[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser/tor-browser-91.6.0esr-11.0-1] Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots



commit 2648fcc3587b6a963d897f68df446b71b092288c
Author: Alex Catarineu <acat@xxxxxxxxxxxxxx>
Date:   Fri Oct 9 12:55:35 2020 +0200

    Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
---
 browser/app/profile/000-tor-browser.js |  3 +++
 browser/components/BrowserGlue.jsm     | 14 ++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 4ff5835dc61d..331baa9a6596 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -336,6 +336,9 @@ pref("security.enterprise_roots.enabled", false);
 // Don't ping Mozilla for MitM detection, see bug 32321
 pref("security.certerrors.mitm.priming.enabled", false);
 
+// Don't automatically enable enterprise roots, see bug 40166
+pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
+
 // Disable the language pack signing check for now on macOS, see #31942
 #ifdef XP_MACOSX
 pref("extensions.langpacks.signatures.required", false);
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index e4d6829935b2..571f4a80630e 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -1365,6 +1365,20 @@ BrowserGlue.prototype = {
     // handle any UI migration
     this._migrateUI();
 
+    // Clear possibly auto enabled enterprise_roots prefs (see bug 40166)
+    if (
+      !Services.prefs.getBoolPref(
+        "security.certerrors.mitm.auto_enable_enterprise_roots"
+      ) &&
+      Services.prefs.getBoolPref(
+        "security.enterprise_roots.auto-enabled",
+        false
+      )
+    ) {
+      Services.prefs.clearUserPref("security.enterprise_roots.enabled");
+      Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled");
+    }
+
     if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) {
       PdfJs.checkIsDefault(this._isNewProfile);
     }



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits