[tor-commits] [tor-browser/tor-browser-60.6.1esr-8.5-1] Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed
gk at torproject.org
gk at torproject.org
Mon May 6 08:06:31 UTC 2019
commit 1d2d420ff1c7231a60ec3ff497bd57815fc1d665
Author: Georg Koppen <gk at torproject.org>
Date: Sun May 5 06:10:28 2019 +0000
Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed
For Tor Browser added a fix to temporarily disable `security.nocertdb`
so the new cert can be inserted, and revert to original once the cert is
inserted.
Patch by pospeselr.
---
toolkit/mozapps/extensions/internal/XPIProvider.jsm | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index 6cffc02d90ba..3aa0e41b625f 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1824,6 +1824,13 @@ function addMissingIntermediateCertificate() {
}
logger.debug("hotfix for addon signing cert has not been applied; applying");
+ // temporarily disable nocertb so we can write cert
+ const PREF_NOCERTDB = "security.nocertdb";
+ let userNocertdb = Services.prefs.getBoolPref(PREF_NOCERTDB, true);
+ if (userNocertdb) {
+ Services.prefs.setBoolPref(PREF_NOCERTDB, false);
+ }
+
try {
let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
certDB.addCertFromBase64(MISSING_INTERMEDIATE_CERTIFICATE, ",,");
@@ -1831,6 +1838,11 @@ function addMissingIntermediateCertificate() {
} catch (e) {
logger.error("failed to add new intermediate certificate:", e);
return;
+ } finally {
+ // revert nocertdb pref to original value (even if exception thrown)
+ if (userNocertdb) {
+ Services.prefs.setBoolPref(PREF_NOCERTDB, true);
+ }
}
Services.prefs.setBoolPref(PREF_SIGNER_HOTFIXED, true);
More information about the tor-commits
mailing list