Bug 867465: Remove the "Revocation Lists" feature, r=cviecco, r=mattn
authorBrian Smith <bsmith@mozilla.com>
Sun, 02 Jun 2013 23:37:47 -0700
changeset 143315 dd6e10c7db026fc6fc26f31dfcac825bf4c44cdf
parent 143314 75895fe57f563a2a4a5a0fa44620d8ab5dd8988f
child 143316 b1a6f93acc877712990e907350c76a241321aeb1
push idunknown
push userunknown
push dateunknown
reviewerscviecco, mattn
bugs867465
milestone24.0a1
Bug 867465: Remove the "Revocation Lists" feature, r=cviecco, r=mattn
browser/app/profile/firefox.js
browser/components/preferences/advanced.js
browser/components/preferences/advanced.xul
browser/components/preferences/in-content/advanced.js
browser/components/preferences/in-content/advanced.xul
browser/locales/en-US/chrome/browser/preferences/advanced.dtd
mobile/android/components/NSSDialogService.js
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
security/manager/locales/en-US/chrome/pippki/pippki.dtd
security/manager/locales/en-US/chrome/pippki/pippki.properties
security/manager/locales/en-US/chrome/pippki/validation.dtd
security/manager/locales/jar.mn
security/manager/pki/resources/content/crlImportDialog.js
security/manager/pki/resources/content/crlImportDialog.xul
security/manager/pki/resources/content/crlManager.js
security/manager/pki/resources/content/crlManager.xul
security/manager/pki/resources/content/pref-crlupdate.js
security/manager/pki/resources/content/pref-crlupdate.xul
security/manager/pki/resources/content/serverCrlNextupdate.js
security/manager/pki/resources/content/serverCrlNextupdate.xul
security/manager/pki/resources/jar.mn
security/manager/pki/src/nsNSSDialogs.cpp
security/manager/ssl/public/moz.build
security/manager/ssl/public/nsICRLInfo.idl
security/manager/ssl/public/nsICRLManager.idl
security/manager/ssl/public/nsICertificateDialogs.idl
security/manager/ssl/src/moz.build
security/manager/ssl/src/nsCRLInfo.cpp
security/manager/ssl/src/nsCRLInfo.h
security/manager/ssl/src/nsCRLManager.cpp
security/manager/ssl/src/nsCRLManager.h
security/manager/ssl/src/nsNSSComponent.cpp
security/manager/ssl/src/nsNSSComponent.h
security/manager/ssl/src/nsNSSModule.cpp
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1022,17 +1022,16 @@ pref("services.sync.prefs.sync.privacy.c
 pref("services.sync.prefs.sync.privacy.clearOnShutdown.history", true);
 pref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", true);
 pref("services.sync.prefs.sync.privacy.clearOnShutdown.passwords", true);
 pref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", true);
 pref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", true);
 pref("services.sync.prefs.sync.privacy.donottrackheader.enabled", true);
 pref("services.sync.prefs.sync.privacy.donottrackheader.value", true);
 pref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", true);
-pref("services.sync.prefs.sync.security.OCSP.disable_button.managecrl", true);
 pref("services.sync.prefs.sync.security.OCSP.enabled", true);
 pref("services.sync.prefs.sync.security.OCSP.require", true);
 pref("services.sync.prefs.sync.security.default_personal_cert", true);
 pref("services.sync.prefs.sync.security.tls.version.min", true);
 pref("services.sync.prefs.sync.security.tls.version.max", true);
 pref("services.sync.prefs.sync.signon.rememberSignons", true);
 pref("services.sync.prefs.sync.spellchecker.dictionary", true);
 pref("services.sync.prefs.sync.xpinstall.whitelist.required", true);
--- a/browser/components/preferences/advanced.js
+++ b/browser/components/preferences/advanced.js
@@ -800,26 +800,16 @@ var gAdvancedPane = {
   showCertificates: function ()
   {
     document.documentElement.openWindow("mozilla:certmanager",
                                         "chrome://pippki/content/certManager.xul",
                                         "", null);
   },
 
   /**
-   * Displays a dialog which describes the user's CRLs.
-   */
-  showCRLs: function ()
-  {
-    document.documentElement.openWindow("mozilla:crlmanager",
-                                        "chrome://pippki/content/crlManager.xul",
-                                        "", null);
-  },
-
-  /**
    * Displays a dialog in which OCSP preferences can be configured.
    */
   showOCSP: function ()
   {
     document.documentElement.openSubDialog("chrome://mozapps/content/preferences/ocsp.xul",
                                            "", null);
   },
 
--- a/browser/components/preferences/advanced.xul
+++ b/browser/components/preferences/advanced.xul
@@ -96,19 +96,16 @@
       <preference id="browser.search.update"           name="browser.search.update"           type="bool"/>
 
       <!-- Encryption tab -->
       <preference id="security.default_personal_cert"  name="security.default_personal_cert"  type="string"/>
 
       <preference id="security.disable_button.openCertManager"
                   name="security.disable_button.openCertManager"
                   type="bool"/>
-      <preference id="security.OCSP.disable_button.managecrl"
-                  name="security.OCSP.disable_button.managecrl"
-                  type="bool"/>
       <preference id="security.disable_button.openDeviceManager"
                   name="security.disable_button.openDeviceManager"
                   type="bool"/>
     </preferences>
 
 #ifdef HAVE_SHELL_SERVICE
     <stringbundle id="bundleShell" src="chrome://browser/locale/shellservice.properties"/>
     <stringbundle id="bundleBrand" src="chrome://branding/locale/brand.properties"/>
@@ -419,42 +416,28 @@
               <radio label="&certs.auto;" accesskey="&certs.auto.accesskey;"
                      value="Select Automatically"/>
               <radio label="&certs.ask;" accesskey="&certs.ask.accesskey;"
                      value="Ask Every Time"/>
             </radiogroup>
 
             <separator/>
 
-#ifdef XP_MACOSX
-            <vbox>
-#endif
             <hbox>
               <button id="viewCertificatesButton"
                       label="&viewCerts.label;" accesskey="&viewCerts.accesskey;"
                       oncommand="gAdvancedPane.showCertificates();"
                       preference="security.disable_button.openCertManager"/>
-              <button id="viewCRLButton"
-                      label="&viewCRLs.label;" accesskey="&viewCRLs.accesskey;"
-                      oncommand="gAdvancedPane.showCRLs();"
-                      preference="security.OCSP.disable_button.managecrl"/>
               <button id="verificationButton"
                       label="&verify2.label;" accesskey="&verify2.accesskey;"
                       oncommand="gAdvancedPane.showOCSP();"/>
-#ifdef XP_MACOSX
-            </hbox>
-            <hbox>
-#endif
               <button id="viewSecurityDevicesButton"
                       label="&viewSecurityDevices.label;" accesskey="&viewSecurityDevices.accesskey;"
                       oncommand="gAdvancedPane.showSecurityDevices();"
                       preference="security.disable_button.openDeviceManager"/>
             </hbox>
-#ifdef XP_MACOSX
-            </vbox>
-#endif
         </tabpanel>
 
       </tabpanels>
     </tabbox>
   </prefpane>
 
 </overlay>
--- a/browser/components/preferences/in-content/advanced.js
+++ b/browser/components/preferences/in-content/advanced.js
@@ -764,26 +764,16 @@ var gAdvancedPane = {
   showCertificates: function ()
   {
     openDialog("chrome://pippki/content/certManager.xul",
                "mozilla:certmanager",
                "model=yes", null);
   },
 
