Bug 1461373 - Set BRNameMatchingPolicy to "Enforce" for Nightly r=keeler

Summary: Change the security.pki.name_matching_mode pref to 3 for Enforce on Nightly. BR_9_2_1_SUBJECT_ALT_NAMES show that ~99.98% of encountered certificates have an acceptable SAN, so our compatibility risk is about 0.02%. BR_9_2_2_SUBJECT_COMMON_NAME also shows, 99.89% of certificate common names are present in a subject alternative name extension, giving a worst-case of 0.11% risk, though BR_9_2_1_SUBJECT_ALT_NAMES is more what we're affecting here. Test Plan: none Reviewers: keeler Tags: #secure-revision Bug #: 1461373 Differential Revision: https://phabricator.services.mozilla.com/D1277 --HG-- extra : transplant_source : %BF%7D%DEi%C7%9BhE%D0%C2d%9D0%AC%F8%9EM%E0%60U
2024-10-09 03:15:11 +00:00 · 2018-05-14 09:55:15 -07:00 · 2018-05-14 09:55:15 -07:00 · db950df22f
commit db950df22f
parent a7be7cff43
1 changed files with 1 additions and 1 deletions
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@ -92,7 +92,7 @@ pref("security.signed_app_signatures.policy", 2);
 #ifdef RELEASE_OR_BETA
 pref("security.pki.name_matching_mode", 1);
 #else
-pref("security.pki.name_matching_mode", 2);
+pref("security.pki.name_matching_mode", 3);
 #endif

 // security.pki.netscape_step_up_policy controls how the platform handles the