No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update
authorffxbld
Sat, 28 Mar 2015 03:27:37 -0700
changeset 265037 97ce0d0d9e32a2ed4cfe3942e95f9fa71200bb88
parent 265036 41d4013c1462a3e98de46aeeca7efc39528267a6
child 265038 575de67826f463574a4238391cf9a78cf0637d78
push id4718
push userraliiev@mozilla.com
push dateMon, 11 May 2015 18:39:53 +0000
treeherdermozilla-beta@c20c4ef55f08 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershpkp-update
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
No bug, Automated HPKP preload list update from host bld-linux64-spot-1005 - a=hpkp-update
security/manager/boot/src/StaticHPKPins.errors
security/manager/boot/src/StaticHPKPins.h
--- a/security/manager/boot/src/StaticHPKPins.errors
+++ b/security/manager/boot/src/StaticHPKPins.errors
@@ -1,13 +1,11 @@
 Can't find hash in builtin certs for Chrome nickname RapidSSL, inserting GOOGLE_PIN_RapidSSL
-Can't find hash in builtin certs for Chrome nickname Entrust_G2, inserting GOOGLE_PIN_Entrust_G2
 Can't find hash in builtin certs for Chrome nickname Entrust_SSL, inserting GOOGLE_PIN_Entrust_SSL
 Can't find hash in builtin certs for Chrome nickname GTECyberTrustGlobalRoot, inserting GOOGLE_PIN_GTECyberTrustGlobalRoot
-Can't find hash in builtin certs for Chrome nickname EntrustRootEC1, inserting GOOGLE_PIN_EntrustRootEC1
 Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GOOGLE_PIN_GoDaddySecure
 Can't find hash in builtin certs for Chrome nickname ThawtePremiumServer, inserting GOOGLE_PIN_ThawtePremiumServer
 Can't find hash in builtin certs for Chrome nickname SymantecClass3EVG3, inserting GOOGLE_PIN_SymantecClass3EVG3
 Can't find hash in builtin certs for Chrome nickname DigiCertECCSecureServerCA, inserting GOOGLE_PIN_DigiCertECCSecureServerCA
 Writing pinset test
 Writing pinset google
 Writing pinset tor
 Writing pinset twitterCom
--- a/security/manager/boot/src/StaticHPKPins.h
+++ b/security/manager/boot/src/StaticHPKPins.h
@@ -82,16 +82,24 @@ static const char kDigiCert_High_Assuran
 /* End Entity Test Cert */
 static const char kEnd_Entity_Test_CertFingerprint[] =
   "lzCakFt+nADIfIkgk+UE/EQ9SaT2nay2yu2iykVbvV8=";
 
 /* Entrust Root Certification Authority */
 static const char kEntrust_Root_Certification_AuthorityFingerprint[] =
   "bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU=";
 
+/* Entrust Root Certification Authority - EC1 */
+static const char kEntrust_Root_Certification_Authority___EC1Fingerprint[] =
+  "/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI=";
+
+/* Entrust Root Certification Authority - G2 */
+static const char kEntrust_Root_Certification_Authority___G2Fingerprint[] =
+  "du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U=";
+
 /* Entrust.net Premium 2048 Secure Server CA */
 static const char kEntrust_net_Premium_2048_Secure_Server_CAFingerprint[] =
   "HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg=";
 
 /* Equifax Secure CA */
 static const char kEquifax_Secure_CAFingerprint[] =
   "/1aAzXOlcD2gSBegdf1GJQanNQbEuBoVg+9UlHjSZHY=";
 
@@ -106,24 +114,16 @@ static const char kEquifax_Secure_eBusin
 /* FacebookBackup */
 static const char kFacebookBackupFingerprint[] =
   "1ww8E0AYsR2oX5lndk2hwp2Uosk=";
 
 /* GOOGLE_PIN_DigiCertECCSecureServerCA */
 static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] =
   "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=";
 
-/* GOOGLE_PIN_EntrustRootEC1 */
-static const char kGOOGLE_PIN_EntrustRootEC1Fingerprint[] =
-  "/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI=";
-
-/* GOOGLE_PIN_Entrust_G2 */
-static const char kGOOGLE_PIN_Entrust_G2Fingerprint[] =
-  "du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U=";
-
 /* GOOGLE_PIN_Entrust_SSL */
 static const char kGOOGLE_PIN_Entrust_SSLFingerprint[] =
   "nsxRNo6G40YPZsKV5JQt1TCA8nseQQr/LRqp1Oa8fnw=";
 
 /* GOOGLE_PIN_GTECyberTrustGlobalRoot */
 static const char kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint[] =
   "EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU=";
 
@@ -198,24 +198,24 @@ static const char kGoogleBackup2048Finge
 /* GoogleG2 */
 static const char kGoogleG2Fingerprint[] =
   "Q9rWMO5T+KmAym79hfRqo3mQ4Oo=";
 
 /* Network Solutions Certificate Authority */
 static const char kNetwork_Solutions_Certificate_AuthorityFingerprint[] =
   "MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ=";
 
-/* SpiderOak1 */
-static const char kSpiderOak1Fingerprint[] =
-  "UPrvFUSrp9aal5v6Rn0Jv3YJ/wU=";
-
 /* SpiderOak2 */
 static const char kSpiderOak2Fingerprint[] =
   "D0fS/hquA6QprluciyO1hlFUAxg=";
 
+/* SpiderOak3 */
+static const char kSpiderOak3Fingerprint[] =
+  "l5JoIXv4lztZ+C6TJWgxZCHQzS4=";
+
 /* Starfield Class 2 CA */
 static const char kStarfield_Class_2_CAFingerprint[] =
   "FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=";
 
 /* Starfield Root Certificate Authority - G2 */
 static const char kStarfield_Root_Certificate_Authority___G2Fingerprint[] =
   "gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ=";
 
@@ -611,17 +611,17 @@ static const char* kPinset_twitterCDN_sh
   kUTN_USERFirst_Hardware_Root_CAFingerprint,
   kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
   kVerisign_Class_4_Public_Primary_Certification_Authority___G3Fingerprint,
   kDigiCert_High_Assurance_EV_Root_CAFingerprint,
   kBaltimore_CyberTrust_RootFingerprint,
   kEntrust_Root_Certification_AuthorityFingerprint,
   kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
   kGlobalSign_Root_CA___R3Fingerprint,
-  kGOOGLE_PIN_Entrust_G2Fingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
   kGeoTrust_Universal_CA_2Fingerprint,
   kGeoTrust_Global_CAFingerprint,
   kGlobalSign_Root_CA___R2Fingerprint,
   kAddTrust_External_RootFingerprint,
   kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
   kGeoTrust_Universal_CAFingerprint,
   kGOOGLE_PIN_Entrust_SSLFingerprint,
   kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
@@ -637,30 +637,30 @@ static const StaticFingerprints kPinset_
 };
 
 static const StaticPinset kPinset_twitterCDN = {
   &kPinset_twitterCDN_sha1,
   &kPinset_twitterCDN_sha256
 };
 
 static const char* kPinset_dropbox_sha256_Data[] = {
-  kGOOGLE_PIN_EntrustRootEC1Fingerprint,
+  kEntrust_Root_Certification_Authority___EC1Fingerprint,
   kGOOGLE_PIN_ThawtePremiumServerFingerprint,
   kthawte_Primary_Root_CA___G3Fingerprint,
   kthawte_Primary_Root_CAFingerprint,
   kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
   kDigiCert_Assured_ID_Root_CAFingerprint,
   kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
   kGOOGLE_PIN_GoDaddySecureFingerprint,
   kGeoTrust_Primary_Certification_AuthorityFingerprint,
   kGo_Daddy_Class_2_CAFingerprint,
   kDigiCert_High_Assurance_EV_Root_CAFingerprint,
   kthawte_Primary_Root_CA___G2Fingerprint,
   kEntrust_Root_Certification_AuthorityFingerprint,
-  kGOOGLE_PIN_Entrust_G2Fingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
   kGeoTrust_Global_CAFingerprint,
   kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
   kDigiCert_Global_Root_CAFingerprint,
   kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
 };
 static const StaticFingerprints kPinset_dropbox_sha256 = {
   sizeof(kPinset_dropbox_sha256_Data) / sizeof(const char*),
   kPinset_dropbox_sha256_Data
@@ -691,25 +691,26 @@ static const StaticFingerprints kPinset_
 
 static const StaticPinset kPinset_facebook = {
   &kPinset_facebook_sha1,
   &kPinset_facebook_sha256
 };
 
 static const char* kPinset_spideroak_sha1_Data[] = {
   kSpiderOak2Fingerprint,
-  kSpiderOak1Fingerprint,
+  kSpiderOak3Fingerprint,
 };
 static const StaticFingerprints kPinset_spideroak_sha1 = {
   sizeof(kPinset_spideroak_sha1_Data) / sizeof(const char*),
   kPinset_spideroak_sha1_Data
 };
 
 static const char* kPinset_spideroak_sha256_Data[] = {
-  kGOOGLE_PIN_RapidSSLFingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGeoTrust_Global_CAFingerprint,
 };
 static const StaticFingerprints kPinset_spideroak_sha256 = {
   sizeof(kPinset_spideroak_sha256_Data) / sizeof(const char*),
   kPinset_spideroak_sha256_Data
 };
 
 static const StaticPinset kPinset_spideroak = {
   &kPinset_spideroak_sha1,
@@ -1076,9 +1077,9 @@ static const TransportSecurityPreload kP
   { "youtube.com", true, false, false, -1, &kPinset_google_root_pems },
   { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
 };
 
 // Pinning Preload List Length = 347;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1435400245288000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1436005136747000);