Closed Bug 1412331 Opened 7 years ago Closed 7 years ago

Make sure the HPKP/HSTS preload expiration dates are accurate for Firefox 58

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Version:
58 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox58 + fixed

People

(Reporter: RyanVM, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

patch
1.77 KB, patch
jcj
: review+
gchang
: approval-mozilla-beta+
Details | Diff | Splinter Review 
+++ This bug was initially created as a clone of Bug #1397441 +++

Confirm and patch security/manager/ssl/StaticHPKPins.h and security/manager/ssl/nsSTSPreloadList.inc in 58 to have sufficient lifetime on the preloaded HPKP and STS pins.

Going off past precedents, we'll want an expiration date of around 2018-05-01 to coincide with the release of Firefox 60.
Tracking 58+.
tracking-firefox58: ?+
We should get this landed on Beta soon. Can you put up a patch, David?
Flags: needinfo?(dkeeler)
Attached patch patchSplinter Review 
Calendar says May 8th right now, so that's what I went with.
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Flags: needinfo?(dkeeler)
Attachment #8939681 - Flags: review?(jjones)
Priority: P2 → P1
Whiteboard: [psm-blocked] → [psm-assigned]
Comment on attachment 8939681 [details] [diff] [review]
patch

Review of attachment 8939681 [details] [diff] [review]:
-----------------------------------------------------------------

Confirmed, that timestamp is Firefox 58 + 2 releases = Firefox 60.
Attachment #8939681 - Flags: review?(jjones) → review+
Comment on attachment 8939681 [details] [diff] [review]
patch

Approval Request Comment
[Feature/Bug causing the regression]: n/a
[User impact if declined]: built-in pinning and hsts information would expire before the next update
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: n/a
[Needs manual test from QE? If yes, steps to reproduce]: no
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: this just increases the expiration time of these data structures - we've done it a number of times now and we're fairly confident in the process
[String changes made/needed]: none
Attachment #8939681 - Flags: approval-mozilla-beta?
Comment on attachment 8939681 [details] [diff] [review]
patch

Important fix. Beta58+.
Attachment #8939681 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
https://hg.mozilla.org/releases/mozilla-beta/rev/70846c567017
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox58: affectedfixed
Resolution: --- → FIXED
Blocks: 1427957
No longer blocks: 1436376
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: