Closed Bug 1388155 Opened 4 years ago Closed 4 years ago
Make sure HPKP preload expiration date is accurate for 56
[Tracking Requested - why for this release]: +++ This bug was initially created as a clone of Bug #1365791 +++ Confirm and patch security/manager/ssl/StaticHPKPins.h and security/manager/ssl/nsSTSPreloadList.inc in 56 to have sufficient lifetime on the preloaded HPKP and STS pins. Right now, they're set to expire on or around 2017-10-30, which isn't going to be long enough given that Fx57 is due for release on 2017-11-14 (and that's when we've got Fx55 set to expire). As we found out the hard way during the last cycle, we *do* need to wait a bit before landing the bump, however, since there are sanity check tests that'll fail if the expiration date is too far in the future.
We can probably move forward with this now.
Assignee: nobody → jcristau
Status: NEW → ASSIGNED
Attachment #8904193 - Flags: review?(dkeeler)
Comment on attachment 8904193 [details] [diff] [review] hpkp-56.patch Review of attachment 8904193 [details] [diff] [review]: ----------------------------------------------------------------- Great - thanks! (note that comment 0 is a bit misleading since it's from the "do this for 55" bug - if https://wiki.mozilla.org/RapidRelease/Calendar is correct, we want the date to be ~16 January 2018, which is what this patch does)
Attachment #8904193 - Flags: review?(dkeeler) → review+
Whiteboard: [psm-blocked] → [psm-blocked] [checkin-needed-beta]
Comment on attachment 8904193 [details] [diff] [review] hpkp-56.patch Approval Request Comment [Feature/Bug causing the regression]: n/a [User impact if declined]: builtin https pins will expire on October 30, while 56 is still the current release [Is this code covered by automated tests?]: no [Has the fix been verified in Nightly?]: n/a [Needs manual test from QE? If yes, steps to reproduce]: n/a [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: no [Why is the change risky/not risky?]: just bumping two expiration dates from October 30, 2017 to January 16, 2018 [String changes made/needed]: none
Attachment #8904193 - Flags: approval-mozilla-beta?
Cutting it fine with the 19 weeks, though. $ date -d 'now + 19 weeks' Tue Jan 16 17:29:44 CET 2018
Whiteboard: [psm-blocked] [checkin-needed-beta] → [psm-blocked]
Comment on attachment 8904193 [details] [diff] [review] hpkp-56.patch Re-set for HPKP expiration for 56, please uplift to beta.
Attachment #8904193 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.