[tbb-commits] [tor-browser/tor-browser-60.3.0esr-8.5-1] Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj

gk at torproject.org gk at torproject.org
Wed Dec 5 20:19:46 UTC 2018


commit 2199c4be11b8f1a71403754ac771c96d507dc0b5
Author: Dipen Patel <bugzilla at pansara.org>
Date:   Mon Jun 11 14:52:07 2018 -0700

    Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj
    
    MozReview-Commit-ID: CK3zoKfGfEr
    
    --HG--
    extra : rebase_source : fe20f240a66d809177d30043fd9f41682073cd34
---
 security/manager/ssl/security-prefs.js | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/security/manager/ssl/security-prefs.js b/security/manager/ssl/security-prefs.js
index cf492478b279..72af0ee99938 100644
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -90,11 +90,7 @@ pref("security.signed_app_signatures.policy", 2);
 // 2: fall back to the subject common name for certificates valid before 23
 //    August 2015 if necessary
 // 3: only use name information from the subject alternative name extension
-#ifdef RELEASE_OR_BETA
-pref("security.pki.name_matching_mode", 1);
-#else
-pref("security.pki.name_matching_mode", 2);
-#endif
+pref("security.pki.name_matching_mode", 3);
 
 // security.pki.netscape_step_up_policy controls how the platform handles the
 // id-Netscape-stepUp OID in extended key usage extensions of CA certificates.



More information about the tbb-commits mailing list