commit acd09ddc7ea5fe3c3cc195a7a1b6e3722f8758e6 Author: Dipen Patel bugzilla@pansara.org Date: Mon Jun 11 14:52:07 2018 -0700

Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r=jcj

MozReview-Commit-ID: CK3zoKfGfEr

--HG-- extra : rebase_source : fe20f240a66d809177d30043fd9f41682073cd34 --- security/manager/ssl/security-prefs.js | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/security/manager/ssl/security-prefs.js b/security/manager/ssl/security-prefs.js index cf492478b279..72af0ee99938 100644 --- a/security/manager/ssl/security-prefs.js +++ b/security/manager/ssl/security-prefs.js @@ -90,11 +90,7 @@ pref("security.signed_app_signatures.policy", 2); // 2: fall back to the subject common name for certificates valid before 23 // August 2015 if necessary // 3: only use name information from the subject alternative name extension -#ifdef RELEASE_OR_BETA -pref("security.pki.name_matching_mode", 1); -#else -pref("security.pki.name_matching_mode", 2); -#endif +pref("security.pki.name_matching_mode", 3);

// security.pki.netscape_step_up_policy controls how the platform handles the // id-Netscape-stepUp OID in extended key usage extensions of CA certificates.