Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-08 10:44:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

No bug, Automated HPKP preload list update from host bld-linux64-spot-228 - a=hpkp-update

Browse Source
This commit is contained in:
ffxbld 2016-11-30 06:51:53 -08:00
parent 64e5403603
commit 474dbc7f10
2 changed files with 32 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/manager/ssl/StaticHPKPins.errors
View File

@ -11,8 +11,6 @@ Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GO
Can't find hash in builtin certs for Chrome nickname ThawtePremiumServer, inserting GOOGLE_PIN_ThawtePremiumServer
Can't find hash in builtin certs for Chrome nickname SymantecClass3EVG3, inserting GOOGLE_PIN_SymantecClass3EVG3
Can't find hash in builtin certs for Chrome nickname DigiCertECCSecureServerCA, inserting GOOGLE_PIN_DigiCertECCSecureServerCA
Can't find hash in builtin certs for Chrome nickname LetsEncryptAuthorityPrimary_X1_X3, inserting GOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3
Can't find hash in builtin certs for Chrome nickname LetsEncryptAuthorityBackup_X2_X4, inserting GOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4
Can't find hash in builtin certs for Chrome nickname COMODORSADomainValidationSecureServerCA, inserting GOOGLE_PIN_COMODORSADomainValidationSecureServerCA
Writing pinset test
Writing pinset google

81
security/manager/ssl/StaticHPKPins.h
View File

@ -155,14 +155,6 @@ static const char kGOOGLE_PIN_GoDaddySecureFingerprint[] =
static const char kGOOGLE_PIN_GoogleG2Fingerprint[] =
"7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=";
/* GOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4 */
static const char kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint[] =
"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";
/* GOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3 */
static const char kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint[] =
"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";
/* GOOGLE_PIN_RapidSSL */
static const char kGOOGLE_PIN_RapidSSLFingerprint[] =
"lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM=";
@ -255,6 +247,14 @@ static const char kGo_Daddy_Root_Certificate_Authority___G2Fingerprint[] =
static const char kGoogleBackup2048Fingerprint[] =
"IPMbDAjLVSGntGO3WP53X/zilCVndez5YJ2+vJvhJsA=";
/* Let's Encrypt Authority X3 */
static const char kLet_s_Encrypt_Authority_X3Fingerprint[] =
"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";
/* Let's Encrypt Authority X4 */
static const char kLet_s_Encrypt_Authority_X4Fingerprint[] =
"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";
/* SpiderOak2 */
static const char kSpiderOak2Fingerprint[] =
"7Y3UnxbffL8aFPXsOJBpGasgpDmngpIhAxGKdQRklQQ=";
@ -431,35 +431,11 @@ static const StaticFingerprints kPinset_google_root_pems = {
kPinset_google_root_pems_Data
};
static const char* const kPinset_mozilla_Data[] = {
kGeoTrust_Global_CA_2Fingerprint,
kthawte_Primary_Root_CA___G3Fingerprint,
kthawte_Primary_Root_CAFingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
kGeoTrust_Primary_Certification_AuthorityFingerprint,
kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kBaltimore_CyberTrust_RootFingerprint,
kthawte_Primary_Root_CA___G2Fingerprint,
kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
kGeoTrust_Universal_CA_2Fingerprint,
kGeoTrust_Global_CAFingerprint,
kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
kGeoTrust_Universal_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
};
static const StaticFingerprints kPinset_mozilla = {
sizeof(kPinset_mozilla_Data) / sizeof(const char*),
kPinset_mozilla_Data
};
static const char* const kPinset_mozilla_services_Data[] = {
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kLet_s_Encrypt_Authority_X3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kLet_s_Encrypt_Authority_X4Fingerprint,
};
static const StaticFingerprints kPinset_mozilla_services = {
sizeof(kPinset_mozilla_services_Data) / sizeof(const char*),
@ -496,10 +472,10 @@ static const StaticFingerprints kPinset_google = {
static const char* const kPinset_tor_Data[] = {
kTor3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
kLet_s_Encrypt_Authority_X3Fingerprint,
kTor1Fingerprint,
kGOOGLE_PIN_RapidSSLFingerprint,
kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
kLet_s_Encrypt_Authority_X4Fingerprint,
kTor2Fingerprint,
};
static const StaticFingerprints kPinset_tor = {
@ -656,9 +632,9 @@ static const StaticFingerprints kPinset_yahoo = {
static const char* const kPinset_swehackCom_Data[] = {
kSwehackFingerprint,
kDST_Root_CA_X3Fingerprint,
kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
kLet_s_Encrypt_Authority_X3Fingerprint,
kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint,
kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
kLet_s_Encrypt_Authority_X4Fingerprint,
kSwehackBackupFingerprint,
};
static const StaticFingerprints kPinset_swehackCom = {
@ -672,11 +648,11 @@ static const char* const kPinset_nightx_Data[] = {
kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
kLet_s_Encrypt_Authority_X3Fingerprint,
kAddTrust_External_RootFingerprint,
kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
kLet_s_Encrypt_Authority_X4Fingerprint,
};
static const StaticFingerprints kPinset_nightx = {
sizeof(kPinset_nightx_Data) / sizeof(const char*),
@ -698,8 +674,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "2mdn.net", true, false, false, -1, &kPinset_google_root_pems },
{ "accounts.firefox.com", true, false, true, 4, &kPinset_mozilla_services },
{ "accounts.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla },
{ "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla },
{ "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla_services },
{ "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla_services },
{ "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "android.com", true, false, false, -1, &kPinset_google_root_pems },
{ "api.accounts.firefox.com", true, false, true, 5, &kPinset_mozilla_services },
@ -710,8 +686,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "appspot.com", true, false, false, -1, &kPinset_google_root_pems },
{ "at.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "au.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla },
{ "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla },
{ "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla_services },
{ "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla_services },
{ "az.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "be.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "bi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
@ -725,8 +701,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "business.twitter.com", true, false, false, -1, &kPinset_twitterCom },
{ "ca.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "cd.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "cdn.mozilla.net", true, false, true, -1, &kPinset_mozilla },
{ "cdn.mozilla.org", true, false, true, -1, &kPinset_mozilla },
{ "cdn.mozilla.net", true, false, true, -1, &kPinset_mozilla_services },
{ "cdn.mozilla.org", true, false, true, -1, &kPinset_mozilla_services },
{ "cg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "ch.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "chart.apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
@ -749,6 +725,9 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "codereview.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
{ "contributor.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "cr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "crash-reports-xpsp2.mozilla.com", false, false, true, 11, &kPinset_mozilla_services },
{ "crash-reports.mozilla.com", false, false, true, 10, &kPinset_mozilla_services },
{ "crash-stats.mozilla.com", false, false, true, 12, &kPinset_mozilla_services },
{ "ct.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "de.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom },
@ -761,6 +740,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "docs.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "domains.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
{ "download.mozilla.org", false, false, true, 14, &kPinset_mozilla_services },
{ "drive.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "dropbox.com", true, false, false, -1, &kPinset_dropbox },
{ "dropboxstatic.com", false, true, false, -1, &kPinset_dropbox },
@ -1104,11 +1084,14 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "stats.g.doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
{ "sv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "swehack.org", true, true, false, -1, &kPinset_swehackCom },
{ "sync.services.mozilla.com", true, false, true, 13, &kPinset_mozilla_services },
{ "t.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "tablet.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "talk.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "talkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "telemetry.mozilla.org", true, true, true, 8, &kPinset_mozilla_services },
{ "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test },
{ "testpilot.firefox.com", false, false, true, 9, &kPinset_mozilla_services },
{ "th.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "torproject.org", false, false, false, -1, &kPinset_tor },
{ "touch.facebook.com", true, false, false, -1, &kPinset_facebook },
@ -1161,8 +1144,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
};
// Pinning Preload List Length = 464;
// Pinning Preload List Length = 471;
static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1488896689084000);
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1488984302204000);