In any case, the pin check doesn't matter. The certificate verification will have failed well before the pin checks are done.
On Mon, Jan 4, 2016 at 4:14 PM, David Keeler <[email protected]> wrote: > > { "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla }, > > Just for clarification and future reference, the second "true" means this > entry is in test mode, so it's not actually enforced by default. > > On Mon, Jan 4, 2016 at 1:08 PM, Dave Townsend <[email protected]> > wrote: > > > aus5 (the server the app updater checks) is still pinned: > > > > > https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h#739 > > > > On Mon, Jan 4, 2016 at 12:54 PM, Robert Strong <[email protected]> > > wrote: > > > On Mon, Jan 4, 2016 at 12:46 PM, Jesper Kristensen < > > > [email protected]> wrote: > > > > > >> Den 04-01-2016 kl. 19:45 skrev Daniel Holbert: > > >> > > >>> On 01/04/2016 10:33 AM, Josh Matthews wrote: > > >>> > > >>>> Wouldn't the SSL cert failures also prevent submitting the telemetry > > >>>> payload to Mozilla's servers? > > >>>> > > >>> > > >>> Hmm... actually, I'll bet the cert errors will prevent Firefox > updates, > > >>> for that matter! (I'm assuming the update-check is performed over > > HTTPS.) > > >>> > > >> > > >> If I remember correctly, update checks are pinned to a specific CA, so > > >> updates for users with software that MITM AUS would already be broken? > > > > > > That was removed awhile ago in favor of using mar signing as an exploit > > > mitigation. > > > > > > > > > > > >> > > >> _______________________________________________ > > >> dev-platform mailing list > > >> [email protected] > > >> https://lists.mozilla.org/listinfo/dev-platform > > >> > > > _______________________________________________ > > > dev-platform mailing list > > > [email protected] > > > https://lists.mozilla.org/listinfo/dev-platform > > _______________________________________________ > > dev-platform mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-platform > > > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
