Closed
Bug 1052374
Opened 10 years ago
Closed 10 years ago
nsUpdateService.js should not use manually pinned certs
Categories
(Toolkit :: Application Update, defect)
Toolkit
Application Update
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: gfritzsche, Unassigned)
References
Details
We have a central pinning implementation now: https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning Per bug 1005430, this will include aus4.mozilla.org (and hopefully aus3), so we can drop the app.update.certs.* prefs and the CertUtils usage.
Flags: firefox-backlog+
Comment 1•10 years ago
|
||
I don't recall if there is a bug for this yet but I have met with Monica Chew regarding this and we won't be doing this until after pinned certs have been used by other possible consumers and has been on release for awhile. Also, we no longer use those prefs on Windows since we rely on mar signing there and after mar signing is complete on Mac and Linux we won't use those prefs on those platforms either.
Comment 2•10 years ago
|
||
We removed the checks on Windows and we are going to remove the manual checks on Mac and Linux as soon as mar signing is completed for those platforms instead of pinning since there are other issues with pinning.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•