Bug 1005364: Disable pinning for all mozilla properties (r=keeler)
authorMonica Chew <mmc@mozilla.com>
Sun, 04 May 2014 17:05:58 -0700
changeset 181472 e07b3f07953cbcf5da0dca1ab6601c01d4c3272b
parent 181471 810c2b6a278d9d5d5a8ccac1e10bc408f7710465
child 181486 1204667a2935a6bf18a238ba1d04b60aa83bbdac
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewerskeeler
bugs1005364
milestone32.0a1
Bug 1005364: Disable pinning for all mozilla properties (r=keeler)
security/manager/boot/src/StaticHPKPins.h
security/manager/tools/PreloadedHPKPins.json
--- a/security/manager/boot/src/StaticHPKPins.h
+++ b/security/manager/boot/src/StaticHPKPins.h
@@ -186,20 +186,15 @@ const StaticPinset kPinSet_mozilla_test 
 /*Domainlist*/
 typedef struct {
   const char *mHost;
   const bool mIncludeSubdomains;
   const StaticPinset *pinset;
 } TransportSecurityPreload;
 
 static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
-  { "addons.mozilla.net",	true,	&kPinSet_mozilla },
-  { "addons.mozilla.org",	true,	&kPinSet_mozilla },
-  { "cdn.mozilla.net",	true,	&kPinSet_mozilla_cdn },
-  { "cdn.mozilla.org",	true,	&kPinSet_mozilla_cdn },
   { "exclude-subdomains.pinning.example.com",	false,	&kPinSet_mozilla_test },
   { "include-subdomains.pinning.example.com",	true,	&kPinSet_mozilla_test },
-  { "media.mozilla.com",	true,	&kPinSet_mozilla_cdn },
 };
 
-static const int kPublicKeyPinningPreloadListLength = 7;
+static const int kPublicKeyPinningPreloadListLength = 2;
 
-const PRTime kPreloadPKPinsExpirationTime = INT64_C(1409867186821000);
+const PRTime kPreloadPKPinsExpirationTime = INT64_C(1410109244157000);
--- a/security/manager/tools/PreloadedHPKPins.json
+++ b/security/manager/tools/PreloadedHPKPins.json
@@ -88,17 +88,18 @@
       "name": "mozilla_test",
       "static_spki_hashes": [
         "End Entity Test Cert"
       ]
     }
   ],
 
   "entries": [
-    { "name": "addons.mozilla.org", "include_subdomains": true, "pins": "mozilla" },
-    { "name": "addons.mozilla.net", "include_subdomains": true, "pins": "mozilla" },
-    { "name": "cdn.mozilla.net", "include_subdomains": true, "pins": "mozilla_cdn" },
-    { "name": "cdn.mozilla.org", "include_subdomains": true, "pins": "mozilla_cdn" },
-    { "name": "media.mozilla.com", "include_subdomains": true, "pins": "mozilla_cdn" },
+    // Disable until bug 1005653 is fixed.
+    // { "name": "addons.mozilla.org", "include_subdomains": true, "pins": "mozilla" },
+    // { "name": "addons.mozilla.net", "include_subdomains": true, "pins": "mozilla" },
+    // { "name": "cdn.mozilla.net", "include_subdomains": true, "pins": "mozilla_cdn" },
+    // { "name": "cdn.mozilla.org", "include_subdomains": true, "pins": "mozilla_cdn" },
+    // { "name": "media.mozilla.com", "include_subdomains": true, "pins": "mozilla_cdn" },
     { "name": "include-subdomains.pinning.example.com", "include_subdomains": true, "pins": "mozilla_test" },
     { "name": "exclude-subdomains.pinning.example.com", "include_subdomains": false, "pins": "mozilla_test" }
   ]
 }