[tbb-commits] [tor-browser/tor-browser-60.3.0esr-8.5-1] Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj
gk at torproject.org
gk at torproject.org
Wed Dec 5 20:19:46 UTC 2018
commit 2199c4be11b8f1a71403754ac771c96d507dc0b5
Author: Dipen Patel <bugzilla at pansara.org>
Date: Mon Jun 11 14:52:07 2018 -0700
Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj
MozReview-Commit-ID: CK3zoKfGfEr
--HG--
extra : rebase_source : fe20f240a66d809177d30043fd9f41682073cd34
---
security/manager/ssl/security-prefs.js | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/security/manager/ssl/security-prefs.js b/security/manager/ssl/security-prefs.js
index cf492478b279..72af0ee99938 100644
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -90,11 +90,7 @@ pref("security.signed_app_signatures.policy", 2);
// 2: fall back to the subject common name for certificates valid before 23
// August 2015 if necessary
// 3: only use name information from the subject alternative name extension
-#ifdef RELEASE_OR_BETA
-pref("security.pki.name_matching_mode", 1);
-#else
-pref("security.pki.name_matching_mode", 2);
-#endif
+pref("security.pki.name_matching_mode", 3);
// security.pki.netscape_step_up_policy controls how the platform handles the
// id-Netscape-stepUp OID in extended key usage extensions of CA certificates.
More information about the tbb-commits
mailing list