Bug 1683525 - set CRLite back to telemetry-only mode r=kjacobs

This is a backout of b635c277c9f4 (bug 1675138). It seems that the CRLite certificate transparency ingestion machinery is missing certificates it should know about, which means that false positives are possible, which means that users are seeing revoked certificates where they shouldn't. This patch sets CRLite back to telemetry-only mode while the infrastructure gets fixed. Differential Revision: https://phabricator.services.mozilla.com/D101204
2021-01-08 18:30:51 +00:00 · 2021-01-08 18:30:51 +00:00 · 3ddce032f1
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -172,11 +172,7 @@ pref("security.cert_pinning.max_max_age_seconds", 5184000);
 // 0: Disable CRLite entirely
 // 1: Enable and check revocations via CRLite, but only collect telemetry
 // 2: Enable and enforce revocations via CRLite
-#if defined(NIGHTLY_BUILD)
-pref("security.pki.crlite_mode", 2);
-#else
 pref("security.pki.crlite_mode", 1);
-#endif

 // Represents the expected certificate transparency log merge delay (including
 // the time to generate a CRLite filter). Currently 28 hours in seconds.