mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

No Bug, mozilla-central repo-update HSTS HPKP remote-settings - r=release-managers,pascalc 

Differential Revision: https://phabricator.services.mozilla.com/D216269
This commit is contained in:
ffxbld 2024-07-11 15:07:08 +00:00
Родитель 2208f61a4a
Коммит 4f2185455d
3 изменённых файлов: 1707 добавлений и 304 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

57
security/manager/ssl/StaticHPKPins.h
Просмотреть файл

@ -111,18 +111,6 @@ static const char kFacebookBackupFingerprint[] =
static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] =
"PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=";
/* GOOGLE_PIN_R3LetsEncrypt */
static const char kGOOGLE_PIN_R3LetsEncryptFingerprint[] =
"jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=";
/* GOOGLE_PIN_R4LetsEncrypt */
static const char kGOOGLE_PIN_R4LetsEncryptFingerprint[] =
"5VReIRNHJBiRxVSgOTTN6bdJZkpZ0m1hX+WPd5kPLQM=";
/* GOOGLE_PIN_RapidSSL */
static const char kGOOGLE_PIN_RapidSSLFingerprint[] =
"lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM=";
/* GOOGLE_PIN_SymantecClass3EVG3 */
static const char kGOOGLE_PIN_SymantecClass3EVG3Fingerprint[] =
"gMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5E=";
@ -187,14 +175,6 @@ static const char kISRG_Root_X1Fingerprint[] =
static const char kISRG_Root_X2Fingerprint[] =
"diGVwiVYbubAI3RW4hB9xU8e/CH2GnkuvVFZE8zmgzI=";
/* Let's Encrypt Authority X3 */
static const char kLet_s_Encrypt_Authority_X3Fingerprint[] =
"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";
/* Let's Encrypt Authority X4 */
static const char kLet_s_Encrypt_Authority_X4Fingerprint[] =
"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";
/* Starfield Class 2 CA */
static const char kStarfield_Class_2_CAFingerprint[] =
"FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=";
@ -207,18 +187,6 @@ static const char kStarfield_Root_Certificate_Authority___G2Fingerprint[] =
static const char kTestSPKIFingerprint[] =
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
/* Tor1 */
static const char kTor1Fingerprint[] =
"bYz9JTDk89X3qu3fgswG+lBQso5vI0N1f0Rx4go4nLo=";
/* Tor2 */
static const char kTor2Fingerprint[] =
"xXCxhTdn7uxXneJSbQCqoAvuW3ZtQl2pDVTf2sewS8w=";
/* Tor3 */
static const char kTor3Fingerprint[] =
"CleC1qwUR8JPgH1nXvSe2VHxDe5/KfNs96EusbfSOfo=";
/* USERTrust ECC Certification Authority */
static const char kUSERTrust_ECC_Certification_AuthorityFingerprint[] =
"ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs=";
@ -321,22 +289,6 @@ static const StaticFingerprints kPinset_google = {
kPinset_google_Data
};
static const char* const kPinset_tor_Data[] = {
kGOOGLE_PIN_R4LetsEncryptFingerprint,
kTor3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kLet_s_Encrypt_Authority_X3Fingerprint,
kTor1Fingerprint,
kGOOGLE_PIN_R3LetsEncryptFingerprint,
kGOOGLE_PIN_RapidSSLFingerprint,
kLet_s_Encrypt_Authority_X4Fingerprint,
kTor2Fingerprint,
};
static const StaticFingerprints kPinset_tor = {
sizeof(kPinset_tor_Data) / sizeof(const char*),
kPinset_tor_Data
};
static const char* const kPinset_facebook_Data[] = {
kCOMODO_ECC_Certification_AuthorityFingerprint,
kISRG_Root_X1Fingerprint,
@ -391,7 +343,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "appspot.com", true, false, false, -1, &kPinset_google_root_pems },
{ "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla_services },
{ "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla_services },
{ "blog.torproject.org", true, true, false, -1, &kPinset_tor },
{ "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
{ "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
{ "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
@ -401,7 +352,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "cdn.ampproject.org", true, false, false, -1, &kPinset_google_root_pems },
{ "cdn.mozilla.net", true, false, true, 16, &kPinset_mozilla_services },
{ "cdn.mozilla.org", true, false, true, 17, &kPinset_mozilla_services },
{ "check.torproject.org", true, true, false, -1, &kPinset_tor },
{ "checkout.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "chrome-devtools-frontend.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
{ "chrome.com", true, false, false, -1, &kPinset_google_root_pems },
@ -426,7 +376,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "datastudio.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "developer.android.com", true, false, false, -1, &kPinset_google_root_pems },
{ "developers.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "dist.torproject.org", true, true, false, -1, &kPinset_tor },
{ "dl.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "dns.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "docs.google.com", true, false, false, -1, &kPinset_google_root_pems },
@ -736,7 +685,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "telemetry.mozilla.org", true, true, true, 8, &kPinset_mozilla_services },
{ "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test },
{ "testpilot.firefox.com", false, false, true, 9, &kPinset_mozilla_services },
{ "torproject.org", false, true, false, -1, &kPinset_tor },
{ "touch.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "translate.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
{ "tunnel-staging.googlezip.net", true, false, false, -1, &kPinset_google_root_pems },
@ -767,7 +715,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "www.googlegroups.com", true, false, false, -1, &kPinset_google_root_pems },
{ "www.googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
{ "www.messenger.com", true, false, false, -1, &kPinset_facebook },
{ "www.torproject.org", true, true, false, -1, &kPinset_tor },
{ "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
{ "xn--7xa.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "youtu.be", true, false, false, -1, &kPinset_google_root_pems },
@ -776,8 +723,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
};
// Pinning Preload List Length = 397;
// Pinning Preload List Length = 392;
static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1728910423470000);
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1729163016886000);

1844
security/manager/ssl/nsSTSPreloadList.inc
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

110
services/settings/dumps/security-state/intermediates.json
Просмотреть файл

@ -1,5 +1,113 @@
{
"data": [
{
"schema": 1720666099799,
"derHash": "frX0qqw5s6eDXXb3IqRz+bSRHko2kd54s8KXNZV2TqI=",
"subject": "CN=Cloudflare Inc ECC CA-4,O=Cloudflare\\, Inc.,C=US",
"subjectDN": "MEoxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMSAwHgYDVQQDExdDbG91ZGZsYXJlIEluYyBFQ0MgQ0EtNA==",
"whitelist": false,
"attachment": {
"hash": "2d3185ca699ccb9aabb49c911f21d543cffb499812b422438327ecaab43e6cc1",
"size": 1142,
"filename": "bqmrs-PB9A-B92euE7tljq0Umt_lqmpZwgZdjHQqvgE=.pem",
"location": "security-state-staging/intermediates/36b03b92-df2e-43dc-948d-2d8a984b3bd7.pem",
"mimetype": "application/x-pem-file"
},
"pubKeyHash": "bqmrs+PB9A+B92euE7tljq0Umt/lqmpZwgZdjHQqvgE=",
"crlite_enrolled": false,
"id": "d33cf9b6-cfc1-49f7-895a-917b74fdb9be",
"last_modified": 1720666622968
},
{
"schema": 1720666099461,
"derHash": "n7A4Uxf6scAFQbJ0psgrdkTefH/Uu14zXeRF+gqWv9k=",
"subject": "CN=Cloudflare Inc RSA CA-3,O=Cloudflare\\, Inc.,C=US",
"subjectDN": "MEoxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMSAwHgYDVQQDExdDbG91ZGZsYXJlIEluYyBSU0EgQ0EtMw==",
"whitelist": false,
"attachment": {
"hash": "1e8c31bf768c6248ab7f86fdf717168da9cd2746844381a019609220b542585b",
"size": 1983,
"filename": "33fTYx2MHyKfegGuQmiGJj_BkFCXWk5xJFyuVujoO6U=.pem",
"location": "security-state-staging/intermediates/73fe75ca-7e88-43dd-9ac2-7b323fb8a9f9.pem",
"mimetype": "application/x-pem-file"
},
"pubKeyHash": "33fTYx2MHyKfegGuQmiGJj/BkFCXWk5xJFyuVujoO6U=",
"crlite_enrolled": false,
"id": "04f8aed8-c52d-4069-b0ae-419a20bd695c",
"last_modified": 1720666622966
},
{
"schema": 1720558069715,
"derHash": "gEYrkmrRB5OpA214wFTn8xvU4mYCCzMiDtIa2Aje69E=",
"subject": "CN=NETLOCK TLS OV ECC CA,O=NETLOCK Kft.,L=Budapest,C=HU",
"subjectDN": "MHAxCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEVMBMGA1UECgwMTkVUTE9DSyBLZnQuMR4wHAYDVQQDDBVORVRMT0NLIFRMUyBPViBFQ0MgQ0ExFzAVBgNVBGEMDlZBVEhVLTEyMjAxNTIx",
"whitelist": false,
"attachment": {
"hash": "1f8c607b45240a4940a89b928eeeac156489773c7f3836b292151d2d20fb9edb",
"size": 1329,
"filename": "i16I9ip2k2JwWRaZXmFeIeiS2KzOYhrChFGnUDooIl0=.pem",
"location": "security-state-staging/intermediates/73527d36-9b9e-479c-80c6-7b67fbc17e15.pem",
"mimetype": "application/x-pem-file"
},
"pubKeyHash": "i16I9ip2k2JwWRaZXmFeIeiS2KzOYhrChFGnUDooIl0=",
"crlite_enrolled": false,
"id": "85d19132-20a5-4258-a939-893191c393fe",
"last_modified": 1720558623153
},
{
"schema": 1720558070405,
"derHash": "73hwstg6oUWCcUeTsNfZ7xEk+9/MiK4Bw3efnDHW9TI=",
