Bug 1463936 - Set default security.pki.name_matching_mode to enforce (3) for all builds. r?jcj
MozReview-Commit-ID: CK3zoKfGfEr
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -84,21 +84,17 @@ pref("security.signed_app_signatures.pol
// 0: always fall back to the subject common name if necessary (as in, if the
// subject alternative name extension is either not present or does not
// contain any DNS names or IP addresses)
// 1: fall back to the subject common name for certificates valid before 23
// August 2016 if necessary
// 2: fall back to the subject common name for certificates valid before 23
// August 2015 if necessary
// 3: only use name information from the subject alternative name extension
-#ifdef RELEASE_OR_BETA
-pref("security.pki.name_matching_mode", 1);
-#else
pref("security.pki.name_matching_mode", 3);
-#endif
// security.pki.netscape_step_up_policy controls how the platform handles the
// id-Netscape-stepUp OID in extended key usage extensions of CA certificates.
// 0: id-Netscape-stepUp is always considered equivalent to id-kp-serverAuth
// 1: it is considered equivalent when the notBefore is before 23 August 2016
// 2: similarly, but for 23 August 2015
// 3: it is never considered equivalent
#ifdef RELEASE_OR_BETA