Bug 968348: Remove some set-but-never-read variables, an inline a PR_LOGGING-only variable, to fix build warnings in security/manager/ssl/src/. r=keeler
authorDaniel Holbert <dholbert@cs.stanford.edu>
Thu, 06 Feb 2014 00:12:16 -0800
changeset 167156 6ff203ccf02586c42b7aaac33d573d79bbbaefba
parent 167155 b04e2524e2ebdd75708ae91a993619c26430357e
child 167157 e6082884469caa4fc7e13abdc89733b709ae3ea8
push id39396
push userdholbert@mozilla.com
push dateThu, 06 Feb 2014 08:12:29 +0000
treeherdermozilla-inbound@e6082884469c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs968348
milestone30.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 968348: Remove some set-but-never-read variables, an inline a PR_LOGGING-only variable, to fix build warnings in security/manager/ssl/src/. r=keeler
security/manager/ssl/src/SSLServerCertVerification.cpp
security/manager/ssl/src/nsNSSCertificate.cpp
security/manager/ssl/src/nsUsageArrayHelper.cpp
--- a/security/manager/ssl/src/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/src/SSLServerCertVerification.cpp
@@ -501,44 +501,42 @@ CreateCertErrorRunnable(CertVerifier& ce
 
   RefPtr<nsNSSCertificate> nssCert(nsNSSCertificate::Create(cert));
   if (!nssCert) {
     NS_ERROR("nsNSSCertificate::Create failed");
     PR_SetError(SEC_ERROR_NO_MEMORY, 0);
     return nullptr;
   }
 
-  SECStatus srv;
-
   PLArenaPool* log_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
   PLArenaPoolCleanerFalseParam log_arena_cleaner(log_arena);
   if (!log_arena) {
     NS_ERROR("PORT_NewArena failed");
     return nullptr; // PORT_NewArena set error code
   }
 
   CERTVerifyLog* verify_log = PORT_ArenaZNew(log_arena, CERTVerifyLog);
   if (!verify_log) {
     NS_ERROR("PORT_ArenaZNew failed");
     return nullptr; // PORT_ArenaZNew set error code
   }
   CERTVerifyLogContentsCleaner verify_log_cleaner(verify_log);
   verify_log->arena = log_arena;
 
-  // XXX TODO: convert to VerifySSLServerCert
-  // XXX TODO: get rid of error log
-  srv = certVerifier.VerifyCert(cert, stapledOCSPResponse,
-                                certificateUsageSSLServer, now,
-                                infoObject, 0, nullptr, nullptr, verify_log);
 
-  // We ignore the result code of the cert verification.
+  // We ignore the result code of the cert verification (i.e. VerifyCert's rv)
   // Either it is a failure, which is expected, and we'll process the
   //                         verify log below.
   // Or it is a success, then a domain mismatch is the only
   //                     possible failure.
+  // XXX TODO: convert to VerifySSLServerCert
+  // XXX TODO: get rid of error log
+  certVerifier.VerifyCert(cert, stapledOCSPResponse,
+                          certificateUsageSSLServer, now,
+                          infoObject, 0, nullptr, nullptr, verify_log);
 
   PRErrorCode errorCodeMismatch = 0;
   PRErrorCode errorCodeTrust = 0;
   PRErrorCode errorCodeExpired = 0;
 
   uint32_t collected_errors = 0;
 
   // Check the name field against the desired hostname.
--- a/security/manager/ssl/src/nsNSSCertificate.cpp
+++ b/security/manager/ssl/src/nsNSSCertificate.cpp
@@ -818,27 +818,26 @@ nsNSSCertificate::GetChain(nsIArray** _r
   if (isAlreadyShutDown())
     return NS_ERROR_NOT_AVAILABLE;
 
   NS_ENSURE_ARG(_rvChain);
   nsresult rv;
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting chain for \"%s\"\n", mCert->nickname));
 
   ::insanity::pkix::ScopedCERTCertList nssChain;
-  SECStatus srv;
   RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
   NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
 
   // We want to test all usages, but we start with server because most of the
   // time Firefox users care about server certs.
-  srv = certVerifier->VerifyCert(mCert.get(), nullptr,
-                                 certificateUsageSSLServer, PR_Now(),
-                                 nullptr, /*XXX fixme*/
-                                 CertVerifier::FLAG_LOCAL_ONLY,
-                                 &nssChain);
+  certVerifier->VerifyCert(mCert.get(), nullptr,
+                           certificateUsageSSLServer, PR_Now(),
+                           nullptr, /*XXX fixme*/
+                           CertVerifier::FLAG_LOCAL_ONLY,
+                           &nssChain);
   // This is the whitelist of all non-SSLServer usages that are supported by
   // verifycert.
   const int otherUsagesToTest = certificateUsageSSLClient |
                                 certificateUsageSSLCA |
                                 certificateUsageEmailSigner |
                                 certificateUsageEmailRecipient |
                                 certificateUsageObjectSigner |
                                 certificateUsageStatusResponder;
@@ -846,21 +845,21 @@ nsNSSCertificate::GetChain(nsIArray** _r
        usage < certificateUsageAnyCA && !nssChain;
        usage = usage << 1) {
     if ((usage & otherUsagesToTest) == 0) {
       continue;
     }
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
            ("pipnss: PKIX attempting chain(%d) for '%s'\n",
             usage, mCert->nickname));
-    srv = certVerifier->VerifyCert(mCert.get(), nullptr,
-                                   usage, PR_Now(),
-                                   nullptr, /*XXX fixme*/
-                                   CertVerifier::FLAG_LOCAL_ONLY,
-                                   &nssChain);
+    certVerifier->VerifyCert(mCert.get(), nullptr,
+                             usage, PR_Now(),
+                             nullptr, /*XXX fixme*/
+                             CertVerifier::FLAG_LOCAL_ONLY,
+                             &nssChain);
   }
 
   if (!nssChain) {
     // There is not verified path for the chain, howeever we still want to 
     // present to the user as much of a possible chain as possible, in the case
     // where there was a problem with the cert or the issuers.
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
            ("pipnss: getchain :CertVerify failed to get chain for '%s'\n",
--- a/security/manager/ssl/src/nsUsageArrayHelper.cpp
+++ b/security/manager/ssl/src/nsUsageArrayHelper.cpp
@@ -127,30 +127,29 @@ nsUsageArrayHelper::check(uint32_t previ
     if (NS_SUCCEEDED(m_rv)) {
       outUsages[aCounter++] = ToNewUnicode(verifyDesc);
     }
     return nsIX509Cert::VERIFIED_OK;
   }
 
   PRErrorCode error = PR_GetError();
 
-  const char * errorString = PR_ErrorToName(error);
   uint32_t result = nsIX509Cert::NOT_VERIFIED_UNKNOWN;
   verifyFailed(&result, error);
 
   // USAGE_NOT_ALLOWED is the weakest non-fatal error; let all other errors
   // override it.
   if (result == nsIX509Cert::USAGE_NOT_ALLOWED &&
       previousCheckResult != nsIX509Cert::VERIFIED_OK) {
       result = previousCheckResult;
   }
 
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
           ("error validating certificate for usage %s: %s (%d) -> %ud \n",
-          typestr.get(), errorString, (int) error, (int) result));
+          typestr.get(), PR_ErrorToName(error), (int) error, (int) result));
 
   return result;
 }
 
 
 // Maps the error code to one of the Constants for certificate verification
 // results" in nsIX509Cert.
 void