Closed
Bug 969048
Opened 11 years ago
Closed 11 years ago
Adjust OCSP stapling telemetry for insanity::pkix
Categories
(Core :: Security: PSM, defect, P3)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: briansmith, Assigned: keeler)
References
Details
Attachments
(1 file, 1 obsolete file)
5.57 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
The way OCSP stapling telemetry is collected currently is specific to the way that the NSS validation works in that it checks the return value of CERT_CacheOCSPResponseFromSideChannel. The call to CERT_CacheOCSPResponseFromSideChannel is irrelevant to insanity::pkix and it should be removed. More importantly, we need to count OCSP-stapling-related errors based on either the result of CertVerifier::VerifyCert or some other way, so we know if there are any OCSP(-stapling)-related problem with insanity::pkix.
Reporter | ||
Updated•11 years ago
|
Assignee: nobody → dkeeler
Reporter | ||
Updated•11 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Updated•11 years ago
|
No longer blocks: mozilla::pkix
Reporter | ||
Updated•11 years ago
|
Blocks: mozilla::pkix-beta
Reporter | ||
Updated•11 years ago
|
Priority: -- → P3
Assignee | ||
Comment 1•11 years ago
|
||
The changes to SSLServerCertVerification.cpp are most clear when looked at with 'diff -w' (I can attach a patch generated like that if need be).
Attachment #8382610 -
Flags: review?(brian)
Assignee | ||
Updated•11 years ago
|
Attachment #8382610 -
Flags: review?(cviecco)
Reporter | ||
Updated•11 years ago
|
Attachment #8382610 -
Flags: review?(brian) → review+
Comment 2•11 years ago
|
||
Comment on attachment 8382610 [details] [diff] [review] patch Review of attachment 8382610 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/certverifier/NSSCertDBTrustDomain.cpp @@ +177,5 @@ > SECStatus rv = VerifyEncodedOCSPResponse(*this, cert, issuerCert, time, > stapledOCSPResponse, &validUntil); > if (rv == SECSuccess) { > + // stapled OCSP response present and good > + Telemetry::Accumulate(Telemetry::SSL_OCSP_STAPLING, 1); Wow telemetry is now thread safe. Pinning telemetry then will be really easy!
Attachment #8382610 -
Flags: review?(cviecco) → review+
Assignee | ||
Comment 3•11 years ago
|
||
rebased, carrying over r+s, inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/21ad5a221382
Attachment #8382610 -
Attachment is obsolete: true
Attachment #8390610 -
Flags: review+
Comment 4•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/21ad5a221382
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•