Closed Bug 1491664 Opened Last year Closed Last year

"ImportEnterpriseRoots": false does not work

Categories

(Firefox :: Enterprise Policies, defect, P1)

60 Branch
defect

Tracking

()

RESOLVED FIXED
Firefox 64
Tracking Status
firefox64 --- fixed

People

(Reporter: soeren.hentzschel, Assigned: mkaply)

References

Details

Attachments

(1 file)

The ImportEnterpriseRoots does not work as expected. According to the documentation both true and false values are allowed:

https://github.com/mozilla/policy-templates#certificates

But it doesn't matter if you set ImportEnterpriseRoots to true or false. In both cases Firefox locks the pereference security.enterprise_roots.enabled to true.

Maybe it's not intended to set the value to false. I looked at the code and the code doesn't handle different values, it always set security.enterprise_roots.enabled to true when the ImportEnterpriseRoots policy is used. In this case the documentation is wrong. But I guess it makes sense to allow both values, as documented, to lock the setting.

First reported here:
https://github.com/cadeyrn/enterprise-policy-generator/issues/46
Summary: ImportEnterpriseRoots policy is broken → "ImportEnterpriseRoots": false does not work
Hi Mike,

even if you will fix the implementation or the documentation at a later point, could you please at least clarify whether the implementation or the documentation is wrong? Because if it's work as intended and only the documentation is wrong then I have to change the option in the Enterprise Policy Generator add-on and I have to make sure that there are no migrations problems with already saved configurations. It would be a help for me to know if I have to schedule time for this.

Thank you!
Flags: needinfo?(mozilla)
I'm definitely planning to fix this in the code, but it was written to spec originally.

I've updated the documentation.
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Flags: needinfo?(mozilla)
Priority: -- → P1
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/4e4d1fe0d17e
Allow true and false for ImportEnterpriseRoots policy. r=Felipe
https://hg.mozilla.org/mozilla-central/rev/4e4d1fe0d17e
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 64
You need to log in before you can comment on or make changes to this bug.