--- a/security/manager/ssl/StaticHPKPins.h
+++ b/security/manager/ssl/StaticHPKPins.h
@@ -352,23 +352,18 @@ static const char kthawte_Primary_Root_C
"GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik=";
/* Pinsets are each an ordered list by the actual value of the fingerprint */
struct StaticFingerprints {
const size_t size;
const char* const* data;
};
-struct StaticPinset {
- const StaticFingerprints* sha1;
- const StaticFingerprints* sha256;
-};
-
/* PreloadedHPKPins.json pinsets */
-static const char* kPinset_google_root_pems_sha256_Data[] = {
+static const char* kPinset_google_root_pems_Data[] = {
kEquifax_Secure_CAFingerprint,
kEntrust_Root_Certification_Authority___EC1Fingerprint,
kComodo_Trusted_Services_rootFingerprint,
kCOMODO_ECC_Certification_AuthorityFingerprint,
kDigiCert_Assured_ID_Root_G2Fingerprint,
kCOMODO_Certification_AuthorityFingerprint,
kAddTrust_Low_Value_Services_RootFingerprint,
kGlobalSign_ECC_Root_CA___R4Fingerprint,
@@ -415,27 +410,22 @@ static const char* kPinset_google_root_p
kDigiCert_Global_Root_CAFingerprint,
kDigiCert_Global_Root_G3Fingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
kComodo_AAA_Services_rootFingerprint,
kAffirmTrust_PremiumFingerprint,
kUSERTrust_RSA_Certification_AuthorityFingerprint,
kAddTrust_Qualified_Certificates_RootFingerprint,
};
-static const StaticFingerprints kPinset_google_root_pems_sha256 = {
- sizeof(kPinset_google_root_pems_sha256_Data) / sizeof(const char*),
- kPinset_google_root_pems_sha256_Data
+static const StaticFingerprints kPinset_google_root_pems = {
+ sizeof(kPinset_google_root_pems_Data) / sizeof(const char*),
+ kPinset_google_root_pems_Data
};
-static const StaticPinset kPinset_google_root_pems = {
- nullptr,
- &kPinset_google_root_pems_sha256
-};
-
-static const char* kPinset_mozilla_sha256_Data[] = {
+static const char* kPinset_mozilla_Data[] = {
kGeoTrust_Global_CA_2Fingerprint,
kthawte_Primary_Root_CA___G3Fingerprint,
kthawte_Primary_Root_CAFingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
kGeoTrust_Primary_Certification_AuthorityFingerprint,
kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
@@ -447,101 +437,71 @@ static const char* kPinset_mozilla_sha25
kGeoTrust_Universal_CA_2Fingerprint,
kGeoTrust_Global_CAFingerprint,
kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
kGeoTrust_Universal_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
};
-static const StaticFingerprints kPinset_mozilla_sha256 = {
- sizeof(kPinset_mozilla_sha256_Data) / sizeof(const char*),
- kPinset_mozilla_sha256_Data
+static const StaticFingerprints kPinset_mozilla = {
+ sizeof(kPinset_mozilla_Data) / sizeof(const char*),
+ kPinset_mozilla_Data
};
-static const StaticPinset kPinset_mozilla = {
- nullptr,
- &kPinset_mozilla_sha256
-};
-
-static const char* kPinset_mozilla_services_sha256_Data[] = {
+static const char* kPinset_mozilla_services_Data[] = {
kDigiCert_Global_Root_CAFingerprint,
};
-static const StaticFingerprints kPinset_mozilla_services_sha256 = {
- sizeof(kPinset_mozilla_services_sha256_Data) / sizeof(const char*),
- kPinset_mozilla_services_sha256_Data
-};
-
-static const StaticPinset kPinset_mozilla_services = {
- nullptr,
- &kPinset_mozilla_services_sha256
+static const StaticFingerprints kPinset_mozilla_services = {
+ sizeof(kPinset_mozilla_services_Data) / sizeof(const char*),
+ kPinset_mozilla_services_Data
};
-static const char* kPinset_mozilla_test_sha256_Data[] = {
+static const char* kPinset_mozilla_test_Data[] = {
kEnd_Entity_Test_CertFingerprint,
};
-static const StaticFingerprints kPinset_mozilla_test_sha256 = {
- sizeof(kPinset_mozilla_test_sha256_Data) / sizeof(const char*),
- kPinset_mozilla_test_sha256_Data
-};
-
-static const StaticPinset kPinset_mozilla_test = {
- nullptr,
- &kPinset_mozilla_test_sha256
+static const StaticFingerprints kPinset_mozilla_test = {
+ sizeof(kPinset_mozilla_test_Data) / sizeof(const char*),
+ kPinset_mozilla_test_Data
};
/* Chrome static pinsets */
-static const char* kPinset_test_sha256_Data[] = {
+static const char* kPinset_test_Data[] = {
kTestSPKIFingerprint,
};
-static const StaticFingerprints kPinset_test_sha256 = {
- sizeof(kPinset_test_sha256_Data) / sizeof(const char*),
- kPinset_test_sha256_Data
+static const StaticFingerprints kPinset_test = {
+ sizeof(kPinset_test_Data) / sizeof(const char*),
+ kPinset_test_Data
};
-static const StaticPinset kPinset_test = {
- nullptr,
- &kPinset_test_sha256
-};
-
-static const char* kPinset_google_sha256_Data[] = {
+static const char* kPinset_google_Data[] = {
kGOOGLE_PIN_GoogleG2Fingerprint,
kGoogleBackup2048Fingerprint,
kGeoTrust_Global_CAFingerprint,
};
-static const StaticFingerprints kPinset_google_sha256 = {
- sizeof(kPinset_google_sha256_Data) / sizeof(const char*),
- kPinset_google_sha256_Data
+static const StaticFingerprints kPinset_google = {
+ sizeof(kPinset_google_Data) / sizeof(const char*),
+ kPinset_google_Data
};
-static const StaticPinset kPinset_google = {
- nullptr,
- &kPinset_google_sha256
-};
-
-static const char* kPinset_tor_sha256_Data[] = {
+static const char* kPinset_tor_Data[] = {
kTor3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGOOGLE_PIN_LetsEncryptAuthorityX1Fingerprint,
kTor1Fingerprint,
kGOOGLE_PIN_RapidSSLFingerprint,
kGOOGLE_PIN_LetsEncryptAuthorityX2Fingerprint,
kTor2Fingerprint,
};
-static const StaticFingerprints kPinset_tor_sha256 = {
- sizeof(kPinset_tor_sha256_Data) / sizeof(const char*),
- kPinset_tor_sha256_Data
+static const StaticFingerprints kPinset_tor = {
+ sizeof(kPinset_tor_Data) / sizeof(const char*),
+ kPinset_tor_Data
};
-static const StaticPinset kPinset_tor = {
- nullptr,
- &kPinset_tor_sha256
-};
-
-static const char* kPinset_twitterCom_sha256_Data[] = {
+static const char* kPinset_twitterCom_Data[] = {
kVerisign_Class_2_Public_Primary_Certification_Authority___G2Fingerprint,
kVerisign_Class_3_Public_Primary_Certification_Authority___G2Fingerprint,
kGeoTrust_Global_CA_2Fingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
kVerisign_Class_1_Public_Primary_Certification_AuthorityFingerprint,
kGeoTrust_Primary_Certification_AuthorityFingerprint,
@@ -554,27 +514,22 @@ static const char* kPinset_twitterCom_sh
kGeoTrust_Global_CAFingerprint,
kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
kGeoTrust_Universal_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
kTwitter1Fingerprint,
};
-static const StaticFingerprints kPinset_twitterCom_sha256 = {
- sizeof(kPinset_twitterCom_sha256_Data) / sizeof(const char*),
- kPinset_twitterCom_sha256_Data
+static const StaticFingerprints kPinset_twitterCom = {
+ sizeof(kPinset_twitterCom_Data) / sizeof(const char*),
+ kPinset_twitterCom_Data
};
-static const StaticPinset kPinset_twitterCom = {
- nullptr,
- &kPinset_twitterCom_sha256
-};
-
-static const char* kPinset_twitterCDN_sha256_Data[] = {
+static const char* kPinset_twitterCDN_Data[] = {
kVerisign_Class_2_Public_Primary_Certification_Authority___G2Fingerprint,
kComodo_Trusted_Services_rootFingerprint,
kCOMODO_Certification_AuthorityFingerprint,
kVerisign_Class_3_Public_Primary_Certification_Authority___G2Fingerprint,
kAddTrust_Low_Value_Services_RootFingerprint,
kUTN_USERFirst_Object_Root_CAFingerprint,
kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint,
kGeoTrust_Global_CA_2Fingerprint,
@@ -608,27 +563,22 @@ static const char* kPinset_twitterCDN_sh
kGOOGLE_PIN_Entrust_SSLFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
kComodo_AAA_Services_rootFingerprint,
kTwitter1Fingerprint,
kAddTrust_Qualified_Certificates_RootFingerprint,
};
-static const StaticFingerprints kPinset_twitterCDN_sha256 = {
- sizeof(kPinset_twitterCDN_sha256_Data) / sizeof(const char*),
- kPinset_twitterCDN_sha256_Data
+static const StaticFingerprints kPinset_twitterCDN = {
+ sizeof(kPinset_twitterCDN_Data) / sizeof(const char*),
+ kPinset_twitterCDN_Data
};
-static const StaticPinset kPinset_twitterCDN = {
- nullptr,
- &kPinset_twitterCDN_sha256
-};
-
-static const char* kPinset_dropbox_sha256_Data[] = {
+static const char* kPinset_dropbox_Data[] = {
kEntrust_Root_Certification_Authority___EC1Fingerprint,
kGOOGLE_PIN_ThawtePremiumServerFingerprint,
kthawte_Primary_Root_CA___G3Fingerprint,
kthawte_Primary_Root_CAFingerprint,
kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
kGOOGLE_PIN_GoDaddySecureFingerprint,
@@ -638,93 +588,73 @@ static const char* kPinset_dropbox_sha25
kthawte_Primary_Root_CA___G2Fingerprint,
kEntrust_Root_Certification_AuthorityFingerprint,
kEntrust_Root_Certification_Authority___G2Fingerprint,
kGeoTrust_Global_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
};
-static const StaticFingerprints kPinset_dropbox_sha256 = {
- sizeof(kPinset_dropbox_sha256_Data) / sizeof(const char*),
- kPinset_dropbox_sha256_Data
+static const StaticFingerprints kPinset_dropbox = {
+ sizeof(kPinset_dropbox_Data) / sizeof(const char*),
+ kPinset_dropbox_Data
};
-static const StaticPinset kPinset_dropbox = {
- nullptr,
- &kPinset_dropbox_sha256
-};
-
-static const char* kPinset_facebook_sha256_Data[] = {
+static const char* kPinset_facebook_Data[] = {
kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGOOGLE_PIN_SymantecClass3EVG3Fingerprint,
kFacebookBackupFingerprint,
};
-static const StaticFingerprints kPinset_facebook_sha256 = {
- sizeof(kPinset_facebook_sha256_Data) / sizeof(const char*),
- kPinset_facebook_sha256_Data
+static const StaticFingerprints kPinset_facebook = {
+ sizeof(kPinset_facebook_Data) / sizeof(const char*),
+ kPinset_facebook_Data
};
-static const StaticPinset kPinset_facebook = {
- nullptr,
- &kPinset_facebook_sha256
-};
-
-static const char* kPinset_spideroak_sha256_Data[] = {
+static const char* kPinset_spideroak_Data[] = {
kSpiderOak2Fingerprint,
kSpiderOak3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGeoTrust_Global_CAFingerprint,
};
-static const StaticFingerprints kPinset_spideroak_sha256 = {
- sizeof(kPinset_spideroak_sha256_Data) / sizeof(const char*),
- kPinset_spideroak_sha256_Data
+static const StaticFingerprints kPinset_spideroak = {
+ sizeof(kPinset_spideroak_Data) / sizeof(const char*),
+ kPinset_spideroak_Data
};
-static const StaticPinset kPinset_spideroak = {
- nullptr,
- &kPinset_spideroak_sha256
-};
-
-static const char* kPinset_yahoo_sha256_Data[] = {
+static const char* kPinset_yahoo_Data[] = {
kYahooBackup1Fingerprint,
kVerisign_Class_2_Public_Primary_Certification_Authority___G2Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
kGeoTrust_Primary_Certification_AuthorityFingerprint,
kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
kYahooBackup2Fingerprint,
kGeoTrust_Global_CAFingerprint,
kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
kGeoTrust_Universal_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
};
-static const StaticFingerprints kPinset_yahoo_sha256 = {
- sizeof(kPinset_yahoo_sha256_Data) / sizeof(const char*),
- kPinset_yahoo_sha256_Data
-};
-
-static const StaticPinset kPinset_yahoo = {
- nullptr,
- &kPinset_yahoo_sha256
+static const StaticFingerprints kPinset_yahoo = {
+ sizeof(kPinset_yahoo_Data) / sizeof(const char*),
+ kPinset_yahoo_Data
};
/* Domainlist */
struct TransportSecurityPreload {
const char* mHost;
const bool mIncludeSubdomains;
const bool mTestMode;
const bool mIsMoz;
const int32_t mId;
- const StaticPinset* pinset;
+ const StaticFingerprints* pinset;
};
/* Sort hostnames for binary search. */
static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "2mdn.net", true, false, false, -1, &kPinset_google_root_pems },
{ "accounts.firefox.com", true, false, true, 4, &kPinset_mozilla_services },
{ "accounts.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla },
@@ -1179,9 +1109,9 @@ static const TransportSecurityPreload kP
{ "za.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
};
// Pinning Preload List Length = 454;
static const int32_t kUnknownId = -1;
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1461412368217000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1461596756879000);