Bug 1019772: Enable production mode on pinning AMO (r=keeler)
authorMonica Chew <mmc@mozilla.com>
Tue, 03 Jun 2014 11:00:39 -0700
changeset 206753 d06bf90cb6ed1802f712fec16a6a085647c7c3dd
parent 206752 a0b699f4fddd4053ba38d01413f608c8ca9a16a3
child 206754 c25abea181d7960baf96261f3db4124d591fa642
push id494
push userraliiev@mozilla.com
push dateMon, 25 Aug 2014 18:42:16 +0000
treeherdermozilla-release@a3cc3e46b571 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1019772
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1019772: Enable production mode on pinning AMO (r=keeler)
security/manager/boot/src/StaticHPKPins.h
security/manager/tools/PreloadedHPKPins.json
--- a/security/manager/boot/src/StaticHPKPins.h
+++ b/security/manager/boot/src/StaticHPKPins.h
@@ -656,18 +656,18 @@ struct TransportSecurityPreload {
   const bool mIsMoz;
   const int32_t mId;
   const StaticPinset *pinset;
 };
 
 /* Sort hostnames for binary search. */
 static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
   { "accounts.google.com", true, true, false, -1, &kPinset_google_root_pems },
-  { "addons.mozilla.net", true, true, true, 2, &kPinset_mozilla },
-  { "addons.mozilla.org", true, true, true, 1, &kPinset_mozilla },
+  { "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla },
+  { "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla },
   { "admin.google.com", true, true, false, -1, &kPinset_google_root_pems },
   { "android.com", true, true, false, -1, &kPinset_google_root_pems },
   { "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
   { "apis.google.com", true, true, false, -1, &kPinset_google_root_pems },
   { "appengine.google.com", true, true, false, -1, &kPinset_google_root_pems },
   { "appspot.com", true, true, false, -1, &kPinset_google_root_pems },
   { "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla },
   { "blog.torproject.org", true, true, false, -1, &kPinset_tor },
@@ -983,9 +983,9 @@ static const TransportSecurityPreload kP
   { "youtube.com", true, true, false, -1, &kPinset_google_root_pems },
   { "ytimg.com", true, true, false, -1, &kPinset_google_root_pems },
 };
 
 static const int kPublicKeyPinningPreloadListLength = 322;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1412099175458000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1412704831237000);
--- a/security/manager/tools/PreloadedHPKPins.json
+++ b/security/manager/tools/PreloadedHPKPins.json
@@ -166,19 +166,19 @@
       ]
     }
   ],
 
   "entries": [
     // Only domains that are operationally crucial to Firefox can have per-host
     // telemetry reporting (the "id") field
     { "name": "addons.mozilla.org", "include_subdomains": true,
-      "pins": "mozilla", "test_mode": true, "id": 1 },
+      "pins": "mozilla", "test_mode": false, "id": 1 },
     { "name": "addons.mozilla.net", "include_subdomains": true,
-      "pins": "mozilla", "test_mode": true, "id": 2 },
+      "pins": "mozilla", "test_mode": false, "id": 2 },
     { "name": "aus4.mozilla.org", "include_subdomains": true,
       "pins": "mozilla", "test_mode": true, "id": 3 },
     { "name": "cdn.mozilla.net", "include_subdomains": true,
       "pins": "mozilla", "test_mode": false },
     { "name": "cdn.mozilla.org", "include_subdomains": true,
       "pins": "mozilla", "test_mode": false },
     { "name": "media.mozilla.com", "include_subdomains": true,
       "pins": "mozilla", "test_mode": false },