Bug 1548365 - enable intermediate preloading on early beta or earlier r=froydnj,jcj
authorDana Keeler <dkeeler@mozilla.com>
Thu, 16 May 2019 00:03:09 +0000
changeset 532839 a187487af38a4caa5f125ab660c4d1d09d69aa9d
parent 532838 df182ef2d4e5a7fe9b44280139ae0fa0d5154d16
child 532840 317b7da2d8053c65bb905ab79f8226563b6538ca
push id11272
push userapavel@mozilla.com
push dateThu, 16 May 2019 15:28:22 +0000
treeherdermozilla-beta@2265bfc5920d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj, jcj
bugs1548365
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1548365 - enable intermediate preloading on early beta or earlier r=froydnj,jcj This also enables using cert_storage for OneCRL, since it and intermediate preloading both use the same backend. Differential Revision: https://phabricator.services.mozilla.com/D31345
old-configure.in
security/manager/ssl/security-prefs.js
toolkit/moz.configure
--- a/old-configure.in
+++ b/old-configure.in
@@ -1686,16 +1686,23 @@ fi
 if test "$BUILDING_RELEASE"; then
   # Override value in defines.sh, if any
   EARLY_BETA_OR_EARLIER=
 elif test "$EARLY_BETA_OR_EARLIER"; then
   AC_DEFINE(EARLY_BETA_OR_EARLIER)
 fi
 AC_SUBST(EARLY_BETA_OR_EARLIER)
 
+
+if test "$EARLY_BETA_OR_EARLIER"; then
+    MOZ_NEW_CERT_STORAGE=1
+    AC_DEFINE(MOZ_NEW_CERT_STORAGE)
+fi
+AC_SUBST(MOZ_NEW_CERT_STORAGE)
+
 # Allow someone to change MOZ_APP_NAME and MOZ_APP_BASENAME in mozconfig
 MOZ_ARG_WITH_STRING(app-name,
 [--with-app-name=APPNAME sets MOZ_APP_NAME to APPNAME],
 WITH_APP_NAME=$withval,
 )
 
 if test -n "$WITH_APP_NAME" ; then
     MOZ_APP_NAME="$WITH_APP_NAME"
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -159,18 +159,18 @@ pref("security.pki.mitm_canary_issuer.en
 // Firefox update service's connection.
 // This value is set automatically.
 // The difference between security.pki.mitm_canary_issuer and this pref is that
 // here the root is trusted but not a built-in, whereas for
 // security.pki.mitm_canary_issuer.enabled, the root is not trusted.
 pref("security.pki.mitm_detected", false);
 
 // Intermediate CA Preloading settings
-#if defined(RELEASE_OR_BETA) || defined(MOZ_WIDGET_ANDROID)
+#if defined(MOZ_NEW_CERT_STORAGE) && !defined(MOZ_WIDGET_ANDROID)
+pref("security.remote_settings.intermediates.enabled", true);
+#else
 pref("security.remote_settings.intermediates.enabled", false);
-#else
-pref("security.remote_settings.intermediates.enabled", true);
 #endif
 pref("security.remote_settings.intermediates.bucket", "security-state");
 pref("security.remote_settings.intermediates.collection", "intermediates");
 pref("security.remote_settings.intermediates.checked", 0);
 pref("security.remote_settings.intermediates.downloads_per_poll", 100);
 pref("security.remote_settings.intermediates.signer", "onecrl.content-signature.mozilla.org");
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
@@ -1770,20 +1770,8 @@ set_define('MOZ_NEW_XULSTORE', True, whe
 
 @depends(milestone)
 def new_notification_store(milestone):
     if milestone.is_nightly:
         return True
 
 set_config('MOZ_NEW_NOTIFICATION_STORE', True, when=new_notification_store)
 set_define('MOZ_NEW_NOTIFICATION_STORE', True, when=new_notification_store)
-
-
-# new Cert Storage implementation
-# ==============================================================
-
-@depends(milestone)
-def new_cert_storage(milestone):
-    if milestone.is_nightly:
-        return True
-
-set_config('MOZ_NEW_CERT_STORAGE', True, when=new_cert_storage)
-set_define('MOZ_NEW_CERT_STORAGE', True, when=new_cert_storage)