Bug 915930 - Make mozilla::pkix the default certificate verifier for all (not just desktop) r=briansmith
authorCamilo Viecco <cviecco@mozilla.com>
Fri, 25 Apr 2014 13:22:30 -0700
changeset 180714 83c0c0d2436d20205eacc9aece839adf491254ad
parent 180713 3d0432bbcb8f1d88f3b0d514d6c8e410fa622c0e
child 180715 3fbf849caa998a92455583c57d2cce3b6705519b
push id272
push userpvanderbeken@mozilla.com
push dateMon, 05 May 2014 16:31:18 +0000
reviewersbriansmith
bugs915930
milestone31.0a1
Bug 915930 - Make mozilla::pkix the default certificate verifier for all (not just desktop) r=briansmith
browser/app/profile/firefox.js
netwerk/base/public/security-prefs.js
security/manager/ssl/src/nsNSSComponent.cpp
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1473,18 +1473,16 @@ pref("social.sidebar.unload_timeout_ms",
 pref("dom.identity.enabled", false);
 
 // Turn on the CSP 1.0 parser for Content Security Policy headers
 pref("security.csp.speccompliant", true);
 
 // Block insecure active content on https pages
 pref("security.mixed_content.block_active_content", true);
 
-pref("security.use_mozillapkix_verification", true);
-
 // Override the Gecko-default value of false for Firefox.
 pref("plain_text.wrap_long_lines", true);
 
 // If this turns true, Moz*Gesture events are not called stopPropagation()
 // before content.
 pref("dom.debug.propagate_gesture_events_through_content", false);
 
 // The request URL of the GeoLocation backend.
--- a/netwerk/base/public/security-prefs.js
+++ b/netwerk/base/public/security-prefs.js
@@ -50,9 +50,9 @@ pref("security.default_personal_cert",  
 pref("security.remember_cert_checkbox_default_setting", true);
 pref("security.ask_for_password",        0);
 pref("security.password_lifetime",       30);
 
 pref("security.OCSP.enabled", 1);
 pref("security.OCSP.require", false);
 pref("security.OCSP.GET.enabled", false);
 
-pref("security.use_mozillapkix_verification", false);
+pref("security.use_mozillapkix_verification", true);
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -967,17 +967,17 @@ void nsNSSComponent::setValidationOption
                                                   true);
   PublicSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
   PrivateSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
 
   CertVerifier::implementation_config certVerifierImplementation
     = CertVerifier::classic;
 
   // The mozilla::pkix pref overrides the libpkix pref
-  if (Preferences::GetBool("security.use_mozillapkix_verification", false)) {
+  if (Preferences::GetBool("security.use_mozillapkix_verification", true)) {
     certVerifierImplementation = CertVerifier::mozillapkix;
   } else {
 #ifndef NSS_NO_LIBPKIX
   if (Preferences::GetBool("security.use_libpkix_verification", false)) {
     certVerifierImplementation = CertVerifier::libpkix;
   }
 #endif
   }