master

分支 (11)

标签 (11)

管理

管理

master

openEuler-22.03-LTS-Next

openEuler-22.03-LTS

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP2

openEuler-21.09

openEuler-20.03-LTS-SP1

openEuler-21.03

openEuler-20.03-LTS-Next

openEuler-20.03-LTS

openEuler-20.09

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200928

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

firefox
/
firefox-nss-addon-hack.patch

diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
index 0cac07c2de..5a1d4bc569 100644
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -1630,6 +1630,15 @@ SECStatus InitializeNSS(const nsACString& dir, NSSDBConfig nssDbConfig,
     return srv;
   }

+  /* Sets the NSS_USE_ALG_IN_ANY_SIGNATURE bit.
+   * does not change NSS_USE_ALG_IN_CERT_SIGNATURE,
+   * so policy will still disable use of sha1 in
+   * certificate related signature processing. */
+  srv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_ANY_SIGNATURE, 0);
+  if (srv != SECSuccess) {
+    NS_WARNING("Unable to use SHA1 for Add-ons, expect broken/disabled Add-ons. See https://bugzilla.redhat.com/show_bug.cgi?id=1908018 for details.");
+  }
+
   if (nssDbConfig == NSSDBConfig::ReadWrite) {
     UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
     if (!slot) {