Closed Bug 1491664 Opened Last year Closed Last year
Enterprise Roots": false does not work
46 bytes, text/x-phabricator-request
|Details | Review|
The ImportEnterpriseRoots does not work as expected. According to the documentation both true and false values are allowed: https://github.com/mozilla/policy-templates#certificates But it doesn't matter if you set ImportEnterpriseRoots to true or false. In both cases Firefox locks the pereference security.enterprise_roots.enabled to true. Maybe it's not intended to set the value to false. I looked at the code and the code doesn't handle different values, it always set security.enterprise_roots.enabled to true when the ImportEnterpriseRoots policy is used. In this case the documentation is wrong. But I guess it makes sense to allow both values, as documented, to lock the setting. First reported here: https://github.com/cadeyrn/enterprise-policy-generator/issues/46
Summary: ImportEnterpriseRoots policy is broken → "ImportEnterpriseRoots": false does not work
Hi Mike, even if you will fix the implementation or the documentation at a later point, could you please at least clarify whether the implementation or the documentation is wrong? Because if it's work as intended and only the documentation is wrong then I have to change the option in the Enterprise Policy Generator add-on and I have to make sure that there are no migrations problems with already saved configurations. It would be a help for me to know if I have to schedule time for this. Thank you!
I'm definitely planning to fix this in the code, but it was written to spec originally. I've updated the documentation.
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/4e4d1fe0d17e Allow true and false for ImportEnterpriseRoots policy. r=Felipe
You need to log in before you can comment on or make changes to this bug.