[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor-browser/tor-browser-91.6.0esr-11.0-1] Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
commit 2648fcc3587b6a963d897f68df446b71b092288c
Author: Alex Catarineu <acat@xxxxxxxxxxxxxx>
Date: Fri Oct 9 12:55:35 2020 +0200
Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
---
browser/app/profile/000-tor-browser.js | 3 +++
browser/components/BrowserGlue.jsm | 14 ++++++++++++++
2 files changed, 17 insertions(+)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 4ff5835dc61d..331baa9a6596 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -336,6 +336,9 @@ pref("security.enterprise_roots.enabled", false);
// Don't ping Mozilla for MitM detection, see bug 32321
pref("security.certerrors.mitm.priming.enabled", false);
+// Don't automatically enable enterprise roots, see bug 40166
+pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
+
// Disable the language pack signing check for now on macOS, see #31942
#ifdef XP_MACOSX
pref("extensions.langpacks.signatures.required", false);
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index e4d6829935b2..571f4a80630e 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -1365,6 +1365,20 @@ BrowserGlue.prototype = {
// handle any UI migration
this._migrateUI();
+ // Clear possibly auto enabled enterprise_roots prefs (see bug 40166)
+ if (
+ !Services.prefs.getBoolPref(
+ "security.certerrors.mitm.auto_enable_enterprise_roots"
+ ) &&
+ Services.prefs.getBoolPref(
+ "security.enterprise_roots.auto-enabled",
+ false
+ )
+ ) {
+ Services.prefs.clearUserPref("security.enterprise_roots.enabled");
+ Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled");
+ }
+
if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) {
PdfJs.checkIsDefault(this._isNewProfile);
}
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits