Cykesiopka
e2fe0b8f62
Bug 1233328 - Part 2: Use SHA-256 StaticFingerprints directly instead of StaticPinset since the SHA-1 StaticFingerprints entry will always be null. r=keeler
2016-01-20 20:45:29 -08:00
David Keeler
17c8d8e45c
bug 1232766 - update the preloaded pinset for Google domains r=rbarnes
...
Also includes a script for making this process faster in the future.
2015-12-28 12:30:14 -08:00
Cykesiopka
05919374b8
Bug 1229284 - Remove support for SHA-1 hashes in genHPKPStaticPins.js. r=keeler
2015-12-17 07:52:00 +01:00
Cykesiopka
cb705a63a6
Bug 1224968 - Support public key input to unbreak periodic HPKP updates. r=keeler
...
be448badb1ba1f296240
2015-12-01 00:30:00 +01:00
Cykesiopka
c10edfff85
Bug 1224481 - Comment out CA certs removed in NSS 3.21 in PreloadedHPKPins.json to keep periodic Static HPKP updates working. r=dkeeler
...
--HG--
extra : transplant_source : %EAM%5D1%93%28H%BA%82%C0%0F%BB%3D%9E%40%8B%BCx%EB%03
2015-11-13 07:28:28 -08:00
David Keeler
1443993537
bug 1218515 - flip pinning-test.badssl.com into production mode r=jcj DONTBUILD NPOTB
...
pinning-test.badssl.com is a test domain for preloaded HPKP (HTTP Public Key
Pinning - see RFC 7469). By specifying a pinset corresponding to no known keys,
this domain should fail with a key pinning error by default. Also, the
includeSubdomains option is set, so any subdomains should fail as well.
Since Gecko incorporates preloaded pinsets from Chromium, this pinset is already
defined. This patch merely switches it from test mode to production mode (well,
to be more accurate, this patch sets up the input for the automated script that
will make the code change that will put the pinset into production mode).
2015-10-26 14:39:25 -07:00
Masatoshi Kimura
6ad41c8aee
Bug 1215796 - Remove the static fallback whitelist. r=keeler
2015-10-22 21:37:40 +09:00
Carsten "Tomcat" Book
08997000eb
Backed out 2 changesets (bug 1202902) to recking bug 1202902 to be able to reopen inbound on a CLOSED TREE
...
Backed out changeset 647025383676 (bug 12029021202902
2015-10-07 14:03:21 +02:00
Carsten "Tomcat" Book
e7ef778c9d
Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central
...
Backed out changeset cfc1820361f5 (bug 1202902
2015-10-07 12:13:45 +02:00
Shu-yu Guo
d06b6030f6
Bug 1202902 - Scripted fix the world.
2015-10-06 14:00:31 -07:00
David Keeler
74e470d1ac
bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-24 15:53:07 -07:00
Wes Kocher
21a9e609d5
Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures
2015-09-18 12:53:24 -07:00
David Keeler
4cfc799e53
bug 1203312 - convert tlsserver to generate certificates at build time r=Cykesiopka,mgoodwin
2015-08-24 15:53:07 -07:00
Shu-yu Guo
64db2267cf
Bug 1202902 - Mass replace toplevel 'let' with 'var' in preparation for global lexical scope. (rs=jorendorff)
2015-09-15 11:19:45 -07:00
Nick Thomas
5744a154e2
Bug 1197607, Automated hsts & hpkp updates are failing on mozilla-central, mozilla-aurora, mozilla-esr38, r=cykesiopka
2015-09-03 22:07:42 +12:00
Ben Hearsum
c51baf3ae9
bug 1116409: switch update server to sha2 cert; update in-tree pinning. r=rstrong,snorp,mfinkle,dkeeler
2015-08-20 17:50:51 -04:00
David Keeler
3c315d18c3
bug 1102436 - remove PublicKeyPinningService::CheckChainAgainstAllNames r=Cykesiopka
2015-05-07 11:06:07 -07:00
David Keeler
a4f79b207d
bug 1157873 - remove certificates from CNNIC whitelist that aren't in the Pilot Certificate Transparency log r=rbarnes
...
Also remove certificates where notBefore is on or after 1 April 2015.
2015-04-21 16:07:33 -07:00
David Keeler
5ff51a7744
bug 1151512 - only allow whitelisted certificates to be issued by CNNIC root certificates r=jcj r=rbarnes
2015-04-07 17:29:05 -07:00
David Keeler
0bf38c806e
bug 1138716 - update PSM data structures that depend on root CA changes r=mmc
2015-03-23 10:36:55 -07:00
Masatoshi Kimura
562649fe82
Bug 1128227 - Add a static TLS insecure fallback whitelist. r=keeler
2015-02-07 13:03:23 +09:00
Monica Chew
63de38c180
Bug 1101969: Disable pinning on media.mozilla.com (r=keeler)
2014-12-12 09:10:57 -08:00
Monica Chew
04d69a9f5b
Bug 1004781: Enable pinning for facebook in production mode (r=keeler)
2014-12-12 09:10:53 -08:00
David Keeler
ab80d0c717
bug 1091232 - update PSM data structures that are affected by root CA changes r=mmc
2014-11-18 16:41:18 -08:00
Monica Chew
419fa97eb6
Bug 1092606: Filter out duplicate pinsets as well as domains (r=keeler)
2014-11-17 12:54:42 -08:00
Monica Chew
f991b325aa
Bug 1098288: Enable pinning on spideroak (r=keeler)
2014-11-14 11:17:40 -08:00
Monica Chew
a89f219bef
Bug 1030135: Promote pin for services.mozilla.com to production mode (r=keeler)
2014-11-07 12:00:50 -08:00
Monica Chew
d68cf9f6e1
Bug 1004781: Remove unnecessary cert for facebook (r=keeler)
2014-11-04 10:54:26 -08:00
Monica Chew
eeb4a7f756
Bug 1092606: Don't import Chromium pinsets for domains that are already in our list (r=keeler,jcj)
2014-11-04 10:53:52 -08:00
Monica Chew
3e0f2fd921
Bug 1004781: Actually remove the pinset (r=keeler)
2014-10-30 16:21:09 -07:00
Monica Chew
1e19be7e65
Bug 1004781: Remove our pinset for facebook since it's in chromium now (r=keeler)
2014-10-30 16:14:19 -07:00
David Keeler
46c48f2321
bug 1083085 - update where getHSTSPreloadList.js and genHPKPStaticPins.js think Chromium's lists are r=mmc DONTBUILD NPOTB
2014-10-21 15:20:02 -07:00
J.C. Jones
e75e48ed45
Bug 1054498 - Report pinning violations by CA r=keeler
2014-10-17 10:33:50 -07:00
David Keeler
4ae95106e2
bug 1077891 - update getHSTSPreloadList.js to reflect changes to nsISiteSecurityService r=mmc DONTBUILD NPOTB
2014-10-06 11:28:15 -07:00
Monica Chew
af2478ad59
Bug 1030135: Set is_moz if the pinset name contains mozilla, set bucket id for pinsets containing the string mozilla (r=keeler)
2014-10-02 16:45:13 -07:00
David Keeler
d577ecb4c1
bug 1004781 - follow-up to add "DigiCert ECC Secure Server CA" to Facebook's pinset r=mmc
2014-09-08 09:33:03 -07:00
Monica Chew
2c36fac925
Bug 1030135: Enable pinning on services.mozilla.com in test mode (r=keeler)
2014-09-05 12:04:26 -07:00
Monica Chew
5c4a88776f
Bug 1004781: Enable pinning in test mode for facebook (r=cviecco)
2014-08-27 14:18:25 -07:00
Monica Chew
afefa8ea41
Bug 1047560: Enable pinning on dropbox (r=keeler)
2014-08-01 13:12:38 -07:00
Camilo Viecco
2fb2490eb9
Bug 1004353 - Enable pinning for TOR websites. r=mmc
...
--HG--
extra : rebase_source : d880368dd9eaaafcde353ce187438ae074994bfa
2014-07-22 14:28:52 -07:00
Monica Chew
5d17335955
Bug 1020485: Enable production mode for fxa (r=keeler)
2014-07-14 13:06:25 -07:00
Monica Chew
0d4a092978
Bug 1036142: Don't use kPublicKeyPinningPreloadListLength (r=keeler)
2014-07-09 12:58:40 -07:00
Monica Chew
fccf311e4a
Bug 1035923: Remove deprecated certs from google_root_pems (r=keeler)
2014-07-08 16:01:29 -07:00
Monica Chew
dee96fd3f7
Bug 1027133: Set test_mode=false for *.twitter.com (r=keeler)
2014-07-07 08:58:13 -07:00
Harsh Pathak
7c4b2ba847
Bug 643041 - Merge nsIX509Cert2 and nsIX509Cert3 into nsIX509Cert, and merge nsIX509CertDB2 into nsIX509CertDB. r=keeler
...
--HG--
extra : rebase_source : 5283c637e45dbee9f741d56cda54fdef1afce16e
2014-07-03 22:09:24 -07:00
Monica Chew
43074631ad
Bug 1033872: Split off api.accounts.firefox.com into a separate pinset (r=keeler)
2014-07-03 16:41:57 -07:00
Monica Chew
cf58305707
Bug 1012875: Expire pins in 8 weeks once they reach stable (r=keeler)
2014-07-02 11:34:04 -07:00
Monica Chew
633c337197
Bug 1027133: Enable test mode for *.twitter.com (r=keeler)
2014-06-18 16:23:13 -04:00
Monica Chew
e49e9fc82b
Bug 1004352: Enable pinning for Google in production mode (r=keeler)
2014-06-11 15:32:37 -07:00
Monica Chew
916aa7eb2c
Bug 1020485: Enable pinning in test mode for accounts.firefox.com (r=keeler)
2014-06-06 13:44:59 -07:00
