[tbb-commits] [tor-browser/tor-browser-60.6.1esr-8.0-1] Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed
gk at torproject.org
gk at torproject.org
Sun May 5 06:21:25 UTC 2019
commit edf18e747ca8949a877f9c41575ce679ce99eb77
Author: Georg Koppen <gk at torproject.org>
Date: Sun May 5 06:10:28 2019 +0000
Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed
For Tor Browser added a fix to temporarily disable `security.nocertdb`
so the new cert can be inserted, and revert to original once the cert is
inserted.
Patch by pospeselr.
---
toolkit/mozapps/extensions/internal/XPIProvider.jsm | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index 10b21d5cb5fd..2c6691d40c2a 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1814,6 +1814,13 @@ function addMissingIntermediateCertificate() {
}
logger.debug("hotfix for addon signing cert has not been applied; applying");
+ // temporarily disable nocertb so we can write cert
+ const PREF_NOCERTDB = "security.nocertdb";
+ let userNocertdb = Services.prefs.getBoolPref(PREF_NOCERTDB, true);
+ if (userNocertdb) {
+ Services.prefs.setBoolPref(PREF_NOCERTDB, false);
+ }
+
try {
let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
certDB.addCertFromBase64(MISSING_INTERMEDIATE_CERTIFICATE, ",,");
@@ -1821,6 +1828,11 @@ function addMissingIntermediateCertificate() {
} catch (e) {
logger.error("failed to add new intermediate certificate:", e);
return;
+ } finally {
+ // revert nocertdb pref to original value (even if exception thrown)
+ if (userNocertdb) {
+ Services.prefs.setBoolPref(PREF_NOCERTDB, true);
+ }
}
Services.prefs.setBoolPref(PREF_SIGNER_HOTFIXED, true);
More information about the tbb-commits
mailing list