From ef430522256013665205cdda05636846cc622251 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 12 Jul 2016 03:10:33 +0200 Subject: nginx: Don't hard-code the HPKP headers. Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. --- certs/public/fripost.org.pub.back | 14 ++++++++++++++ certs/public/git.fripost.org.pub.back | 14 ++++++++++++++ certs/public/lists.fripost.org.pub.back | 14 ++++++++++++++ certs/public/mail.fripost.org.pub.back | 14 ++++++++++++++ 4 files changed, 56 insertions(+) create mode 100644 certs/public/fripost.org.pub.back create mode 100644 certs/public/git.fripost.org.pub.back create mode 100644 certs/public/lists.fripost.org.pub.back create mode 100644 certs/public/mail.fripost.org.pub.back (limited to 'certs/public') diff --git a/certs/public/fripost.org.pub.back b/certs/public/fripost.org.pub.back new file mode 100644 index 0000000..bee948f --- /dev/null +++ b/certs/public/fripost.org.pub.back @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs06ycSgCZ35MHeoeV/Ck +gV5mYfZUOebnGse+vk0ATn7a+qnSgYkhAgRVg+jnN/I/oF9tNcwCex3rawzx51vw +Etzb9gZoEXTrULCW1IJNWki5JZdilCjSmWyiw9KVEu956EAKVGagSj3lhH6q8MDQ +tnyc0R49TC/LIIOypMQrow/HLw5Jz4FsCb7O4qaUu78RKzZkFMRB/8lEkmXxqNcX +aXcPhugNbuC109X1oWKVD2Kj8MEoorErUSEGnbvN0eDC8p1edqKV8W7PyWM11WIH +6WeBQOI9D6H39R/wTKrxuGFDNmVJfvMRzU5i8Pgw6J6lOW7ORv9UdQ2LvalKXUTD +n7nOvGhdD1xpEOpkInbjZXVxVBKmcen7/jtB/aVN15RiAsmQGHHaDMJtJgf/t1bv +wnSIn1cMJ9A1cI80zjE2VvnQk0rq+Vq2dURyaSfulRuxfLnV1uiyN28BHUFfTCUl +BTroch484M2G5K6/BExLoaAVmQIApQXqBtE/N/mXmowV+/5V6yxoqmNCP7cG139D +di+KzmFHZYlUWYd7RWgbsSbNkAYBAMqj4P1UtsOpfHFfq8kyGB7Smu7HhkjVlRwQ +FHr1oGoBx2k9wuEa3HNdqwMhSWFxqqPFNwGq3ECpTJlm1Meq3qbYoDV56ZXPIVXz +NElDYDwIvPwbTHjL6bsbBlMCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/certs/public/git.fripost.org.pub.back b/certs/public/git.fripost.org.pub.back new file mode 100644 index 0000000..1620e78 --- /dev/null +++ b/certs/public/git.fripost.org.pub.back @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0GPDkJ0LfiO2sVyJdA13 +OuYfXzRvP/G8rC5mC3V+0yU525J3ZYNhvY5fC41wFOQc0WRRk72hE2LbgHeSvch3 +jZjyb5n29k1eichbVwUD2G6D0hYSjcn685u0CAOoRJJcRnGhf/8bcUPedmx8zsZ2 +BYtnbY2M8vF+cBiSidSQBASzTNuBrMizF6RhXcR+aQ4N2SbJl9JPCywUFnfVtgP4 +vePqKLlKCHk5tWrLU6bppgzVYBEZUfgWEztGKFiQtrY6AeITxIZzD5XOssw2Jtrk +5b9E7qp3sSTb7xFusmgvD38/h73/mB7xJNFrpPvtNO6oQtGTkKciKG5qyUAXIpQ9 +yWh4PDntcmRj5WpDwhLZYOHJQl7rQs49up7O0oQsLI1KFmh1XGN+qo32akVJbP48 +HfDbxXcmMNbeoG16qjPZEdFY6IvZRO1sQ6CKILq3afz9NEljPLrp8yKPBmro85fa +VDs5C+UgbSmzIOVELf1oorKyJR9UM0HtJW0ZN7Az0/DtluFWBWHwW4R5Gp9rI65L +xob1jxfJmp5Nu2ufFRXazW6deSPOD35jKQy40XLAjscvVR5Ia16exWl1HBypJtDh ++6chLoY//fie73Cmk7u2X+qq9zw8ikY4gRKie3x7zm2qk7ChbO6VejN3KTlkbCui +U/riMb2cxaGQeFuIrL9eUuECAwEAAQ== +-----END PUBLIC KEY----- diff --git a/certs/public/lists.fripost.org.pub.back b/certs/public/lists.fripost.org.pub.back new file mode 100644 index 0000000..b86e615 --- /dev/null +++ b/certs/public/lists.fripost.org.pub.back @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA+b1xBNsRiiL9QdoLOjjL +JC+4me/Hxa4FSk5tITC4J26Mo6ghf+cnQ0zF0l+Ac8ww2aFIjo+XaNXMaF0f3wUI +D+AYSuihfsseKnoJqyaLxxmZIcgt1OrTj6hYYmtPq4VYENdGDlwTxREbalg6qCKd +QoWcprgBVuzEOzBxkcdsD96RKOXs25uLTqsyvIuhSvR94aCkrPlJTNhYmvkvul/6 +N2ss0K3m1dy5bIHhVHSCKB85nQI8dr0mNUKwtAOEz38MIUYZjl0kLnvbgTLzr7uF +1C/Sa/KZ1uUSU3qNJFFzEt0SZhOqgLN9B4TUBip0CrlV4d+NWD8CYA5RnbGUCrqf +nH3wnuiuwrxjE74v2O6mQZLKuj00RuHWqLckraoSVAmDNd5MpBBH1PUtrif6+3xM +Ww5FQ6TtBvhmbCqHe1lkfD3Txuju2gIWpTU8V6OYmYItoQnNNFRNeR8nOMsfp47o +lNQgU70jpTcXzAXNNK/rgfzg/Qo4DBwb10buUixpfoW71jQLo+T/OUCxioVM5JUf +a8wo7YuaLZKkF/DVKAaAQ9gwTUWOy9sfmatmiK/VfO3H6WYdbxcmW8A192qc9e2A +G0QN2VdAiEVmcjFAZIraW7FSSwYwPueDmFXq5YJW+wsqdRJd/qaAR/FuyrdFqT0X +BU7dKsvPbqWqV4Z+slEJ+c0CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/certs/public/mail.fripost.org.pub.back b/certs/public/mail.fripost.org.pub.back new file mode 100644 index 0000000..61ee180 --- /dev/null +++ b/certs/public/mail.fripost.org.pub.back @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu6SUrGStZtiWiWw25pTK +hC5PPwHnTouTbgPUSsRvjfhLvk4KcM6WI5QzHSdS/1bV5psWdsC1ceA7gSXir5K6 +maZkX+vYLqumHWd6iclsPA7XOkBf1XwXdUeLPbHMocVIeZrG6NtcRggkNwuTybqh +LQA9r7WoLRHewxc8CMCyRHQ68XiYAFXUPuKqbhd+vWmncksFAULG82U6AYso6KrF +8DxgvjmxQ6XQlH1vk37kLRe93FcPQFOcsEJ3OkDL124My7OWO+LlO3cWLwvHfhJf +gRM8+SkjBvFjFZDU5Da27UCG5uIwLBTEGHG397ayMTX8bJrK56WL7HFgg00ovMTL +T9fpgIqgxlbq2XTLG1nU/RMxvZUC20p7FKZQzpL6wLZk3zR5IYcoxIhlQemutUHQ +hNbnXbwQUc8PAkERTDhCJZOxCbkZQdlytdl1/EV/odbbC7npI3NgLAq8z6K4MSf8 +fQaYQHoT2Nkm32nSfgw66jyLVHl2jdqufEjxQ7uAT5MOShXX/TFj+fJ4k1AJNUcF +GY4wNYqT51O4NmTWB/m9ILGcH2JOjrf+Hg+hO24+afi0USrut4EkZTGAeKaitfmn +sWeSmvBYpAkUgx/AxRZofSE/+UzMSuZ9jApnA1ZoQ5jJxZJYwK5w0yLwz3Y6NZWO +zQOLM2zHti+3zNknF/kng78CAwEAAQ== +-----END PUBLIC KEY----- -- cgit v1.2.3