Closed
Bug 1472375
Opened 6 years ago
Closed 6 years ago
Allow ESR version to accept corporate self-signed certificate
Categories
(Toolkit :: Add-ons Manager, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: u608644, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Build ID: 20100101
Steps to reproduce:
1. Install Firefox ESR on company computers.
2. Install company's unsigned add-on[internal use only] (xpi.signature.required = false)
3. After installation, right-clik the add-on and check for update.
Actual results:
addons.update-checker WARN Request failed: https://corporate.internal/addon_update.json - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 163" data: no]
Expected results:
We already added https://corporate.internal/'s Root certificate as trust chain, so Firefox never complain when we visit https://corporate.internal/.
I want you to accept https://(self-signed & already trusted) address ad manifest.json - update_url.
"as" manifest.json.
"applications":{..."update_url":"https://corporate.internal/...
Updated•6 years ago
|
Component: Untriaged → Add-ons Manager
Product: Firefox → Toolkit
Comment 2•6 years ago
|
||
We won't be changing the existing behavior. In bug 1303183 we intend to move to signed content instead of realying on a pinned certificate for the underlying TLS connection. In the mean time, you can set the preference extensions.update.requireBuiltInCerts to false to skip that check.
You need to log in
before you can comment on or make changes to this bug.
Description
•