[tbb-commits] [tor-browser] 56/63: Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots

gitolite role git at cupani.torproject.org
Wed Aug 31 19:46:42 UTC 2022 

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch geckoview-102.2.0esr-12.0-1
in repository tor-browser.

commit c8a712f0bd4aa65f7077390fbd762d4bbcf6b295
Author: Alex Catarineu <acat at torproject.org>
AuthorDate: Fri Oct 9 12:55:35 2020 +0200

    Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
---
 browser/app/profile/000-tor-browser.js |  3 +++
 browser/components/BrowserGlue.jsm     | 14 ++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 2012379c7ab16..a43c75e96b016 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -313,6 +313,9 @@ pref("security.enterprise_roots.enabled", false);
 // Don't ping Mozilla for MitM detection, see bug 32321
 pref("security.certerrors.mitm.priming.enabled", false);
 
+// Don't automatically enable enterprise roots, see bug 40166
+pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
+
 // Disable the language pack signing check for now on macOS, see #31942
 #ifdef XP_MACOSX
 pref("extensions.langpacks.signatures.required", false);
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index 2d8ae6995d6e1..914321865f699 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -1246,6 +1246,20 @@ BrowserGlue.prototype = {
     // handle any UI migration
     this._migrateUI();
 
+    // Clear possibly auto enabled enterprise_roots prefs (see bug 40166)
+    if (
+      !Services.prefs.getBoolPref(
+        "security.certerrors.mitm.auto_enable_enterprise_roots"
+      ) &&
+      Services.prefs.getBoolPref(
+        "security.enterprise_roots.auto-enabled",
+        false
+      )
+    ) {
+      Services.prefs.clearUserPref("security.enterprise_roots.enabled");
+      Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled");
+    }
+
     if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) {
       PdfJs.checkIsDefault(this._isNewProfile);
     }

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tbb-commits mailing list