Closed Bug 1605273 Opened 5 years ago Closed 4 years ago

Only run CRLite on certificates with a CT SCT available

Categories

(Core :: Security: PSM, enhancement, P2)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
83 Branch
Tracking Flags:
Tracking Status
firefox83 --- fixed

People

(Reporter: jcj, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-backlog])

Attachments

(1 file)

Bug 1605273 - only run CRLite on certificates with a CT SCT available r?jcj
(deleted), text/x-phabricator-request
Details

Technically, only certificates that have been documented as being disclosed to Certificate Transparency are eligible for CRLite. Those which haven't could prompt a false-positive or a false-negative result.

This is probably best done by checking for the existence of a CT SCT, either embedded in the certificate or delivered via one of the other approved mechanisms.

The validity of the SCT should not need to be analyzed for this scenario; that there was theoretical disclosure should be enough. If the certificate was not truly disclosed, the potential for error is limited to only that one host, and future efforts for validating SCTs would improve the situation.

I'm not sure I agree. Presumably we're only enabling CRLite for issuers that we know are disclosing everything via CT, so it should already be the case that we won't have false results for certificates issued by those issuers. Maybe we should gather some telemetry to validate this assumption? (as in, do we see certificates for issuers enabled for CRLite that don't have SCTs?) (although, not having an SCT doesn't mean a certificate wasn't disclosed, so I'm not sure that would even be meaningful)

Flags: needinfo?(jjones)

A SCT also gives an externally-relevant timestamp for deciding whether a certificate would be included in a filter. notBefore dates are a gross approximation.

Flags: needinfo?(jjones)
Priority: -- → P2
Whiteboard: [psm-backlog]

Because CAs can back-date a certificate (i.e. set the "notBefore" field to
earlier than when a certificate actually existed), the "notBefore" field can't
be relied on when determining when CRLite information is recent enough to check
a certificate with. To that end, this patch instead uses the earliest timestamp
from the embedded SCTs in the certificate being checked.

Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/22753d184de6
only run CRLite on certificates with a CT SCT available r=jcj

Backed out 2 changesets (bug 1666567, bug 1605273) for test_crlite_filters.js.

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&group_state=expanded&searchStr=android%2C7.0%2Cx86-64%2Copt%2Cxpcshell%2Ctests%2Ctest-android-em-7.0-x86_64%2Fopt-geckoview-xpcshell-e10s%2Cx2&selectedTaskRun=PgKM8jjdTuqcoMgFxof_Lw.0&fromchange=6537439bb7895ab775685f15755aa7c03447a63d&tochange=f651f595aa7fd2f245faaa05761f3acb508c8376

Backout link: https://hg.mozilla.org/integration/autoland/rev/f651f595aa7fd2f245faaa05761f3acb508c8376

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=316555145&repo=autoland&lineNumber=1854

[task 2020-09-24T03:33:49.559Z] 03:33:49     INFO -  TEST-START | security/manager/ssl/tests/unit/test_crlite_filters.js
[task 2020-09-24T03:33:50.582Z] 03:33:50  WARNING -  TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_crlite_filters.js | xpcshell return code: 0
[task 2020-09-24T03:33:50.582Z] 03:33:50     INFO -  TEST-INFO took 1021ms
[task 2020-09-24T03:33:50.582Z] 03:33:50     INFO -  >>>>>>>
[task 2020-09-24T03:33:50.582Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | xpcw: cd /data/local/tmp/test_root/xpc/security/manager/ssl/tests/unit
[task 2020-09-24T03:33:50.583Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | xpcw: xpcshell --greomni /data/local/tmp/test_root/xpcb/geckoview-androidTest.apk -m -e const _HEAD_JS_PATH = "/data/local/tmp/test_root/xpc/head.js"; -e const _MOZINFO_JS_PATH = "/data/local/tmp/test_root/xpc/p/mozinfo.json"; -e const _PREFS_FILE = "/data/local/tmp/test_root/xpc/user.js"; -e const _TESTING_MODULES_DIR = "/data/local/tmp/test_root/xpc/m"; -f /data/local/tmp/test_root/xpc/head.js -e const _HEAD_FILES = ["/data/local/tmp/test_root/xpc/security/manager/ssl/tests/unit/head_psm.js"]; -e const _JSDEBUGGER_PORT = 0; -e const _TEST_FILE = ["test_crlite_filters.js"]; -e const _TEST_NAME = "security/manager/ssl/tests/unit/test_crlite_filters.js"; -e _execute_test(); quit(0);
[task 2020-09-24T03:33:50.583Z] 03:33:50     INFO -  (xpcshell/head.js) | test MAIN run_test pending (1)
[task 2020-09-24T03:33:50.583Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 0 pending (2)
[task 2020-09-24T03:33:50.583Z] 03:33:50     INFO -  (xpcshell/head.js) | test MAIN run_test finished (2)
[task 2020-09-24T03:33:50.583Z] 03:33:50     INFO -  running event loop
[task 2020-09-24T03:33:50.583Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Starting test_crlite_filters_disabled
[task 2020-09-24T03:33:50.584Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_filters_disabled pending (2)
[task 2020-09-24T03:33:50.584Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 0 finished (2)
[task 2020-09-24T03:33:50.584Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.584Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   CRLite filter downloading is disabled
[task 2020-09-24T03:33:50.584Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.584Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   onObservePollEnd null remote-settings:changes-poll-end
[task 2020-09-24T03:33:50.584Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.585Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Intermediate Preloading is disabled
[task 2020-09-24T03:33:50.585Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_disabled - [test_crlite_filters_disabled : 108] CRLite filter download should not have run - "disabled" == "disabled"
[task 2020-09-24T03:33:50.585Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 1 pending (2)
[task 2020-09-24T03:33:50.585Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_filters_disabled finished (2)
[task 2020-09-24T03:33:50.585Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Starting test_crlite_no_filters
[task 2020-09-24T03:33:50.585Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_no_filters pending (2)
[task 2020-09-24T03:33:50.586Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 1 finished (2)
[task 2020-09-24T03:33:50.586Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.586Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   onObservePollEnd null remote-settings:changes-poll-end
[task 2020-09-24T03:33:50.586Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.586Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Intermediate Preloading is disabled
[task 2020-09-24T03:33:50.586Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.587Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   no full CRLite filters to download?
[task 2020-09-24T03:33:50.587Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_no_filters - [test_crlite_no_filters : 120] CRLite filter download should have run, but nothing was available - "unavailable" == "unavailable"
[task 2020-09-24T03:33:50.587Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 2 pending (2)
[task 2020-09-24T03:33:50.587Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_no_filters finished (2)
[task 2020-09-24T03:33:50.587Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Starting test_crlite_only_incremental_filters
[task 2020-09-24T03:33:50.587Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_only_incremental_filters pending (2)
[task 2020-09-24T03:33:50.587Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 2 finished (2)
[task 2020-09-24T03:33:50.588Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.588Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   onObservePollEnd null remote-settings:changes-poll-end
[task 2020-09-24T03:33:50.588Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.588Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Intermediate Preloading is disabled
[task 2020-09-24T03:33:50.588Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.588Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   no full CRLite filters to download?
[task 2020-09-24T03:33:50.589Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_only_incremental_filters - [test_crlite_only_incremental_filters : 155] CRLite filter download should have run, but no full filters were available - "unavailable" == "unavailable"
[task 2020-09-24T03:33:50.589Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 3 pending (2)
[task 2020-09-24T03:33:50.589Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_only_incremental_filters finished (2)
[task 2020-09-24T03:33:50.589Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Starting test_crlite_incremental_filters_with_wrong_parent
[task 2020-09-24T03:33:50.589Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_incremental_filters_with_wrong_parent pending (2)
[task 2020-09-24T03:33:50.589Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 3 finished (2)
[task 2020-09-24T03:33:50.590Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.590Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   onObservePollEnd null remote-settings:changes-poll-end
[task 2020-09-24T03:33:50.590Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.590Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Intermediate Preloading is disabled
[task 2020-09-24T03:33:50.590Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.590Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Array
[task 2020-09-24T03:33:50.591Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - 0 = {"details":{"name":"2019-01-01T00:00:00Z-full"},"attachment":{"hash":"243df0b7f2f55bfe3cefbba2d4be5eb7957c0a063559c9f284ca4c1ee4211eb5","size":15244,"filename":"test-filter.crlite","location":"security-state-workspace/cert-revocations/test_cert_storage_direct/test-filter.crlite","mimetype":"application/octet-stream"},"incremental":false,"effectiveTimestamp":1546300800000,"id":"0000"}
[task 2020-09-24T03:33:50.591Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - length = 1
[task 2020-09-24T03:33:50.591Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.591Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-01-01T00:00:00Z-full: 15244 bytes
[task 2020-09-24T03:33:50.591Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.591Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setting CRLite filter timestamp to 1546300800
[task 2020-09-24T03:33:50.592Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.592Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setFullCRLiteFilter: 0
[task 2020-09-24T03:33:50.592Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.592Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-01-01T06:00:00Z-diff: 64267 bytes
[task 2020-09-24T03:33:50.592Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.592Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   adding incremental update
[task 2020-09-24T03:33:50.592Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.592Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   addCRLiteStash: 0
[task 2020-09-24T03:33:50.593Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_incremental_filters_with_wrong_parent - [test_crlite_incremental_filters_with_wrong_parent : 192] CRLite filter download should have run - "finished" == "finished"
[task 2020-09-24T03:33:50.593Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_incremental_filters_with_wrong_parent - [test_crlite_incremental_filters_with_wrong_parent : 194] Should have downloaded the expected CRLite filters - ["2019-01-01T00:00:00Z-full","2019-01-01T06:00:00Z-diff"] deepEqual ["2019-01-01T00:00:00Z-full","2019-01-01T06:00:00Z-diff"]
[task 2020-09-24T03:33:50.593Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 4 pending (2)
[task 2020-09-24T03:33:50.593Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_incremental_filters_with_wrong_parent finished (2)
[task 2020-09-24T03:33:50.593Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Starting test_crlite_incremental_filter_too_early
[task 2020-09-24T03:33:50.594Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_incremental_filter_too_early pending (2)
[task 2020-09-24T03:33:50.594Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 4 finished (2)
[task 2020-09-24T03:33:50.594Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.594Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   onObservePollEnd null remote-settings:changes-poll-end
[task 2020-09-24T03:33:50.594Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.594Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Intermediate Preloading is disabled
[task 2020-09-24T03:33:50.594Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.595Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Array
[task 2020-09-24T03:33:50.595Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - 0 = {"details":{"name":"2019-01-02T00:00:00Z-full"},"attachment":{"hash":"243df0b7f2f55bfe3cefbba2d4be5eb7957c0a063559c9f284ca4c1ee4211eb5","size":15244,"filename":"test-filter.crlite","location":"security-state-workspace/cert-revocations/test_cert_storage_direct/test-filter.crlite","mimetype":"application/octet-stream"},"incremental":false,"effectiveTimestamp":1546387200000,"id":"0000"}
[task 2020-09-24T03:33:50.595Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - length = 1
[task 2020-09-24T03:33:50.595Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.595Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-01-02T00:00:00Z-full: 15244 bytes
[task 2020-09-24T03:33:50.596Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.596Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setting CRLite filter timestamp to 1546387200
[task 2020-09-24T03:33:50.596Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.596Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setFullCRLiteFilter: 0
[task 2020-09-24T03:33:50.596Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_incremental_filter_too_early - [test_crlite_incremental_filter_too_early : 218] CRLite filter download should have run - "finished;2019-01-02T00:00:00Z-full" == "finished;2019-01-02T00:00:00Z-full"
[task 2020-09-24T03:33:50.596Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 5 pending (2)
[task 2020-09-24T03:33:50.597Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_incremental_filter_too_early finished (2)
[task 2020-09-24T03:33:50.597Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Starting test_crlite_filters_basic
[task 2020-09-24T03:33:50.597Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_filters_basic pending (2)
[task 2020-09-24T03:33:50.597Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 5 finished (2)
[task 2020-09-24T03:33:50.597Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.597Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   onObservePollEnd null remote-settings:changes-poll-end
[task 2020-09-24T03:33:50.597Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.597Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Intermediate Preloading is disabled
[task 2020-09-24T03:33:50.598Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.598Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Array
[task 2020-09-24T03:33:50.598Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - 0 = {"details":{"name":"2019-01-01T00:00:00Z-full"},"attachment":{"hash":"243df0b7f2f55bfe3cefbba2d4be5eb7957c0a063559c9f284ca4c1ee4211eb5","size":15244,"filename":"test-filter.crlite","location":"security-state-workspace/cert-revocations/test_cert_storage_direct/test-filter.crlite","mimetype":"application/octet-stream"},"incremental":false,"effectiveTimestamp":1546300800000,"id":"0000"}
[task 2020-09-24T03:33:50.598Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - length = 1
[task 2020-09-24T03:33:50.598Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.599Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-01-01T00:00:00Z-full: 15244 bytes
[task 2020-09-24T03:33:50.599Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.599Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setting CRLite filter timestamp to 1546300800
[task 2020-09-24T03:33:50.599Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.599Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setFullCRLiteFilter: 0
[task 2020-09-24T03:33:50.599Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_basic - [test_crlite_filters_basic : 236] CRLite filter download should have run - "finished;2019-01-01T00:00:00Z-full" == "finished;2019-01-01T00:00:00Z-full"
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 6 pending (2)
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_filters_basic finished (2)
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Starting test_crlite_filters_full_and_incremental
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_filters_full_and_incremental pending (2)
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 6 finished (2)
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   onObservePollEnd null remote-settings:changes-poll-end
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Intermediate Preloading is disabled
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.600Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Array
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - 0 = {"details":{"name":"2019-01-01T00:00:00Z-full"},"attachment":{"hash":"243df0b7f2f55bfe3cefbba2d4be5eb7957c0a063559c9f284ca4c1ee4211eb5","size":15244,"filename":"test-filter.crlite","location":"security-state-workspace/cert-revocations/test_cert_storage_direct/test-filter.crlite","mimetype":"application/octet-stream"},"incremental":false,"effectiveTimestamp":1546300800000,"id":"0000"}
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - length = 1
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-01-01T00:00:00Z-full: 15244 bytes
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setting CRLite filter timestamp to 1546300800
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setFullCRLiteFilter: 0
[task 2020-09-24T03:33:50.601Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-01-01T06:00:00Z-diff: 64267 bytes
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   adding incremental update
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   addCRLiteStash: 0
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-01-01T12:00:00Z-diff: 64267 bytes
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   adding incremental update
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.602Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   addCRLiteStash: 0
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-01-01T18:00:00Z-diff: 64267 bytes
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   adding incremental update
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   addCRLiteStash: 0
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_full_and_incremental - [test_crlite_filters_full_and_incremental : 274] CRLite filter download should have run - "finished" == "finished"
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_full_and_incremental - [test_crlite_filters_full_and_incremental : 276] Should have downloaded the expected CRLite filters - ["2019-01-01T00:00:00Z-full","2019-01-01T06:00:00Z-diff","2019-01-01T12:00:00Z-diff","2019-01-01T18:00:00Z-diff"] deepEqual ["2019-01-01T00:00:00Z-full","2019-01-01T06:00:00Z-diff","2019-01-01T12:00:00Z-diff","2019-01-01T18:00:00Z-diff"]
[task 2020-09-24T03:33:50.603Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 7 pending (2)
[task 2020-09-24T03:33:50.604Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_filters_full_and_incremental finished (2)
[task 2020-09-24T03:33:50.604Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Starting test_crlite_filters_multiple_days
[task 2020-09-24T03:33:50.604Z] 03:33:50     INFO -  (xpcshell/head.js) | test test_crlite_filters_multiple_days pending (2)
[task 2020-09-24T03:33:50.604Z] 03:33:50     INFO -  (xpcshell/head.js) | test run_next_test 7 finished (2)
...
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 1] verifying gold-g2-valid-cert-demo.swisssign.net: should not be EV - false == false
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   onObservePollEnd null remote-settings:changes-poll-end
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | Array
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - 0 = {"details":{"name":"2019-11-20T00:00:00Z-full"},"attachment":{"hash":"243df0b7f2f55bfe3cefbba2d4be5eb7957c0a063559c9f284ca4c1ee4211eb5","size":15244,"filename":"test-filter.crlite","location":"security-state-workspace/cert-revocations/test_cert_storage_direct/test-filter.crlite","mimetype":"application/octet-stream"},"incremental":false,"effectiveTimestamp":1574208000000,"id":"0000"}
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |     - length = 1
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   There are 0 intermediates awaiting download.
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-11-20T00:00:00Z-full: 15244 bytes
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.611Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setting CRLite filter timestamp to 1574208000
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   setFullCRLiteFilter: 0
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   Downloaded 2019-11-20T06:00:00Z-diff: 64267 bytes
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   adding incremental update
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | console.debug: RemoteSecuritySettings.jsm:
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js |   addCRLiteStash: 0
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 487] CRLite filter download should have run - "finished" == "finished"
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 488] Should have downloaded the expected CRLite filters - "2019-11-20T00:00:00Z-full,2019-11-20T06:00:00Z-diff" deepEqual ["2019-11-20T00:00:00Z-full","2019-11-20T06:00:00Z-diff"]
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 1] verifying gold-g2-valid-cert-demo.swisssign.net: should get error -8180 - -8180 == -8180
[task 2020-09-24T03:33:50.612Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 1] verifying gold-g2-valid-cert-demo.swisssign.net: should not be EV - false == false
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 1] verifying skynew.jp: should get error 0 - 0 == 0
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 1] verifying skynew.jp: should not be EV - false == false
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 1] verifying schunk-group.com: should get error -8180 - -8180 == -8180
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  TEST-PASS | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 1] verifying schunk-group.com: should not be EV - false == false
[task 2020-09-24T03:33:50.613Z] 03:33:50  WARNING -  TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_crlite_filters.js | test_crlite_filters_and_check_revocation - [test_crlite_filters_and_check_revocation : 1] verifying mail233.messagelabs.com: should get error -8071 - 0 == -8071
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  -e:null:1
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  exiting test
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  security/manager/ssl/tests/unit/test_crlite_filters.js | JavaScript error: /data/local/tmp/test_root/xpc/head.js, line 833: NS_ERROR_ABORT:
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  "CONSOLE_MESSAGE: (error) [JavaScript Error: "NS_ERROR_ABORT: " {file: "/data/local/tmp/test_root/xpc/head.js" line: 833}]
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  _abort_failed_test@/data/local/tmp/test_root/xpc/head.js:833:20
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  do_report_result@/data/local/tmp/test_root/xpc/head.js:934:5
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  Assert<@/data/local/tmp/test_root/xpc/head.js:73:21
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  proto.report@resource://testing-common/Assert.jsm:233:10
[task 2020-09-24T03:33:50.613Z] 03:33:50     INFO -  equal@resource://testing-common/Assert.jsm:275:8
[task 2020-09-24T03:33:50.614Z] 03:33:50     INFO -  verifyCertFinished@/data/local/tmp/test_root/xpc/security/manager/ssl/tests/unit/head_psm.js:246:10
[task 2020-09-24T03:33:50.614Z] 03:33:50     INFO -  _do_main@/data/local/tmp/test_root/xpc/head.js:248:6
[task 2020-09-24T03:33:50.614Z] 03:33:50     INFO -  _execute_test@/data/local/tmp/test_root/xpc/head.js:577:5
[task 2020-09-24T03:33:50.614Z] 03:33:50     INFO -  @-e:1:1
[task 2020-09-24T03:33:50.614Z] 03:33:50     INFO -  "
[task 2020-09-24T03:33:50.614Z] 03:33:50     INFO -  <<<<<<<
Flags: needinfo?(dkeeler)
Flags: needinfo?(dkeeler)
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/68112bc6b121
only run CRLite on certificates with a CT SCT available r=jcj

https://hg.mozilla.org/mozilla-central/rev/68112bc6b121

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox83: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch
Blocks: 1667829
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: