KotJohansson/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 23:06:52 +00:00
Code Issues Projects Releases Wiki Activity

partly import changes from tenfourfox:

Browse Source 
- update ESR base to 115; update EV roots, HSTS, pins, TLDs, TZs; security pullup (55284dd80)
This commit is contained in:
roytam1
2023-09-01 10:07:06 +08:00
parent 13d3c335af
commit 014cc7e7ce
17 changed files with 38063 additions and 17082 deletions
Download Patch File Download Diff File Expand all files Collapse all files
image/imgLoader.h
+3 -29
View File
@@ -41,34 +41,10 @@ class ImageURL;
class imgCacheEntry
{
public:
NS_INLINE_DECL_REFCOUNTING(imgCacheEntry)
imgCacheEntry(imgLoader* loader, imgRequest* request,
bool aForcePrincipalCheck);
~imgCacheEntry();
nsrefcnt AddRef()
{
NS_PRECONDITION(int32_t(mRefCnt) >= 0, "illegal refcnt");
MOZ_ASSERT(_mOwningThread.GetThread() == PR_GetCurrentThread(),
"imgCacheEntry addref isn't thread-safe!");
++mRefCnt;
NS_LOG_ADDREF(this, mRefCnt, "imgCacheEntry", sizeof(*this));
return mRefCnt;
}
nsrefcnt Release()
{
NS_PRECONDITION(0 != mRefCnt, "dup release");
MOZ_ASSERT(_mOwningThread.GetThread() == PR_GetCurrentThread(),
"imgCacheEntry release isn't thread-safe!");
--mRefCnt;
NS_LOG_RELEASE(this, mRefCnt, "imgCacheEntry");
if (mRefCnt == 0) {
mRefCnt = 1; /* stabilize */
delete this;
return 0;
}
return mRefCnt;
}
uint32_t GetDataSize() const
{
@@ -162,11 +138,9 @@ private: // methods
// Private, unimplemented copy constructor.
imgCacheEntry(const imgCacheEntry&);
~imgCacheEntry();
private: // data
nsAutoRefCnt mRefCnt;
NS_DECL_OWNINGTHREAD
imgLoader* mLoader;
RefPtr<imgRequest> mRequest;
uint32_t mDataSize;
intl/icu/source/data/misc/metaZones.txt
+41 -17
View File
@@ -305,9 +305,7 @@ metaZones:table(nofallback){
EG{"Africa/Cairo"}
FI{"Europe/Helsinki"}
GR{"Europe/Athens"}
JO{"Asia/Amman"}
LB{"Asia/Beirut"}
SY{"Asia/Damascus"}
}
Europe_Further_Eastern{
001{"Europe/Minsk"}
@@ -1655,6 +1653,33 @@ metaZones:table(nofallback){
{
"Mexico_Pacific",
"1998-04-05 09:00",
"2022-10-30 08:00",
}
{
"America_Central",
"2022-10-30 08:00",
"9999-12-31 23:59",
}
}
"America:Ciudad_Juarez"{
{
"America_Central",
"1970-01-01 00:00",
"1998-04-05 09:00",
}
{
"Mexico_Pacific",
"1998-04-05 09:00",
"2022-10-30 08:00",
}
{
"America_Central",
"2022-10-30 08:00",
"2022-11-30 06:00",
}
{
"America_Mountain",
"2022-11-30 06:00",
"9999-12-31 23:59",
}
}
@@ -2366,6 +2391,11 @@ metaZones:table(nofallback){
{
"America_Mountain",
"1998-04-05 09:00",
"2022-10-30 08:00",
}
{
"America_Central",
"2022-10-30 08:00",
"9999-12-31 23:59",
}
}
@@ -2375,14 +2405,9 @@ metaZones:table(nofallback){
}
}
"America:Pangnirtung"{
{
"Atlantic",
"1970-01-01 00:00",
"1995-04-02 06:00",
}
{
"America_Eastern",
"1995-04-02 06:00",
"1970-01-01 00:00",
"1999-10-31 06:00",
}
{
@@ -2839,6 +2864,8 @@ metaZones:table(nofallback){
"Asia:Amman"{
{
"Europe_Eastern",
"1970-01-01 00:00",
"2022-10-27 22:00",
}
}
"Asia:Anadyr"{
@@ -3026,6 +3053,8 @@ metaZones:table(nofallback){
"Asia:Damascus"{
{
"Europe_Eastern",
"1970-01-01 00:00",
"2022-10-27 21:00",
}
}
"Asia:Dhaka"{
@@ -4133,16 +4162,11 @@ metaZones:table(nofallback){
{
"Moscow",
"1970-01-01 00:00",
"1990-06-30 23:00",
}
{
"Europe_Central",
"1990-06-30 23:00",
"1991-03-31 02:00",
"1990-06-30 22:00",
}
{
"Europe_Eastern",
"1991-03-31 02:00",
"1990-06-30 22:00",
"9999-12-31 23:59",
}
}
@@ -4202,11 +4226,11 @@ metaZones:table(nofallback){
{
"Moscow",
"1970-01-01 00:00",
"1991-03-30 23:00",
"1990-06-30 22:00",
}
{
"Europe_Eastern",
"1991-03-30 23:00",
"1990-06-30 22:00",
"9999-12-31 23:59",
}
}
intl/icu/source/data/misc/timezoneTypes.txt
+46 -11
View File
@@ -5,13 +5,47 @@ timezoneTypes:table(nofallback){
bcpTypeAlias{
tz{
aqams{"nzakl"}
aukns{"auhba"}
caffs{"cawnp"}
camtr{"cator"}
canpg{"cator"}
capnt{"caiql"}
cathu{"cator"}
cayzf{"caedm"}
cnckg{"cnsha"}
cnhrb{"cnsha"}
cnkhg{"cnurc"}
gaza{"gazastrp"}
mxstis{"mxtij"}
uaozh{"uaiev"}
uauzh{"uaiev"}
umjon{"ushnl"}
usnavajo{"usden"}
}
}
ianaMap{
timezone{
"Africa:Asmera"{"Africa/Asmara"}
"America:Buenos_Aires"{"America/Argentina/Buenos_Aires"}
"America:Catamarca"{"America/Argentina/Catamarca"}
"America:Coral_Harbour"{"America/Atikokan"}
"America:Cordoba"{"America/Argentina/Cordoba"}
"America:Godthab"{"America/Nuuk"}
"America:Indianapolis"{"America/Indiana/Indianapolis"}
"America:Jujuy"{"America/Argentina/Jujuy"}
"America:Louisville"{"America/Kentucky/Louisville"}
"America:Mendoza"{"America/Argentina/Mendoza"}
"Asia:Calcutta"{"Asia/Kolkata"}
"Asia:Katmandu"{"Asia/Kathmandu"}
"Asia:Rangoon"{"Asia/Yangon"}
"Asia:Saigon"{"Asia/Ho_Chi_Minh"}
"Atlantic:Faeroe"{"Atlantic/Faroe"}
"Europe:Kiev"{"Europe/Kyiv"}
"Pacific:Enderbury"{"Pacific/Kanton"}
"Pacific:Ponape"{"Pacific/Pohnpei"}
"Pacific:Truk"{"Pacific/Chuuk"}
}
}
typeAlias{
timezone{
"Africa:Asmara"{"Africa/Asmera"}
@@ -29,11 +63,18 @@ timezoneTypes:table(nofallback){
"America:Indiana:Indianapolis"{"America/Indianapolis"}
"America:Kentucky:Louisville"{"America/Louisville"}
"America:Knox_IN"{"America/Indiana/Knox"}
"America:Montreal"{"America/Toronto"}
"America:Nipigon"{"America/Toronto"}
"America:Nuuk"{"America/Godthab"}
"America:Pangnirtung"{"America/Iqaluit"}
"America:Porto_Acre"{"America/Rio_Branco"}
"America:Rainy_River"{"America/Winnipeg"}
"America:Rosario"{"America/Cordoba"}
"America:Santa_Isabel"{"America/Tijuana"}
"America:Shiprock"{"America/Denver"}
"America:Thunder_Bay"{"America/Toronto"}
"America:Virgin"{"America/St_Thomas"}
"America:Yellowknife"{"America/Edmonton"}
"Antarctica:South_Pole"{"Pacific/Auckland"}
"Asia:Ashkhabad"{"Asia/Ashgabat"}
"Asia:Chongqing"{"Asia/Shanghai"}
@@ -55,6 +96,7 @@ timezoneTypes:table(nofallback){
"Atlantic:Jan_Mayen"{"Arctic/Longyearbyen"}
"Australia:ACT"{"Australia/Sydney"}
"Australia:Canberra"{"Australia/Sydney"}
"Australia:Currie"{"Australia/Hobart"}
"Australia:LHI"{"Australia/Lord_Howe"}
"Australia:NSW"{"Australia/Sydney"}
"Australia:North"{"Australia/Darwin"}
@@ -90,10 +132,13 @@ timezoneTypes:table(nofallback){
"Europe:Kyiv"{"Europe/Kiev"}
"Europe:Nicosia"{"Asia/Nicosia"}
"Europe:Tiraspol"{"Europe/Chisinau"}
"Europe:Uzhgorod"{"Europe/Kiev"}
"Europe:Zaporozhye"{"Europe/Kiev"}
"Mexico:BajaNorte"{"America/Tijuana"}
"Mexico:BajaSur"{"America/Mazatlan"}
"Mexico:General"{"America/Mexico_City"}
"Pacific:Chuuk"{"Pacific/Truk"}
"Pacific:Johnston"{"Pacific/Honolulu"}
"Pacific:Kanton"{"Pacific/Enderbury"}
"Pacific:Pohnpei"{"Pacific/Ponape"}
"Pacific:Samoa"{"Pacific/Pago_Pago"}
@@ -236,6 +281,7 @@ timezoneTypes:table(nofallback){
"America:Cayman"{"kygec"}
"America:Chicago"{"uschi"}
"America:Chihuahua"{"mxchi"}
"America:Ciudad_Juarez"{"mxcjs"}
"America:Coral_Harbour"{"cayzs"}
"America:Cordoba"{"arcor"}
"America:Costa_Rica"{"crsjo"}
@@ -301,11 +347,9 @@ timezoneTypes:table(nofallback){
"America:Moncton"{"camon"}
"America:Monterrey"{"mxmty"}
"America:Montevideo"{"uymvd"}
"America:Montreal"{"camtr"}
"America:Montserrat"{"msmni"}
"America:Nassau"{"bsnas"}
"America:New_York"{"usnyc"}
"America:Nipigon"{"canpg"}
"America:Nome"{"usome"}
"America:Noronha"{"brfen"}
"America:North_Dakota:Beulah"{"usxul"}
@@ -313,7 +357,6 @@ timezoneTypes:table(nofallback){
"America:North_Dakota:New_Salem"{"usndnsl"}
"America:Ojinaga"{"mxoji"}
"America:Panama"{"papty"}
"America:Pangnirtung"{"capnt"}
"America:Paramaribo"{"srpbm"}
"America:Phoenix"{"usphx"}
"America:Port-au-Prince"{"htpap"}
@@ -321,13 +364,11 @@ timezoneTypes:table(nofallback){
"America:Porto_Velho"{"brpvh"}
"America:Puerto_Rico"{"prsju"}
"America:Punta_Arenas"{"clpuq"}
"America:Rainy_River"{"caffs"}
"America:Rankin_Inlet"{"cayek"}
"America:Recife"{"brrec"}
"America:Regina"{"careg"}
"America:Resolute"{"careb"}
"America:Rio_Branco"{"brrbr"}
"America:Santa_Isabel"{"mxstis"}
"America:Santarem"{"brstm"}
"America:Santiago"{"clscl"}
"America:Santo_Domingo"{"dosdq"}
@@ -343,7 +384,6 @@ timezoneTypes:table(nofallback){
"America:Swift_Current"{"cayyn"}
"America:Tegucigalpa"{"hntgu"}
"America:Thule"{"glthu"}
"America:Thunder_Bay"{"cathu"}
"America:Tijuana"{"mxtij"}
"America:Toronto"{"cator"}
"America:Tortola"{"vgtov"}
@@ -351,7 +391,6 @@ timezoneTypes:table(nofallback){
"America:Whitehorse"{"cayxy"}
"America:Winnipeg"{"cawnp"}
"America:Yakutat"{"usyak"}
"America:Yellowknife"{"cayzf"}
"Antarctica:Casey"{"aqcas"}
"Antarctica:Davis"{"aqdav"}
"Antarctica:DumontDUrville"{"aqddu"}
@@ -460,7 +499,6 @@ timezoneTypes:table(nofallback){
"Australia:Adelaide"{"auadl"}
"Australia:Brisbane"{"aubne"}
"Australia:Broken_Hill"{"aubhq"}
"Australia:Currie"{"aukns"}
"Australia:Darwin"{"audrw"}
"Australia:Eucla"{"aueuc"}
"Australia:Hobart"{"auhba"}
@@ -548,7 +586,6 @@ timezoneTypes:table(nofallback){
"Europe:Tallinn"{"eetll"}
"Europe:Tirane"{"altia"}
"Europe:Ulyanovsk"{"ruuly"}
"Europe:Uzhgorod"{"uauzh"}
"Europe:Vaduz"{"livdz"}
"Europe:Vatican"{"vavat"}
"Europe:Vienna"{"atvie"}
@@ -556,7 +593,6 @@ timezoneTypes:table(nofallback){
"Europe:Volgograd"{"ruvog"}
"Europe:Warsaw"{"plwaw"}
"Europe:Zagreb"{"hrzag"}
"Europe:Zaporozhye"{"uaozh"}
"Europe:Zurich"{"chzrh"}
"Indian:Antananarivo"{"mgtnr"}
"Indian:Chagos"{"iodga"}
@@ -584,7 +620,6 @@ timezoneTypes:table(nofallback){
"Pacific:Guadalcanal"{"sbhir"}
"Pacific:Guam"{"gugum"}
"Pacific:Honolulu"{"ushnl"}
"Pacific:Johnston"{"umjon"}
"Pacific:Kiritimati"{"kicxi"}
"Pacific:Kosrae"{"fmksa"}
"Pacific:Kwajalein"{"mhkwa"}
intl/icu/source/data/misc/windowsZones.txt
+5 -5
View File
@@ -168,7 +168,7 @@ windowsZones:table(nofallback){
001{"America/Mexico_City"}
MX{
"America/Mexico_City America/Bahia_Banderas America/Merida America/Mo"
"nterrey"
"nterrey America/Chihuahua "
}
}
"Central Standard Time"{
@@ -177,7 +177,7 @@ windowsZones:table(nofallback){
"America/Winnipeg America/Rainy_River America/Rankin_Inlet America/Re"
"solute"
}
MX{"America/Matamoros"}
MX{"America/Matamoros America/Ojinaga"}
US{
"America/Chicago America/Indiana/Knox America/Indiana/Tell_City Ameri"
"ca/Menominee America/North_Dakota/Beulah America/North_Dakota/Center"
@@ -398,8 +398,8 @@ windowsZones:table(nofallback){
MA{"Africa/Casablanca"}
}
"Mountain Standard Time (Mexico)"{
001{"America/Chihuahua"}
MX{"America/Chihuahua America/Mazatlan"}
001{"America/Mazatlan"}
MX{"America/Mazatlan"}
}
"Mountain Standard Time"{
001{"America/Denver"}
@@ -407,7 +407,7 @@ windowsZones:table(nofallback){
"America/Edmonton America/Cambridge_Bay America/Inuvik America/Yellow"
"knife"
}
MX{"America/Ojinaga"}
MX{"America/Ciudad_Juarez"}
US{"America/Denver America/Boise"}
ZZ{"MST7MDT"}
}
intl/icu/source/data/misc/zoneinfo64.txt
+1441 -1516
View File
File diff suppressed because it is too large Load Diff
js/src/jit/shared/CodeGenerator-shared.cpp
+1
View File
@@ -1371,6 +1371,7 @@ CodeGeneratorShared::callVM(const VMFunction& fun, LInstruction* ins, const Regi
// when returning from the call. Failures are handled with exceptions based
// on the return value of the C functions. To guard the outcome of the
// returned value, use another LIR instruction.
ensureOsiSpace();
uint32_t callOffset = masm.callJit(wrapper);
markSafepointAt(callOffset, ins);
js/src/vm/ErrorObject.cpp
+21 -24
View File
@@ -174,34 +174,31 @@ js::ErrorObject::checkAndUnwrapThis(JSContext* cx, CallArgs& args, const char* f
// the slots we need. This allows us to support the poor-man's subclassing
// of error: Object.create(Error.prototype).
RootedObject target(cx, CheckedUnwrap(&thisValue.toObject()));
if (!target) {
RootedObject obj(cx, &args.thisv().toObject());
RootedObject curr(cx, obj);
RootedObject target(cx);
do {
target = CheckedUnwrap(curr);
if (!target) {
JS_ReportError(cx, "Permission denied to access object");
return false;
}
}
if (target->is<ErrorObject>()) {
error.set(&target->as<ErrorObject>());
return true;
}
RootedObject proto(cx);
while (!target->is<ErrorObject>()) {
if (!GetPrototype(cx, target, &proto))
return false;
if (!GetPrototype(cx, curr, &curr)) {
return false;
}
} while (curr);
if (!proto) {
// We walked the whole prototype chain and did not find an Error
// object.
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_INCOMPATIBLE_PROTO,
js_Error_str, fnName, thisValue.toObject().getClass()->name);
return false;
}
target = CheckedUnwrap(proto);
if (!target) {
JS_ReportError(cx, "Permission denied to access object");
return false;
}
}
error.set(&target->as<ErrorObject>());
return true;
// We walked the whole prototype chain and did not find an Error
// object.
JS_ReportErrorNumber(cx, GetErrorMessage, nullptr,
JSMSG_INCOMPATIBLE_PROTO, js_Error_str,
"(get stack)", obj->getClass()->name);
return false;
}
/* static */ bool
netwerk/dns/effective_tld_names.dat
+2735 -1895
View File
File diff suppressed because it is too large Load Diff
netwerk/sctp/datachannel/DataChannel.cpp
+9 -7
View File
@@ -233,6 +233,14 @@ DataChannelConnection::Destroy()
MOZ_ASSERT(mSTS);
ASSERT_WEBRTC(NS_IsMainThread());
mListener = nullptr;
// Must do this in Destroy() since we may then delete this object.
// Do this before dispatching to create a consistent ordering of calls to
// the SCTP stack.
if (mUsingDtls) {
usrsctp_deregister_address(static_cast<void *>(this));
LOG(("Deregistered %p from the SCTP stack.", static_cast<void *>(this)));
}
// Finish Destroy on STS thread to avoid bug 876167 - once that's fixed,
// the usrsctp_close() calls can move back here (and just proxy the
// disconnect_all())
@@ -245,12 +253,6 @@ DataChannelConnection::Destroy()
mSocket = nullptr;
mMasterSocket = nullptr; // also a flag that we've Destroyed this connection
// Must do this in Destroy() since we may then delete this object
if (mUsingDtls) {
usrsctp_deregister_address(static_cast<void *>(this));
LOG(("Deregistered %p from the SCTP stack.", static_cast<void *>(this)));
}
// We can't get any more new callbacks from the SCTP library
// All existing callbacks have refs to DataChannelConnection
@@ -2558,7 +2560,7 @@ DataChannel::Close()
{
ENSURE_DATACONNECTION;
RefPtr<DataChannelConnection> connection(mConnection);
mConnection->Close(this);
connection->Close(this);
}
// Used when disconnecting from the DataChannelConnection
parser/html/nsHtml5OwningUTF16Buffer.cpp
-26
View File
@@ -58,29 +58,3 @@ nsHtml5OwningUTF16Buffer::Swap(nsHtml5OwningUTF16Buffer* aOther)
nsHtml5UTF16Buffer::Swap(aOther);
}
// Not using macros for AddRef and Release in order to be able to refcount on
// and create on different threads.
nsrefcnt
nsHtml5OwningUTF16Buffer::AddRef()
{
NS_PRECONDITION(int32_t(mRefCnt) >= 0, "Illegal refcount.");
++mRefCnt;
NS_LOG_ADDREF(this, mRefCnt, "nsHtml5OwningUTF16Buffer", sizeof(*this));
return mRefCnt;
}
nsrefcnt
nsHtml5OwningUTF16Buffer::Release()
{
NS_PRECONDITION(0 != mRefCnt, "Release without AddRef.");
--mRefCnt;
NS_LOG_RELEASE(this, mRefCnt, "nsHtml5OwningUTF16Buffer");
if (mRefCnt == 0) {
mRefCnt = 1; /* stabilize */
delete this;
return 0;
}
return mRefCnt;
}
parser/html/nsHtml5OwningUTF16Buffer.h
+3 -5
View File
@@ -9,6 +9,9 @@
class nsHtml5OwningUTF16Buffer : public nsHtml5UTF16Buffer
{
public:
NS_INLINE_DECL_THREADSAFE_REFCOUNTING(nsHtml5OwningUTF16Buffer)
private:
/**
@@ -48,11 +51,6 @@ public:
* Swap start, end and buffer fields with another object.
*/
void Swap(nsHtml5OwningUTF16Buffer* aOther);
nsrefcnt AddRef();
nsrefcnt Release();
private:
mozilla::ThreadSafeAutoRefCnt mRefCnt;
};
#endif // nsHtml5OwningUTF16Buffer_h
security/certverifier/ExtendedValidation.cpp
+69 -34
View File
@@ -149,6 +149,9 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"J7nCMgtzNcSPG7jAh3CWzlTGHQg=",
},
#endif
//
// Paste new EV roots here.
//
{
// CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
"2.16.756.1.89.1.2.1.1",
@@ -290,18 +293,6 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"VQQDExJRdW9WYWRpcyBSb290IENBIDI=",
"BQk=",
},
{
// CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
"1.3.6.1.4.1.782.1.2.1.8.1",
"Network Solutions EV OID",
{ 0x15, 0xF0, 0xBA, 0x00, 0xA3, 0xAC, 0x7A, 0xF3, 0xAC, 0x88, 0x4C,
0x07, 0x2B, 0x10, 0x11, 0xA0, 0x77, 0xBD, 0x77, 0xC0, 0x97, 0xF4,
0x01, 0x64, 0xB2, 0xF8, 0x59, 0x8A, 0xBD, 0x83, 0x86, 0x0C },
"MGIxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhOZXR3b3JrIFNvbHV0aW9ucyBMLkwu"
"Qy4xMDAuBgNVBAMTJ05ldHdvcmsgU29sdXRpb25zIENlcnRpZmljYXRlIEF1dGhv"
"cml0eQ==",
"V8szb8JcFuZHFhfjkDFo4A==",
},
{
// CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
"2.16.840.1.114028.10.1.2",
@@ -510,17 +501,28 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"DL4=",
},
{
// CN = E-Tugra Certification Authority, OU = E-Tugra Sertifikasyon Merkezi, O = E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., L = Ankara, C = TR
"2.16.792.3.0.4.1.1.4",
"ETugra EV OID",
{ 0xB0, 0xBF, 0xD5, 0x2B, 0xB0, 0xD7, 0xD9, 0xBD, 0x92, 0xBF, 0x5D,
0x4D, 0xC1, 0x3D, 0xA2, 0x55, 0xC0, 0x2C, 0x54, 0x2F, 0x37, 0x83,
0x65, 0xEA, 0x89, 0x39, 0x11, 0xF5, 0x5E, 0x55, 0xF2, 0x3C },
"MIGyMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1"
"xJ9yYSBFQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEu"
"xZ4uMSYwJAYDVQQLDB1FLVR1Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYG"
"A1UEAwwfRS1UdWdyYSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==",
"amg+nFGby1M=",
// CN=E-Tugra Global Root CA RSA v3,OU=E-Tugra Trust Center,O=E-Tugra EBG A.S.,L=Ankara,C=TR
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0xEF, 0x66, 0xB0, 0xB1, 0x0A, 0x3C, 0xDB, 0x9F, 0x2E, 0x36, 0x48,
0xC7, 0x6B, 0xD2, 0xAF, 0x18, 0xEA, 0xD2, 0xBF, 0xE6, 0xF1, 0x17,
0x65, 0x5E, 0x28, 0xC4, 0x06, 0x0D, 0xA1, 0xA3, 0xF4, 0xC2 },
"MIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1"
"Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1Z3JhIFRydXN0IENlbnRlcjEmMCQG"
"A1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBSU0EgdjM=",
"DU3FzRYilZYIfrgLfxUGNPt5EDQ=",
},
{
// CN=E-Tugra Global Root CA ECC v3,OU=E-Tugra Trust Center,O=E-Tugra EBG A.S.,L=Ankara,C=TR
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x87, 0x3F, 0x46, 0x85, 0xFA, 0x7F, 0x56, 0x36, 0x25, 0x25, 0x2E,
0x6D, 0x36, 0xBC, 0xD7, 0xF1, 0x6F, 0xC2, 0x49, 0x51, 0xF2, 0x64,
0xE4, 0x7E, 0x1B, 0x95, 0x4F, 0x49, 0x08, 0xCD, 0xCA, 0x13 },
"MIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMGQW5rYXJhMRkwFwYDVQQKExBFLVR1"
"Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1Z3JhIFRydXN0IENlbnRlcjEmMCQG"
"A1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBFQ0MgdjM=",
"JkYZdzHhT28oNt45UYbm1JeIIsE=",
},
{
// CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
@@ -594,6 +596,28 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"dCBHNA==",
"BZsbV56OITLiOQe9p3d1XA==",
},
{
// CN=DigiCert TLS RSA4096 Root G5,O="DigiCert, Inc.",C=US
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x37, 0x1A, 0x00, 0xDC, 0x05, 0x33, 0xB3, 0x72, 0x1A, 0x7E, 0xEB,
0x40, 0xE8, 0x41, 0x9E, 0x70, 0x79, 0x9D, 0x2B, 0x0A, 0x0F, 0x2C,
0x1D, 0x80, 0x69, 0x31, 0x65, 0xF7, 0xCE, 0xC4, 0xAD, 0x75 },
"ME0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjElMCMGA1UE"
"AxMcRGlnaUNlcnQgVExTIFJTQTQwOTYgUm9vdCBHNQ==",
"CPm0eKj6ftpqMzeJ3nzPig==",
},
{
// CN=DigiCert TLS ECC P384 Root G5,O="DigiCert, Inc.",C=US
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x01, 0x8E, 0x13, 0xF0, 0x77, 0x25, 0x32, 0xCF, 0x80, 0x9B, 0xD1,
0xB1, 0x72, 0x81, 0x86, 0x72, 0x83, 0xFC, 0x48, 0xC6, 0xE1, 0x3B,
0xE9, 0xC6, 0x98, 0x12, 0x85, 0x4A, 0x49, 0x0C, 0x1B, 0x05 },
"ME4xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjEmMCQGA1UE"
"AxMdRGlnaUNlcnQgVExTIEVDQyBQMzg0IFJvb3QgRzU=",
"CeCTZaz32ci5PhwLBCou8w==",
},
{
// CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM
"1.3.6.1.4.1.8024.0.2.100.1.2",
@@ -676,17 +700,6 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp",
"OGPe+A==",
},
{
// CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
"2.16.528.1.1003.1.2.7",
"Staat der Nederlanden EV OID",
{ 0x4D, 0x24, 0x91, 0x41, 0x4C, 0xFE, 0x95, 0x67, 0x46, 0xEC, 0x4C,
0xEF, 0xA6, 0xCF, 0x6F, 0x72, 0xE2, 0x8A, 0x13, 0x29, 0x43, 0x2F,
0x9D, 0x8A, 0x90, 0x7A, 0xC4, 0xCB, 0x5D, 0xAD, 0xC1, 0x5A },
"MFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4x"
"KTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBSb290IENB",
"AJiWjQ==",
},
{
// CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
"2.16.840.1.114028.10.1.2",
@@ -1150,6 +1163,28 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"GUQtVFJVU1QgRVYgUm9vdCBDQSAxIDIwMjA=",
"XwJB13qHfEwDo6yWjfv/0A==",
},
{
// CN=BJCA Global Root CA1,O=BEIJING CERTIFICATE AUTHORITY,C=CN
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0xF3, 0x89, 0x6F, 0x88, 0xFE, 0x7C, 0x0A, 0x88, 0x27, 0x66, 0xA7,
0xFA, 0x6A, 0xD2, 0x74, 0x9F, 0xB5, 0x7A, 0x7F, 0x3E, 0x98, 0xFB,
0x76, 0x9C, 0x1F, 0xA7, 0xB0, 0x9C, 0x2C, 0x44, 0xD5, 0xAE },
"MFQxCzAJBgNVBAYTAkNOMSYwJAYDVQQKDB1CRUlKSU5HIENFUlRJRklDQVRFIEFV"
"VEhPUklUWTEdMBsGA1UEAwwUQkpDQSBHbG9iYWwgUm9vdCBDQTE=",
"VW9l47TZkGobCdFsPsBsIA==",
},
{
// CN=BJCA Global Root CA2,O=BEIJING CERTIFICATE AUTHORITY,C=CN
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x57, 0x4D, 0xF6, 0x93, 0x1E, 0x27, 0x80, 0x39, 0x66, 0x7B, 0x72,
0x0A, 0xFD, 0xC1, 0x60, 0x0F, 0xC2, 0x7E, 0xB6, 0x6D, 0xD3, 0x09,
0x29, 0x79, 0xFB, 0x73, 0x85, 0x64, 0x87, 0x21, 0x28, 0x82 },
"MFQxCzAJBgNVBAYTAkNOMSYwJAYDVQQKDB1CRUlKSU5HIENFUlRJRklDQVRFIEFV"
"VEhPUklUWTEdMBsGA1UEAwwUQkpDQSBHbG9iYWwgUm9vdCBDQTI=",
"LBcIfWQqwP6FGFkGz7RK6w==",
},
};
// TenFourFox issue 512, backport from ESR60: treat all EV roots as
security/manager/ssl/StaticHPKPins.h
+39 -285
View File
@@ -71,6 +71,14 @@ static const char kDigiCert_Global_Root_G3Fingerprint[] =
static const char kDigiCert_High_Assurance_EV_Root_CAFingerprint[] =
"WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=";
/* DigiCert TLS ECC P384 Root G5 */
static const char kDigiCert_TLS_ECC_P384_Root_G5Fingerprint[] =
"oC+voZLIy4HLE0FVT5wFtxzKKokLDRKY1oNkfJYe+98=";
/* DigiCert TLS RSA4096 Root G5 */
static const char kDigiCert_TLS_RSA4096_Root_G5Fingerprint[] =
"ape1HIIZ6T5d7GS61YBs3rD4NVvkfnVwELcCRW4Bqv0=";
/* DigiCert Trusted Root G4 */
static const char kDigiCert_Trusted_Root_G4Fingerprint[] =
"Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw=";
@@ -99,82 +107,18 @@ static const char kEntrust_net_Premium_2048_Secure_Server_CAFingerprint[] =
static const char kFacebookBackupFingerprint[] =
"q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ=";
/* GOOGLE_PIN_AddTrustClass1CARoot */
static const char kGOOGLE_PIN_AddTrustClass1CARootFingerprint[] =
"BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo=";
/* GOOGLE_PIN_AddTrustExternalCARoot */
static const char kGOOGLE_PIN_AddTrustExternalCARootFingerprint[] =
"lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=";
/* GOOGLE_PIN_AddTrustPublicCARoot */
static const char kGOOGLE_PIN_AddTrustPublicCARootFingerprint[] =
"OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg=";
/* GOOGLE_PIN_AddTrustQualifiedCARoot */
static const char kGOOGLE_PIN_AddTrustQualifiedCARootFingerprint[] =
"xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink=";
/* GOOGLE_PIN_COMODORSADomainValidationSecureServerCA */
static const char kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint[] =
"klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=";
/* GOOGLE_PIN_DSTRootCAX3 */
static const char kGOOGLE_PIN_DSTRootCAX3Fingerprint[] =
"Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=";
/* GOOGLE_PIN_DigiCertECCSecureServerCA */
static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] =
"PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=";
/* GOOGLE_PIN_Entrust_SSL */
static const char kGOOGLE_PIN_Entrust_SSLFingerprint[] =
"nsxRNo6G40YPZsKV5JQt1TCA8nseQQr/LRqp1Oa8fnw=";
/* GOOGLE_PIN_GTECyberTrustGlobalRoot */
static const char kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint[] =
"EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU=";
/* GOOGLE_PIN_GTSCA1O1 */
static const char kGOOGLE_PIN_GTSCA1O1Fingerprint[] =
"YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=";
/* GOOGLE_PIN_GeoTrustGlobal */
static const char kGOOGLE_PIN_GeoTrustGlobalFingerprint[] =
"h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU=";
/* GOOGLE_PIN_GeoTrustGlobal2 */
static const char kGOOGLE_PIN_GeoTrustGlobal2Fingerprint[] =
"F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU=";
/* GOOGLE_PIN_GeoTrustPrimary */
static const char kGOOGLE_PIN_GeoTrustPrimaryFingerprint[] =
"SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo=";
/* GOOGLE_PIN_GeoTrustPrimary_G2 */
static const char kGOOGLE_PIN_GeoTrustPrimary_G2Fingerprint[] =
"vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs=";
/* GOOGLE_PIN_GeoTrustPrimary_G3 */
static const char kGOOGLE_PIN_GeoTrustPrimary_G3Fingerprint[] =
"q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8=";
/* GOOGLE_PIN_GeoTrustUniversal */
static const char kGOOGLE_PIN_GeoTrustUniversalFingerprint[] =
"lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA=";
/* GOOGLE_PIN_GeoTrustUniversal2 */
static const char kGOOGLE_PIN_GeoTrustUniversal2Fingerprint[] =
"fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE=";
/* GOOGLE_PIN_GlobalSignRootCA_R2 */
static const char kGOOGLE_PIN_GlobalSignRootCA_R2Fingerprint[] =
"iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
/* GOOGLE_PIN_GoDaddySecure */
static const char kGOOGLE_PIN_GoDaddySecureFingerprint[] =
"MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc=";
/* GOOGLE_PIN_R3LetsEncrypt */
static const char kGOOGLE_PIN_R3LetsEncryptFingerprint[] =
"jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=";
@@ -187,66 +131,10 @@ static const char kGOOGLE_PIN_R4LetsEncryptFingerprint[] =
static const char kGOOGLE_PIN_RapidSSLFingerprint[] =
"lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM=";
/* GOOGLE_PIN_SecureCertificateServices */
static const char kGOOGLE_PIN_SecureCertificateServicesFingerprint[] =
"RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4=";
/* GOOGLE_PIN_SymantecClass3EVG3 */
static const char kGOOGLE_PIN_SymantecClass3EVG3Fingerprint[] =
"gMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5E=";
/* GOOGLE_PIN_TrustedCertificateServices */
static const char kGOOGLE_PIN_TrustedCertificateServicesFingerprint[] =
"4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg=";
/* GOOGLE_PIN_UTNDATACorpSGC */
static const char kGOOGLE_PIN_UTNDATACorpSGCFingerprint[] =
"QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo=";
/* GOOGLE_PIN_UTNUSERFirstClientAuthenticationandEmail */
static const char kGOOGLE_PIN_UTNUSERFirstClientAuthenticationandEmailFingerprint[] =
"Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM=";
/* GOOGLE_PIN_UTNUSERFirstHardware */
static const char kGOOGLE_PIN_UTNUSERFirstHardwareFingerprint[] =
"TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI=";
/* GOOGLE_PIN_UTNUSERFirstObject */
static const char kGOOGLE_PIN_UTNUSERFirstObjectFingerprint[] =
"D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM=";
/* GOOGLE_PIN_VeriSignClass1 */
static const char kGOOGLE_PIN_VeriSignClass1Fingerprint[] =
"LclHC+Y+9KzxvYKGCUArt7h72ZY4pkOTTohoLRvowwg=";
/* GOOGLE_PIN_VeriSignClass2_G2 */
static const char kGOOGLE_PIN_VeriSignClass2_G2Fingerprint[] =
"2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8=";
/* GOOGLE_PIN_VeriSignClass3_G2 */
static const char kGOOGLE_PIN_VeriSignClass3_G2Fingerprint[] =
"AjyBzOjnxk+pQtPBUEhwfTXZu1uH9PVExb8bxWQ68vo=";
/* GOOGLE_PIN_VeriSignClass3_G3 */
static const char kGOOGLE_PIN_VeriSignClass3_G3Fingerprint[] =
"SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4=";
/* GOOGLE_PIN_VeriSignClass3_G4 */
static const char kGOOGLE_PIN_VeriSignClass3_G4Fingerprint[] =
"UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4=";
/* GOOGLE_PIN_VeriSignClass3_G5 */
static const char kGOOGLE_PIN_VeriSignClass3_G5Fingerprint[] =
"JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=";
/* GOOGLE_PIN_VeriSignClass4_G3 */
static const char kGOOGLE_PIN_VeriSignClass4_G3Fingerprint[] =
"VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU=";
/* GOOGLE_PIN_VeriSignUniversal */
static const char kGOOGLE_PIN_VeriSignUniversalFingerprint[] =
"lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI=";
/* GTS Root R1 */
static const char kGTS_Root_R1Fingerprint[] =
"hxqRlPTu1bMS/0DITB1SSu0vd4u/8l8TjPgfaAp63Gc=";
@@ -279,6 +167,10 @@ static const char kGlobalSign_Root_CA___R3Fingerprint[] =
static const char kGlobalSign_Root_CA___R6Fingerprint[] =
"aCdH+LpiG4fN07wpXtXKvOciocDANj0daLOJKNJ4fx4=";
/* GlobalSign Root R46 */
static const char kGlobalSign_Root_R46Fingerprint[] =
"rn+WLLnmp9v3uDP7GPqbcaiRdd+UnCMrap73yz3yu/w=";
/* Go Daddy Class 2 CA */
static const char kGo_Daddy_Class_2_CAFingerprint[] =
"VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=";
@@ -295,6 +187,10 @@ static const char kGoogleBackup2048Fingerprint[] =
static const char kISRG_Root_X1Fingerprint[] =
"C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=";
/* ISRG Root X2 */
static const char kISRG_Root_X2Fingerprint[] =
"diGVwiVYbubAI3RW4hB9xU8e/CH2GnkuvVFZE8zmgzI=";
/* Let's Encrypt Authority X3 */
static const char kLet_s_Encrypt_Authority_X3Fingerprint[] =
"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";
@@ -303,14 +199,6 @@ static const char kLet_s_Encrypt_Authority_X3Fingerprint[] =
static const char kLet_s_Encrypt_Authority_X4Fingerprint[] =
"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";
/* SpiderOak2 */
static const char kSpiderOak2Fingerprint[] =
"7Y3UnxbffL8aFPXsOJBpGasgpDmngpIhAxGKdQRklQQ=";
/* SpiderOak3 */
static const char kSpiderOak3Fingerprint[] =
"LkER54vOdlygpTsbYvlpMq1CE/lDAG1AP9xmdtwvV2A=";
/* Starfield Class 2 CA */
static const char kStarfield_Class_2_CAFingerprint[] =
"FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=";
@@ -319,14 +207,6 @@ static const char kStarfield_Class_2_CAFingerprint[] =
static const char kStarfield_Root_Certificate_Authority___G2Fingerprint[] =
"gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ=";
/* Swehack */
static const char kSwehackFingerprint[] =
"FdaffE799rVb3oyAuhJ2mBW/XJwD07Uajb2G6YwSAEw=";
/* SwehackBackup */
static const char kSwehackBackupFingerprint[] =
"z6cuswA6E1vgFkCjUsbEYo0Lf3aP8M8YOvwkoiGzDCo=";
/* TestSPKI */
static const char kTestSPKIFingerprint[] =
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
@@ -343,10 +223,6 @@ static const char kTor2Fingerprint[] =
static const char kTor3Fingerprint[] =
"CleC1qwUR8JPgH1nXvSe2VHxDe5/KfNs96EusbfSOfo=";
/* Twitter1 */
static const char kTwitter1Fingerprint[] =
"vU9M48LzD/CF34wE5PPf4nBwRyosy06X21J0ap8yS5s=";
/* USERTrust ECC Certification Authority */
static const char kUSERTrust_ECC_Certification_AuthorityFingerprint[] =
"ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs=";
@@ -355,14 +231,6 @@ static const char kUSERTrust_ECC_Certification_AuthorityFingerprint[] =
static const char kUSERTrust_RSA_Certification_AuthorityFingerprint[] =
"x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=";
/* Verisign Class 1 Public Primary Certification Authority - G3 */
static const char kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint[] =
"IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM=";
/* Verisign Class 2 Public Primary Certification Authority - G3 */
static const char kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint[] =
"cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM=";
/* Pinsets are each an ordered list by the actual value of the fingerprint */
struct StaticFingerprints {
// See bug 1338873 about making these fields const.
@@ -412,6 +280,9 @@ static const StaticFingerprints kPinset_google_root_pems = {
static const char* const kPinset_mozilla_services_Data[] = {
kISRG_Root_X1Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kDigiCert_TLS_RSA4096_Root_G5Fingerprint,
kDigiCert_Global_Root_G2Fingerprint,
kDigiCert_TLS_ECC_P384_Root_G5Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
};
static const StaticFingerprints kPinset_mozilla_services = {
@@ -466,122 +337,33 @@ static const StaticFingerprints kPinset_tor = {
kPinset_tor_Data
};
static const char* const kPinset_twitterCom_Data[] = {
kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
kGOOGLE_PIN_GeoTrustGlobal2Fingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G5Fingerprint,
kGOOGLE_PIN_VeriSignClass1Fingerprint,
kGOOGLE_PIN_GeoTrustPrimaryFingerprint,
kGOOGLE_PIN_VeriSignClass3_G3Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G4Fingerprint,
kGOOGLE_PIN_VeriSignClass4_G3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
kGOOGLE_PIN_GeoTrustUniversal2Fingerprint,
kGOOGLE_PIN_GeoTrustGlobalFingerprint,
kGOOGLE_PIN_VeriSignUniversalFingerprint,
kGOOGLE_PIN_GeoTrustUniversalFingerprint,
kGOOGLE_PIN_GeoTrustPrimary_G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGOOGLE_PIN_GeoTrustPrimary_G2Fingerprint,
kTwitter1Fingerprint,
};
static const StaticFingerprints kPinset_twitterCom = {
sizeof(kPinset_twitterCom_Data) / sizeof(const char*),
kPinset_twitterCom_Data
};
static const char* const kPinset_twitterCDN_Data[] = {
kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
kGOOGLE_PIN_TrustedCertificateServicesFingerprint,
kCOMODO_Certification_AuthorityFingerprint,
kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
kGOOGLE_PIN_AddTrustClass1CARootFingerprint,
kGOOGLE_PIN_UTNUSERFirstObjectFingerprint,
kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint,
kGOOGLE_PIN_GeoTrustGlobal2Fingerprint,
kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G5Fingerprint,
kGlobalSign_Root_CAFingerprint,
kGOOGLE_PIN_UTNUSERFirstClientAuthenticationandEmailFingerprint,
kGOOGLE_PIN_VeriSignClass1Fingerprint,
kGOOGLE_PIN_AddTrustPublicCARootFingerprint,
kGOOGLE_PIN_UTNDATACorpSGCFingerprint,
kGOOGLE_PIN_SecureCertificateServicesFingerprint,
kGOOGLE_PIN_GeoTrustPrimaryFingerprint,
kGOOGLE_PIN_VeriSignClass3_G3Fingerprint,
kGOOGLE_PIN_UTNUSERFirstHardwareFingerprint,
kGOOGLE_PIN_VeriSignClass3_G4Fingerprint,
kGOOGLE_PIN_VeriSignClass4_G3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kBaltimore_CyberTrust_RootFingerprint,
kEntrust_Root_Certification_AuthorityFingerprint,
kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
kGlobalSign_Root_CA___R3Fingerprint,
kEntrust_Root_Certification_Authority___G2Fingerprint,
kGOOGLE_PIN_GeoTrustUniversal2Fingerprint,
kGOOGLE_PIN_GeoTrustGlobalFingerprint,
kGOOGLE_PIN_GlobalSignRootCA_R2Fingerprint,
kGOOGLE_PIN_AddTrustExternalCARootFingerprint,
kGOOGLE_PIN_VeriSignUniversalFingerprint,
kGOOGLE_PIN_GeoTrustUniversalFingerprint,
kGOOGLE_PIN_Entrust_SSLFingerprint,
kGOOGLE_PIN_GeoTrustPrimary_G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGOOGLE_PIN_GeoTrustPrimary_G2Fingerprint,
kComodo_AAA_Services_rootFingerprint,
kTwitter1Fingerprint,
kGOOGLE_PIN_AddTrustQualifiedCARootFingerprint,
};
static const StaticFingerprints kPinset_twitterCDN = {
sizeof(kPinset_twitterCDN_Data) / sizeof(const char*),
kPinset_twitterCDN_Data
};
static const char* const kPinset_dropbox_Data[] = {
kEntrust_Root_Certification_Authority___EC1Fingerprint,
kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
kGOOGLE_PIN_GoDaddySecureFingerprint,
kGo_Daddy_Class_2_CAFingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kEntrust_Root_Certification_AuthorityFingerprint,
kEntrust_Root_Certification_Authority___G2Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
};
static const StaticFingerprints kPinset_dropbox = {
sizeof(kPinset_dropbox_Data) / sizeof(const char*),
kPinset_dropbox_Data
};
static const char* const kPinset_facebook_Data[] = {
kCOMODO_ECC_Certification_AuthorityFingerprint,
kISRG_Root_X1Fingerprint,
kUSERTrust_ECC_Certification_AuthorityFingerprint,
kGlobalSign_Root_CAFingerprint,
kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint,
kDigiCert_Trusted_Root_G4Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGlobalSign_Root_CA___R6Fingerprint,
kDigiCert_TLS_RSA4096_Root_G5Fingerprint,
kGlobalSign_Root_CA___R3Fingerprint,
kISRG_Root_X2Fingerprint,
kGOOGLE_PIN_SymantecClass3EVG3Fingerprint,
kCOMODO_RSA_Certification_AuthorityFingerprint,
kDigiCert_Global_Root_G2Fingerprint,
kDigiCert_TLS_ECC_P384_Root_G5Fingerprint,
kFacebookBackupFingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGlobalSign_Root_R46Fingerprint,
kDigiCert_Global_Root_G3Fingerprint,
kUSERTrust_RSA_Certification_AuthorityFingerprint,
};
static const StaticFingerprints kPinset_facebook = {
sizeof(kPinset_facebook_Data) / sizeof(const char*),
kPinset_facebook_Data
};
static const char* const kPinset_spideroak_Data[] = {
kSpiderOak2Fingerprint,
kSpiderOak3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGOOGLE_PIN_GeoTrustGlobalFingerprint,
};
static const StaticFingerprints kPinset_spideroak = {
sizeof(kPinset_spideroak_Data) / sizeof(const char*),
kPinset_spideroak_Data
};
static const char* const kPinset_yahoo_Data[] = {
kDigiCert_Assured_ID_Root_CAFingerprint,
kGlobalSign_Root_CAFingerprint,
@@ -597,19 +379,6 @@ static const StaticFingerprints kPinset_yahoo = {
kPinset_yahoo_Data
};
static const char* const kPinset_swehackCom_Data[] = {
kSwehackFingerprint,
kGOOGLE_PIN_DSTRootCAX3Fingerprint,
kLet_s_Encrypt_Authority_X3Fingerprint,
kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint,
kLet_s_Encrypt_Authority_X4Fingerprint,
kSwehackBackupFingerprint,
};
static const StaticFingerprints kPinset_swehackCom = {
sizeof(kPinset_swehackCom_Data) / sizeof(const char*),
kPinset_swehackCom_Data
};
/* Domainlist */
struct TransportSecurityPreload {
// See bug 1338873 about making these fields const.
@@ -631,7 +400,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "android.com", true, false, false, -1, &kPinset_google_root_pems },
{ "api.accounts.firefox.com", true, false, true, 5, &kPinset_mozilla_services },
{ "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
{ "apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "apps.facebook.com", true, false, false, -1, &kPinset_facebook },
@@ -650,7 +418,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
{ "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
{ "business.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "business.twitter.com", true, false, false, -1, &kPinset_twitterCom },
{ "ca.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "calendar.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "cd.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
@@ -690,7 +457,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "ct.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "datastudio.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "de.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom },
{ "developer.android.com", true, false, false, -1, &kPinset_google_root_pems },
{ "developers.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "dist.torproject.org", true, false, false, -1, &kPinset_tor },
@@ -703,9 +469,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
{ "download.mozilla.org", false, false, true, 14, &kPinset_mozilla_services },
{ "drive.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "dropbox.com", true, false, false, -1, &kPinset_dropbox },
{ "dropboxstatic.com", false, true, false, -1, &kPinset_dropbox },
{ "dropboxusercontent.com", false, true, false, -1, &kPinset_dropbox },
{ "edit.yahoo.com", true, true, false, -1, &kPinset_yahoo },
{ "en-maktoob.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "encrypted.google.com", true, false, false, -1, &kPinset_google_root_pems },
@@ -713,7 +476,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "espanol.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "example.test", true, true, false, -1, &kPinset_test },
{ "exclude-subdomains.pinning.example.com", false, false, false, -1, &kPinset_mozilla_test },
{ "facebook.com", false, false, false, -1, &kPinset_facebook },
{ "facebook.com", true, false, false, -1, &kPinset_facebook },
{ "fi.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "fi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "firebaseio.com", true, false, false, -1, &kPinset_google_root_pems },
@@ -1001,8 +764,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "market.android.com", true, false, false, -1, &kPinset_google_root_pems },
{ "mbasic.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "meet.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "messenger.com", false, false, false, -1, &kPinset_facebook },
{ "mobile.twitter.com", true, false, false, -1, &kPinset_twitterCom },
{ "messenger.com", true, false, false, -1, &kPinset_facebook },
{ "mt.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "mtouch.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "mu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
@@ -1015,7 +777,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "no.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "np.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "nz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "oauth.twitter.com", true, false, false, -1, &kPinset_twitterCom },
{ "oauthaccountmanager.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
{ "pa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "passwords.google.com", true, false, false, -1, &kPinset_google_root_pems },
@@ -1029,7 +790,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "pixel.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "pk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "pl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "platform.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
{ "play.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "plus.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
@@ -1050,12 +810,10 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "services.mozilla.com", true, false, true, 6, &kPinset_mozilla_services },
{ "sg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "sites.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "spideroak.com", true, false, false, -1, &kPinset_spideroak },
{ "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "static.googleadsserving.cn", true, false, false, -1, &kPinset_google_root_pems },
{ "stats.g.doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
{ "sv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "swehack.org", true, true, false, -1, &kPinset_swehackCom },
{ "sync.services.mozilla.com", true, false, true, 13, &kPinset_mozilla_services },
{ "t.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "tablet.facebook.com", true, false, false, -1, &kPinset_facebook },
@@ -1073,8 +831,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "tunnel.googlezip.net", true, false, false, -1, &kPinset_google_root_pems },
{ "tv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "tw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "twimg.com", true, false, false, -1, &kPinset_twitterCDN },
{ "twitter.com", true, false, false, -1, &kPinset_twitterCDN },
{ "ua.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "ua5v.com", true, false, false, -1, &kPinset_google_root_pems },
{ "uk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
@@ -1101,7 +857,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "wf-trial-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
{ "withgoogle.com", true, false, false, -1, &kPinset_google_root_pems },
{ "withyoutube.com", true, false, false, -1, &kPinset_google_root_pems },
{ "www.dropbox.com", true, false, false, -1, &kPinset_dropbox },
{ "www.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "www.g.co", false, false, false, -1, &kPinset_google_root_pems },
{ "www.gmail.com", false, false, false, -1, &kPinset_google_root_pems },
@@ -1109,7 +864,6 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "www.googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
{ "www.messenger.com", true, false, false, -1, &kPinset_facebook },
{ "www.torproject.org", true, false, false, -1, &kPinset_tor },
{ "www.twitter.com", true, false, false, -1, &kPinset_twitterCom },
{ "xa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
{ "xn--7xa.google.com", true, false, false, -1, &kPinset_google_root_pems },
@@ -1121,8 +875,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
};
// Pinning Preload List Length = 496;
// Pinning Preload List Length = 481;
static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1669892929282000);
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1701082122257000);
security/manager/ssl/nsSTSPreloadList.inc
+33632 -13218
View File
File diff suppressed because it is too large Load Diff
security/nss/lib/pkcs12/p12d.c
+15 -8
View File
@@ -337,31 +337,38 @@ sec_pkcs12_decoder_safe_bag_update(void *arg, const char *data,
SEC_PKCS12DecoderContext *p12dcx;
SECStatus rv;
/* make sure that we are not skipping the current safeBag,
* and that there are no errors. If so, just return rather
* than continuing to process.
*/
if (!safeContentsCtx || !safeContentsCtx->p12dcx ||
safeContentsCtx->p12dcx->error || safeContentsCtx->skipCurrentSafeBag) {
if (!safeContentsCtx || !safeContentsCtx->p12dcx || !safeContentsCtx->currentSafeBagA1Dcx) {
return;
}
p12dcx = safeContentsCtx->p12dcx;
/* make sure that there are no errors and we are not skipping the current safeBag */
if (p12dcx->error || safeContentsCtx->skipCurrentSafeBag) {
goto loser;
}
rv = SEC_ASN1DecoderUpdate(safeContentsCtx->currentSafeBagA1Dcx, data, len);
if (rv != SECSuccess) {
p12dcx->errorValue = PORT_GetError();
p12dcx->error = PR_TRUE;
goto loser;
}
/* The update may have set safeContentsCtx->skipCurrentSafeBag, and we
* may not get another opportunity to clean up the decoder context.
*/
if (safeContentsCtx->skipCurrentSafeBag) {
goto loser;
}
return;
loser:
/* set the error, and finish the decoder context. because there
/* Finish the decoder context. Because there
* is not a way of returning an error message, it may be worth
* while to do a check higher up and finish any decoding contexts
* that are still open.
*/
p12dcx->error = PR_TRUE;
SEC_ASN1DecoderFinish(safeContentsCtx->currentSafeBagA1Dcx);
safeContentsCtx->currentSafeBagA1Dcx = NULL;
return;
security/nss/lib/pkcs12/p12t.h
+1
View File
@@ -73,6 +73,7 @@ struct sec_PKCS12SafeBagStr {
sec_PKCS12CRLBag *crlBag;
sec_PKCS12SecretBag *secretBag;
sec_PKCS12SafeContents *safeContents;
SECItem *unknownBag;
} safeBagContent;
sec_PKCS12Attribute **attribs;
security/nss/lib/pkcs12/p12tmpl.c
+2 -2
View File
@@ -30,12 +30,12 @@ sec_pkcs12_choose_safe_bag_type(void *src_or_dest, PRBool encoding)
oiddata = SECOID_FindOID(&safeBag->safeBagType);
if (oiddata == NULL) {
return SEC_ASN1_GET(SEC_AnyTemplate);
return SEC_ASN1_GET(SEC_PointerToAnyTemplate);
}
switch (oiddata->offset) {
default:
theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
break;
case SEC_OID_PKCS12_V1_KEY_BAG_ID:
theTemplate = SEC_ASN1_GET(SECKEY_PointerToPrivateKeyInfoTemplate);