Bug 1670984 - include CRLite stash revocation hits/library failures in CRLite telemetry r=jcj

Differential Revision: https://phabricator.services.mozilla.com/D94189
2024-11-28 23:31:56 +00:00 · 2020-10-23 20:57:48 +00:00 · 2020-10-23 20:57:48 +00:00 · b014438572
commit b014438572
parent fe80718d67
4 changed files with 15 additions and 2 deletions
--- a/security/certverifier/CertVerifier.h
+++ b/security/certverifier/CertVerifier.h
@ -148,6 +148,7 @@ enum class CRLiteLookupResult {
  CertificateValid = 4,
  CertificateRevoked = 5,
  LibraryFailure = 6,
+  CertRevokedByStash = 7,
 };

 class CRLiteTelemetryInfo {
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@ -796,6 +796,10 @@ Result NSSCertDBTrustDomain::CheckRevocation(
      MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
              ("NSSCertDBTrustDomain::CheckRevocation: IsCertRevokedByStash "
               "failed"));
+      if (mCRLiteTelemetryInfo) {
+        mCRLiteTelemetryInfo->mLookupResult =
+            CRLiteLookupResult::LibraryFailure;
+      }
      if (mCRLiteMode == CRLiteMode::Enforce) {
        return Result::FATAL_ERROR_LIBRARY_FAILURE;
      }
@ -803,6 +807,10 @@ Result NSSCertDBTrustDomain::CheckRevocation(
      MOZ_LOG(gCertVerifierLog, LogLevel::Debug,
              ("NSSCertDBTrustDomain::CheckRevocation: IsCertRevokedByStash "
               "returned true"));
+      if (mCRLiteTelemetryInfo) {
+        mCRLiteTelemetryInfo->mLookupResult =
+            CRLiteLookupResult::CertRevokedByStash;
+      }
      if (mCRLiteMode == CRLiteMode::Enforce) {
        return Result::ERROR_REVOKED_CERTIFICATE;
      }
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@ -1017,6 +1017,10 @@ static void CollectCertTelemetry(
      Telemetry::AccumulateCategorical(
          Telemetry::LABELS_CRLITE_RESULT::LibraryFailure);
      break;
+    case CRLiteLookupResult::CertRevokedByStash:
+      Telemetry::AccumulateCategorical(
+          Telemetry::LABELS_CRLITE_RESULT::CertRevokedByStash);
+      break;
    case CRLiteLookupResult::NeverChecked:
      break;
    default:
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@ -11953,9 +11953,9 @@
    "products": ["firefox"],
    "expires_in_version": "86",
    "kind": "categorical",
-    "labels": ["FilterNotAvailable", "IssuerNotEnrolled", "CertificateTooNew", "CertificateValid", "CertificateRevoked", "LibraryFailure"],
+    "labels": ["FilterNotAvailable", "IssuerNotEnrolled", "CertificateTooNew", "CertificateValid", "CertificateRevoked", "LibraryFailure", "CertRevokedByStash"],
    "description": "The result of looking up revocation information for a TLS server certificate in CRLite.",
-    "bug_numbers": [1586855, 1607765],
+    "bug_numbers": [1586855, 1607765, 1670984],
    "releaseChannelCollection": "opt-out",
    "alert_emails": ["dkeeler@mozilla.com", "jcj@mozilla.com", "seceng-telemetry@mozilla.com"]
  },