No bug, Automated HPKP preload list update from host bld-linux64-spot-018 - a=hpkp-update
authorffxbld
Sat, 14 Feb 2015 03:24:33 -0800
changeset 204483 3051696eafcc
parent 204482 5e60eb89d80e
child 204484 8fbfc80ec260
child 204728 cefe67a6a6cd
push id668
push userffxbld
push date2015-02-14 11:24 +0000
treeherdermozilla-b2g32_v2_0@3051696eafcc [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershpkp-update
milestone32.0
No bug, Automated HPKP preload list update from host bld-linux64-spot-018 - a=hpkp-update
security/manager/boot/src/StaticHPKPins.errors
security/manager/boot/src/StaticHPKPins.h
--- a/security/manager/boot/src/StaticHPKPins.errors
+++ b/security/manager/boot/src/StaticHPKPins.errors
@@ -1,11 +1,9 @@
 Can't find hash in builtin certs for Chrome nickname RapidSSL, inserting GOOGLE_PIN_RapidSSL
 Can't find hash in builtin certs for Chrome nickname Entrust_G2, inserting GOOGLE_PIN_Entrust_G2
 Can't find hash in builtin certs for Chrome nickname Entrust_SSL, inserting GOOGLE_PIN_Entrust_SSL
-Can't find hash in builtin certs for Chrome nickname GTECyberTrustGlobalRoot, inserting GOOGLE_PIN_GTECyberTrustGlobalRoot
 Can't find hash in builtin certs for Chrome nickname Tor2web, inserting GOOGLE_PIN_Tor2web
 Can't find hash in builtin certs for Chrome nickname AlphaSSL_G2, inserting GOOGLE_PIN_AlphaSSL_G2
 Can't find hash in builtin certs for Chrome nickname CryptoCat1, inserting GOOGLE_PIN_CryptoCat1
 Can't find hash in builtin certs for Chrome nickname Libertylavabitcom, inserting GOOGLE_PIN_Libertylavabitcom
 Can't find hash in builtin certs for Chrome nickname EntrustRootEC1, inserting GOOGLE_PIN_EntrustRootEC1
 Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GOOGLE_PIN_GoDaddySecure
-Can't find hash in builtin certs for Chrome nickname ThawtePremiumServer, inserting GOOGLE_PIN_ThawtePremiumServer
--- a/security/manager/boot/src/StaticHPKPins.h
+++ b/security/manager/boot/src/StaticHPKPins.h
@@ -118,40 +118,36 @@ static const char kGOOGLE_PIN_EntrustRoo
 /* GOOGLE_PIN_Entrust_G2 */
 static const char kGOOGLE_PIN_Entrust_G2Fingerprint[] =
   "du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U=";
 
 /* GOOGLE_PIN_Entrust_SSL */
 static const char kGOOGLE_PIN_Entrust_SSLFingerprint[] =
   "nsxRNo6G40YPZsKV5JQt1TCA8nseQQr/LRqp1Oa8fnw=";
 
-/* GOOGLE_PIN_GTECyberTrustGlobalRoot */
-static const char kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint[] =
-  "EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU=";
-
 /* GOOGLE_PIN_GoDaddySecure */
 static const char kGOOGLE_PIN_GoDaddySecureFingerprint[] =
   "MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc=";
 
 /* GOOGLE_PIN_Libertylavabitcom */
 static const char kGOOGLE_PIN_LibertylavabitcomFingerprint[] =
   "WnKzsDXgqPtS1KvtImrhQPqcxfpmfssuI2cSJt4LMks=";
 
 /* GOOGLE_PIN_RapidSSL */
 static const char kGOOGLE_PIN_RapidSSLFingerprint[] =
   "lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM=";
 
-/* GOOGLE_PIN_ThawtePremiumServer */
-static const char kGOOGLE_PIN_ThawtePremiumServerFingerprint[] =
-  "9TwiBZgX3Zb0AGUWOdL4V+IQcKWavtkHlADZ9pVQaQA=";
-
 /* GOOGLE_PIN_Tor2web */
 static const char kGOOGLE_PIN_Tor2webFingerprint[] =
   "99ogQzjMuUTBkG1ZP7FME0K4kvBEti8Buzu4nZjRItM=";
 
+/* GTE CyberTrust Global Root */
+static const char kGTE_CyberTrust_Global_RootFingerprint[] =
+  "EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU=";
+
 /* GeoTrust Global CA */
 static const char kGeoTrust_Global_CAFingerprint[] =
   "h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU=";
 
 /* GeoTrust Global CA 2 */
 static const char kGeoTrust_Global_CA_2Fingerprint[] =
   "F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU=";
 
@@ -242,16 +238,20 @@ static const char kTC_TrustCenter_Univer
 /* TC TrustCenter Universal CA III */
 static const char kTC_TrustCenter_Universal_CA_IIIFingerprint[] =
   "q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo=";
 
 /* TestSPKI */
 static const char kTestSPKIFingerprint[] =
   "AAAAAAAAAAAAAAAAAAAAAAAAAAA=";
 
+/* Thawte Premium Server CA */
+static const char kThawte_Premium_Server_CAFingerprint[] =
+  "9TwiBZgX3Zb0AGUWOdL4V+IQcKWavtkHlADZ9pVQaQA=";
+
 /* Tor1 */
 static const char kTor1Fingerprint[] =
   "juNxSTv9UANmpC9kF5GKpmWNx3Y=";
 
 /* Tor2 */
 static const char kTor2Fingerprint[] =
   "lia43lPolzSPVIq34Dw57uYcLD8=";
 
@@ -552,17 +552,17 @@ static const StaticFingerprints kPinset_
 
 static const char* kPinset_twitterCDN_sha256_Data[] = {
   kVerisign_Class_2_Public_Primary_Certification_Authority___G2Fingerprint,
   kComodo_Trusted_Services_rootFingerprint,
   kCOMODO_Certification_AuthorityFingerprint,
   kVerisign_Class_3_Public_Primary_Certification_Authority___G2Fingerprint,
   kAddTrust_Low_Value_Services_RootFingerprint,
   kUTN_USERFirst_Object_Root_CAFingerprint,
-  kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint,
+  kGTE_CyberTrust_Global_RootFingerprint,
   kGeoTrust_Global_CA_2Fingerprint,
   kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
   kDigiCert_Assured_ID_Root_CAFingerprint,
   kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
   kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
   kGlobalSign_Root_CAFingerprint,
   kUTN_USERFirst_Email_Root_CAFingerprint,
   kVerisign_Class_1_Public_Primary_Certification_AuthorityFingerprint,
@@ -630,17 +630,17 @@ static const StaticFingerprints kPinset_
 
 static const StaticPinset kPinset_lavabit = {
   nullptr,
   &kPinset_lavabit_sha256
 };
 
 static const char* kPinset_dropbox_sha256_Data[] = {
   kGOOGLE_PIN_EntrustRootEC1Fingerprint,
-  kGOOGLE_PIN_ThawtePremiumServerFingerprint,
+  kThawte_Premium_Server_CAFingerprint,
   kthawte_Primary_Root_CA___G3Fingerprint,
   kthawte_Primary_Root_CAFingerprint,
   kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
   kDigiCert_Assured_ID_Root_CAFingerprint,
   kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
   kGOOGLE_PIN_GoDaddySecureFingerprint,
   kGeoTrust_Primary_Certification_AuthorityFingerprint,
   kGo_Daddy_Class_2_CAFingerprint,
@@ -1001,9 +1001,9 @@ static const TransportSecurityPreload kP
   { "youtube.com", true, true, false, -1, &kPinset_google_root_pems },
   { "ytimg.com", true, true, false, -1, &kPinset_google_root_pems },
 };
 
 static const int kPublicKeyPinningPreloadListLength = 328;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1430566147335000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1432379826011000);