Back out changeset fa013d593d02e29d9062900f89a14fd40a9ba687 (bug 1549010). a=sylvestre
authorEmilio Cobos Álvarez <emilio@crisal.io>
Sat, 04 May 2019 11:57:19 +0200
changeset 472592 9419be649effc5bc67eb3d6fce1db46caa7fae7e
parent 472591 24a6a4f933a8289666dbda9b9c5e39c2de89fa4f
child 472593 023dd959512e2cfa685187616560f91efa91183c
push id113027
push userccoroiu@mozilla.com
push dateSun, 05 May 2019 21:45:51 +0000
treeherdermozilla-inbound@1e3244e602fc [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssylvestre
bugs1549010
milestone68.0a1
first release with
nightly linux32
9419be649eff / 68.0a1 / 20190504100003 / files
nightly linux64
9419be649eff / 68.0a1 / 20190504100003 / files
nightly mac
9419be649eff / 68.0a1 / 20190504100003 / files
nightly win32
9419be649eff / 68.0a1 / 20190504100003 / files
nightly win64
9419be649eff / 68.0a1 / 20190504100003 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Back out changeset fa013d593d02e29d9062900f89a14fd40a9ba687 (bug 1549010). a=sylvestre CLOSED TREE
security/apps/AppSignatureVerification.cpp
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -632,20 +632,18 @@ nsresult VerifyCertificate(CERTCertifica
   }
   Input certDER;
   mozilla::pkix::Result result =
       certDER.Init(signerCert->derCert.data, signerCert->derCert.len);
   if (result != Success) {
     return mozilla::psm::GetXPCOMFromNSSError(MapResultToPRErrorCode(result));
   }
 
-  // 1556333000 seconds since the epoch should be about 2019-04-27T02:43:20.000Z
-  Time verificationTime = TimeFromEpochInSeconds(1556333000);
   result = BuildCertChain(
-      trustDomain, certDER, verificationTime, EndEntityOrCA::MustBeEndEntity,
+      trustDomain, certDER, Now(), EndEntityOrCA::MustBeEndEntity,
       KeyUsage::digitalSignature, KeyPurposeId::id_kp_codeSigning,
       CertPolicyId::anyPolicy, nullptr /*stapledOCSPResponse*/);
   if (result == mozilla::pkix::Result::ERROR_EXPIRED_CERTIFICATE) {
     // For code-signing you normally need trusted 3rd-party timestamps to
     // handle expiration properly. The signer could always mess with their
     // system clock so you can't trust the certificate was un-expired when
     // the signing took place. The choice is either to ignore expiration
     // or to enforce expiration at time of use. The latter leads to the