Bug 1496467 - Enable Symantec Distrust in Firefox 64 r=keeler
authorJ.C. Jones <jjones@mozilla.com>
Thu, 04 Oct 2018 17:48:53 +0000
changeset 488036 31e9bd2f1ef71bb9241dda415bb4f1e12bb9c59c
parent 488035 dfab2478409617ddb8cbd923228809aba1de3b09
child 488037 90f4fff5f1453a2eb43c5c7d37a380dde2c7b204
push id246
push userfmarier@mozilla.com
push dateSat, 13 Oct 2018 00:15:40 +0000
reviewerskeeler
bugs1496467
milestone64.0a1
Bug 1496467 - Enable Symantec Distrust in Firefox 64 r=keeler The symantec distrust should now ride-the-trains in Firefox 64 Beta and Release. Set security.pki.distrust_ca_policy to 2. Differential Revision: https://phabricator.services.mozilla.com/D7745
security/manager/ssl/security-prefs.js
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -131,21 +131,17 @@ pref("security.ssl.errorReporting.automa
 pref("security.cert_pinning.max_max_age_seconds", 5184000);
 
 // security.pki.distrust_ca_policy controls what root program distrust policies
 // are enforced at this time:
 // 0: No distrust policies enforced
 // 1: Symantec roots distrusted for certificates issued after cutoff
 // 2: Symantec roots distrusted regardless of date
 // See https://wiki.mozilla.org/CA/Upcoming_Distrust_Actions for more details.
-#ifdef NIGHTLY_BUILD
 pref("security.pki.distrust_ca_policy", 2);
-#else
-pref("security.pki.distrust_ca_policy", 1);
-#endif
 
 // Issuer we use to detect MitM proxies. Set to the issuer of the cert of the
 // Firefox update service. The string format is whatever NSS uses to print a DN.
 // This value is set and cleared automatically.
 pref("security.pki.mitm_canary_issuer", "");
 // Pref to disable the MitM proxy checks.
 pref("security.pki.mitm_canary_issuer.enabled", true);