[tor-commits] [tor-browser/tor-browser-60.4.0esr-8.0-1] Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj
gk at torproject.org
gk at torproject.org
Tue Jan 22 07:02:26 UTC 2019
commit acd09ddc7ea5fe3c3cc195a7a1b6e3722f8758e6
Author: Dipen Patel <bugzilla at pansara.org>
Date: Mon Jun 11 14:52:07 2018 -0700
Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj
MozReview-Commit-ID: CK3zoKfGfEr
--HG--
extra : rebase_source : fe20f240a66d809177d30043fd9f41682073cd34
---
security/manager/ssl/security-prefs.js | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/security/manager/ssl/security-prefs.js b/security/manager/ssl/security-prefs.js
index cf492478b279..72af0ee99938 100644
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -90,11 +90,7 @@ pref("security.signed_app_signatures.policy", 2);
// 2: fall back to the subject common name for certificates valid before 23
// August 2015 if necessary
// 3: only use name information from the subject alternative name extension
-#ifdef RELEASE_OR_BETA
-pref("security.pki.name_matching_mode", 1);
-#else
-pref("security.pki.name_matching_mode", 2);
-#endif
+pref("security.pki.name_matching_mode", 3);
// security.pki.netscape_step_up_policy controls how the platform handles the
// id-Netscape-stepUp OID in extended key usage extensions of CA certificates.
More information about the tor-commits
mailing list