![]() ![]() Firefox for Android will enforce add-on signing, and will retain a preference - which will be removed in a future release - to allow the user to disable signing enforcement. Release and Beta versions of Firefox for Desktop will not allow unsigned extensions to be installed, with no override. Firefox 43: Firefox enforces the use of signatures by default, but has a preference that allows signature enforcement to be disabled ( in about:config).Firefox 40-42: Firefox warns about signatures but doesn't enforce them.Signing and distributing your add-on, Extension Workshop.Ĭheck the Firefox Release Calendar for specific dates.The Case for Extension Signing, Add-ons Blog.Introducing Extension Signing, Add-ons Blog.Out-dated information about how XPIs were signed in the past:.If the add-on is signed with the staging root, in Nightly you need to set the pref `-root = true` to tell Firefox to verify it.If the add-on is a Mozilla Extension, the OU of the EE cert must be set to "Mozilla Extensions".If the add-on is a system add-on, the Organizational Unit (OU) of the end-entity certificate must be set to "Mozilla Components".There are three special cases of add-ons developed by Mozilla: System add-ons and Mozilla Extensions. verify all files in the XPI are listed in `manifest.mf`.verify the hashes of all files in the XPI match the hashes stored in `manifest.mf`.verify the hash of `manifest.mf` matches the hash stored in `mozilla.sf`.verify the signing cert chains back to the Firefox Root CA.verify the signature of `mozilla.sf` using `mozilla.rsa`. ![]() When installing add-ons, Firefox does the following verifications: The root cert is not stored in the document ![]() SHA1-Digest-Manifest: 82zZH0Aq6GaTNMq+PnBlzep6fEA=īoth the end-entity and the intermediate certificates are also stored in the MD5-Digest-Manifest: OlmmwIHcPmhoIt4uMxdh8A= $ openssl cms -verify -inform der -in META-INF/mozilla.rsa -content META-INF/mozilla.sf -CAfile .ca.crt -purpose any ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |