Skip to content

adjust or remove updater cert pinning

The updater uses a couple of hidden prefs. to do its own form of cert pinning. But changes are afoot on the server side; see https://bugzilla.mozilla.org/show_bug.cgi?id=1219185

Here are the hidden prefs we currently use inside Tor Browser:

pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US");
pref("app.update.certs.1.commonName", "*.torproject.org");

These prefs are consulted when the update code connects to https://www.torproject.org

I am not an expert in this area, but it seems like it might be better to just disable the updater-specific checks that use the above prefs. and instead rely on the more general pinning that is defined inside security/manager/boot/src/StaticHPKPins.h (when we added these updater prefs, we did not yet have the more general form of pinning in place).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information