Comment # 36 on bug 1221531 from Paul Tannington 
(In reply to Pedro Monreal Gonzalez from comment #31)
> The DEFAULT policy in crypto-policies does not allow SHA-1 signatures but
> the LEGACY one does allow it. Could somebody test if switching to LEGACY
> helps?:
> 
>   > sudo update-crypto-policies --set LEGACY
> 
> Note that, this command is shipped by the crypto-policies-scripts package.
> 
> If it help, I would force using the LEGACY policy only in mozilla-nss by
> default for now in crypto-policies and submit in a moment.
> 
> TIA


Additionally:

With crypto policies set to legacy and after forcing FF to validate add on
signature(s) by setting "app.update.lastUpdateTime.xpi-signature-verification"
= 0 and restarting FF, upon restart signature verification is OK. (One can
check that verification has indeed taken place by looking at the value of
"app.update.lastUpdateTime.xpi-signature-verification").

You are receiving this mail because: