Remove traces of security.content.signature.root_hash from the source code
Categories
(Core :: Security: PSM, task)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox126 | --- | fixed |
People
(Reporter: robwu, Assigned: willdurand)
References
Details
(Whiteboard: [addons-jira])
Attachments
(1 file)
The security.content.signature.root_hash pref is no longer used as of the changes from bug 1769669, specifically https://hg.mozilla.org/mozilla-central/rev/42a09d35dd7b. Instead of configurable by pref, the trusted root certificates are hard-coded. There is only one trusted root, with some exceptions for testing purposes (see Utils.CERT_CHAIN_ROOT_IDENTIFIER).
Because the pref is now completely unused, the following logic is redundant and should be removed:
- https://searchfox.org/mozilla-central/rev/2bf90dc51ce7e8274ce208fbb9d68b3ff535185e/toolkit/xre/nsAppRunner.cpp#280-281
- https://searchfox.org/mozilla-central/rev/2bf90dc51ce7e8274ce208fbb9d68b3ff535185e/toolkit/xre/nsAppRunner.cpp#2444-2445
- https://searchfox.org/mozilla-central/rev/2bf90dc51ce7e8274ce208fbb9d68b3ff535185e/toolkit/xre/nsAppRunner.cpp#5516-5518
|
Reporter | |
Comment 1•2 years ago
|
||
The pref was also mentioned in the Autograph repo, I submitted a PR here to fix the docs: https://github.com/mozilla-services/autograph/pull/859
|
Assignee | |
Comment 2•11 months ago
|
||
:nalexander, :leplatrem is there any reasons not to do this clean-up? I am asking because this pref confused my while debugging content signature for remote settings yesterday. Thanks!
|
||
Comment 3•11 months ago
|
||
I believe that the only reason is probably due to limited resources and/or bystander effect
|
||
Comment 4•11 months ago
|
||
Yes, remove it. We also have https://bugzilla.mozilla.org/show_bug.cgi?id=1884969, which is similar, I think.
|
|
Assignee | |
Comment 5•11 months ago
|
||
|
||
Updated•11 months ago
|
|
|
Assignee | |
Updated•11 months ago
|
|
||
Updated•11 months ago
|
|
||
Comment 7•11 months ago
|
||
| bugherder | ||
Description
•