Closed
Bug 1388155
Opened 8 years ago
Closed 8 years ago
Make sure HPKP preload expiration date is accurate for 56
Categories
(Core :: Security: PSM, defect, P2)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox56 | blocking | fixed |
| firefox57 | --- | unaffected |
People
(Reporter: RyanVM, Assigned: jcristau)
References
Details
(Whiteboard: [psm-blocked] )
Attachments
(1 file)
|
2.24 KB,
patch
|
keeler
:
review+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
[Tracking Requested - why for this release]:
+++ This bug was initially created as a clone of Bug #1365791 +++
Confirm and patch security/manager/ssl/StaticHPKPins.h and security/manager/ssl/nsSTSPreloadList.inc in 56 to have sufficient lifetime on the preloaded HPKP and STS pins. Right now, they're set to expire on or around 2017-10-30, which isn't going to be long enough given that Fx57 is due for release on 2017-11-14 (and that's when we've got Fx55 set to expire).
As we found out the hard way during the last cycle, we *do* need to wait a bit before landing the bump, however, since there are sanity check tests that'll fail if the expiration date is too far in the future.
|
Assignee | |
Updated•8 years ago
|
Version: 55 Branch → 56 Branch
|
Reporter | |
Comment 1•8 years ago
|
||
We can probably move forward with this now.
Flags: needinfo?(dkeeler)
|
|
Assignee | |
Comment 2•8 years ago
|
||
|
||
Comment 3•8 years ago
|
||
Comment on attachment 8904193 [details] [diff] [review]
hpkp-56.patch
Review of attachment 8904193 [details] [diff] [review]:
-----------------------------------------------------------------
Great - thanks!
(note that comment 0 is a bit misleading since it's from the "do this for 55" bug - if https://wiki.mozilla.org/RapidRelease/Calendar is correct, we want the date to be ~16 January 2018, which is what this patch does)
Attachment #8904193 -
Flags: review?(dkeeler) → review+
|
|
||
Updated•8 years ago
|
Flags: needinfo?(dkeeler)
|
|
Assignee | |
Updated•8 years ago
|
Whiteboard: [psm-blocked] → [psm-blocked] [checkin-needed-beta]
|
|
Assignee | |
Comment 4•8 years ago
|
||
Comment on attachment 8904193 [details] [diff] [review]
hpkp-56.patch
Approval Request Comment
[Feature/Bug causing the regression]: n/a
[User impact if declined]: builtin https pins will expire on October 30, while 56 is still the current release
[Is this code covered by automated tests?]: no
[Has the fix been verified in Nightly?]: n/a
[Needs manual test from QE? If yes, steps to reproduce]: n/a
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: just bumping two expiration dates from October 30, 2017 to January 16, 2018
[String changes made/needed]: none
Attachment #8904193 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Comment 5•8 years ago
|
||
Cutting it fine with the 19 weeks, though.
$ date -d 'now + 19 weeks'
Tue Jan 16 17:29:44 CET 2018
|
|
Assignee | |
Updated•8 years ago
|
Whiteboard: [psm-blocked] [checkin-needed-beta] → [psm-blocked]
|
||
Comment 6•8 years ago
|
||
Comment on attachment 8904193 [details] [diff] [review]
hpkp-56.patch
Re-set for HPKP expiration for 56, please uplift to beta.
Attachment #8904193 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
Reporter | |
Comment 7•8 years ago
|
||
| uplift | ||
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•