[tbb-commits] [tor-browser/tor-browser-60.4.0esr-8.0-1] Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj

gk at torproject.org gk at torproject.org
Tue Jan 22 07:02:26 UTC 2019


commit acd09ddc7ea5fe3c3cc195a7a1b6e3722f8758e6
Author: Dipen Patel <bugzilla at pansara.org>
Date:   Mon Jun 11 14:52:07 2018 -0700

    Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj
    
    MozReview-Commit-ID: CK3zoKfGfEr
    
    --HG--
    extra : rebase_source : fe20f240a66d809177d30043fd9f41682073cd34
---
 security/manager/ssl/security-prefs.js | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/security/manager/ssl/security-prefs.js b/security/manager/ssl/security-prefs.js
index cf492478b279..72af0ee99938 100644
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -90,11 +90,7 @@ pref("security.signed_app_signatures.policy", 2);
 // 2: fall back to the subject common name for certificates valid before 23
 //    August 2015 if necessary
 // 3: only use name information from the subject alternative name extension
-#ifdef RELEASE_OR_BETA
-pref("security.pki.name_matching_mode", 1);
-#else
-pref("security.pki.name_matching_mode", 2);
-#endif
+pref("security.pki.name_matching_mode", 3);
 
 // security.pki.netscape_step_up_policy controls how the platform handles the
 // id-Netscape-stepUp OID in extended key usage extensions of CA certificates.



More information about the tbb-commits mailing list