bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
authorDavid Keeler <dkeeler@mozilla.com>
Mon, 26 Oct 2015 16:02:19 -0700
changeset 271565 7b574db9b1c6a23326189528eef2ca7c82b9f53a
parent 271564 7780d5cc57e3da46e01ffa5c2154d7520aaedde5
child 271566 d7b34dc6ef9e2f5e62b622a14e7c49ae5c388f3f
push id67697
push userdkeeler@mozilla.com
push dateFri, 06 Nov 2015 20:25:45 +0000
treeherdermozilla-inbound@7b574db9b1c6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersCykesiopka, jcj
bugs1218596
milestone45.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1218596 - remove nsPSMInitPanic and other unnecessary things from nsNSSComponent r=Cykesiopka r=jcj
security/manager/ssl/nsKeygenHandler.cpp
security/manager/ssl/nsNSSComponent.cpp
security/manager/ssl/nsNSSComponent.h
security/manager/ssl/nsSiteSecurityService.cpp
--- a/security/manager/ssl/nsKeygenHandler.cpp
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@@ -13,16 +13,17 @@
 #include "base64.h"
 #include "secasn1.h"
 #include "nsKeygenHandler.h"
 #include "nsKeygenHandlerContent.h"
 #include "nsIServiceManager.h"
 #include "nsIDOMHTMLSelectElement.h"
 #include "nsIContent.h"
 #include "nsKeygenThread.h"
+#include "nsNSSHelper.h"
 #include "nsReadableUtils.h"
 #include "nsUnicharUtils.h"
 #include "nsCRT.h"
 #include "nsITokenDialogs.h"
 #include "nsIGenKeypairInfoDlg.h"
 #include "nsNSSShutDown.h"
 #include "nsXULAppAPI.h"
 
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -3,74 +3,66 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsNSSComponent.h"
 
 #include "ExtendedValidation.h"
 #include "NSSCertDBTrustDomain.h"
-#include "mozilla/Telemetry.h"
-#include "nsAppDirectoryServiceDefs.h"
-#include "nsCertVerificationThread.h"
-#include "nsAppDirectoryServiceDefs.h"
-#include "nsComponentManagerUtils.h"
-#include "nsDirectoryServiceDefs.h"
-#include "nsICertOverrideService.h"
-#include "NSSCertDBTrustDomain.h"
-#include "nsThreadUtils.h"
+#include "SharedSSLState.h"
 #include "mozilla/Preferences.h"
-#include "nsThreadUtils.h"
 #include "mozilla/PublicSSL.h"
 #include "mozilla/Services.h"
 #include "mozilla/StaticPtr.h"
+#include "mozilla/Telemetry.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRT.h"
+#include "nsCertVerificationThread.h"
+#include "nsClientAuthRemember.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsIBufEntropyCollector.h"
+#include "nsICertOverrideService.h"
+#include "nsIFile.h"
+#include "nsIObserverService.h"
+#include "nsIPrompt.h"
+#include "nsIProperties.h"
+#include "nsISiteSecurityService.h"
+#include "nsITokenPasswordDialogs.h"
+#include "nsIWindowWatcher.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "nsXULAppAPI.h"
+#include "nss.h"
+#include "p12plcy.h"
+#include "pkix/pkixnss.h"
+#include "secerr.h"
+#include "secmod.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
 
 #ifndef MOZ_NO_SMART_CARDS
 #include "nsSmartCardMonitor.h"
 #endif
 
-#include "nsCRT.h"
-#include "nsNTLMAuthModule.h"
-#include "nsIFile.h"
-#include "nsIProperties.h"
-#include "nsIWindowWatcher.h"
-#include "nsIPrompt.h"
-#include "nsIBufEntropyCollector.h"
-#include "nsITokenPasswordDialogs.h"
-#include "nsISiteSecurityService.h"
-#include "nsServiceManagerUtils.h"
-#include "nsNSSShutDown.h"
-#include "SharedSSLState.h"
-#include "NSSErrorsService.h"
-
-#include "nss.h"
-#include "pkix/pkixnss.h"
-#include "ssl.h"
-#include "sslproto.h"
-#include "secmod.h"
-#include "secerr.h"
-#include "sslerr.h"
-
-#include "nsXULAppAPI.h"
-
 #ifdef XP_WIN
 #include "nsILocalFileWin.h"
 #endif
 
-#include "p12plcy.h"
-
 using namespace mozilla;
 using namespace mozilla::psm;
 
 PRLogModuleInfo* gPIPNSSLog = nullptr;
 
 int nsNSSComponent::mInstanceCount = 0;
 
-bool nsPSMInitPanic::isPanic = false;
-
 // This function can be called from chrome or content processes
 // to ensure that NSS is initialized.
 bool EnsureNSSInitializedChromeOrContent()
 {
   nsresult rv;
   if (XRE_IsParentProcess()) {
     nsCOMPtr<nsISupports> nss = do_GetService(PSM_COMPONENT_CONTRACTID, &rv);
     if (NS_FAILED(rv)) {
@@ -99,19 +91,16 @@ bool EnsureNSSInitializedChromeOrContent
   mozilla::psm::DisableMD5();
   return true;
 }
 
 // We must ensure that the nsNSSComponent has been loaded before
 // creating any other components.
 bool EnsureNSSInitialized(EnsureNSSOperator op)
 {
-  if (nsPSMInitPanic::GetPanic())
-    return false;
-
   if (GeckoProcessType_Default != XRE_GetProcessType())
   {
     if (op == nssEnsureOnChromeOnly)
     {
       // If the component needs PSM/NSS initialized only on the chrome process,
       // pretend we successfully initiated it but in reality we bypass it.
       // It's up to the programmer to check for process type in such components
       // and take care not to call anything that needs NSS/PSM initiated.
@@ -229,17 +218,16 @@ nsNSSComponent::nsNSSComponent()
 #ifndef MOZ_NO_SMART_CARDS
    mThreadList(nullptr),
 #endif
    mCertVerificationThread(nullptr)
 {
   if (!gPIPNSSLog)
     gPIPNSSLog = PR_NewLogModule("pipnss");
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ctor\n"));
-  mObserversRegistered = false;
 
   NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
   ++mInstanceCount;
   mShutdownObjectList = nsNSSShutDownList::construct();
   mIsNetworkDown = false;
 }
 
 void
@@ -327,36 +315,16 @@ nsNSSComponent::GetPIPNSSBundleString(co
       rv = NS_OK;
     }
   }
 
   return rv;
 }
 
 NS_IMETHODIMP
-nsNSSComponent::NSSBundleFormatStringFromName(const char* name,
-                                              const char16_t** params,
-                                              uint32_t numParams,
-                                              nsAString& outString)
-{
-  nsresult rv = NS_ERROR_FAILURE;
-
-  if (mNSSErrorsBundle && name) {
-    nsXPIDLString result;
-    rv = mNSSErrorsBundle->FormatStringFromName(NS_ConvertASCIItoUTF16(name).get(),
-                                                params, numParams,
-                                                getter_Copies(result));
-    if (NS_SUCCEEDED(rv)) {
-      outString = result;
-    }
-  }
-  return rv;
-}
-
-NS_IMETHODIMP
 nsNSSComponent::GetNSSBundleString(const char* name, nsAString& outString)
 {
   nsresult rv = NS_ERROR_FAILURE;
 
   outString.SetLength(0);
   if (mNSSErrorsBundle && name) {
     nsXPIDLString result;
     rv = mNSSErrorsBundle->GetStringFromName(NS_ConvertASCIItoUTF16(name).get(),
@@ -1011,17 +979,16 @@ nsNSSComponent::InitializeNSS()
   // run were sufficient. As I can't predict what happens in the future, let's repeat
   // this call for every re-init of NSS.
 
   ConfigureInternalPKCS11Token();
 
   nsAutoCString profileStr;
   nsresult rv = GetNSSProfilePath(profileStr);
   if (NS_FAILED(rv)) {
-    nsPSMInitPanic::SetPanic();
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   SECStatus init_rv = SECFailure;
   bool nocertdb = Preferences::GetBool("security.nocertdb", false);
 
   if (!nocertdb && !profileStr.IsEmpty()) {
     // First try to initialize the NSS DB in read/write mode.
@@ -1038,17 +1005,16 @@ nsNSSComponent::InitializeNSS()
   // If we haven't succeeded in initializing the DB in our profile
   // directory or we don't have a profile at all, or the "security.nocertdb"
   // pref has been set to "true", attempt to initialize with no DB.
   if (nocertdb || init_rv != SECSuccess) {
     init_rv = NSS_NoDB_Init(nullptr);
   }
   if (init_rv != SECSuccess) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("could not initialize NSS - panicking\n"));
-    nsPSMInitPanic::SetPanic();
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   mNSSInitialized = true;
 
   PK11_SetPasswordFunc(PK11PasswordPrompt);
 
   SharedSSLState::GlobalInit();
@@ -1056,17 +1022,16 @@ nsNSSComponent::InitializeNSS()
   // Register an observer so we can inform NSS when these prefs change
   Preferences::AddStrongObserver(this, "security.");
 
   SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
   SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
 
   rv = setEnabledTLSVersions();
   if (NS_FAILED(rv)) {
-    nsPSMInitPanic::SetPanic();
     return NS_ERROR_UNEXPECTED;
   }
 
   DisableMD5();
   // Initialize the certverifier log before calling any functions that library.
   InitCertVerifierLog();
   LoadLoadableRoots();
 
@@ -1161,17 +1126,17 @@ nsNSSComponent::ShutdownNSS()
       MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("NSS SHUTDOWN FAILURE\n"));
     }
     else {
       MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS shutdown =====>> OK <<=====\n"));
     }
   }
 }
 
-NS_IMETHODIMP
+nsresult
 nsNSSComponent::Init()
 {
   // No mutex protection.
   // Assume Init happens before any concurrency on "this" can start.
 
   nsresult rv = NS_OK;
 
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n"));
@@ -1196,64 +1161,52 @@ nsNSSComponent::Init()
     NS_NAMED_LITERAL_STRING(dummy_name, "dummy");
     nsXPIDLString result;
     mPIPNSSBundle->GetStringFromName(dummy_name.get(),
                                      getter_Copies(result));
     mNSSErrorsBundle->GetStringFromName(dummy_name.get(),
                                         getter_Copies(result));
   }
 
-  // Do that before NSS init, to make sure we won't get unloaded.
-  RegisterObservers();
 
   rv = InitializeNSS();
   if (NS_FAILED(rv)) {
-    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to Initialize NSS.\n"));
-
-    DeregisterObservers();
-    mPIPNSSBundle = nullptr;
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("nsNSSComponent::InitializeNSS() failed\n"));
     return rv;
   }
 
   RememberCertErrorsTable::Init();
 
   createBackgroundThreads();
-  if (!mCertVerificationThread)
-  {
-    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS init, could not create threads\n"));
-
-    DeregisterObservers();
-    mPIPNSSBundle = nullptr;
+  if (!mCertVerificationThread) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSComponent::createBackgroundThreads() failed\n"));
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
-  nsCOMPtr<nsIEntropyCollector> ec
-      = do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID);
-
-  nsCOMPtr<nsIBufEntropyCollector> bec;
-
-  if (ec) {
-    bec = do_QueryInterface(ec);
+  nsCOMPtr<nsIEntropyCollector> ec(
+    do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID));
+  if (!ec) {
+    return NS_ERROR_FAILURE;
   }
+  nsCOMPtr<nsIBufEntropyCollector> bec(do_QueryInterface(ec));
+  if (!bec) {
+    return NS_ERROR_FAILURE;
+  }
+  bec->ForwardTo(this);
 
-  NS_ASSERTION(bec, "No buffering entropy collector.  "
-                    "This means no entropy will be collected.");
-  if (bec) {
-    bec->ForwardTo(this);
-  }
-
-  return rv;
+  return RegisterObservers();
 }
 
 // nsISupports Implementation for the class
 NS_IMPL_ISUPPORTS(nsNSSComponent,
                   nsIEntropyCollector,
                   nsINSSComponent,
-                  nsIObserver,
-                  nsISupportsWeakReference)
+                  nsIObserver)
 
 NS_IMETHODIMP
 nsNSSComponent::RandomUpdate(void* entropy, int32_t bufLen)
 {
   nsNSSShutDownPreventionLock locker;
 
   // Asynchronous event happening often,
   // must not interfere with initialization or profile switch.
@@ -1449,58 +1402,34 @@ nsresult nsNSSComponent::LogoutAuthentic
   return mShutdownObjectList->doPK11Logout();
 }
 
 nsresult
 nsNSSComponent::RegisterObservers()
 {
   // Happens once during init only, no mutex protection.
 
-  nsCOMPtr<nsIObserverService> observerService(do_GetService("@mozilla.org/observer-service;1"));
-  NS_ASSERTION(observerService, "could not get observer service");
-  if (observerService) {
-    mObserversRegistered = true;
-    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: adding observers\n"));
-
-    // We are a service.
-    // Once we are loaded, don't allow being removed from memory.
-    // This makes sense, as initializing NSS is expensive.
-
-    // By using false for parameter ownsWeak in AddObserver,
-    // we make sure that we won't get unloaded until the application shuts down.
-
-    observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false);
-
-    observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, false);
-    observerService->AddObserver(this, PROFILE_DO_CHANGE_TOPIC, false);
-    observerService->AddObserver(this, PROFILE_CHANGE_NET_TEARDOWN_TOPIC, false);
-    observerService->AddObserver(this, PROFILE_CHANGE_NET_RESTORE_TOPIC, false);
+  nsCOMPtr<nsIObserverService> observerService(
+    do_GetService("@mozilla.org/observer-service;1"));
+  if (!observerService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSComponent: couldn't get observer service\n"));
+    return NS_ERROR_FAILURE;
   }
-  return NS_OK;
-}
-
-nsresult
-nsNSSComponent::DeregisterObservers()
-{
-  if (!mObserversRegistered)
-    return NS_OK;
 
-  nsCOMPtr<nsIObserverService> observerService(do_GetService("@mozilla.org/observer-service;1"));
-  NS_ASSERTION(observerService, "could not get observer service");
-  if (observerService) {
-    mObserversRegistered = false;
-    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: removing observers\n"));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: adding observers\n"));
+  // Using false for the ownsweak parameter means the observer service will
+  // keep a strong reference to this component. As a result, this will live at
+  // least as long as the observer service.
+  observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false);
+  observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, false);
+  observerService->AddObserver(this, PROFILE_DO_CHANGE_TOPIC, false);
+  observerService->AddObserver(this, PROFILE_CHANGE_NET_TEARDOWN_TOPIC, false);
+  observerService->AddObserver(this, PROFILE_CHANGE_NET_RESTORE_TOPIC, false);
 
-    observerService->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID);
-
-    observerService->RemoveObserver(this, PROFILE_BEFORE_CHANGE_TOPIC);
-    observerService->RemoveObserver(this, PROFILE_DO_CHANGE_TOPIC);
-    observerService->RemoveObserver(this, PROFILE_CHANGE_NET_TEARDOWN_TOPIC);
-    observerService->RemoveObserver(this, PROFILE_CHANGE_NET_RESTORE_TOPIC);
-  }
   return NS_OK;
 }
 
 void
 nsNSSComponent::DoProfileChangeNetTeardown()
 {
   if (mCertVerificationThread)
     mCertVerificationThread->requestExit();
--- a/security/manager/ssl/nsNSSComponent.h
+++ b/security/manager/ssl/nsNSSComponent.h
@@ -8,22 +8,18 @@
 #define _nsNSSComponent_h_
 
 #include "mozilla/Mutex.h"
 #include "mozilla/RefPtr.h"
 #include "nsCOMPtr.h"
 #include "nsIEntropyCollector.h"
 #include "nsIStringBundle.h"
 #include "nsIObserver.h"
-#include "nsIObserverService.h"
-#include "nsINSSErrorsService.h"
 #include "nsNSSCallbacks.h"
 #include "SharedCertVerifier.h"
-#include "nsNSSHelper.h"
-#include "nsClientAuthRemember.h"
 #include "prerror.h"
 #include "sslt.h"
 
 class nsIDOMWindow;
 class nsIPrompt;
 class SmartCardThreadList;
 
 namespace mozilla { namespace psm {
@@ -35,60 +31,51 @@ MOZ_WARN_UNUSED_RESULT
 } } // namespace mozilla::psm
 
 
 #define NS_NSSCOMPONENT_CID \
 {0x4cb64dfd, 0xca98, 0x4e24, {0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb}}
 
 #define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
 
-//Define an interface that we can use to look up from the
-//callbacks passed to NSS.
-
-#define NS_INSSCOMPONENT_IID_STR "e60602a8-97a3-4fe7-b5b7-56bc6ce87ab4"
 #define NS_INSSCOMPONENT_IID \
-  { 0xe60602a8, 0x97a3, 0x4fe7, \
-    { 0xb5, 0xb7, 0x56, 0xbc, 0x6c, 0xe8, 0x7a, 0xb4 } }
+  { 0xa0a8f52b, 0xea18, 0x4abc, \
+    { 0xa3, 0xca, 0xec, 0xcf, 0x70, 0x4f, 0xfe, 0x63 } }
 
 enum EnsureNSSOperator
 {
   nssLoadingComponent = 0,
   nssInitSucceeded = 1,
   nssInitFailed = 2,
   nssShutdown = 3,
   nssEnsure = 100,
   nssEnsureOnChromeOnly = 101,
   nssEnsureChromeOrContent = 102,
 };
 
 extern bool EnsureNSSInitializedChromeOrContent();
 
 extern bool EnsureNSSInitialized(EnsureNSSOperator op);
 
-class nsNSSComponent;
-
-class NS_NO_VTABLE nsINSSComponent : public nsISupports {
- public:
+class NS_NO_VTABLE nsINSSComponent : public nsISupports
+{
+public:
   NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
 
   NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) = 0;
 
   NS_IMETHOD GetPIPNSSBundleString(const char* name,
                                    nsAString& outString) = 0;
   NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
                                            const char16_t** params,
                                            uint32_t numParams,
                                            nsAString& outString) = 0;
 
   NS_IMETHOD GetNSSBundleString(const char* name,
                                 nsAString& outString) = 0;
-  NS_IMETHOD NSSBundleFormatStringFromName(const char* name,
-                                           const char16_t** params,
-                                           uint32_t numParams,
-                                           nsAString& outString) = 0;
 
   NS_IMETHOD LogoutAuthenticatedPK11() = 0;
 
 #ifndef MOZ_NO_SMART_CARDS
   NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) = 0;
 
   NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) = 0;
 #endif
@@ -100,49 +87,42 @@ class NS_NO_VTABLE nsINSSComponent : pub
 };
 
 NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
 
 class nsNSSShutDownList;
 class nsCertVerificationThread;
 
 // Implementation of the PSM component interface.
-class nsNSSComponent final : public nsIEntropyCollector,
-                             public nsINSSComponent,
-                             public nsIObserver,
-                             public nsSupportsWeakReference
+class nsNSSComponent final : public nsIEntropyCollector
+                           , public nsINSSComponent
+                           , public nsIObserver
 {
-  typedef mozilla::Mutex Mutex;
-
 public:
   NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
 
   nsNSSComponent();
 
   NS_DECL_THREADSAFE_ISUPPORTS
   NS_DECL_NSIENTROPYCOLLECTOR
   NS_DECL_NSIOBSERVER
 
-  NS_METHOD Init();
+  nsresult Init();
 
   static nsresult GetNewPrompter(nsIPrompt** result);
   static nsresult ShowAlertWithConstructedString(const nsString& message);
   NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) override;
 
   NS_IMETHOD GetPIPNSSBundleString(const char* name,
                                    nsAString& outString) override;
   NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
                                            const char16_t** params,
                                            uint32_t numParams,
                                            nsAString& outString) override;
   NS_IMETHOD GetNSSBundleString(const char* name, nsAString& outString) override;
-  NS_IMETHOD NSSBundleFormatStringFromName(const char* name,
-                                           const char16_t** params,
-                                           uint32_t numParams,
-                                           nsAString& outString) override;
   NS_IMETHOD LogoutAuthenticatedPK11() override;
 
 #ifndef MOZ_NO_SMART_CARDS
   NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) override;
   NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) override;
   void LaunchSmartCardThreads();
   void ShutdownSmartCardThreads();
   nsresult DispatchEventToWindow(nsIDOMWindow* domWin,
@@ -174,30 +154,28 @@ private:
   void LoadLoadableRoots();
   void UnloadLoadableRoots();
   void setValidationOptions(bool isInitialSetting,
                             const mozilla::MutexAutoLock& lock);
   nsresult setEnabledTLSVersions();
   nsresult InitializePIPNSSBundle();
   nsresult ConfigureInternalPKCS11Token();
   nsresult RegisterObservers();
-  nsresult DeregisterObservers();
 
   // Methods that we use to handle the profile change notifications (and to
   // synthesize a full profile change when we're just doing a profile startup):
   void DoProfileChangeNetTeardown();
   void DoProfileBeforeChange(nsISupports* aSubject);
   void DoProfileChangeNetRestore();
 
-  Mutex mutex;
+  mozilla::Mutex mutex;
 
   nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
   nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
   bool mNSSInitialized;
-  bool mObserversRegistered;
   static int mInstanceCount;
   nsNSSShutDownList* mShutdownObjectList;
 #ifndef MOZ_NO_SMART_CARDS
   SmartCardThreadList* mThreadList;
 #endif
   bool mIsNetworkDown;
 
   void deleteBackgroundThreads();
@@ -215,18 +193,9 @@ class nsNSSErrors
 public:
   static const char* getDefaultErrorStringName(PRErrorCode err);
   static const char* getOverrideErrorStringName(PRErrorCode aErrorCode);
   static nsresult getErrorMessageFromCode(PRErrorCode err,
                                           nsINSSComponent* component,
                                           nsString& returnedMessage);
 };
 
-class nsPSMInitPanic
-{
-private:
-  static bool isPanic;
-public:
-  static void SetPanic() {isPanic = true;}
-  static bool GetPanic() {return isPanic;}
-};
-
 #endif // _nsNSSComponent_h_
--- a/security/manager/ssl/nsSiteSecurityService.cpp
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -8,16 +8,17 @@
 #include "mozilla/Preferences.h"
 #include "mozilla/Base64.h"
 #include "base64.h"
 #include "CertVerifier.h"
 #include "nsCRTGlue.h"
 #include "nsISSLStatus.h"
 #include "nsISocketProvider.h"
 #include "nsIURI.h"
+#include "nsIX509Cert.h"
 #include "nsNetUtil.h"
 #include "nsNSSComponent.h"
 #include "nsSecurityHeaderParser.h"
 #include "nsString.h"
 #include "nsThreadUtils.h"
 #include "nsXULAppAPI.h"
 #include "pkix/pkixtypes.h"
 #include "plstr.h"