[tbb-commits] [tor-browser] 19/43: Bug 1760527 - Use content signature instead of cert pinning everywhere for GMP updates. r=Gijs, a=RyanVM

gitolite role git at cupani.torproject.org
Tue May 31 07:07:02 UTC 2022


This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch tor-browser-91.10.0esr-11.0-1
in repository tor-browser.

commit 496f98cc6c38765aab17278d3ea65603a0d18c91
Author: Bryce Seager van Dyk <bvandyk at mozilla.com>
AuthorDate: Wed Apr 13 06:59:57 2022 +0000

    Bug 1760527 - Use content signature instead of cert pinning everywhere for GMP updates. r=Gijs, a=RyanVM
    
    This sets up prefs so by default any release will use the content signature path
    for GMP updates, rather than cert pinning. This intentionally leaves in place
    the old cert pinning machinery so that we can still use if we need to
    - Compare the new and old for things like debugging.
    - Revert these changes in the case of regressions (either by shipping a patch or
      something like normandy).
    
    This patch is also small to enable it to be uplifted easily.
    
    Once we're sure this new path is good, a larger patch can follow up to remove
    the cert pinning code + rework our tests.
    
    Differential Revision: https://phabricator.services.mozilla.com/D141891
---
 modules/libpref/init/all.js | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index d3650a05b5dd7..c232cda7359eb 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -4133,13 +4133,10 @@ pref("media.gmp-manager.url", "https://aus5.mozilla.org/update/3/GMP/%VERSION%/%
 // header. Information from this header will be used to validate the response.
 // If this header is not present, is malformed, or cannot be determined as
 // valid then the update will fail.
-#ifdef EARLY_BETA_OR_EARLIER
-  // The plan is to have the feature gated by this pref to eventually replace
-  // the features controlled by the media.gmp-manager.cert.* prefs. Once that
-  // happens we can remove related code and prefs, but while testing we'll use
-  // this to gate (see bug 1714621 for more info).
-  pref("media.gmp-manager.checkContentSignature", true);
-#endif
+// We should eventually remove this pref and any cert pinning code and make
+// the content signature path the sole path. We retain this for now in case
+// we need to debug content sig vs cert pin.
+pref("media.gmp-manager.checkContentSignature", true);
 
 // When |media.gmp-manager.cert.requireBuiltIn| is true or not specified the
 // final certificate and all certificates the connection is redirected to before

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tbb-commits mailing list