Removing pin-sha1 from HPKP to match RFC

Since draft-ietf-websec-key-pinning-10, SHA1 has been an invalid hash for pinning. This change brings Chromium's implementation in line with the released RFC 7469. In order to maintain TOFU for now, if there is known SHA1 HPKP on disk, we still honor them until expiration. BUG=448501 Review URL: https://codereview.chromium.org/1303343002 Cr-Commit-Position: refs/heads/master@{#345085}
author: svaldez <svaldez@chromium.org> 2015-08-24 09:12:44 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-08-24 16:13:49 +0000
commit: 35d0dca09693b9a8bedf05be2ac6f50d86ace226 (patch)
tree: 919381a6a46e5eceb219c011f8bf8f3f240e4845 /net/data
parent: 10627723c38afc024879f4f7407d1e48089d0828 (diff)
download: chromium_src-35d0dca09693b9a8bedf05be2ac6f50d86ace226.zip
chromium_src-35d0dca09693b9a8bedf05be2ac6f50d86ace226.tar.gz
chromium_src-35d0dca09693b9a8bedf05be2ac6f50d86ace226.tar.bz2
4 files changed, 5 insertions, 5 deletions
diff --git a/net/data/url_request_unittest/hpkp-headers-report-only.html.mock-http-headers b/net/data/url_request_unittest/hpkp-headers-report-only.html.mock-http-headers
index fe3259d..09ec14a 100644
--- a/net/data/url_request_unittest/hpkp-headers-report-only.html.mock-http-headers
+++ b/net/data/url_request_unittest/hpkp-headers-report-only.html.mock-http-headers
@@ -3,4 +3,4 @@ Cache-Control: private
 Content-Type: text/html; charset=ISO-8859-1
 X-Multiple-Entries: a
 X-Multiple-Entries: b
-Public-Key-Pins-Report-Only: max-age=50000; pin-sha1="K9e3/nFL5j90GuVJOJBv6WXpvcs="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="; pin-sha1="PshSs8WOjC7qwaYMv0T3rJDwKS4="; report-uri="https://hpkp-report.test"
+Public-Key-Pins-Report-Only: max-age=50000; pin-sha256="9999999999999999999999999999999999999999999="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="; report-uri="https://hpkp-report.test"
diff --git a/net/data/url_request_unittest/hpkp-headers.html.mock-http-headers b/net/data/url_request_unittest/hpkp-headers.html.mock-http-headers
index c1763cc..2730136 100644
--- a/net/data/url_request_unittest/hpkp-headers.html.mock-http-headers
+++ b/net/data/url_request_unittest/hpkp-headers.html.mock-http-headers
@@ -3,4 +3,4 @@ Cache-Control: private
 Content-Type: text/html; charset=ISO-8859-1
 X-Multiple-Entries: a
 X-Multiple-Entries: b
-Public-Key-Pins: max-age=50000; pin-sha1="K9e3/nFL5j90GuVJOJBv6WXpvcs="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="; pin-sha1="PshSs8WOjC7qwaYMv0T3rJDwKS4="; report-uri="https://hpkp-report.test"
+Public-Key-Pins: max-age=50000; pin-sha256="9999999999999999999999999999999999999999999="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="; report-uri="https://hpkp-report.test"
diff --git a/net/data/url_request_unittest/hsts-and-hpkp-headers.html.mock-http-headers b/net/data/url_request_unittest/hsts-and-hpkp-headers.html.mock-http-headers
index 2bcfd2a..21d54aa 100644
--- a/net/data/url_request_unittest/hsts-and-hpkp-headers.html.mock-http-headers
+++ b/net/data/url_request_unittest/hsts-and-hpkp-headers.html.mock-http-headers
@@ -5,4 +5,4 @@ X-Multiple-Entries: a
 X-Multiple-Entries: b
 Strict-Transport-Security: max-age=12300
 Strict-Transport-Security: max-age=12300; includeSubdomains
-Public-Key-Pins: max-age=50000; pin-sha1="Wws2/Z7YhKlX73v3rYHBBxO4OLE="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="
+Public-Key-Pins: max-age=50000; pin-sha256="9999999999999999999999999999999999999999999="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="
diff --git a/net/data/url_request_unittest/hsts-and-hpkp-headers2.html.mock-http-headers b/net/data/url_request_unittest/hsts-and-hpkp-headers2.html.mock-http-headers
index f4b9aed..45b2650 100644
--- a/net/data/url_request_unittest/hsts-and-hpkp-headers2.html.mock-http-headers
+++ b/net/data/url_request_unittest/hsts-and-hpkp-headers2.html.mock-http-headers
@@ -4,5 +4,5 @@ Content-Type: text/html; charset=ISO-8859-1
 X-Multiple-Entries: a
 X-Multiple-Entries: b
 Strict-Transport-Security: max-age=12300; includeSubdomains
-Public-Key-Pins: max-age=50000; pin-sha1="K9e3/nFL5j90GuVJOJBv6WXpvcs="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="; pin-sha1="PshSs8WOjC7qwaYMv0T3rJDwKS4="
-Public-Key-Pins: max-age=50000; pin-sha1="K9e3/nFL5j90GuVJOJBv6WXpvcs="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="; pin-sha1="PshSs8WOjC7qwaYMv0T3rJDwKS4="
+Public-Key-Pins: max-age=50000; pin-sha256="9999999999999999999999999999999999999999999="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="
+Public-Key-Pins: max-age=50000; pin-sha256="9999999999999999999999999999999999999999999="; pin-sha256="+TTrWvvJdM9gwuHiLTApo/2DBT2xb4hBPRJDI9pebXY="
author	svaldez <svaldez@chromium.org>	2015-08-24 09:12:44 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-08-24 16:13:49 +0000
commit	35d0dca09693b9a8bedf05be2ac6f50d86ace226 (patch)
tree	919381a6a46e5eceb219c011f8bf8f3f240e4845 /net/data
parent	10627723c38afc024879f4f7407d1e48089d0828 (diff)
download	chromium_src-35d0dca09693b9a8bedf05be2ac6f50d86ace226.zip chromium_src-35d0dca09693b9a8bedf05be2ac6f50d86ace226.tar.gz chromium_src-35d0dca09693b9a8bedf05be2ac6f50d86ace226.tar.bz2