Bug 1308251 - Fix builtin cert setting for esr. r=dveditz, a=RyanVM
authorShane Caraveo <scaraveo@mozilla.com>
Mon, 22 Jun 2020 15:20:45 +0000
changeset 524866 6dd69e9725f361286a52cf7911c1144fb51c5f7c
parent 524865 d58f002e6dcf5d629351ad34aa40a1e01c110a34
child 524867 84878756cd4f2d4b6371c1276ad7060a3536a6cd
push id1061
push userryanvm@gmail.com
push dateMon, 22 Jun 2020 19:15:37 +0000
treeherdermozilla-esr68@84878756cd4f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdveditz, RyanVM
bugs1308251
milestone68.10.0
Bug 1308251 - Fix builtin cert setting for esr. r=dveditz, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D80475
toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm
toolkit/mozapps/extensions/internal/XPIInstall.jsm
--- a/toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm
+++ b/toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm
@@ -275,17 +275,18 @@ function parseJSONManifest(aId, aRequest
  */
 function UpdateParser(aId, aUrl, aObserver) {
   this.id = aId;
   this.observer = aObserver;
   this.url = aUrl;
 
   let requireBuiltIn = Services.prefs.getBoolPref(
     PREF_UPDATE_REQUIREBUILTINCERTS,
-    !AppConstants.MOZ_REQUIRE_SIGNING
+    !AppConstants.MOZ_REQUIRE_SIGNING &&
+      !AppConstants.MOZ_APP_VERSION_DISPLAY.endsWith("esr")
   );
 
   logger.debug("Requesting " + aUrl);
   try {
     this.request = new ServiceRequest({ mozAnon: true });
     this.request.open("GET", this.url, true);
     this.request.channel.notificationCallbacks = new CertUtils.BadCertHandler(
       !requireBuiltIn
@@ -315,17 +316,18 @@ UpdateParser.prototype = {
    */
   onLoad() {
     let request = this.request;
     this.request = null;
     this._doneAt = new Error("place holder");
 
     let requireBuiltIn = Services.prefs.getBoolPref(
       PREF_UPDATE_REQUIREBUILTINCERTS,
-      !AppConstants.MOZ_REQUIRE_SIGNING
+      !AppConstants.MOZ_REQUIRE_SIGNING &&
+        !AppConstants.MOZ_APP_VERSION_DISPLAY.endsWith("esr")
     );
 
     try {
       CertUtils.checkCert(request.channel, !requireBuiltIn);
     } catch (e) {
       logger.warn("Request failed: " + this.url + " - " + e);
       this.notifyError(AddonManager.ERROR_DOWNLOAD_ERROR);
       return;
--- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
@@ -2249,17 +2249,18 @@ var DownloadAddonInstall = class extends
 
     let listener = Cc[
       "@mozilla.org/network/stream-listener-tee;1"
     ].createInstance(Ci.nsIStreamListenerTee);
     listener.init(this, this.stream);
     try {
       let requireBuiltIn = Services.prefs.getBoolPref(
         PREF_INSTALL_REQUIREBUILTINCERTS,
-        !AppConstants.MOZ_REQUIRE_SIGNING
+        !AppConstants.MOZ_REQUIRE_SIGNING &&
+          !AppConstants.MOZ_APP_VERSION_DISPLAY.endsWith("esr")
       );
       this.badCertHandler = new CertUtils.BadCertHandler(!requireBuiltIn);
 
       this.channel = NetUtil.newChannel({
         uri: this.sourceURI,
         securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
         contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD,
         loadingPrincipal: this.loadingPrincipal,
@@ -2422,17 +2423,18 @@ var DownloadAddonInstall = class extends
         aRequest.requestSucceeded
       ) {
         if (!this.hash && aRequest instanceof Ci.nsIChannel) {
           try {
             CertUtils.checkCert(
               aRequest,
               !Services.prefs.getBoolPref(
                 PREF_INSTALL_REQUIREBUILTINCERTS,
-                !AppConstants.MOZ_REQUIRE_SIGNING
+                !AppConstants.MOZ_REQUIRE_SIGNING &&
+                  !AppConstants.MOZ_APP_VERSION_DISPLAY.endsWith("esr")
               )
             );
           } catch (e) {
             this.downloadFailed(AddonManager.ERROR_NETWORK_FAILURE, e);
             return;
           }
         }