Closed Bug 1769156 Opened 4 years ago Closed 4 years ago

Use content signature instead of cert pinning in the absence of the controlling pref

Categories

(Core :: Audio/Video: GMP, task, P2)

Product:
Core
Component:
Audio/Video: GMP
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
102 Branch
Tracking Flags:
Tracking Status
firefox102 --- fixed

People

(Reporter: bryce, Assigned: bryce)

References

Details

Attachments

(1 file)

Bug 1769156 - Use content sig checks for GMP updates if controlling pref is missing. r?gijs
48 bytes, text/x-phabricator-request
Details | Review

We currently use content signature checks if the media.gmp-manager.checkContentSignature pref is set to true, otherwise, if it's missing or false, we'll use cert pinning. Following bug 1760527 we should have that pref set everywhere. However we're seeing some telemetry that is showing cert pinning still being used in cases where we wouldn't expect.

While we investigate, I think it makes sense to also use content signature even if the pref isn't set. At the least it can't hurt.

Currently if the pref for using content sig checks with GMP updates is missing
we will use cert pinning. I.e. the default behaviour in the absence of a pref
value is cert pinning. This changes that so that we use content sig by default.

This is done as we're moving to content signatures as default behaviour, so it
makes sense to have it be the default if the pref is missing.

Pushed by bvandyk@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5a4bdda558ce Use content sig checks for GMP updates if controlling pref is missing. r=Gijs

https://hg.mozilla.org/mozilla-central/rev/5a4bdda558ce

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox102: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 102 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: