Closed Bug 1280331 Opened 3 years ago Closed 3 years ago

Update HPKP preload script URL to deal with renaming of transport_security_state_static.certs

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla50
Tracking Status
firefox49 --- fixed
firefox-esr45 --- fixed
firefox50 --- fixed

People

(Reporter: Cykesiopka, Assigned: Cykesiopka)

References

()

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

https://chromium.googlesource.com/chromium/src/net/+/4361f2ad66b6af0a8acfb42f34b95bfbcad3926a renamed transport_security_state_static.certs to transport_security_state_static.pins, meaning the periodic update script is now retrieving a 404 resource:
https://hg.mozilla.org/mozilla-central/annotate/14c5bf11d37b9e92d27f7089d9392de2ac339bb3/security/manager/tools/PreloadedHPKPins.json#l32
> "cert_file_url": "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.certs?format=TEXT",

The URL should be updated on m-c, m-a and esr45.
I can fix this sometime next week, but if someone would like to take this before then, feel free.
https://chromium.googlesource.com/chromium/src/net/+/4361f2ad66b6af0a8acfb42f34b95bfbcad3926a
renamed transport_security_state_static.certs to
transport_security_state_static.pins, so the URL needs to be updated to avoid
a 404.

Review commit: https://reviewboard.mozilla.org/r/60116/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/60116/
Attachment #8764071 - Flags: review?(dkeeler)
Assignee: nobody → cykesiopka.bmo
Status: NEW → ASSIGNED
Whiteboard: [psm-backlog] → [psm-assigned]
Comment on attachment 8764071 [details]
Bug 1280331 - Update HPKP preload script URL to deal with renaming of transport_security_state_static.certs.

https://reviewboard.mozilla.org/r/60116/#review57090

Great - thanks.
Thanks!

NPOTB, but a try push anyways: https://treeherder.mozilla.org/#/jobs?repo=try&revision=0d5a4e8a1a8b
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e8609677b8b9
Update HPKP preload script URL to deal with renaming of transport_security_state_static.certs. r=keeler
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/e8609677b8b9
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
This change needs to be uplifted to m-a and ESR45 as well. I'm not bothering with an approval request because the change here is NPOTB and carries no risk - the HPKP periodic update process is already broken, and this change can't break things further.

Thanks.
Summary: HPKP periodic update failed on 2016-06-11 → Update HPKP preload script URL to deal with renaming of transport_security_state_static.certs
Whiteboard: [psm-assigned] → [psm-assigned][checkin-needed-aurora][checkin-needed-esr45]
https://hg.mozilla.org/releases/mozilla-esr45/rev/11b854c57f10
Whiteboard: [psm-assigned][checkin-needed-aurora][checkin-needed-esr45] → [psm-assigned]
You need to log in before you can comment on or make changes to this bug.