[tor-commits] [flashproxy/master] Add kSPKIHash_GoogleG2 to acceptable pins.

dcf at torproject.org dcf at torproject.org
Wed Aug 28 04:06:14 UTC 2013


commit 41828ee6c38317087dea1e534ef22cf5b29646b3
Author: David Fifield <david at bamsoftware.com>
Date:   Tue Aug 27 20:39:54 2013 -0700

    Add kSPKIHash_GoogleG2 to acceptable pins.
    
    I see this public key hash in the depth-3 certificate chain mentioned in
    the previous commit. It corresponds to kSPKIHash_GoogleG2 in the
    Chromium source. Two of the three hashes, in fact, are present in
    transport_security_state_static.h:
    
    "\x99\x9f\x53\xda\x88\xaf\xc3\xb1\xd2\x8f\x69\x56\x64\xc2\x0c\x81\xd8\xf7\xc5\xec"
    "\x43\xda\xd6\x30\xee\x53\xf8\xa9\x80\xca\x6e\xfd\x85\xf4\x6a\xa3\x79\x90\xe0\xea" # kSPKIHash_GoogleG2
    "\xc0\x7a\x98\x68\x8d\x89\xfb\xab\x05\x64\x0c\x11\x7d\xaa\x7d\x65\xb8\xca\xcc\x4e" # kSPKIHash_GeoTrustGlobal
    
    Both of them are present in kGoogleAcceptableCerts. Either one would
    make a satisfactory pin. Unsure of what to do, I'm adding the one closer
    to the leaf.
    
    For the record, the previously seen depth-2 public key hashes are:
    
    "\x81\x83\x43\x65\xf1\x7e\xb3\xf4\x7e\x49\x8c\xeb\x16\x98\xcd\x59\x23\x95\xa1\x73"
    "\x40\xc5\x40\x1d\x6f\x8c\xba\xf0\x8b\x00\xed\xef\xb1\xee\x87\xd0\x05\xb3\xb9\xcd" # kSPKIHash_Google1024
---
 flashproxy-reg-appspot |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot
index 21a402a..c84f9e7 100755
--- a/flashproxy-reg-appspot
+++ b/flashproxy-reg-appspot
@@ -67,6 +67,8 @@ PUBKEY_SHA1 = (
     # https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?revision=209003&view=markup
     # kSPKIHash_Google1024
     "\x40\xc5\x40\x1d\x6f\x8c\xba\xf0\x8b\x00\xed\xef\xb1\xee\x87\xd0\x05\xb3\xb9\xcd",
+    # kSPKIHash_GoogleG2
+    "\x43\xda\xd6\x30\xee\x53\xf8\xa9\x80\xca\x6e\xfd\x85\xf4\x6a\xa3\x79\x90\xe0\xea",
 )
 
 class options(object):





More information about the tor-commits mailing list