Bug 1254653 - Add telemetry to measure how often we encounter EV certificates r=keeler a=ritu
authorRichard Barnes <rbarnes@mozilla.com>
Tue, 08 Mar 2016 17:30:40 -0500
changeset 323434 5c529f1c218f80571ccc93cf1760a3f1a582bacb
parent 323433 1e4a8c9991e719b4a52ea09d4ba08731940e826f
child 323435 d5911159db9e44bd29aeb44cb8356b00840256ac
push id5913
push userjlund@mozilla.com
push dateMon, 25 Apr 2016 16:57:49 +0000
treeherdermozilla-beta@dcaf0a6fa115 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, ritu
bugs1254653
milestone47.0a2
Bug 1254653 - Add telemetry to measure how often we encounter EV certificates r=keeler a=ritu MozReview-Commit-ID: FvDpMGEJGLQ
security/manager/ssl/SSLServerCertVerification.cpp
toolkit/components/telemetry/Histograms.json
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -1238,16 +1238,21 @@ AuthCertificate(CertVerifier& certVerifi
                                         &evOidPolicy, &ocspStaplingStatus,
                                         &keySizeStatus, &sha1ModeResult,
                                         &pinningTelemetryInfo);
   PRErrorCode savedErrorCode;
   if (rv != SECSuccess) {
     savedErrorCode = PR_GetError();
   }
 
+  uint32_t evStatus = (rv != SECSuccess) ? 0                // 0 = Failure
+                    : (evOidPolicy == SEC_OID_UNKNOWN) ? 1  // 1 = DV
+                    : 2;                                    // 2 = EV
+  Telemetry::Accumulate(Telemetry::CERT_EV_STATUS, evStatus);
+
   if (ocspStaplingStatus != CertVerifier::OCSP_STAPLING_NEVER_CHECKED) {
     Telemetry::Accumulate(Telemetry::SSL_OCSP_STAPLING, ocspStaplingStatus);
   }
   if (keySizeStatus != KeySizeStatus::NeverChecked) {
     Telemetry::Accumulate(Telemetry::CERT_CHAIN_KEY_SIZE_STATUS,
                           static_cast<uint32_t>(keySizeStatus));
   }
   if (sha1ModeResult != SHA1ModeResult::NeverChecked) {
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -8153,16 +8153,24 @@
   },
   "OSFILE_WRITEATOMIC_JANK_MS": {
     "expires_in_version": "default",
     "kind": "exponential",
     "description": "The duration during which the main thread is blocked during a call to OS.File.writeAtomic, in milliseconds",
     "high": 5000,
     "n_buckets": 10
   },
+  "CERT_EV_STATUS": {
+    "expires_in_version": "never",
+    "alert_emails": ["seceng@mozilla.org"],
+    "bug_numbers": [1254653],
+    "kind": "enumerated",
+    "n_values": 10,
+    "description": "EV status of a certificate, recorded on each TLS connection. 0=invalid, 1=DV, 2=EV"
+  },
   "CERT_VALIDATION_SUCCESS_BY_CA": {
     "expires_in_version": "never",
     "kind": "enumerated",
     "n_values": 256,
     "description": "Successful SSL server cert validations by CA (see RootHashes.inc for names of CAs)"
   },
   "CERT_PINNING_FAILURES_BY_CA": {
     "alert_emails": ["pinning@mozilla.org"],