commit c429e391927b9f6462274c5a7b51cf66cd253ddf Author: Robert Strong <robert.bugzi...@gmail.com> Date: Wed Jul 29 12:39:56 2015 -0700
Bug 1151485 - Disable app update xml certificate checks on Linux now that there is mar signing on Linux. r=bbondy --- browser/app/profile/firefox.js | 47 ++++------------------------------------ 1 file changed, 4 insertions(+), 43 deletions(-) diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index 9944a82..a827f52 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -100,51 +100,12 @@ pref("app.update.log", false); pref("app.update.backgroundMaxErrors", 10); // The aus update xml certificate checks for application update are disabled on -// Windows and Mac OS X since the mar signature check are implemented on these -// platforms and is sufficient to prevent us from applying a mar that is not -// valid. -#if defined(XP_WIN) || defined(XP_MACOSX) +// Windows, Mac OS X, and Linux since the mar signature check are implemented on +// these platforms and is sufficient to prevent us from applying a mar that is +// not valid. Bug 1182352 will remove the update xml certificate checks and the +// following two preferences. pref("app.update.cert.requireBuiltIn", false); pref("app.update.cert.checkAttributes", false); -#else -// When |app.update.cert.requireBuiltIn| is true or not specified the -// final certificate and all certificates the connection is redirected to before -// the final certificate for the url specified in the |app.update.url| -// preference must be built-in. -pref("app.update.cert.requireBuiltIn", true); - -// When |app.update.cert.checkAttributes| is true or not specified the -// certificate attributes specified in the |app.update.certs.| preference branch -// are checked against the certificate for the url specified by the -// |app.update.url| preference. -pref("app.update.cert.checkAttributes", true); - -// The number of certificate attribute check failures to allow for background -// update checks before notifying the user of the failure. User initiated update -// checks always notify the user of the certificate attribute check failure. -pref("app.update.cert.maxErrors", 5); - -// The |app.update.certs.| preference branch contains branches that are -// sequentially numbered starting at 1 that contain attribute name / value -// pairs for the certificate used by the server that hosts the update xml file -// as specified in the |app.update.url| preference. When these preferences are -// present the following conditions apply for a successful update check: -// 1. the uri scheme must be https -// 2. the preference name must exist as an attribute name on the certificate and -// the value for the name must be the same as the value for the attribute name -// on the certificate. -// If these conditions aren't met it will be treated the same as when there is -// no update available. This validation will not be performed when the -// |app.update.url.override| user preference has been set for testing updates or -// when the |app.update.cert.checkAttributes| preference is set to false. Also, -// the |app.update.url.override| preference should ONLY be used for testing. -// IMPORTANT! metro.js should also be updated for updates to certs.X.issuerName -// IMPORTANT! media.gmp-manager.certs.* prefs should also be updated if these -// are updated. - -pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US"); -pref("app.update.certs.1.commonName", "*.torproject.org"); -#endif // Whether or not app updates are enabled pref("app.update.enabled", true); _______________________________________________ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits