Page MenuHomePhabricator
Create Task
Maniphest T109738

ocsp updater: validate the signature expiry lifetime
Closed, ResolvedPublic
Actions

Description

The ocsp updater should have a new setting for validating the signature expiry, so that we can fail if it's not sufficiently far off into the future and potentially notice these problems via icinga.

Details

SubjectRepoBranchLines +/-
update-ocsp: refactor validation, check cert lifeoperations/puppetproduction+96 -51
Customize query in gerrit

Related Objects
Search...

Event Timeline

BBlack created this task.Aug 20 2015, 5:09 PM
BBlack claimed this task.
BBlack raised the priority of this task from to Unbreak Now!.
BBlack updated the task description. (Show Details)
BBlack added projects: acl*sre-team, Traffic.
BBlack subscribed.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptAug 20 2015, 5:09 PM
BBlack added a parent task: T109740: ocsp updater: re-enable automatic updates.Aug 20 2015, 5:15 PM
greg added a project: Incident-20150820-OCSP.Aug 20 2015, 5:48 PM
greg set Security to None.
gerritbot subscribed.Aug 21 2015, 12:04 AM

Change 232873 had a related patch set uploaded (by BBlack):
update-ocsp: refactor validation, check cert life

https://gerrit.wikimedia.org/r/232873

gerritbot added a project: Patch-For-Review.Aug 21 2015, 12:04 AM
gerritbot added a comment.Aug 21 2015, 12:15 AM

Change 232873 merged by BBlack:
update-ocsp: refactor validation, check cert life

https://gerrit.wikimedia.org/r/232873

BBlack mentioned this in rOPUP367653244eeb: update-ocsp: refactor validation, check cert life.Aug 21 2015, 12:15 AM
BBlack closed this task as Resolved.Aug 21 2015, 12:32 AM
BBlack moved this task from Backlog to Done on the Traffic board.Aug 27 2015, 2:41 AM
BBlack mentioned this in T93927: Make OCSP Stapling support more generic and robust.Oct 3 2016, 1:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL