[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser/tor-browser-60.6.1esr-8.0-1] Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed



commit edf18e747ca8949a877f9c41575ce679ce99eb77
Author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Date:   Sun May 5 06:10:28 2019 +0000

    Bug 30388: Disable nocertdb pref for armagadd-on 2.0 cert inclusion if needed
    
    For Tor Browser added a fix to temporarily disable `security.nocertdb`
    so the new cert can be inserted, and revert to original once the cert is
    inserted.
    
    Patch by pospeselr.
---
 toolkit/mozapps/extensions/internal/XPIProvider.jsm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index 10b21d5cb5fd..2c6691d40c2a 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1814,6 +1814,13 @@ function addMissingIntermediateCertificate() {
   }
   logger.debug("hotfix for addon signing cert has not been applied; applying");
 
+  // temporarily disable nocertb so we can write cert
+  const PREF_NOCERTDB = "security.nocertdb";
+  let userNocertdb = Services.prefs.getBoolPref(PREF_NOCERTDB, true);
+  if (userNocertdb) {
+    Services.prefs.setBoolPref(PREF_NOCERTDB, false);
+  }
+
   try {
     let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
     certDB.addCertFromBase64(MISSING_INTERMEDIATE_CERTIFICATE, ",,");
@@ -1821,6 +1828,11 @@ function addMissingIntermediateCertificate() {
   } catch (e) {
     logger.error("failed to add new intermediate certificate:", e);
     return;
+  } finally {
+    // revert nocertdb pref to original value (even if exception thrown)
+    if (userNocertdb) {
+      Services.prefs.setBoolPref(PREF_NOCERTDB, true);
+    }
   }
 
   Services.prefs.setBoolPref(PREF_SIGNER_HOTFIXED, true);

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits