Bug 1551342 - Fix conflicts w/ Android FIDO2 and Rust u2f-hid-rs r=keeler
authorJ.C. Jones <jjones@mozilla.com>
Thu, 16 May 2019 07:54:44 +0000
changeset 536007 862aa43181c3bcb046b6159141c29a4c960680a6
parent 536006 283b94c196a15367f287fd7f2bb6c9b4bcad0b45
child 536008 87212d664f1fc3fa828bf6f6f9e25ca20e5d2a5f
push id2082
push userffxbld-merge
push dateMon, 01 Jul 2019 08:34:18 +0000
treeherdermozilla-release@2fb19d0466d2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1551342
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1551342 - Fix conflicts w/ Android FIDO2 and Rust u2f-hid-rs r=keeler Differential Revision: https://phabricator.services.mozilla.com/D31366
security/manager/ssl/security-prefs.js
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -116,25 +116,34 @@ pref("security.pki.netscape_step_up_poli
 // Configures Certificate Transparency support mode:
 // 0: Fully disabled.
 // 1: Only collect telemetry. CT qualification checks are not performed.
 pref("security.pki.certificate_transparency.mode", 0);
 
 // Hardware Origin-bound Second Factor Support
 pref("security.webauth.u2f", true);
 pref("security.webauth.webauthn", true);
+
+// Only one of ["enable_softtoken", "enable_usbtoken",
+// "webauthn_enable_android_fido2"] should be true at a time, as the
+// softtoken will override the other two.
+pref("security.webauth.webauthn_enable_softtoken", false);
+
 #ifdef FENNEC_NIGHTLY
 pref("security.webauth.webauthn_enable_android_fido2", true);
 #else
 pref("security.webauth.webauthn_enable_android_fido2", false);
 #endif
-// Only one of "enable_softtoken" and "enable_usbtoken" can be true
-// at a time.
-pref("security.webauth.webauthn_enable_softtoken", false);
+
+#ifdef MOZ_WIDGET_ANDROID
+// the Rust usbtoken support does not function on Android
+pref("security.webauth.webauthn_enable_usbtoken", false);
+#else
 pref("security.webauth.webauthn_enable_usbtoken", true);
+#endif
 
 pref("security.ssl.errorReporting.enabled", true);
 pref("security.ssl.errorReporting.url", "https://incoming.telemetry.mozilla.org/submit/sslreports/");
 pref("security.ssl.errorReporting.automatic", false);
 
 // Impose a maximum age on HPKP headers, to avoid sites getting permanently
 // blacking themselves out by setting a bad pin.  (60 days by default)
 // https://tools.ietf.org/html/rfc7469#section-4.1