From 27d4ebdee854092dd1b0fad21de2bdc298fed962 Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Sat, 18 Feb 2023 17:40:45 +0100
Subject: [PATCH] Fixed OSCP hosts

---
 little snitch/parts/firefox.lsrules |  1 +
 little snitch/parts/vivaldi.lsrules | 28 ++++++++++++++++++++++++++++
 little snitch/ruleset.lsrules       | 28 ++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+)

diff --git a/little snitch/parts/firefox.lsrules b/little snitch/parts/firefox.lsrules
index c716ba9..cb3bf1f 100644
--- a/little snitch/parts/firefox.lsrules	
+++ b/little snitch/parts/firefox.lsrules	
@@ -26,6 +26,7 @@
                 "ocsp.sca1b.amazontrust.com",
                 "ocsp.sectigo.com",
                 "ocsp.usertrust.com",
+                "ocsp2.globalsign.com",
                 "status.geotrust.com"
             ]
         },
diff --git a/little snitch/parts/vivaldi.lsrules b/little snitch/parts/vivaldi.lsrules
index 26f4e06..48e283a 100644
--- a/little snitch/parts/vivaldi.lsrules	
+++ b/little snitch/parts/vivaldi.lsrules	
@@ -2,6 +2,34 @@
     "description": "See https://vivaldi.com/blog/decoding-network-activity-in-vivaldi/ for details.",
     "name": "Vivaldi",
     "rules": [
+        {
+            "action": "allow",
+            "notes": "Allow Vivaldi to gather information about certificates.",
+            "ports": "80",
+            "process": "/Applications/Vivaldi.app/Contents/MacOS/Vivaldi",
+            "protocol": "tcp",
+            "remote-hosts": [
+                "ocsp.digicert.com",
+                "ocsp.entrust.net",
+                "ocsp.globalsign.com",
+                "ocsp.pki.goog",
+                "ocsp.r2m01.amazontrust.com",
+                "ocsp.sca1b.amazontrust.com",
+                "ocsp.sectigo.com",
+                "ocsp.usertrust.com",
+                "ocsp2.globalsign.com",
+                "status.geotrust.com"
+            ]
+        },
+        {
+            "action": "allow",
+            "notes": "Allow Vivaldi to gather information about certificates.",
+            "ports": "80",
+            "process": "/Applications/Vivaldi.app/Contents/MacOS/Vivaldi",
+            "protocol": "tcp",
+            "remote-domains": "o.lencr.org"
+        },
+
         {
             "action": "allow",
             "notes": "Allow Vivaldi to securely sync with its servers.",
diff --git a/little snitch/ruleset.lsrules b/little snitch/ruleset.lsrules
index c9fd86d..5fe1d69 100644
--- a/little snitch/ruleset.lsrules	
+++ b/little snitch/ruleset.lsrules	
@@ -54,6 +54,7 @@
                 "ocsp.sca1b.amazontrust.com",
                 "ocsp.sectigo.com",
                 "ocsp.usertrust.com",
+                "ocsp2.globalsign.com",
                 "status.geotrust.com"
             ]
         },
@@ -187,6 +188,33 @@
             "protocol": "tcp",
             "remote": "any"
         },
+        {
+            "action": "allow",
+            "notes": "Allow Vivaldi to gather information about certificates.",
+            "ports": "80",
+            "process": "/Applications/Vivaldi.app/Contents/MacOS/Vivaldi",
+            "protocol": "tcp",
+            "remote-hosts": [
+                "ocsp.digicert.com",
+                "ocsp.entrust.net",
+                "ocsp.globalsign.com",
+                "ocsp.pki.goog",
+                "ocsp.r2m01.amazontrust.com",
+                "ocsp.sca1b.amazontrust.com",
+                "ocsp.sectigo.com",
+                "ocsp.usertrust.com",
+                "ocsp2.globalsign.com",
+                "status.geotrust.com"
+            ]
+        },
+        {
+            "action": "allow",
+            "notes": "Allow Vivaldi to gather information about certificates.",
+            "ports": "80",
+            "process": "/Applications/Vivaldi.app/Contents/MacOS/Vivaldi",
+            "protocol": "tcp",
+            "remote-domains": "o.lencr.org"
+        },
         {
             "action": "allow",
             "notes": "Allow Vivaldi to securely sync with its servers.",