Richard Pospesel pushed to branch tor-browser-102.10.0esr-12.5-1 at The Tor Project / Applications / Tor Browser

Commits: 9b35dbeb by hackademix at 2023-04-20T20:11:22+00:00 Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key

- - - - -

1 changed file:

- security/manager/ssl/StaticHPKPins.h

Changes:

===================================== security/manager/ssl/StaticHPKPins.h ===================================== @@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = { kPinset_tor_Data };

+static const char* const kPinset_tor_browser_Data[] = { + kISRG_Root_X1Fingerprint, +}; +static const StaticFingerprints kPinset_tor_browser = { + sizeof(kPinset_tor_browser_Data) / sizeof(const char*), + kPinset_tor_browser_Data +}; + static const char* const kPinset_twitterCom_Data[] = { kGOOGLE_PIN_VeriSignClass2_G2Fingerprint, kGOOGLE_PIN_VeriSignClass3_G2Fingerprint, @@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "blogger.com", true, false, false, -1, &kPinset_google_root_pems }, { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems }, { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser }, { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, { "business.facebook.com", true, false, false, -1, &kPinset_facebook },

View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9b35dbeb...