bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB
authorDavid Keeler <dkeeler@mozilla.com>
Mon, 26 Oct 2015 14:39:25 -0700
changeset 305181 8431c19a40067d9dbfe199f76d392b54d227da07
parent 305180 2df18499b6ad9328a0c45b58b15da1422ec09b79
child 305182 1e700005a0ddf2b17803213e1f3f8d78a7a618b8
child 305227 fd4f3106204c4b81e0b7fbe543796a2ca50b4360
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjcj
bugs1218515
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB pinning-test.badssl.com is a test domain for preloaded HPKP (HTTP Public Key Pinning - see RFC 7469). By specifying a pinset corresponding to no known keys, this domain should fail with a key pinning error by default. Also, the includeSubdomains option is set, so any subdomains should fail as well. Since Gecko incorporates preloaded pinsets from Chromium, this pinset is already defined. This patch merely switches it from test mode to production mode (well, to be more accurate, this patch sets up the input for the automated script that will make the code change that will put the pinset into production mode).
security/manager/tools/PreloadedHPKPins.json
--- a/security/manager/tools/PreloadedHPKPins.json
+++ b/security/manager/tools/PreloadedHPKPins.json
@@ -35,18 +35,19 @@
       // Use the larger google_root_pems pinset instead of google
       "google": "google_root_pems"
     },
     "production_pinsets": [
       "google_root_pems",
       "facebook"
     ],
     "production_domains": [
-      // Chrome's test domain.
+      // Chrome's test domains.
       "pinningtest.appspot.com",
+      "pinning-test.badssl.com",
       // Dropbox
       "dropbox.com",
       "www.dropbox.com",
       // Twitter
       "api.twitter.com",
       "business.twitter.com",
       "dev.twitter.com",
       "mobile.twitter.com",