Bug 683449 - Really remove the exemptions; r=kaie over irc CLOSED TREE a=release CAMINO_2_1_B2_MINIBRANCH CAMINO_2_1_B2_RELEASE
authorEhsan Akhgari <ehsan@mozilla.com>
Fri, 02 Sep 2011 14:58:49 -0400
branchCAMINO_2_1_B2_MINIBRANCH
changeset 35184 4908527a72a0b5dc8c14c9684a00bbfbcce840ac
parent 35183 7e5f09f2fb2c7f51c15bca96ca83f444f1cba6e8
child 35185 88585d67c78023d547dca6ff1cab4a444f6dd356
push id1971
push useralqahira@ardisson.org
push dateThu, 08 Sep 2011 04:55:20 +0000
reviewerskaie, release
bugs683449
milestone1.9.2.22
Bug 683449 - Really remove the exemptions; r=kaie over irc CLOSED TREE a=release
security/manager/ssl/src/nsNSSCallbacks.cpp
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -1046,28 +1046,16 @@ PSM_SSL_BlacklistDigiNotar(CERTCertifica
   PRBool isDigiNotarIssuedCert = PR_FALSE;
 
   for (CERTCertListNode *node = CERT_LIST_HEAD(serverCertChain);
        !CERT_LIST_END(node, serverCertChain);
        node = CERT_LIST_NEXT(node)) {
     if (!node->cert->issuerName)
       continue;
 
-    // If it's one of the "Staat der Nederlanden Root"s, then don't blacklist.
-    // Compare names, and ensure it's a self-signed root.
-    if ((!strcmp(node->cert->issuerName,
-                "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") ||
-         !strcmp(node->cert->issuerName,
-                "CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL")) &&
-        SECITEM_ItemsAreEqual(&node->cert->derIssuer,&node->cert->derSubject)
-        ) {
-      // keep as valid
-      return 0;
-    }
-
     if (strstr(node->cert->issuerName, "CN=DigiNotar")) {
       isDigiNotarIssuedCert = PR_TRUE;
     }
   }
 
   if (isDigiNotarIssuedCert) {
     // let's see if we want to worsen the error code to revoked.
     PRErrorCode revoked_code = PSM_SSL_DigiNotarTreatAsRevoked(serverCert, serverCertChain);