nsUpdateService.js should not use manually pinned certs

RESOLVED WONTFIX

Status

()

Toolkit
Application Update
RESOLVED WONTFIX
4 years ago
4 years ago

People

(Reporter: gfritzsche, Unassigned)

Tracking

unspecified
Points:
2
Bug Flags:
firefox-backlog +

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
We have a central pinning implementation now:
https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning

Per bug 1005430, this will include aus4.mozilla.org (and hopefully aus3), so we can drop the app.update.certs.* prefs and the CertUtils usage.
Flags: firefox-backlog+
I don't recall if there is a bug for this yet but I have met with Monica Chew regarding this and we won't be doing this until after pinned certs have been used by other possible consumers and has been on release for awhile. Also, we no longer use those prefs on Windows since we rely on mar signing there and after mar signing is complete on Mac and Linux we won't use those prefs on those platforms either.
We removed the checks on Windows and we are going to remove the manual checks on Mac and Linux as soon as mar signing is completed for those platforms instead of pinning since there are other issues with pinning.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.