Closed Bug 1397441 Opened 4 years ago Closed 4 years ago

Make sure HPKP preload expiration date is accurate for 57

Categories

(Core :: Security: PSM, defect, P2)

57 Branch
defect

Tracking

()

RESOLVED FIXED
Tracking Status
firefox57 blocking fixed

People

(Reporter: RyanVM, Assigned: jcristau)

References

Details

(Whiteboard: [psm-blocked] )

Attachments

(1 file)

Confirm and patch security/manager/ssl/StaticHPKPins.h and security/manager/ssl/nsSTSPreloadList.inc in 57 to have sufficient lifetime on the preloaded HPKP and STS pins.

Going off past precedents, I assume we're going to want an expiration date of around 2018-03-06 to coincide with the release of Fx59.
AIUI this can only land after October 24.
Assignee: nobody → jcristau
Attached patch hpkp-57.patchSplinter Review
Attachment #8920999 - Flags: review?(dkeeler)
Comment on attachment 8920999 [details] [diff] [review]
hpkp-57.patch

Review of attachment 8920999 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks!
Attachment #8920999 - Flags: review?(dkeeler) → review+
Comment on attachment 8920999 [details] [diff] [review]
hpkp-57.patch

Approval Request Comment
[Feature/Bug causing the regression]: n/a
[User impact if declined]: builtin key pins would expire on December 27, and hsts preload on January 24
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: n/a, beta-only patch
[Needs manual test from QE? If yes, steps to reproduce]: no
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: just bumping expiration dates
[String changes made/needed]: none
Attachment #8920999 - Flags: approval-mozilla-beta?
Flags: needinfo?(rkothari)
Comment on attachment 8920999 [details] [diff] [review]
hpkp-57.patch

Must fix, Beta57+
Flags: needinfo?(rkothari)
Attachment #8920999 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Blocks: 1412331
You need to log in before you can comment on or make changes to this bug.