[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [flashproxy/master] Add kSPKIHash_GoogleG2 to acceptable pins.
commit 41828ee6c38317087dea1e534ef22cf5b29646b3
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date: Tue Aug 27 20:39:54 2013 -0700
Add kSPKIHash_GoogleG2 to acceptable pins.
I see this public key hash in the depth-3 certificate chain mentioned in
the previous commit. It corresponds to kSPKIHash_GoogleG2 in the
Chromium source. Two of the three hashes, in fact, are present in
transport_security_state_static.h:
"\x99\x9f\x53\xda\x88\xaf\xc3\xb1\xd2\x8f\x69\x56\x64\xc2\x0c\x81\xd8\xf7\xc5\xec"
"\x43\xda\xd6\x30\xee\x53\xf8\xa9\x80\xca\x6e\xfd\x85\xf4\x6a\xa3\x79\x90\xe0\xea" # kSPKIHash_GoogleG2
"\xc0\x7a\x98\x68\x8d\x89\xfb\xab\x05\x64\x0c\x11\x7d\xaa\x7d\x65\xb8\xca\xcc\x4e" # kSPKIHash_GeoTrustGlobal
Both of them are present in kGoogleAcceptableCerts. Either one would
make a satisfactory pin. Unsure of what to do, I'm adding the one closer
to the leaf.
For the record, the previously seen depth-2 public key hashes are:
"\x81\x83\x43\x65\xf1\x7e\xb3\xf4\x7e\x49\x8c\xeb\x16\x98\xcd\x59\x23\x95\xa1\x73"
"\x40\xc5\x40\x1d\x6f\x8c\xba\xf0\x8b\x00\xed\xef\xb1\xee\x87\xd0\x05\xb3\xb9\xcd" # kSPKIHash_Google1024
---
flashproxy-reg-appspot | 2 ++
1 file changed, 2 insertions(+)
diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot
index 21a402a..c84f9e7 100755
--- a/flashproxy-reg-appspot
+++ b/flashproxy-reg-appspot
@@ -67,6 +67,8 @@ PUBKEY_SHA1 = (
# https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?revision=209003&view=markup
# kSPKIHash_Google1024
"\x40\xc5\x40\x1d\x6f\x8c\xba\xf0\x8b\x00\xed\xef\xb1\xee\x87\xd0\x05\xb3\xb9\xcd",
+ # kSPKIHash_GoogleG2
+ "\x43\xda\xd6\x30\xee\x53\xf8\xa9\x80\xca\x6e\xfd\x85\xf4\x6a\xa3\x79\x90\xe0\xea",
)
class options(object):
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits