Bug 593571 - Add a certificate attribute check when checking for update. r=irving,a=Standard8 SEAMONKEY_2_12b4_BUILD1 SEAMONKEY_2_12b4_RELEASE
authorMark Banner <bugzilla@standard8.plus.com>
Wed, 08 Aug 2012 10:02:12 +0100
changeset 12535 e1a2535b2646e1a4833128cb666e23dcd9a2211c
parent 12534 ca70cd11efabbf43979de05457b7dd935f2554ea
child 12536 3ff1b6163cf743b68080c7133c41f4059a3210ae
child 12538 91aa0fe5a2c8bdcb528a08e0b9479836a120f008
child 12540 bdfc8962c9bc2d5910a104c91401e99c8c44f535
push idunknown
push userunknown
push dateunknown
reviewersirving, Standard8
bugs593571
Bug 593571 - Add a certificate attribute check when checking for update. r=irving,a=Standard8
mail/app/profile/all-thunderbird.js
--- a/mail/app/profile/all-thunderbird.js
+++ b/mail/app/profile/all-thunderbird.js
@@ -31,18 +31,63 @@ pref("mail.rights.override", true);
 
 // gtk2 (*nix) lacks transparent/translucent drag support (bug 376238), so we
 // want to disable it so people can see where they are dragging things.
 // (Stock gtk drag icons will be used instead.)
 #ifdef MOZ_WIDGET_GTK2
 pref("nglayout.enable_drag_images", false);
 #endif
 
+// The minimum delay in seconds for the timer to fire.
+// default=2 minutes
+pref("app.update.timerMinimumDelay", 120);
+
 // App-specific update preferences
 
+// The interval to check for updates (app.update.interval) is defined in
+// the branding files.
+
+// Enables some extra Application Update Logging (can reduce performance)
+pref("app.update.log", false);
+
+// When |app.update.cert.requireBuiltIn| is true or not specified the
+// final certificate and all certificates the connection is redirected to before
+// the final certificate for the url specified in the |app.update.url|
+// preference must be built-in.
+pref("app.update.cert.requireBuiltIn", true);
+
+// When |app.update.cert.checkAttributes| is true or not specified the
+// certificate attributes specified in the |app.update.certs.| preference branch
+// are checked against the certificate for the url specified by the
+// |app.update.url| preference.
+pref("app.update.cert.checkAttributes", true);
+
+// The number of certificate attribute check failures to allow for background
+// update checks before notifying the user of the failure. User initiated update
+// checks always notify the user of the certificate attribute check failure.
+pref("app.update.cert.maxErrors", 5);
+
+// The |app.update.certs.| preference branch contains branches that are
+// sequentially numbered starting at 1 that contain attribute name / value
+// pairs for the certificate used by the server that hosts the update xml file
+// as specified in the |app.update.url| preference. When these preferences are
+// present the following conditions apply for a successful update check:
+// 1. the uri scheme must be https
+// 2. the preference name must exist as an attribute name on the certificate and
+//    the value for the name must be the same as the value for the attribute name
+//    on the certificate.
+// If these conditions aren't met it will be treated the same as when there is
+// no update available. This validation will not be performed when using the
+// |app.update.url.override| preference for update checking.
+pref("app.update.certs.1.issuerName", "OU=Equifax Secure Certificate Authority,O=Equifax,C=US");
+pref("app.update.certs.1.commonName", "aus3.mozilla.org");
+
+pref("app.update.certs.2.issuerName", "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US");
+pref("app.update.certs.2.commonName", "aus3.mozilla.org");
+
 // Whether or not app updates are enabled
 pref("app.update.enabled", true);               
 
 // This preference turns on app.update.mode and allows automatic download and
 // install to take place. We use a separate boolean toggle for this to make     
 // the UI easier to construct.
 pref("app.update.auto", true);
 
@@ -66,17 +111,16 @@ pref("app.update.url", "https://aus3.moz
 // attempts fail.
 pref("app.update.url.manual", "http://www.getthunderbird.com");
 // A default value for the "More information about this update" link
 // supplied in the "An update is available" page of the update wizard. 
 pref("app.update.url.details", "http://www.mozilla.org/%LOCALE%/%APP%/releases/");
 // User-settable override to app.update.url for testing purposes.
 //pref("app.update.url.override", "");
 
-// app.update.interval is in branding section
 // app.update.promptWaitTime is in branding section
 
 // Show the Update Checking/Ready UI when the user was idle for x seconds
 pref("app.update.idletime", 60);
 
 // Whether or not we show a dialog box informing the user that the update was
 // successfully applied. This is off in Firefox by default since we show a 
 // upgrade start page instead! Other apps may wish to show this UI, and supply