If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

key update url should point to sb-ssl.google.com

VERIFIED FIXED

Status

()

Toolkit
Safe Browsing
VERIFIED FIXED
11 years ago
3 years ago

People

(Reporter: Tony Chang (Google), Assigned: Tony Chang (Google))

Tracking

({verified1.8.1})

Trunk
verified1.8.1
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

11 years ago
We want to separate the expensive ssl getkey request from the rest of the traffic generated by the phishing service (it makes it easier to load balance) before the final release.  This is a single URL change in the default prefs file.

Unfortunately, I can't submit the change now because we don't have the domain set up yet.  We'll try to get it live before the RC2 freeze.
(Assignee)

Updated

11 years ago
Flags: blocking-firefox2?
(Assignee)

Comment 1

11 years ago
Created attachment 240227 [details] [diff] [review]
www.google.com -> sb-ssl.google.com

Comment 2

11 years ago
Tony,

We can't ship FF2RC2 with a broken anti-phishing.  So once you've confirmed the domain is ready - we'll take this patch.  If you can't have it ready in time we'll  have to ship as is.

Comment 3

11 years ago
Note - if we miss the 2.0 window we can make this change with 2.0.0.1.  Also - with other URLs we've tended to put re-directs in place prior to the servers being ready.  So if that is an option for you (redirect sb-ssl.google->www.google until sb-ssl is ready).
Flags: blocking-firefox2? → blocking-firefox2-
(Assignee)

Comment 4

11 years ago
(In reply to comment #3)
> Note - if we miss the 2.0 window we can make this change with 2.0.0.1.  Also -
> with other URLs we've tended to put re-directs in place prior to the servers
> being ready.  So if that is an option for you (redirect
> sb-ssl.google->www.google until sb-ssl is ready).

Yup, that's what we're trying to do.  I'll re-nominate once it's up and running.
(Assignee)

Comment 5

11 years ago
Comment on attachment 240227 [details] [diff] [review]
www.google.com -> sb-ssl.google.com

This is live now.
Attachment #240227 - Flags: review?(mconnor)
Attachment #240227 - Flags: approval1.8.1?
(Assignee)

Updated

11 years ago
Flags: blocking-firefox2- → blocking-firefox2?
Comment on attachment 240227 [details] [diff] [review]
www.google.com -> sb-ssl.google.com

r+a=beltzner on behalf of drivers, please get this landed in time to get wide testing in tomorrow's nightly build so we can have some in-field testing before the RC2 cutoff.
Attachment #240227 - Flags: review?(mconnor)
Attachment #240227 - Flags: review+
Attachment #240227 - Flags: approval1.8.1?
Attachment #240227 - Flags: approval1.8.1+
21:31 < tony> gar, ssl cert error. I thought we had fixed that.  Holding off until I figure out what's going on.

Consider the a+ to be conditional on "figuring out what's going on" ;) Glad to see that you're testing it!
(Assignee)

Comment 8

11 years ago
The ssl cert change was pushed early this afternoon.  However, there may be some issues with DNS caches causing some people to see a cert error until 24 hours after the change was pushed.

Going to go ahead and submit now so people can test, but with a caveat that there may be cert warnings.  (This is actually my fault for not having fixed bug 345124.)
(Assignee)

Comment 9

11 years ago
on branch and trunk

Checking in firefox.js;
/cvsroot/mozilla/browser/app/profile/firefox.js,v  <--  firefox.js
new revision: 1.71.2.76; previous revision: 1.71.2.75

Checking in firefox.js;
/cvsroot/mozilla/browser/app/profile/firefox.js,v  <--  firefox.js
new revision: 1.163; previous revision: 1.162
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED
(Assignee)

Comment 10

11 years ago
From a colo in Florida:
 ~ >openssl s_client -connect sb-ssl.google.com:443
...a bunch of spew...
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/OU=Terms of use at www.verisign.com/rpa (c)06/CN=*.google.com        
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA

The key part being the *.google.com.

Comment 11

11 years ago
Verified fix in "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061003 BonEcho/2.0"
Status: RESOLVED → VERIFIED
verified 1.8.1 per comment 11
Keywords: fixed1.8.1 → verified1.8.1

Updated

11 years ago
Flags: blocking-firefox2?
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.