MozillaWiki

SecurityEngineering/Certificate Verification: Difference between revisions

Page Discussion

SecurityEngineering/Certificate Verification (view source)

Revision as of 18:42, 9 April 2014

43 bytes added ,  9 April 2014
→‎Choosing your Verification Library
Line 78: Line 78:
== Choosing your Verification Library ==
== Choosing your Verification Library ==


Currently there are two hidden flags that determine what certificate verification library is used
mozilla::pkix has been enabled by default in Nightly. The boolean pref "security.use_mozillapkix_verification" controls this. There is an additional hidden boolean pref "security.use_libpkix_verification" that can be used to enable libpkix instead. If both of these prefs are false, classic verification is used. mozilla::pkix takes precedence over libpkix. See the following table:
by firefox. The following 'truth table' allows you to determine what verification library is used.
Note that the value of "security.use_libpkix_verification" is only checked at initialization time.
Both of these hidden prefs are of type boolean.


{|border="1" cellpadding="5" cellspacing="0" align="center"
{|border="1" cellpadding="5" cellspacing="0" align="center"
Line 90: Line 87:
| true
| true
|----
|----
|rowspan=2 | '''security.use_insanity_verification'''
|rowspan=2 | '''security.use_mozillapkix_verification'''
| false(default)
| false
| Classic
| Classic
| libpkix
| libpkix
|----
|----
|true
|true (default)
| mozilla::pkix
| mozilla::pkix
| mozilla::pkix
| mozilla::pkix
|----
|----
|}
|}
Dkeeler
Confirmed users
299

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/962728"