Closed
Bug 1412331
Opened 7 years ago
Closed 7 years ago
Make sure the HPKP/HSTS preload expiration dates are accurate for Firefox 58
Categories
(Core :: Security: PSM, enhancement, P1)
Tracking
()
RESOLVED
FIXED
People
(Reporter: RyanVM, Assigned: keeler)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file)
1.77 KB,
patch
|
jcj
:
review+
gchang
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #1397441 +++ Confirm and patch security/manager/ssl/StaticHPKPins.h and security/manager/ssl/nsSTSPreloadList.inc in 58 to have sufficient lifetime on the preloaded HPKP and STS pins. Going off past precedents, we'll want an expiration date of around 2018-05-01 to coincide with the release of Firefox 60.
Reporter | ||
Comment 2•7 years ago
|
||
We should get this landed on Beta soon. Can you put up a patch, David?
Flags: needinfo?(dkeeler)
Assignee | ||
Comment 3•7 years ago
|
||
Calendar says May 8th right now, so that's what I went with.
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Flags: needinfo?(dkeeler)
Attachment #8939681 -
Flags: review?(jjones)
Assignee | ||
Updated•7 years ago
|
Priority: P2 → P1
Whiteboard: [psm-blocked] → [psm-assigned]
Comment 4•7 years ago
|
||
Comment on attachment 8939681 [details] [diff] [review] patch Review of attachment 8939681 [details] [diff] [review]: ----------------------------------------------------------------- Confirmed, that timestamp is Firefox 58 + 2 releases = Firefox 60.
Attachment #8939681 -
Flags: review?(jjones) → review+
Assignee | ||
Comment 5•7 years ago
|
||
Comment on attachment 8939681 [details] [diff] [review] patch Approval Request Comment [Feature/Bug causing the regression]: n/a [User impact if declined]: built-in pinning and hsts information would expire before the next update [Is this code covered by automated tests?]: yes [Has the fix been verified in Nightly?]: n/a [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: no [Why is the change risky/not risky?]: this just increases the expiration time of these data structures - we've done it a number of times now and we're fairly confident in the process [String changes made/needed]: none
Attachment #8939681 -
Flags: approval-mozilla-beta?
Comment 6•7 years ago
|
||
Comment on attachment 8939681 [details] [diff] [review] patch Important fix. Beta58+.
Attachment #8939681 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Reporter | ||
Comment 7•7 years ago
|
||
uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/70846c567017
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•