Closed Bug 1052374 Opened 10 years ago Closed 10 years ago

nsUpdateService.js should not use manually pinned certs

Categories

(Toolkit :: Application Update, defect)

Product:
Toolkit
Component:
Application Update
Type:
defect
Priority:
Not set
Severity:
normal
Points:
2

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: gfritzsche, Unassigned)

References

Details

We have a central pinning implementation now:
https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning

Per bug 1005430, this will include aus4.mozilla.org (and hopefully aus3), so we can drop the app.update.certs.* prefs and the CertUtils usage.
Flags: firefox-backlog+
I don't recall if there is a bug for this yet but I have met with Monica Chew regarding this and we won't be doing this until after pinned certs have been used by other possible consumers and has been on release for awhile. Also, we no longer use those prefs on Windows since we rely on mar signing there and after mar signing is complete on Mac and Linux we won't use those prefs on those platforms either.
We removed the checks on Windows and we are going to remove the manual checks on Mac and Linux as soon as mar signing is completed for those platforms instead of pinning since there are other issues with pinning.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.