| author | Monica Chew <mmc@mozilla.com> |
| Tue, 04 Nov 2014 10:54:26 -0800 | |
| changeset 213948 | 9c8ca05b975a0f22e9b2b3d8eb211d4242fcb2a9 |
| parent 213947 | 1d0c12148cf658c4b77c03b4b6c69a475210a907 |
| child 213949 | 3d0169c5795f9f050bb9d9001f01694dc253b637 |
| push id | 27768 |
| push user | kwierso@gmail.com |
| push date | Wed, 05 Nov 2014 02:19:03 +0000 |
| treeherder | mozilla-central@a1823d3c7365 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | keeler |
| bugs | 1004781 |
| milestone | 36.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| security/manager/boot/src/StaticHPKPins.h | file | annotate | diff | comparison | revisions | |
| security/manager/tools/PreloadedHPKPins.json | file | annotate | diff | comparison | revisions |
--- a/security/manager/boot/src/StaticHPKPins.h +++ b/security/manager/boot/src/StaticHPKPins.h @@ -74,20 +74,16 @@ static const char kComodo_Trusted_Servic /* Cybertrust Global Root */ static const char kCybertrust_Global_RootFingerprint[] = "foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU="; /* DigiCert Assured ID Root CA */ static const char kDigiCert_Assured_ID_Root_CAFingerprint[] = "I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; -/* DigiCert ECC Secure Server CA */ -static const char kDigiCert_ECC_Secure_Server_CAFingerprint[] = - "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw="; - /* DigiCert Global Root CA */ static const char kDigiCert_Global_Root_CAFingerprint[] = "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; /* DigiCert High Assurance EV Root CA */ static const char kDigiCert_High_Assurance_EV_Root_CAFingerprint[] = "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; @@ -122,16 +118,20 @@ static const char kFacebookBackupFingerp /* GOOGLE_PIN_AlphaSSL_G2 */ static const char kGOOGLE_PIN_AlphaSSL_G2Fingerprint[] = "yxgiWGK++SFB9ySwt3M3qpn5HO0ZLFY5D+h+G/vcT/c="; /* GOOGLE_PIN_CryptoCat1 */ static const char kGOOGLE_PIN_CryptoCat1Fingerprint[] = "vKaqtTLWmVuXPVJE+0OqN5sRc4VCcSQHI/W3XTDVR24="; +/* GOOGLE_PIN_DigiCertECCSecureServerCA */ +static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] = + "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw="; + /* GOOGLE_PIN_EntrustRootEC1 */ static const char kGOOGLE_PIN_EntrustRootEC1Fingerprint[] = "/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI="; /* GOOGLE_PIN_Entrust_G2 */ static const char kGOOGLE_PIN_Entrust_G2Fingerprint[] = "du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U="; @@ -740,17 +740,17 @@ static const char* kPinset_facebook_sha1 kFacebookBackupFingerprint, }; static const StaticFingerprints kPinset_facebook_sha1 = { sizeof(kPinset_facebook_sha1_Data) / sizeof(const char*), kPinset_facebook_sha1_Data }; static const char* kPinset_facebook_sha256_Data[] = { - kDigiCert_ECC_Secure_Server_CAFingerprint, + kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint, kDigiCert_High_Assurance_EV_Root_CAFingerprint, kGOOGLE_PIN_SymantecClass3EVG3Fingerprint, }; static const StaticFingerprints kPinset_facebook_sha256 = { sizeof(kPinset_facebook_sha256_Data) / sizeof(const char*), kPinset_facebook_sha256_Data }; @@ -1120,9 +1120,9 @@ static const TransportSecurityPreload kP { "youtube.com", true, false, false, -1, &kPinset_google_root_pems }, { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems }, }; // Pinning Preload List Length = 348; static const int32_t kUnknownId = -1; -static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1423303741261000); +static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1423593806543000);
--- a/security/manager/tools/PreloadedHPKPins.json +++ b/security/manager/tools/PreloadedHPKPins.json @@ -224,13 +224,10 @@ "pins": "mozilla_test", "test_mode": true }, // Expand twitter's pinset to include all of *.twitter.com and use // twitterCDN. More specific rules take precedence because we search for // exact domain name first. { "name": "twitter.com", "include_subdomains": true, "pins": "twitterCDN", "test_mode": false } ], - "extra_certificates": [ - // DigiCert ECC Secure Server CA (for Facebook) - "MIIDrDCCApSgAwIBAgIQCssoukZe5TkIdnRw883GEjANBgkqhkiG9w0BAQwFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaMEwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJjAkBgNVBAMTHURpZ2lDZXJ0IEVDQyBTZWN1cmUgU2VydmVyIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE4ghC6nfYJN6gLGSkE85AnCNyqQIKDjc/ITa4jVMU9tWRlUvzlgKNcR7E2Munn17voOZ/WpIRllNv68DLP679Wz9HJOeaBy6Wvqgvu1cYr3GkvXg6HuhbPGtkESvMNCuMo4IBITCCAR0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUo53mH/naOU/AbuiRy5Wl2jHiCp8wHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEMBQADggEBAMeKoENL7HTJxavVHzA1Nm6YVntIrAVjrnuaVyRXzG/63qttnMe2uuzO58pzZNvfBDcKAEmzP58mrZGMIOgfiA4q+2Y3yDDo0sIkp0VILeoBUEoxlBPfjV/aKrtJPGHzecicZpIalir0ezZYoyxBEHQa0+1IttK7igZFcTMQMHp6mCHdJLnsnLWSB62DxsRq+HfmNb4TDydkskO/g+l3VtsIh5RHFPVfKK+jaEyDj2D3loB5hWp2Jp2VDCADjT7ueihlZGak2YPqmXTNbk19HOuNssWvFhtOyPNV6og4ETQdEa8/B6hPatJ0ES8q/HO3X8IVQwVs1n3aAr0im0/T+Xc=" - ] + "extra_certificates": [] }