Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1029)

Unified Diff: net/http/transport_security_state_static.h

Issue 359803002: net: add HSTS and pinning for Dropbox. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/http/transport_security_state_static.h
diff --git a/net/http/transport_security_state_static.h b/net/http/transport_security_state_static.h
index e976f9bdbe079a3543950964921717819be54867..76dbe13403ca7a8451db26e5df0e48726fa7653b 100644
--- a/net/http/transport_security_state_static.h
+++ b/net/http/transport_security_state_static.h
@@ -226,6 +226,38 @@ static const char kSPKIHash_GlobalSignRootCA_R3[] =
"\xf7\x93\x19\xef\xdf\xc1\xf5\x20\xfb\xac"
"\x85\x55\x2c\xf2\xd2\x8f\x5a\xb9\xca\x0b";
+static const char kSPKIHash_EntrustRootEC1[] =
+ "\x07\x23\x2d\x45\x65\x87\xb9\xd7\xb1\xd9"
+ "\x7d\xd1\xc5\xfb\x65\xc5\x89\xbf\x92\x96";
+
+static const char kSPKIHash_TheGoDaddyGroupClass2[] =
+ "\xee\xe5\x9f\x1e\x2a\xa5\x44\xc3\xcb\x25"
+ "\x43\xa6\x9a\x5b\xd4\x6a\x25\xbc\xbb\x8e";
+
+static const char kSPKIHash_GoDaddyRoot_G2[] =
+ "\x21\x0f\x2c\x89\xf7\xc4\xcd\x5d\x1b\x82"
+ "\x5e\x38\xd6\xc6\x59\x3b\xa6\x93\x75\xae";
+
+static const char kSPKIHash_GoDaddySecure[] =
+ "\xba\x2e\xb5\xa8\x3e\x13\x23\xd9\x53\x4b"
+ "\x5e\x65\xbc\xe7\xa3\x13\x5d\xd0\xa9\x96";
+
+static const char kSPKIHash_ThawtePremiumServer[] =
+ "\x5f\xf3\x24\x6c\x8f\x91\x24\xaf\x9b\x5f"
+ "\x3e\xb0\x34\x6a\xf4\x2d\x5c\xa8\x5d\xcc";
+
+static const char kSPKIHash_ThawtePrimaryRootCA_G2[] =
+ "\x6a\x25\x23\x9d\x62\x75\xcd\x52\x21\x69"
+ "\x5c\x31\xe9\x89\xc4\xd5\x38\xb8\xc4\xea";
+
+static const char kSPKIHash_ThawtePrimaryRootCA_G3[] =
+ "\xab\x76\x88\xf4\xe5\xe1\x38\xc9\xe9\x50"
+ "\x17\xcd\xcd\xb3\x18\x17\xb3\x3e\x8c\xf5";
+
+static const char kSPKIHash_ThawtePrimaryRootCA[] =
+ "\x6c\xca\xbd\x7d\xb4\x7e\x94\xa5\x75\x99"
+ "\x01\xb6\xa7\xdf\xd4\x5d\x1c\x09\x1c\xcc";
+
// The following is static data describing the hosts that are hardcoded with
// certificate pins or HSTS information.
@@ -376,6 +408,32 @@ static const char* const kLavabitAcceptableCerts[] = {
kNoRejectedPublicKeys, \
}
+static const char* const kDropboxAcceptableCerts[] = {
+ kSPKIHash_DigiCertAssuredIDRoot,
+ kSPKIHash_DigiCertGlobalRoot,
+ kSPKIHash_DigiCertEVRoot,
+ kSPKIHash_EntrustRootEC1,
+ kSPKIHash_Entrust_G2,
+ kSPKIHash_Entrust_EV,
+ kSPKIHash_Entrust_2048,
+ kSPKIHash_GeoTrustGlobal,
+ kSPKIHash_GeoTrustPrimary_G2,
+ kSPKIHash_GeoTrustPrimary_G3,
+ kSPKIHash_GeoTrustPrimary,
+ kSPKIHash_TheGoDaddyGroupClass2,
+ kSPKIHash_GoDaddyRoot_G2,
+ kSPKIHash_GoDaddySecure,
+ kSPKIHash_ThawtePremiumServer,
+ kSPKIHash_ThawtePrimaryRootCA_G2,
+ kSPKIHash_ThawtePrimaryRootCA_G3,
+ kSPKIHash_ThawtePrimaryRootCA,
+ NULL,
+};
+#define kDropboxPins { \
+ kDropboxAcceptableCerts, \
+ kNoRejectedPublicKeys, \
+}
+
#define kNoPins {\
NULL, NULL, \
}
@@ -992,6 +1050,8 @@ static const struct HSTSPreload kPreloadedSTS[] = {
{19, true, "\012webcollect\003org\002uk", true, kNoPins, DOMAIN_NOT_PINNED },
{24, false, "\003www\016capitainetrain\003com", true, kNoPins, DOMAIN_NOT_PINNED },
{22, true, "\010accounts\007firefox\003com", true, kNoPins, DOMAIN_NOT_PINNED },
+ {13, false, "\007dropbox\003com", true, kDropboxPins, DOMAIN_DROPBOX_COM },
+ {17, true, "\003www\007dropbox\003com", true, kDropboxPins, DOMAIN_DROPBOX_COM },
};
static const size_t kNumPreloadedSTS = ARRAYSIZE_UNSAFE(kPreloadedSTS);

Powered by Google App Engine
This is Rietveld 408576698