зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL
This commit is contained in:
Родитель
f9cdea85fa
Коммит
dea6d4077f
|
@ -52,6 +52,8 @@ pref("extensions.getAddons.link.url", "https://addons.mozilla.org/%LOCALE%/firef
|
|||
|
||||
// Blocklist preferences
|
||||
pref("extensions.blocklist.enabled", true);
|
||||
// OneCRL freshness checking depends on this value, so if you change it,
|
||||
// please also update security.onecrl.maximum_staleness_in_seconds.
|
||||
pref("extensions.blocklist.interval", 86400);
|
||||
// Controls what level the blocklist switches from warning about items to forcibly
|
||||
// blocking them.
|
||||
|
@ -1762,8 +1764,8 @@ pref("security.mixed_content.block_active_content", true);
|
|||
pref("security.cert_pinning.enforcement_level", 1);
|
||||
|
||||
// Required blocklist freshness for OneCRL OCSP bypass
|
||||
// (default should be at least as large as extensions.blocklist.interval)
|
||||
pref("security.onecrl.maximum_staleness_in_seconds", 0);
|
||||
// (default is 1.25% extensions.blocklist.interval, or 30 hours)
|
||||
pref("security.onecrl.maximum_staleness_in_seconds", 108000);
|
||||
|
||||
// Override the Gecko-default value of false for Firefox.
|
||||
pref("plain_text.wrap_long_lines", true);
|
||||
|
|
|
@ -221,6 +221,8 @@ pref("extensions.compatability.locales.buildid", "0");
|
|||
|
||||
/* blocklist preferences */
|
||||
pref("extensions.blocklist.enabled", true);
|
||||
// OneCRL freshness checking depends on this value, so if you change it,
|
||||
// please also update security.onecrl.maximum_staleness_in_seconds.
|
||||
pref("extensions.blocklist.interval", 86400);
|
||||
pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
|
||||
pref("extensions.blocklist.detailsURL", "https://www.mozilla.com/%LOCALE%/blocklist/");
|
||||
|
@ -484,6 +486,10 @@ pref("security.mixed_content.block_active_content", true);
|
|||
// Enable pinning
|
||||
pref("security.cert_pinning.enforcement_level", 1);
|
||||
|
||||
// Required blocklist freshness for OneCRL OCSP bypass
|
||||
// (default is 1.25% extensions.blocklist.interval, or 30 hours)
|
||||
pref("security.onecrl.maximum_staleness_in_seconds", 108000);
|
||||
|
||||
// Only fetch OCSP for EV certificates
|
||||
pref("security.OCSP.enabled", 2);
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче