Bug 583408 added a few default prefs, see http://hg.mozilla.org/mozilla-central/rev/c9ee9a98f2d4 - those are for update cert checks, and we should add them to SeaMonkey as well.
Actually, we need more than that: Bug 544442 - Add support for signed AUS update snippets - http://hg.mozilla.org/mozilla-central/rev/14bbdcaf695f This is also only prefs. Bug 586213 - Update app update url and certificate preferences after the additional host name with a new certificate is added for aus That's the harder nut to crack, need to investigate this as it needs a server cert we don't have there right now. Bug 583678 - Acquire a standby certificate for AUS This is where they acquired a cert for their AUS server. I guess we'll need to Future this and I'll need to put it up on the list what I need to discuss with people in MV next month.
Rob, apparently some *_check_invalidCertAttrs_* tests now fail for SeaMonkey after your latest checkins, is there any parts of the default prefs we can land that will fix that without us needing to get our own cert for the community AUS server or change anything there at this time? As everything regarding us getting any bits of infrastructure is bound to take long if it happens at all, I'd love to see this decoupled in some way so that our tests go green at least.
I'll get the tests fixed as soon as I figure out why they are failing
(In reply to comment #3) > I'll get the tests fixed as soon as I figure out why they are failing http://tinderbox.mozilla.org/showlog.cgi?log=SeaMonkey/1283460345.1283462713.23095.gz is a log showing the failures - should we file a separate bug for them?
I have a fix and will land it as a followup to the original bug
Created attachment 471779 [details] [diff] [review] Additional prefs patch v0.1 This patch contains the additional prefs which fixes the tests too (without rob's patch) but I don't know if this would break something else.
This app.update.certs.1.issuerName pref looks correct. I am fairly certain that pref("app.update.certs.1.commonName", "*.mozilla.org"); will need to be changed to pref("app.update.certs.1.commonName", "aus2-community.mozilla.org"); The remainder are optional since they are the current defaults for app update which we add to firefox.js for reference. To test this you can add those two preferences in about:config to a SeaMonkey build and Check for Updates. If they are correct the ui will either show that there is or is not an update available. If they are incorrect the ui will show that there was an error.
(In reply to comment #7) > I am fairly certain that > pref("app.update.certs.1.commonName", "*.mozilla.org"); > > will need to be changed to > pref("app.update.certs.1.commonName", "aus2-community.mozilla.org"); Ah, right, from inspecting the cert, it looks like we have our own one on this server anyhow - which is surely good as we don't have to go through all the hassle to get one :)
Ian, in this case, please go ahead with the patch - with that change Rob mentioned.
Created attachment 471977 [details] [diff] [review] Additional prefs patch v0.1a [Checked in: Comment 12] Changes since v0.1: * commonName set to aus2-community.mozilla.org Tested by adding the two app.update.certs.1.* prefs in about config, with correct names - says there is an update, with incorrect names - says there is no update.
note: if you are using a build after bug 583408 landed it should display an update failed page instead of no update.
Comment on attachment 471977 [details] [diff] [review] Additional prefs patch v0.1a [Checked in: Comment 12] http://hg.mozilla.org/comm-central/rev/b9087c09bb87 Are there any additional changes?
(In reply to comment #12) > Comment on attachment 471977 [details] [diff] [review] > Additional prefs patch v0.1a [Checked in: Comment 12] > > http://hg.mozilla.org/comm-central/rev/b9087c09bb87 > > Are there any additional changes? Nope If at some point a standby cert is acquired then additional prefs would need to be added.