From 83f0755b95ab9998c8f2fe1d4a16f70e3cdb8abd Mon Sep 17 00:00:00 2001
From: Arthur Edelstein <arthuredelstein@gmail.com>
Date: Thu, 6 Apr 2017 17:09:09 -0700
Subject: [PATCH] Bug 21849: Don't allow SSL key logging

---
 security/moz.build            | 2 +-
 security/nss/lib/ssl/Makefile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/moz.build b/security/moz.build
index 65c1c1a64c816..d56f995a5f191 100644
--- a/security/moz.build
+++ b/security/moz.build
@@ -86,7 +86,7 @@ gyp_vars['disable_tests'] = 1
 if CONFIG['NSS_DISABLE_DBM']:
     gyp_vars['disable_dbm'] = 1
 gyp_vars['disable_libpkix'] = 1
-gyp_vars['enable_sslkeylogfile'] = 1
+gyp_vars['enable_sslkeylogfile'] = 0
 # pkg-config won't reliably find zlib on our builders, so just force it.
 # System zlib is only used for modutil and signtool unless
 # SSL zlib is enabled, which we are disabling immediately below this.
diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile
index 24fccc5903fe7..de384f2854e79 100644
--- a/security/nss/lib/ssl/Makefile
+++ b/security/nss/lib/ssl/Makefile
@@ -41,7 +41,7 @@ endif
 
 # Enable key logging by default in debug builds, but not opt builds.
 # Logging still needs to be enabled at runtime through env vars.
-NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
+NSS_ALLOW_SSLKEYLOGFILE ?= 0
 ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
 DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
 endif
-- 
GitLab