From e8dfde2d50f304f5706c401c5efe08f6e23d379d Mon Sep 17 00:00:00 2001 From: ffxbld Date: Tue, 20 Jan 2015 15:17:19 -0800 Subject: [PATCH] No bug, Automated HPKP preload list update from host bld-linux64-spot-1001 - a=hpkp-update --- .../manager/boot/src/StaticHPKPins.errors | 7 -- security/manager/boot/src/StaticHPKPins.h | 65 +------------------ 2 files changed, 3 insertions(+), 69 deletions(-) diff --git a/security/manager/boot/src/StaticHPKPins.errors b/security/manager/boot/src/StaticHPKPins.errors index 705061726c3e..6a12b5d84498 100644 --- a/security/manager/boot/src/StaticHPKPins.errors +++ b/security/manager/boot/src/StaticHPKPins.errors @@ -2,10 +2,6 @@ Can't find hash in builtin certs for Chrome nickname RapidSSL, inserting GOOGLE_ Can't find hash in builtin certs for Chrome nickname Entrust_G2, inserting GOOGLE_PIN_Entrust_G2 Can't find hash in builtin certs for Chrome nickname Entrust_SSL, inserting GOOGLE_PIN_Entrust_SSL Can't find hash in builtin certs for Chrome nickname GTECyberTrustGlobalRoot, inserting GOOGLE_PIN_GTECyberTrustGlobalRoot -Can't find hash in builtin certs for Chrome nickname Tor2web, inserting GOOGLE_PIN_Tor2web -Can't find hash in builtin certs for Chrome nickname AlphaSSL_G2, inserting GOOGLE_PIN_AlphaSSL_G2 -Can't find hash in builtin certs for Chrome nickname CryptoCat1, inserting GOOGLE_PIN_CryptoCat1 -Can't find hash in builtin certs for Chrome nickname Libertylavabitcom, inserting GOOGLE_PIN_Libertylavabitcom Can't find hash in builtin certs for Chrome nickname EntrustRootEC1, inserting GOOGLE_PIN_EntrustRootEC1 Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GOOGLE_PIN_GoDaddySecure Can't find hash in builtin certs for Chrome nickname ThawtePremiumServer, inserting GOOGLE_PIN_ThawtePremiumServer @@ -16,9 +12,6 @@ Writing pinset google Writing pinset tor Writing pinset twitterCom Writing pinset twitterCDN -Writing pinset tor2web -Writing pinset cryptoCat -Writing pinset lavabit Writing pinset dropbox Writing pinset facebook Writing pinset spideroak diff --git a/security/manager/boot/src/StaticHPKPins.h b/security/manager/boot/src/StaticHPKPins.h index c38f8257b6eb..8c71043465e8 100644 --- a/security/manager/boot/src/StaticHPKPins.h +++ b/security/manager/boot/src/StaticHPKPins.h @@ -107,14 +107,6 @@ static const char kEquifax_Secure_eBusiness_CA_1Fingerprint[] = static const char kFacebookBackupFingerprint[] = "1ww8E0AYsR2oX5lndk2hwp2Uosk="; -/* GOOGLE_PIN_AlphaSSL_G2 */ -static const char kGOOGLE_PIN_AlphaSSL_G2Fingerprint[] = - "yxgiWGK++SFB9ySwt3M3qpn5HO0ZLFY5D+h+G/vcT/c="; - -/* GOOGLE_PIN_CryptoCat1 */ -static const char kGOOGLE_PIN_CryptoCat1Fingerprint[] = - "vKaqtTLWmVuXPVJE+0OqN5sRc4VCcSQHI/W3XTDVR24="; - /* GOOGLE_PIN_DigiCertECCSecureServerCA */ static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] = "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw="; @@ -139,10 +131,6 @@ static const char kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint[] = static const char kGOOGLE_PIN_GoDaddySecureFingerprint[] = "MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc="; -/* GOOGLE_PIN_Libertylavabitcom */ -static const char kGOOGLE_PIN_LibertylavabitcomFingerprint[] = - "WnKzsDXgqPtS1KvtImrhQPqcxfpmfssuI2cSJt4LMks="; - /* GOOGLE_PIN_RapidSSL */ static const char kGOOGLE_PIN_RapidSSLFingerprint[] = "lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM="; @@ -155,10 +143,6 @@ static const char kGOOGLE_PIN_SymantecClass3EVG3Fingerprint[] = static const char kGOOGLE_PIN_ThawtePremiumServerFingerprint[] = "9TwiBZgX3Zb0AGUWOdL4V+IQcKWavtkHlADZ9pVQaQA="; -/* GOOGLE_PIN_Tor2web */ -static const char kGOOGLE_PIN_Tor2webFingerprint[] = - "99ogQzjMuUTBkG1ZP7FME0K4kvBEti8Buzu4nZjRItM="; - /* GeoTrust Global CA */ static const char kGeoTrust_Global_CAFingerprint[] = "h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU="; @@ -657,47 +641,6 @@ static const StaticPinset kPinset_twitterCDN = { &kPinset_twitterCDN_sha256 }; -static const char* kPinset_tor2web_sha256_Data[] = { - kGOOGLE_PIN_Tor2webFingerprint, - kGOOGLE_PIN_AlphaSSL_G2Fingerprint, -}; -static const StaticFingerprints kPinset_tor2web_sha256 = { - sizeof(kPinset_tor2web_sha256_Data) / sizeof(const char*), - kPinset_tor2web_sha256_Data -}; - -static const StaticPinset kPinset_tor2web = { - nullptr, - &kPinset_tor2web_sha256 -}; - -static const char* kPinset_cryptoCat_sha256_Data[] = { - kDigiCert_High_Assurance_EV_Root_CAFingerprint, - kGOOGLE_PIN_CryptoCat1Fingerprint, -}; -static const StaticFingerprints kPinset_cryptoCat_sha256 = { - sizeof(kPinset_cryptoCat_sha256_Data) / sizeof(const char*), - kPinset_cryptoCat_sha256_Data -}; - -static const StaticPinset kPinset_cryptoCat = { - nullptr, - &kPinset_cryptoCat_sha256 -}; - -static const char* kPinset_lavabit_sha256_Data[] = { - kGOOGLE_PIN_LibertylavabitcomFingerprint, -}; -static const StaticFingerprints kPinset_lavabit_sha256 = { - sizeof(kPinset_lavabit_sha256_Data) / sizeof(const char*), - kPinset_lavabit_sha256_Data -}; - -static const StaticPinset kPinset_lavabit = { - nullptr, - &kPinset_lavabit_sha256 -}; - static const char* kPinset_dropbox_sha256_Data[] = { kGOOGLE_PIN_EntrustRootEC1Fingerprint, kGOOGLE_PIN_ThawtePremiumServerFingerprint, @@ -800,6 +743,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "appspot.com", true, false, false, -1, &kPinset_google_root_pems }, { "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla }, { "blog.torproject.org", true, false, false, -1, &kPinset_tor }, + { "blogger.com", true, false, false, -1, &kPinset_google_root_pems }, { "business.facebook.com", true, false, false, -1, &kPinset_facebook }, { "business.twitter.com", true, false, false, -1, &kPinset_twitterCom }, { "cdn.mozilla.net", true, false, true, -1, &kPinset_mozilla }, @@ -815,7 +759,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "code.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "codereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, { "codereview.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, - { "crypto.cat", false, true, false, -1, &kPinset_cryptoCat }, { "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom }, { "developers.facebook.com", true, false, false, -1, &kPinset_facebook }, { "dist.torproject.org", true, false, false, -1, &kPinset_tor }, @@ -1068,7 +1011,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "hostedtalkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "inbox.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "include-subdomains.pinning.example.com", true, false, false, -1, &kPinset_mozilla_test }, - { "liberty.lavabit.com", true, true, false, -1, &kPinset_lavabit }, { "login.corp.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "m.facebook.com", true, false, false, -1, &kPinset_facebook }, { "mail.google.com", true, false, false, -1, &kPinset_google_root_pems }, @@ -1099,7 +1041,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "talk.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "talkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test }, - { "tor2web.org", true, true, false, -1, &kPinset_tor2web }, { "torproject.org", false, false, false, -1, &kPinset_tor }, { "touch.facebook.com", true, false, false, -1, &kPinset_facebook }, { "translate.googleapis.com", true, false, false, -1, &kPinset_google_root_pems }, @@ -1135,8 +1076,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems }, }; -// Pinning Preload List Length = 348; +// Pinning Preload List Length = 346; static const int32_t kUnknownId = -1; -static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1428750717082000); +static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1430262504747000);