Bug 1016555 - Disable OCSP checking for certificates covered by OneCRL

This commit is contained in:
Richard Barnes 2015-08-05 17:26:40 -04:00
Родитель f9cdea85fa
Коммит dea6d4077f
2 изменённых файлов: 10 добавлений и 2 удалений

Просмотреть файл

@ -52,6 +52,8 @@ pref("extensions.getAddons.link.url", "https://addons.mozilla.org/%LOCALE%/firef
// Blocklist preferences
pref("extensions.blocklist.enabled", true);
// OneCRL freshness checking depends on this value, so if you change it,
// please also update security.onecrl.maximum_staleness_in_seconds.
pref("extensions.blocklist.interval", 86400);
// Controls what level the blocklist switches from warning about items to forcibly
// blocking them.
@ -1762,8 +1764,8 @@ pref("security.mixed_content.block_active_content", true);
pref("security.cert_pinning.enforcement_level", 1);
// Required blocklist freshness for OneCRL OCSP bypass
// (default should be at least as large as extensions.blocklist.interval)
pref("security.onecrl.maximum_staleness_in_seconds", 0);
// (default is 1.25% extensions.blocklist.interval, or 30 hours)
pref("security.onecrl.maximum_staleness_in_seconds", 108000);
// Override the Gecko-default value of false for Firefox.
pref("plain_text.wrap_long_lines", true);

Просмотреть файл

@ -221,6 +221,8 @@ pref("extensions.compatability.locales.buildid", "0");
/* blocklist preferences */
pref("extensions.blocklist.enabled", true);
// OneCRL freshness checking depends on this value, so if you change it,
// please also update security.onecrl.maximum_staleness_in_seconds.
pref("extensions.blocklist.interval", 86400);
pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
pref("extensions.blocklist.detailsURL", "https://www.mozilla.com/%LOCALE%/blocklist/");
@ -484,6 +486,10 @@ pref("security.mixed_content.block_active_content", true);
// Enable pinning
pref("security.cert_pinning.enforcement_level", 1);
// Required blocklist freshness for OneCRL OCSP bypass
// (default is 1.25% extensions.blocklist.interval, or 30 hours)
pref("security.onecrl.maximum_staleness_in_seconds", 108000);
// Only fetch OCSP for EV certificates
pref("security.OCSP.enabled", 2);