Page MenuHomePhabricator

ocsp updater: validate the signature expiry lifetime
Closed, ResolvedPublic

Description

The ocsp updater should have a new setting for validating the signature expiry, so that we can fail if it's not sufficiently far off into the future and potentially notice these problems via icinga.

Details

Related Gerrit Patches:

Event Timeline

BBlack created this task.Aug 20 2015, 5:09 PM
BBlack claimed this task.
BBlack raised the priority of this task from to Unbreak Now!.
BBlack updated the task description. (Show Details)
BBlack added projects: acl*sre-team, Traffic.
BBlack added a subscriber: BBlack.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptAug 20 2015, 5:09 PM
greg set Security to None.

Change 232873 had a related patch set uploaded (by BBlack):
update-ocsp: refactor validation, check cert life

https://gerrit.wikimedia.org/r/232873

Change 232873 merged by BBlack:
update-ocsp: refactor validation, check cert life

https://gerrit.wikimedia.org/r/232873

BBlack closed this task as Resolved.Aug 21 2015, 12:32 AM
BBlack moved this task from Triage to Done on the Traffic board.Aug 27 2015, 2:41 AM