Bug 1298883 - make security.enterprise_roots.enabled appear in about:config r=jcj a=jcristau
authorDavid Keeler <dkeeler@mozilla.com>
Tue, 15 Nov 2016 13:52:26 -0800
changeset 352843 0990f3a2790f772374909df2405115788bf87706
parent 352842 2f034f3773f7758795366ec39a763c483ffaccf0
child 352844 23f379faaef5c4114a4c07f5f0aa0039e7c96096
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjcj, jcristau
Bug 1298883 - make security.enterprise_roots.enabled appear in about:config r=jcj a=jcristau This pref controls whether or not the platform looks for and trusts enterprise roots (currently only available on Windows). Adding it to security-prefs.js will make it appear in about:config, which is a much more straightforward user experience (previously users would have to add it manually). It is still disabled by default. MozReview-Commit-ID: 6pQkh2gTNTF
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -43,16 +43,18 @@ pref("security.password_lifetime",      
 // The supported values of this pref are:
 // 0: disable detecting Family Safety mode and importing the root
 // 1: only attempt to detect Family Safety mode (don't import the root)
 // 2: detect Family Safety mode and import the root
 // (This is only relevant to Windows 8.1)
 pref("security.family_safety.mode", 2);
+pref("security.enterprise_roots.enabled", false);
 pref("security.OCSP.enabled", 1);
 pref("security.OCSP.require", false);
 pref("security.OCSP.GET.enabled", false);
 pref("security.pki.cert_short_lifetime_in_days", 10);
 // NB: Changes to this pref affect CERT_CHAIN_SHA1_POLICY_STATUS telemetry.
 // See the comment in CertVerifier.cpp.
 // 4 = allow SHA-1 for certificates issued before 2016 or by an imported root.