lega...@gmail.com wrote:
On May 19, 7:58 pm, "Eric H. Jung" <eric...@yahoo.com> wrote:
----- Original Message ----
From: "lega...@gmail.com" <lega...@gmail.com>
P.S. local.site.com - is a local site (Apache 2.0) with self-signed
certificate.
AFAIK, you cannot use self-signed certificates. You need a cert that has a valid
chain to a root CA.
May be I can solve this problem by moving my extension to
addons.mozilla.org?
Another alternative is to use signed updates rather than https. The
extension is shipped with a public key. When the update.rdf is
downloaded by Firefox, its signature is checked by Firefox. If that
check succeeds, then Firefox downloads the update and computes its hash
to prevent attacks during download.
Here are the steps as I remember them:
1. Use mccoy http://developer.mozilla.org/en/docs/McCoy to put a
public key string into your install.rdf.
2. build your XPI zip file, including the install.rdf from #1.
3. Compute the SHA256 hash of the XPI file (a string), put this
updateHash in your update.rdf
4. Use mccoy to sign the update.rdf with the key from #1.
This is more complex than using addons.mozilla.org, but also more flexible.
John.
15 messages in org.mozilla.lists.dev-extensionsRe: FF3RC1: An error occurred while t...
