summaryrefslogtreecommitdiffstats
path: root/net/base/transport_security_state.cc
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-10-12 16:36:09 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-10-12 16:36:09 +0000
commit8f8146f2af6da72ea93020727f2c712baa71f73b (patch)
treeb034364e821b84fca2226f8b6188a367cfb06c7d /net/base/transport_security_state.cc
parent2e1c2685a12d6c38089b07c3f6359e036736cabf (diff)
downloadchromium_src-8f8146f2af6da72ea93020727f2c712baa71f73b.zip
chromium_src-8f8146f2af6da72ea93020727f2c712baa71f73b.tar.gz
chromium_src-8f8146f2af6da72ea93020727f2c712baa71f73b.tar.bz2
net: disable Twitter's CDN pins for debugging.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@105089 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/transport_security_state.cc')
-rw-r--r--net/base/transport_security_state.cc83
1 files changed, 3 insertions, 80 deletions
diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc
index 523f6a8..0ac278c 100644
--- a/net/base/transport_security_state.cc
+++ b/net/base/transport_security_state.cc
@@ -921,15 +921,6 @@ bool TransportSecurityState::IsPreloadedSTS(
static const char kCertTwitter1[] =
"sha1/Vv7zwhR9TtOIN/29MFI4cgHld40=";
- static const char kCertEntrust2048[] =
- "sha1/VeSB0RGAvtiJuQijMfmhJAkWuXA=";
- static const char kCertEntrustEV[] =
- "sha1/ukKwgYhTiB2GY71MwF4I/upuu3c=";
- static const char kCertEntrustG2[] =
- "sha1/qzDTr0vY8WtYae5FaSnahLhzlIg=";
- static const char kCertEntrustSSL[] =
- "sha1/8BdiE1U9s/8KAGv7UISX8+1i0Bo=";
-
static const char kCertGeoTrustGlobal[] =
"sha1/wHqYaI2J+6sFZAwRfap9ZbjKzE4=";
static const char kCertGeoTrustGlobal2[] =
@@ -945,34 +936,6 @@ bool TransportSecurityState::IsPreloadedSTS(
static const char kCertGeoTrustPrimaryG3[] =
"sha1/nKmNAK90Dd2BgNITRaWLjy6UONY=";
- static const char kCertComodoAAACertificateServices[] =
- "sha1/xDAoxdPjCAwQRIssd7okU5dgu/k=";
- static const char kCertComodoAddTrustClass1CARoot[] =
- "sha1/i9vXzKBoU0IW9MErJUT8Apyli0c=";
- static const char kCertComodoAddTrustExternalCARoot[] =
- "sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=";
- static const char kCertComodoAddTrustPublicCARoot[] =
- "sha1/qFdl1ugyyMUZY3Namhd0OoHf7i4=";
- static const char kCertComodoAddTrustQualifiedCARoot[] =
- "sha1/vOS3IxJVmOVjQRkcUOS2R8J2Bdc=";
- static const char kCertComodoCertificationAuthority[] =
- "sha1/EeSR0cnkwOuazs9zVF3h8agwPsM=";
- static const char kCertComodoSecureCertificateServices[] =
- "sha1/PLQahC71XPIaPaVKyNG+OQh2N7w=";
- static const char kCertComodoTrustedCertificateServices[] =
- "sha1//nLI678ML7sOJhOTkzwsqY3cJJQ=";
- static const char kCertComodoUTNDATACorpSGC[] =
- "sha1/UzLRs89/+uDxoF2FTpLSnkUdtE8=";
- static const char kCertComodoUTNUSERFirstClientAuthenticationandEmail[] =
- "sha1/iYJnfcSdJnAAS7RQSHzePa4Ebn0=";
- static const char kCertComodoUTNUSERFirstHardware[] =
- "sha1/oXJfJhsomEOVXQc31YWWnUvSw0U=";
- static const char kCertComodoUTNUSERFirstObject[] =
- "sha1/2u1kdBScFDyr3ZmpvVsoTYs8ydg=";
-
- static const char kCertGTECyberTrustGlobalRoot[] =
- "sha1/WXkS3mF11m/EI7d3E3THlt5viHI=";
-
static const char* const kTwitterComAcceptableCerts[] = {
kCertVerisignClass1,
kCertVerisignClass3,
@@ -996,49 +959,6 @@ bool TransportSecurityState::IsPreloadedSTS(
0,
};
- // kTwitterAcceptableCerts2 are the set of public keys valid for Twitter's
- // CDNs, which includes all the keys from kTwitterAcceptableCerts1.
- static const char* const kTwitterCDNAcceptableCerts[] = {
- kCertVerisignClass1,
- kCertVerisignClass3,
- kCertVerisignClass3_G4,
- kCertVerisignClass4_G3,
- kCertVerisignClass3_G3,
- kCertVerisignClass1_G3,
- kCertVerisignClass2_G3,
- kCertVerisignClass3_G2,
- kCertVerisignClass2_G2,
- kCertVerisignClass3_G5,
- kCertVerisignUniversal,
- kCertGeoTrustGlobal,
- kCertGeoTrustGlobal2,
- kCertGeoTrustUniversal,
- kCertGeoTrustUniversal2,
- kCertGeoTrustPrimary,
- kCertGeoTrustPrimaryG2,
- kCertGeoTrustPrimaryG3,
- kCertTwitter1,
-
- kCertEntrust2048,
- kCertEntrustEV,
- kCertEntrustG2,
- kCertEntrustSSL,
- kCertComodoAAACertificateServices,
- kCertComodoAddTrustClass1CARoot,
- kCertComodoAddTrustExternalCARoot,
- kCertComodoAddTrustPublicCARoot,
- kCertComodoAddTrustQualifiedCARoot,
- kCertComodoCertificationAuthority,
- kCertComodoSecureCertificateServices,
- kCertComodoTrustedCertificateServices,
- kCertComodoUTNDATACorpSGC,
- kCertComodoUTNUSERFirstClientAuthenticationandEmail,
- kCertComodoUTNUSERFirstHardware,
- kCertComodoUTNUSERFirstObject,
- kCertGTECyberTrustGlobalRoot,
- 0,
- };
-
// kTestAcceptableCerts doesn't actually match any public keys and is used
// with "pinningtest.appspot.com", below, to test if pinning is active.
static const char* const kTestAcceptableCerts[] = {
@@ -1161,9 +1081,12 @@ bool TransportSecurityState::IsPreloadedSTS(
{17, true, "\003dev\007twitter\003com", kTwitterHSTS, kTwitterComAcceptableCerts },
{22, true, "\010business\007twitter\003com", kTwitterHSTS, kTwitterComAcceptableCerts },
+#if 0
+ // Twitter CDN pins disabled in order to track down pinning failures --agl
{22, true, "\010platform\007twitter\003com", false, kTwitterCDNAcceptableCerts },
{15, true, "\003si0\005twimg\003com", false, kTwitterCDNAcceptableCerts },
{23, true, "\010twimg0-a\010akamaihd\003net", false, kTwitterCDNAcceptableCerts },
+#endif
};
static const size_t kNumPreloadedSTS = ARRAYSIZE_UNSAFE(kPreloadedSTS);
generated by cgit v1.1 at 2025-02-19 11:44:01 +0000