Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 13:51:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 921907 - Enable OCSP must-staple. r=keeler

Browse Source 
--HG--
extra : commitid : LvP86DDj772
extra : rebase_source : e06438c614c00fd9d77ca88886368948f13d6454
extra : histedit_source : f72078bac3dd14d4166ddd3bf24b582b13de1519
This commit is contained in:
Mark Goodwin 2015-11-20 11:44:25 +00:00
parent 5f7fe609b2
commit 9f468cf8f0
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/libpref/init/all.js
View File

@ -1993,6 +1993,9 @@ pref("security.mixed_content.block_display_content", false);
// Sub-resource integrity
pref("security.sri.enable", true);
// OCSP must-staple
pref("security.ssl.enable_ocsp_must_staple", true);
// Disable pinning checks by default.
pref("security.cert_pinning.enforcement_level", 0);
// Do not process hpkp headers rooted by not built in roots by default.

2
security/manager/ssl/nsNSSComponent.cpp
View File

@ -847,7 +847,7 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
PrivateSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
bool ocspMustStapleEnabled = Preferences::GetBool("security.ssl.enable_ocsp_must_staple",
false);
true);
PublicSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled);
PrivateSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled);