No bug, Automated HPKP preload list update from host b-linux64-hp-0034 - a=hpkp-update
☠☠ backed out by f4385d27bff1 ☠ ☠
authorffxbld
Sat, 01 Nov 2014 03:16:52 -0700
changeset 233598 d38c567f19c4bdfd655cb6e0886df5ba6fbac22b
parent 233597 2162310e1b9a302e8376615d15bb7747281782ab
child 233599 8cc41169cf3935e52aa2f31d2397267e136c4e84
push id4187
push userbhearsum@mozilla.com
push dateFri, 28 Nov 2014 15:29:12 +0000
treeherdermozilla-beta@f23cc6a30c11 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershpkp-update
milestone35.0a2
No bug, Automated HPKP preload list update from host b-linux64-hp-0034 - a=hpkp-update
security/manager/boot/src/StaticHPKPins.errors
security/manager/boot/src/StaticHPKPins.h
--- a/security/manager/boot/src/StaticHPKPins.errors
+++ b/security/manager/boot/src/StaticHPKPins.errors
@@ -2,8 +2,9 @@ Can't find hash in builtin certs for Chr
 Can't find hash in builtin certs for Chrome nickname Entrust_G2, inserting GOOGLE_PIN_Entrust_G2
 Can't find hash in builtin certs for Chrome nickname Entrust_SSL, inserting GOOGLE_PIN_Entrust_SSL
 Can't find hash in builtin certs for Chrome nickname Tor2web, inserting GOOGLE_PIN_Tor2web
 Can't find hash in builtin certs for Chrome nickname AlphaSSL_G2, inserting GOOGLE_PIN_AlphaSSL_G2
 Can't find hash in builtin certs for Chrome nickname CryptoCat1, inserting GOOGLE_PIN_CryptoCat1
 Can't find hash in builtin certs for Chrome nickname Libertylavabitcom, inserting GOOGLE_PIN_Libertylavabitcom
 Can't find hash in builtin certs for Chrome nickname EntrustRootEC1, inserting GOOGLE_PIN_EntrustRootEC1
 Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GOOGLE_PIN_GoDaddySecure
+Can't find hash in builtin certs for Chrome nickname SymantecClass3EVG3, inserting GOOGLE_PIN_SymantecClass3EVG3
--- a/security/manager/boot/src/StaticHPKPins.h
+++ b/security/manager/boot/src/StaticHPKPins.h
@@ -110,16 +110,20 @@ static const char kEquifax_Secure_CAFing
 /* Equifax Secure Global eBusiness CA */
 static const char kEquifax_Secure_Global_eBusiness_CAFingerprint[] =
   "pvH5v4oKndwID7SbHvw9GhwsMtwOE2pbAMlzFvKj3BE=";
 
 /* Equifax Secure eBusiness CA 1 */
 static const char kEquifax_Secure_eBusiness_CA_1Fingerprint[] =
   "JsGNxu6m9jL2drzrodjCtINS8pwtX82oeOCdy4Mt1uU=";
 
+/* FacebookBackup */
+static const char kFacebookBackupFingerprint[] =
+  "1ww8E0AYsR2oX5lndk2hwp2Uosk=";
+
 /* GOOGLE_PIN_AlphaSSL_G2 */
 static const char kGOOGLE_PIN_AlphaSSL_G2Fingerprint[] =
   "yxgiWGK++SFB9ySwt3M3qpn5HO0ZLFY5D+h+G/vcT/c=";
 
 /* GOOGLE_PIN_CryptoCat1 */
 static const char kGOOGLE_PIN_CryptoCat1Fingerprint[] =
   "vKaqtTLWmVuXPVJE+0OqN5sRc4VCcSQHI/W3XTDVR24=";
 
@@ -142,16 +146,20 @@ static const char kGOOGLE_PIN_GoDaddySec
 /* GOOGLE_PIN_Libertylavabitcom */
 static const char kGOOGLE_PIN_LibertylavabitcomFingerprint[] =
   "WnKzsDXgqPtS1KvtImrhQPqcxfpmfssuI2cSJt4LMks=";
 
 /* GOOGLE_PIN_RapidSSL */
 static const char kGOOGLE_PIN_RapidSSLFingerprint[] =
   "lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM=";
 
+/* GOOGLE_PIN_SymantecClass3EVG3 */
+static const char kGOOGLE_PIN_SymantecClass3EVG3Fingerprint[] =
+  "gMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5E=";
+
 /* GOOGLE_PIN_Tor2web */
 static const char kGOOGLE_PIN_Tor2webFingerprint[] =
   "99ogQzjMuUTBkG1ZP7FME0K4kvBEti8Buzu4nZjRItM=";
 
 /* GTE CyberTrust Global Root */
 static const char kGTE_CyberTrust_Global_RootFingerprint[] =
   "EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU=";
 
@@ -738,16 +746,39 @@ static const StaticFingerprints kPinset_
   kPinset_dropbox_sha256_Data
 };
 
 static const StaticPinset kPinset_dropbox = {
   nullptr,
   &kPinset_dropbox_sha256
 };
 
+static const char* kPinset_facebook_sha1_Data[] = {
+  kFacebookBackupFingerprint,
+};
+static const StaticFingerprints kPinset_facebook_sha1 = {
+  sizeof(kPinset_facebook_sha1_Data) / sizeof(const char*),
+  kPinset_facebook_sha1_Data
+};
+
+static const char* kPinset_facebook_sha256_Data[] = {
+  kDigiCert_ECC_Secure_Server_CAFingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGOOGLE_PIN_SymantecClass3EVG3Fingerprint,
+};
+static const StaticFingerprints kPinset_facebook_sha256 = {
+  sizeof(kPinset_facebook_sha256_Data) / sizeof(const char*),
+  kPinset_facebook_sha256_Data
+};
+
+static const StaticPinset kPinset_facebook = {
+  &kPinset_facebook_sha1,
+  &kPinset_facebook_sha256
+};
+
 /* Domainlist */
 struct TransportSecurityPreload {
   const char* mHost;
   const bool mIncludeSubdomains;
   const bool mTestMode;
   const bool mIsMoz;
   const int32_t mId;
   const StaticPinset *pinset;
@@ -761,44 +792,49 @@ static const TransportSecurityPreload kP
   { "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla },
   { "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla },
   { "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "android.com", true, false, false, -1, &kPinset_google_root_pems },
   { "api.accounts.firefox.com", true, false, true, 5, &kPinset_mozilla_services },
   { "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
   { "apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "apps.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla },
   { "blog.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "business.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "business.twitter.com", true, false, false, -1, &kPinset_twitterCom },
   { "cdn.mozilla.net", true, false, true, -1, &kPinset_mozilla },
   { "cdn.mozilla.org", true, false, true, -1, &kPinset_mozilla },
   { "chart.apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "check.torproject.org", true, false, false, -1, &kPinset_tor },
   { "checkout.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "chrome-devtools-frontend.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "chrome.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "chromiumcodereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "cloud.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "code.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "code.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "codereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "codereview.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
   { "crypto.cat", false, true, false, -1, &kPinset_cryptoCat },
   { "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "developers.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "dist.torproject.org", true, false, false, -1, &kPinset_tor },
   { "dl.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "docs.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "domains.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
   { "drive.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "dropbox.com", false, false, false, -1, &kPinset_dropbox },
   { "encrypted.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "exclude-subdomains.pinning.example.com", false, false, false, 0, &kPinset_mozilla_test },
   { "facebook.com", true, true, false, -1, &kPinset_facebook },
+  { "facebook.com", false, true, false, -1, &kPinset_facebook },
   { "g.co", true, false, false, -1, &kPinset_google_root_pems },
   { "glass.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "gmail.com", false, false, false, -1, &kPinset_google_root_pems },
   { "goo.gl", true, false, false, -1, &kPinset_google_root_pems },
   { "google-analytics.com", true, false, false, -1, &kPinset_google_root_pems },
   { "google.ac", true, false, false, -1, &kPinset_google_root_pems },
   { "google.ad", true, false, false, -1, &kPinset_google_root_pems },
   { "google.ae", true, false, false, -1, &kPinset_google_root_pems },
@@ -1031,42 +1067,52 @@ static const TransportSecurityPreload kP
   { "groups.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "gstatic.com", true, false, false, -1, &kPinset_google_root_pems },
   { "history.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "hostedtalkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "inbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "include-subdomains.pinning.example.com", true, false, false, -1, &kPinset_mozilla_test },
   { "liberty.lavabit.com", true, true, false, -1, &kPinset_lavabit },
   { "login.corp.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "m.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "mail.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "market.android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mbasic.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "media.mozilla.com", true, false, true, -1, &kPinset_mozilla },
   { "mobile.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "mtouch.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "oauth.twitter.com", true, false, false, -1, &kPinset_twitterCom },
   { "passwords.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "pinningtest.appspot.com", true, false, false, -1, &kPinset_test },
+  { "pixel.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "platform.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
   { "play.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "plus.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "profiles.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "research.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "script.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "secure.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "security.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "services.mozilla.com", true, true, true, 6, &kPinset_mozilla_services },
   { "sites.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "ssl.google-analytics.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "t.facebook.com", true, true, false, -1, &kPinset_facebook },
+  { "tablet.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "talk.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "talkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test },
   { "tor2web.org", true, true, false, -1, &kPinset_tor2web },
   { "torproject.org", false, false, false, -1, &kPinset_tor },
+  { "touch.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "translate.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
   { "twimg.com", true, false, false, -1, &kPinset_twitterCDN },
   { "twitter.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "upload.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "urchin.com", true, false, false, -1, &kPinset_google_root_pems },
   { "w-spotlight.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wallet.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "webfilings-eu-mirror.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "webfilings-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "webfilings-mirror-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "webfilings.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wf-bigsky-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
@@ -1074,24 +1120,25 @@ static const TransportSecurityPreload kP
   { "wf-demo-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wf-dogfood-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wf-pentest.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wf-staging-hr.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wf-training-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wf-training-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wf-trial-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "www.dropbox.com", true, false, false, -1, &kPinset_dropbox },
+  { "www.facebook.com", true, true, false, -1, &kPinset_facebook },
   { "www.gmail.com", false, false, false, -1, &kPinset_google_root_pems },
   { "www.googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
   { "www.torproject.org", true, false, false, -1, &kPinset_tor },
   { "www.twitter.com", true, false, false, -1, &kPinset_twitterCom },
   { "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "youtu.be", true, false, false, -1, &kPinset_google_root_pems },
   { "youtube-nocookie.com", true, false, false, -1, &kPinset_google_root_pems },
   { "youtube.com", true, false, false, -1, &kPinset_google_root_pems },
   { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
 };
 
-// Pinning Preload List Length = 333;
+// Pinning Preload List Length = 349;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1422699044371000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1423303746919000);