The default bug view has changed. See this FAQ.

Add more app.update.certs.* possibilities to SeaMonkey

RESOLVED FIXED in seamonkey2.5

Status

SeaMonkey
Security
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Robert Kaiser, Assigned: Callek)

Tracking

Trunk
seamonkey2.5
Bug Flags:
in-testsuite -
blocking-seamonkey2.0.15 -

SeaMonkey Tracking Flags

(seamonkey2.3+ fixed, seamonkey2.4+ fixed, seamonkey2.5+ fixed, seamonkey2.6 fixed)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

6 years ago
SeaMonkey currently only has one CA possibility for update:
http://mxr.mozilla.org/comm-central/source/suite/browser/browser-prefs.js?mark=516-517#504

Firefox has two:
http://mxr.mozilla.org/comm-central/source/mozilla/browser/app/profile/firefox.js?mark=136-137,139-140#124

We should add one or two in addition, so we have more freedom of where to get our certs from. Restricting them is good for security, but only one choice is bad again, giving us no possibilities to switch if one CA has a problem.

fox2mike: Which CA(s) would Mozilla prefer us to add there?


(Note that it will take quite some time until we have a so high audience on new versions that we could abandon the current one, but the sooner we introduce other pref values, the sooner we'll be actually able to have a choice.)
(Assignee)

Comment 1

6 years ago
Created attachment 553768 [details] [diff] [review]
comm-release

Patch against comm-release (will check shortly if it applies elsewhere)
Assignee: nobody → bugspam.Callek
Status: NEW → ASSIGNED
Attachment #553768 - Flags: review?(kairo)
Attachment #553768 - Flags: feedback?(shyam)
(Assignee)

Comment 2

6 years ago
Created attachment 553771 [details] [diff] [review]
v1.1 comm-release

Whops, missed a save point before refressing.
Attachment #553768 - Attachment is obsolete: true
Attachment #553768 - Flags: review?(kairo)
Attachment #553768 - Flags: feedback?(shyam)
Attachment #553771 - Flags: review?(kairo)
Attachment #553771 - Flags: feedback?(shyam)
Comment on attachment 553771 [details] [diff] [review]
v1.1 comm-release

Yes, that seems fine. Can we build a test build with this setting, and test? I can switch the certs out, we can test and switch back. Would be a shame to put this in the code and ship without testing.
Attachment #553771 - Flags: feedback?(shyam) → feedback+
(Reporter)

Comment 4

6 years ago
Comment on attachment 553771 [details] [diff] [review]
v1.1 comm-release

>+pref("app.update.certs.2.issuerName", 'CN=GeoTrust SSL CA,O="GeoTrust, Inc.",C=US');

Given the way we quote Thawte:

>+pref("app.update.certs.3.issuerName", "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US");

can you please go for the same style for GeoTrust?


With that, let's land this on trunk, kick off nightlies with it and test them with the old and new certificates. Please also go through testing with and older build with manually adding those. Once that's done, please request approval for aurora/beta/release (I see that comm doesn't have a release approval tag, btw).
Attachment #553771 - Flags: review?(kairo) → review+
(Assignee)

Comment 5

6 years ago
Landed: http://hg.mozilla.org/comm-central/rev/ff7b4aaace25

We'll test this tomorrow.

Pre-requesting approvals.
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
tracking-seamonkey2.3: --- → +
tracking-seamonkey2.4: --- → +
tracking-seamonkey2.5: --- → +
Resolution: --- → FIXED
(Assignee)

Updated

6 years ago
Attachment #553771 - Flags: approval-seamonkey2.0.15?
Attachment #553771 - Flags: approval-comm-beta?
Attachment #553771 - Flags: approval-comm-aurora?

Updated

6 years ago
Target Milestone: --- → seamonkey2.5

Updated

6 years ago
Version: unspecified → Trunk

Comment 6

6 years ago
Comment on attachment 553771 [details] [diff] [review]
v1.1 comm-release

rs=me assuming this tests out successfully.
Attachment #553771 - Flags: approval-seamonkey2.0.15?
Attachment #553771 - Flags: approval-seamonkey2.0.15+
Attachment #553771 - Flags: approval-comm-beta?
Attachment #553771 - Flags: approval-comm-beta+
Attachment #553771 - Flags: approval-comm-aurora?
Attachment #553771 - Flags: approval-comm-aurora+
(Assignee)

Comment 7

6 years ago
http://hg.mozilla.org/releases/comm-release/rev/e058afbc7361
http://hg.mozilla.org/releases/comm-beta/rev/a0dbd46ca942
http://hg.mozilla.org/releases/comm-aurora/rev/6f5b341d84d1


Turns out we don't need this for 2.0.x (we don't actually check the cert this way there) I'll plan an extra aus test with the non-modified 2.0.x just to be safe.
status-seamonkey2.3: --- → fixed
status-seamonkey2.4: --- → fixed
status-seamonkey2.5: --- → fixed
status-seamonkey2.6: --- → fixed
Flags: in-testsuite-
Flags: blocking-seamonkey2.0.15-
(Assignee)

Updated

6 years ago
Attachment #553771 - Flags: approval-seamonkey2.0.15+ → approval-seamonkey2.0.15-
You need to log in before you can comment on or make changes to this bug.