Re: FF3RC1: An error occurred while trying to find updates - John J. Barton - org.mozilla.lists.dev-extensions

15 messages in org.mozilla.lists.dev-extensionsRe: FF3RC1: An error occurred while t...

From	Sent On	Attachments
lega...@gmail.com	19 May 2008 06:26
John J. Barton	19 May 2008 07:52
Eric H. Jung	19 May 2008 09:58
Dave Townsend	19 May 2008 10:08
lega...@gmail.com	19 May 2008 22:43
Mook	19 May 2008 22:55
John J. Barton	20 May 2008 07:22
Mike Shaver	20 May 2008 09:12
Eric H. Jung	20 May 2008 09:14
Nils Maier	20 May 2008 11:20
Mook	22 May 2008 21:49
Mike Shaver	23 May 2008 07:52
Mook	26 May 2008 04:35
Demiao Lin	27 May 2008 01:47
Eric H. Jung	27 May 2008 08:37

Subject:	Re: FF3RC1: An error occurred while trying to find updates
From:	John J. Barton (john...@johnjbarton.com)
Date:	05/20/2008 07:22:45 AM
List:	org.mozilla.lists.dev-extensions

lega...@gmail.com wrote:

On May 19, 7:58 pm, "Eric H. Jung" <eric...@yahoo.com> wrote:

----- Original Message ----

From: "lega...@gmail.com" <lega...@gmail.com> P.S. local.site.com - is a local site (Apache 2.0) with self-signed certificate.

AFAIK, you cannot use self-signed certificates. You need a cert that has a valid
chain to a root CA.

May be I can solve this problem by moving my extension to addons.mozilla.org?

Another alternative is to use signed updates rather than https. The extension is shipped with a public key. When the update.rdf is downloaded by Firefox, its signature is checked by Firefox. If that check succeeds, then Firefox downloads the update and computes its hash to prevent attacks during download.

Here are the steps as I remember them: 1. Use mccoy http://developer.mozilla.org/en/docs/McCoy to put a public key string into your install.rdf. 2. build your XPI zip file, including the install.rdf from #1. 3. Compute the SHA256 hash of the XPI file (a string), put this updateHash in your update.rdf 4. Use mccoy to sign the update.rdf with the key from #1.

This is more complex than using addons.mozilla.org, but also more flexible.

John.