From bb353a6f75798aabdd6493640e0efd1dcfa8a45b Mon Sep 17 00:00:00 2001
From: David Keeler <dkeeler@mozilla.com>
Date: Mon, 26 Oct 2015 14:39:25 -0700
Subject: [PATCH] bug 1218515 - flip pinning-test.badssl.com into production
 mode r=jcj DONTBUILD NPOTB

pinning-test.badssl.com is a test domain for preloaded HPKP (HTTP Public Key
Pinning - see RFC 7469). By specifying a pinset corresponding to no known keys,
this domain should fail with a key pinning error by default. Also, the
includeSubdomains option is set, so any subdomains should fail as well.
Since Gecko incorporates preloaded pinsets from Chromium, this pinset is already
defined. This patch merely switches it from test mode to production mode (well,
to be more accurate, this patch sets up the input for the automated script that
will make the code change that will put the pinset into production mode).
---
 security/manager/tools/PreloadedHPKPins.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/manager/tools/PreloadedHPKPins.json b/security/manager/tools/PreloadedHPKPins.json
index 729059ee754..cf1703d9326 100644
--- a/security/manager/tools/PreloadedHPKPins.json
+++ b/security/manager/tools/PreloadedHPKPins.json
@@ -40,8 +40,9 @@
       "facebook"
     ],
     "production_domains": [
-      // Chrome's test domain.
+      // Chrome's test domains.
       "pinningtest.appspot.com",
+      "pinning-test.badssl.com",
       // Dropbox
       "dropbox.com",
       "www.dropbox.com",