Bug 1346298 Update or Remove Telemetry Probe: SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME r=jcj

Differential Revision: https://phabricator.services.mozilla.com/D16631

--HG--
extra : moz-landing-system : lando

security/manager/ssl/SSLServerCertVerification.cpp

@@ -1141,50 +1141,12 @@ void GatherRootCATelemetry(const UniqueCERTCertList& certList) {
 const uint64_t ONE_WEEK_IN_SECONDS = (7 * (24 * 60 * 60));
 const uint64_t ONE_YEAR_IN_WEEKS = 52;
 
-// Gathers telemetry on the certificate lifetimes we observe in the wild
-void GatherEndEntityTelemetry(const UniqueCERTCertList& certList) {
-  CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList);
-  MOZ_ASSERT(endEntityNode && !CERT_LIST_END(endEntityNode, certList));
-  if (!endEntityNode || CERT_LIST_END(endEntityNode, certList)) {
-    return;
-  }
-
-  CERTCertificate* endEntityCert = endEntityNode->cert;
-  MOZ_ASSERT(endEntityCert);
-  if (!endEntityCert) {
-    return;
-  }
-
-  PRTime notBefore;
-  PRTime notAfter;
-
-  if (CERT_GetCertTimes(endEntityCert, &notBefore, &notAfter) != SECSuccess) {
-    return;
-  }
-
-  MOZ_ASSERT(notAfter > notBefore);
-  if (notAfter <= notBefore) {
-    return;
-  }
-
-  uint64_t durationInWeeks =
-      (notAfter - notBefore) / PR_USEC_PER_SEC / ONE_WEEK_IN_SECONDS;
-
-  if (durationInWeeks > (2 * ONE_YEAR_IN_WEEKS)) {
-    durationInWeeks = (2 * ONE_YEAR_IN_WEEKS) + 1;
-  }
-
-  Telemetry::Accumulate(Telemetry::SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME,
-                        durationInWeeks);
-}
-
 // There are various things that we want to measure about certificate
 // chains that we accept.  This is a single entry point for all of them.
 void GatherSuccessfulValidationTelemetry(const UniqueCERTCertList& certList) {
   GatherBaselineRequirementsTelemetry(certList);
   GatherEKUTelemetry(certList);
   GatherRootCATelemetry(certList);
-  GatherEndEntityTelemetry(certList);
 }
 
 void GatherTelemetryForSingleSCT(const ct::VerifiedSCT& verifiedSct) {

toolkit/components/telemetry/Histograms.json

@@ -2382,15 +2382,6 @@
     "n_values": 16,
     "description": "SSL Handshake Key Exchange Algorithm for resumed handshake (null=0, rsa=1, dh=2, fortezza=3, ecdh=4)"
   },
-  "SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME": {
-    "record_in_processes": ["main", "content"],
-    "expires_in_version": "55",
-    "alert_emails": ["seceng-telemetry@mozilla.com"],
-    "kind": "enumerated",
-    "n_values": 125,
-    "releaseChannelCollection": "opt-out",
-    "description": "The lifetime of accepted HTTPS server certificates, in weeks, up to 2 years. Bucket 105 is all end-entity HTTPS server certificates with a lifetime > 2 years."
-  },
   "WEBSOCKETS_HANDSHAKE_TYPE": {
     "record_in_processes": ["main", "content"],
     "expires_in_version": "never",

toolkit/components/telemetry/histogram-whitelists.json

@@ -1029,7 +1029,6 @@
     "SSL_KEY_EXCHANGE_ALGORITHM_FULL",
     "SSL_KEY_EXCHANGE_ALGORITHM_RESUMED",
     "SSL_NPN_TYPE",
-    "SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME",
     "SSL_OCSP_STAPLING",
     "SSL_PERMANENT_CERT_ERROR_OVERRIDES",
     "SSL_REASONS_FOR_NOT_FALSE_STARTING",
@@ -1214,7 +1213,6 @@
     "CERT_VALIDATION_HTTP_REQUEST_CANCELED_TIME",
     "CERT_VALIDATION_HTTP_REQUEST_SUCCEEDED_TIME",
     "CERT_VALIDATION_HTTP_REQUEST_FAILED_TIME",
-    "SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME",
     "SPDY_SERVER_INITIATED_STREAMS",
     "STS_POLL_AND_EVENTS_CYCLE",
     "STS_POLL_CYCLE",