1491664 - "ImportEnterpriseRoots": false does not work

Status: RESOLVED FIXED

(Firefox :: Enterprise Policies, defect, P1)

Description

[Sören Hentzschel]

The ImportEnterpriseRoots does not work as expected. According to the documentation both true and false values are allowed:

https://github.com/mozilla/policy-templates#certificates

But it doesn't matter if you set ImportEnterpriseRoots to true or false. In both cases Firefox locks the pereference security.enterprise_roots.enabled to true.

Maybe it's not intended to set the value to false. I looked at the code and the code doesn't handle different values, it always set security.enterprise_roots.enabled to true when the ImportEnterpriseRoots policy is used. In this case the documentation is wrong. But I guess it makes sense to allow both values, as documented, to lock the setting.

First reported here:
https://github.com/cadeyrn/enterprise-policy-generator/issues/46

Comment 1

[Sören Hentzschel]

Hi Mike,

even if you will fix the implementation or the documentation at a later point, could you please at least clarify whether the implementation or the documentation is wrong? Because if it's work as intended and only the documentation is wrong then I have to change the option in the Enterprise Policy Generator add-on and I have to make sure that there are no migrations problems with already saved configurations. It would be a help for me to know if I have to schedule time for this.

Thank you!

Comment 2

[Mike Kaply [:mkaply]]

I'm definitely planning to fix this in the code, but it was written to spec originally.

I've updated the documentation.

Comment 3

[Mike Kaply [:mkaply]]

Attachment: Bug 1491664 - Allow true and false for ImportEnterpriseRoots policy.

Comment 4

[Pulsebot]

Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/4e4d1fe0d17e
Allow true and false for ImportEnterpriseRoots policy. r=Felipe

Comment 5

[Tiberius Oros[:tiberius_oros]]

https://hg.mozilla.org/mozilla-central/rev/4e4d1fe0d17e