           No changes are waiting in staging                                                                                                                                                                                                                     compare.py:90
           There are 6 changes waiting in production. Adding:                                                                                                                                                                                                    compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2022912', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'ME0xCzAJBgNVBAYTAkNOMREwDwYDVQQKEwhVbmlUcnVzdDErMCkGA1UEAxMiVW5pVHJ1c3QgR2xvYmFsIFRMUyBSU0EgUm9vdCBDQSBSMQ==',
    'serialNumber': 'al735VviUH4QdUeyT9xDUA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2022912', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'ME0xCzAJBgNVBAYTAkNOMREwDwYDVQQKEwhVbmlUcnVzdDErMCkGA1UEAxMiVW5pVHJ1c3QgR2xvYmFsIFRMUyBFQ0MgUm9vdCBDQSBSMg==',
    'serialNumber': 'd1PLgIujvMDZUu8CSN8p1w=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2022912', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'ME0xCzAJBgNVBAYTAkNOMREwDwYDVQQKEwhVbmlUcnVzdDErMCkGA1UEAxMiVW5pVHJ1c3QgR2xvYmFsIFRMUyBSU0EgUm9vdCBDQSBSMQ==',
    'serialNumber': 'KwA3PBmKPkXTYMbiw/N+2Q=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2022912', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'ME0xCzAJBgNVBAYTAkNOMREwDwYDVQQKEwhVbmlUcnVzdDErMCkGA1UEAxMiVW5pVHJ1c3QgR2xvYmFsIFRMUyBFQ0MgUm9vdCBDQSBSMg==',
    'serialNumber': 'QSesyhEsgEJJ7ytP0Grw4w=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2022912', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'ME0xCzAJBgNVBAYTAkNOMREwDwYDVQQKEwhVbmlUcnVzdDErMCkGA1UEAxMiVW5pVHJ1c3QgR2xvYmFsIFRMUyBFQ0MgUm9vdCBDQSBSMg==',
    'serialNumber': 'X+CO4UV3HELJrdgoOeqoPg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=2022912', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'ME0xCzAJBgNVBAYTAkNOMREwDwYDVQQKEwhVbmlUcnVzdDErMCkGA1UEAxMiVW5pVHJ1c3QgR2xvYmFsIFRMUyBSU0EgUm9vdCBDQSBSMQ==',
    'serialNumber': 'Rz7QaUBcRh0/yc2BLpIg6Q=='
}
           Staging is updated, and production changes are waiting, so Firefox can use                                                                                                                                                                           compare.py:110
           Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)
           and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test
           OneCRL.
Flags: needinfo?(dkeeler)

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=2022912

These 6 additions to OneCRL all appear to be correct. Please proceed with moving these changes into Production.

Flags: needinfo?(dkeeler)

Approved in prod.

Flags: needinfo?(dkeeler)

These are in my Firefox profiles, so this can be closed.

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: