mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 03:15:11 +00:00
Bug 1461373 - Set BRNameMatchingPolicy to "Enforce" for Nightly r=keeler
Summary: Change the security.pki.name_matching_mode pref to 3 for Enforce on Nightly. BR_9_2_1_SUBJECT_ALT_NAMES show that ~99.98% of encountered certificates have an acceptable SAN, so our compatibility risk is about 0.02%. BR_9_2_2_SUBJECT_COMMON_NAME also shows, 99.89% of certificate common names are present in a subject alternative name extension, giving a worst-case of 0.11% risk, though BR_9_2_1_SUBJECT_ALT_NAMES is more what we're affecting here. Test Plan: none Reviewers: keeler Tags: #secure-revision Bug #: 1461373 Differential Revision: https://phabricator.services.mozilla.com/D1277 --HG-- extra : transplant_source : %BF%7D%DEi%C7%9BhE%D0%C2d%9D0%AC%F8%9EM%E0%60U
This commit is contained in:
parent
a7be7cff43
commit
db950df22f
@ -92,7 +92,7 @@ pref("security.signed_app_signatures.policy", 2);
|
||||
#ifdef RELEASE_OR_BETA
|
||||
pref("security.pki.name_matching_mode", 1);
|
||||
#else
|
||||
pref("security.pki.name_matching_mode", 2);
|
||||
pref("security.pki.name_matching_mode", 3);
|
||||
#endif
|
||||
|
||||
// security.pki.netscape_step_up_policy controls how the platform handles the
|
||||
|
Loading…
Reference in New Issue
Block a user