mozilla-inbound: changeset 234215:3d582311e619083d74ad4e118520fcc9312ad8c7

author	Cykesiopka <cykesiopka.bmo@gmail.com>
	Tue, 17 Mar 2015 14:33:00 +0100
changeset 234215	3d582311e619083d74ad4e118520fcc9312ad8c7
parent 234214	c70e9979e49b4c37fc8e38682547ddd13969e93c
child 234216	8d51dbc085b58f46c2a77dccc1682c58f39cc25f
push id	57073
push user	cbook@mozilla.com
push date	Wed, 18 Mar 2015 11:00:37 +0000
treeherder	mozilla-inbound@b976b2dc1a26 [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	keeler
bugs	1131227
milestone	39.0a1
first release with	nightly linux32 cf1060d8ce9f / 39.0a1 / 20150319030202 / files nightly linux64 cf1060d8ce9f / 39.0a1 / 20150319030202 / files nightly mac cf1060d8ce9f / 39.0a1 / 20150319030202 / files nightly win32 cf1060d8ce9f / 39.0a1 / 20150319030202 / files nightly win64 cf1060d8ce9f / 39.0a1 / 20150319030202 / files
last release without	nightly linux32 1174ffb1696d / 39.0a1 / 20150318030202 / files nightly linux64 1174ffb1696d / 39.0a1 / 20150318030202 / files nightly mac 1174ffb1696d / 39.0a1 / 20150318030202 / files nightly win32 1174ffb1696d / 39.0a1 / 20150318030202 / files nightly win64 1174ffb1696d / 39.0a1 / 20150318030202 / files

--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -263,16 +263,18 @@ PSMERR_SSL2_Disabled=Can't connect secur
 PSMERR_HostReusedIssuerSerial=You have received an invalid certificate.  Please contact the server administrator or email correspondent and give them the following information:\n\nYour certificate contains the same serial number as another certificate issued by the certificate authority.  Please get a new certificate containing a unique serial number.
 
 SSLConnectionErrorPrefix=An error occurred during a connection to %S.
 
 certErrorIntro=%S uses an invalid security certificate.
 
 certErrorTrust_SelfSigned=The certificate is not trusted because it is self-signed.
 certErrorTrust_UnknownIssuer=The certificate is not trusted because the issuer certificate is unknown.
+certErrorTrust_UnknownIssuer2=The server might not be sending the appropriate intermediate certificates.
+certErrorTrust_UnknownIssuer3=An additional root certificate may need to be imported.
 certErrorTrust_CaInvalid=The certificate is not trusted because it was issued by an invalid CA certificate.
 certErrorTrust_Issuer=The certificate is not trusted because the issuer certificate is not trusted.
 certErrorTrust_SignatureAlgorithmDisabled=The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.
 certErrorTrust_ExpiredIssuer=The certificate is not trusted because the issuer certificate has expired.
 certErrorTrust_Untrusted=The certificate does not come from a trusted source.
 
 certErrorMismatch=The certificate is not valid for the name %S.
 # LOCALIZATION NOTE (certErrorMismatchSingle2): Do not translate <a id="cert_domain_link" title="%1$S">%1$S</a>

--- a/security/manager/ssl/src/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/src/TransportSecurityInfo.cpp
@@ -578,26 +578,30 @@ formatPlainErrorMessage(const nsXPIDLCSt
 
 static void
 AppendErrorTextUntrusted(PRErrorCode errTrust,
                          const nsString &host,
                          nsIX509Cert* ix509,
                          nsINSSComponent *component,
                          nsString &returnedMessage)
 {
-  const char *errorID = nullptr;
+  const char* errorID = nullptr;
+  const char* errorID2 = nullptr;
+  const char* errorID3 = nullptr;
   bool isSelfSigned;
   if (NS_SUCCEEDED(ix509->GetIsSelfSigned(&isSelfSigned)) && isSelfSigned) {
     errorID = "certErrorTrust_SelfSigned";
   }
 
   if (!errorID) {
     switch (errTrust) {
       case SEC_ERROR_UNKNOWN_ISSUER:
         errorID = "certErrorTrust_UnknownIssuer";
+        errorID2 = "certErrorTrust_UnknownIssuer2";
+        errorID3 = "certErrorTrust_UnknownIssuer3";
         break;
       case SEC_ERROR_CA_CERT_INVALID:
         errorID = "certErrorTrust_CaInvalid";
         break;
       case SEC_ERROR_UNTRUSTED_ISSUER:
         errorID = "certErrorTrust_Issuer";
         break;
       case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
@@ -608,23 +612,28 @@ AppendErrorTextUntrusted(PRErrorCode err
         break;
       case SEC_ERROR_UNTRUSTED_CERT:
       default:
         errorID = "certErrorTrust_Untrusted";
         break;
     }
   }
 
-  nsString formattedString;
-  nsresult rv = component->GetPIPNSSBundleString(errorID, 
-                                                 formattedString);
-  if (NS_SUCCEEDED(rv))
-  {
-    returnedMessage.Append(formattedString);
-    returnedMessage.Append('\n');
+  const char* errorIDs[] = { errorID, errorID2, errorID3 };
+  for (size_t i = 0; i < ArrayLength(errorIDs); i++) {
+    if (!errorIDs[i]) {
+      break;
+    }
+
+    nsString formattedString;
+    nsresult rv = component->GetPIPNSSBundleString(errorIDs[i], formattedString);
+    if (NS_SUCCEEDED(rv)) {
+      returnedMessage.Append(formattedString);
+      returnedMessage.Append('\n');
+    }
   }
 }
 
 // returns TRUE if SAN was used to produce names
 // return FALSE if nothing was produced
 // names => a single name or a list of names
 // multipleNames => whether multiple names were delivered
 static bool

security/manager/locales/en-US/chrome/pipnss/pipnss.properties		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/src/TransportSecurityInfo.cpp		file \| annotate \| diff \| comparison \| revisions