commit f90a87efb57f9e2fd7f3b23e812af721f092a733 Author: Robert Strong <robert.bugzilla@gmail.com> Date: Wed Apr 8 00:34:57 2015 -0700 Bug 920750 - Disable update xml certificate checks on Mac OS X. r=bbondy --- browser/app/profile/firefox.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index 7d9677a..9944a82 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -99,6 +99,14 @@ pref("app.update.log", false); // the failure. pref("app.update.backgroundMaxErrors", 10); +// The aus update xml certificate checks for application update are disabled on +// Windows and Mac OS X since the mar signature check are implemented on these +// platforms and is sufficient to prevent us from applying a mar that is not +// valid. +#if defined(XP_WIN) || defined(XP_MACOSX) +pref("app.update.cert.requireBuiltIn", false); +pref("app.update.cert.checkAttributes", false); +#else // When |app.update.cert.requireBuiltIn| is true or not specified the // final certificate and all certificates the connection is redirected to before // the final certificate for the url specified in the |app.update.url| @@ -136,6 +144,7 @@ pref("app.update.cert.maxErrors", 5); pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US"); pref("app.update.certs.1.commonName", "*.torproject.org"); +#endif // Whether or not app updates are enabled pref("app.update.enabled", true);