"subject": "CN=NETLOCK TLS Qualified EV ECC CA,O=NETLOCK Kft.,L=Budapest,C=HU",
"subjectDN": "MHoxCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEVMBMGA1UECgwMTkVUTE9DSyBLZnQuMSgwJgYDVQQDDB9ORVRMT0NLIFRMUyBRdWFsaWZpZWQgRVYgRUNDIENBMRcwFQYDVQRhDA5WQVRIVS0xMjIwMTUyMQ==",
"whitelist": false,
"attachment": {
"hash": "a2e9517784ec821dce9524ef6c79147beac8c351995ece25e3cf29748a806e67",
"size": 1341,
"filename": "8hGei3i00u2h5PvrbQEWCXLIaozLXkbULtTHvZ-3QZg=.pem",
"location": "security-state-staging/intermediates/51412110-bb01-49aa-bc56-2c9175706337.pem",
"mimetype": "application/x-pem-file"
},
"pubKeyHash": "8hGei3i00u2h5PvrbQEWCXLIaozLXkbULtTHvZ+3QZg=",
"crlite_enrolled": false,
"id": "87032642-01fe-4a50-ad59-84b47e7c5601",
"last_modified": 1720558623151
},
{
"schema": 1720558070096,
"derHash": "Pexf+DbrS0oUTxDKAr7t8GUAH3PydtKbXIU1GD/kPHg=",
"subject": "CN=NETLOCK TLS DV ECC CA,O=NETLOCK Kft.,L=Budapest,C=HU",
"subjectDN": "MHAxCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEVMBMGA1UECgwMTkVUTE9DSyBLZnQuMR4wHAYDVQQDDBVORVRMT0NLIFRMUyBEViBFQ0MgQ0ExFzAVBgNVBGEMDlZBVEhVLTEyMjAxNTIx",
"whitelist": false,
"attachment": {
"hash": "343a542ba4ea4dba9663b057ae11ee0d96d063aa034a0f11e40883468d85076a",
"size": 1329,
"filename": "li0YuffRNQ1XEOF7VTuJakr96zJ_ALD7q_pshmkp7mU=.pem",
"location": "security-state-staging/intermediates/5ee95c7a-b260-49d2-bdad-37a5bd990661.pem",
"mimetype": "application/x-pem-file"
},
"pubKeyHash": "li0YuffRNQ1XEOF7VTuJakr96zJ/ALD7q/pshmkp7mU=",
"crlite_enrolled": false,
"id": "8f163a1a-b497-432c-98c4-250210622918",
"last_modified": 1720558623148
},
{
"schema": 1720536768542,
"derHash": "ArSq9XrwlD/x17rEzg/MdW4zbw8cBZqoyvhN/53S56M=",
"subject": "CN=NETLOCK TLS EV ECC CA,O=NETLOCK Kft.,L=Budapest,C=HU",
"subjectDN": "MHAxCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEVMBMGA1UECgwMTkVUTE9DSyBLZnQuMR4wHAYDVQQDDBVORVRMT0NLIFRMUyBFViBFQ0MgQ0ExFzAVBgNVBGEMDlZBVEhVLTEyMjAxNTIx",
"whitelist": false,
"attachment": {
"hash": "832bdc18f3f40ce2b30b365dd2d5bbbb5b7d253c40e49988f501de6d21413ab2",
"size": 1329,
"filename": "cbddOej5UNOOv4KN9cNSXUsA1PNl6KujuXDCLRgBnFg=.pem",
"location": "security-state-staging/intermediates/8db8da41-bb31-40e1-9d98-12d022ea0eb3.pem",
"mimetype": "application/x-pem-file"
},
"pubKeyHash": "cbddOej5UNOOv4KN9cNSXUsA1PNl6KujuXDCLRgBnFg=",
"crlite_enrolled": false,
"id": "4ce91844-0658-4c91-b850-56dd1cd43695",
"last_modified": 1720537022986
},
{
"schema": 1719240777384,
"derHash": "OygSHYmF4trfICnFPyMgB/DBnseIZUssK6rr5QQZsNU=",
@ -30979,5 +31087,5 @@
"last_modified": 1559865884636
}
],
"timestamp": 1720018623201
"timestamp": 1720666622968
}