   /**
-   * Displays a dialog which describes the user's CRLs.
-   */
-  showCRLs: function ()
-  {
-    openDialog("chrome://pippki/content/crlManager.xul",
-               "mozilla:crlmanager",
-               "model=yes", null);
-  },
-
-  /**
    * Displays a dialog in which OCSP preferences can be configured.
    */
   showOCSP: function ()
   {
     openDialog("chrome://mozapps/content/preferences/ocsp.xul",
                "mozilla:crlmanager",
                "model=yes", null);
   },
--- a/browser/components/preferences/in-content/advanced.xul
+++ b/browser/components/preferences/in-content/advanced.xul
@@ -112,19 +112,16 @@
   <!-- Encryption tab -->
   <preference id="security.default_personal_cert"
               name="security.default_personal_cert"
               type="string"/>
 
   <preference id="security.disable_button.openCertManager"
               name="security.disable_button.openCertManager"
               type="bool"/>
-  <preference id="security.OCSP.disable_button.managecrl"
-              name="security.OCSP.disable_button.managecrl"
-              type="bool"/>
   <preference id="security.disable_button.openDeviceManager"
               name="security.disable_button.openDeviceManager"
               type="bool"/>
 </preferences>
 
 #ifdef HAVE_SHELL_SERVICE
   <stringbundle id="bundleShell" src="chrome://browser/locale/shellservice.properties"/>
   <stringbundle id="bundleBrand" src="chrome://branding/locale/brand.properties"/>
@@ -441,20 +438,16 @@
 #ifdef XP_MACOSX
         <vbox>
 #endif
         <hbox>
           <button id="viewCertificatesButton"
                   label="&viewCerts.label;" accesskey="&viewCerts.accesskey;"
                   oncommand="gAdvancedPane.showCertificates();"
                   preference="security.disable_button.openCertManager"/>
-          <button id="viewCRLButton"
-                  label="&viewCRLs.label;" accesskey="&viewCRLs.accesskey;"
-                  oncommand="gAdvancedPane.showCRLs();"
-                  preference="security.OCSP.disable_button.managecrl"/>
           <button id="verificationButton"
                   label="&verify2.label;" accesskey="&verify2.accesskey;"
                   oncommand="gAdvancedPane.showOCSP();"/>
 #ifdef XP_MACOSX
         </hbox>
         <hbox>
 #endif
           <button id="viewSecurityDevicesButton"
--- a/browser/locales/en-US/chrome/browser/preferences/advanced.dtd
+++ b/browser/locales/en-US/chrome/browser/preferences/advanced.dtd
@@ -125,14 +125,12 @@
 <!ENTITY certificateTab.label            "Certificates">
 <!ENTITY certSelection.description       "When a server requests my personal certificate:">
 <!ENTITY certs.auto                      "Select one automatically">
 <!ENTITY certs.auto.accesskey            "l">
 <!ENTITY certs.ask                       "Ask me every time">
 <!ENTITY certs.ask.accesskey             "i">
 <!ENTITY viewCerts.label                 "View Certificates">
 <!ENTITY viewCerts.accesskey             "s">
-<!ENTITY viewCRLs.label                  "Revocation Lists">
-<!ENTITY viewCRLs.accesskey              "R">
 <!ENTITY verify2.label                   "Validation">
 <!ENTITY verify2.accesskey               "V">
 <!ENTITY viewSecurityDevices.label       "Security Devices">
 <!ENTITY viewSecurityDevices.accesskey   "y">
--- a/mobile/android/components/NSSDialogService.js
+++ b/mobile/android/components/NSSDialogService.js
@@ -141,22 +141,16 @@ NSSDialogs.prototype = {
                           ["certmgr.issued", aCert.validity.notBeforeLocalDay,
                            "certmgr.expires", aCert.validity.notAfterLocalDay])})
      .addLabel({ label: this.certInfoSection("certmgr.fingerprints.label",
                           ["certmgr.certdetail.sha1fingerprint", aCert.sha1Fingerprint,
                            "certmgr.certdetail.md5fingerprint", aCert.md5Fingerprint], false) });
     this.showPrompt(p);
   },
 
-  crlImportStatusDialog: function(aCtx, aCrl) {
-    // this dialog is never shown in Fennec; in Desktop it is shown after importing a CRL
-    // via Preferences->Advanced->Encryption->Revocation Lists->Import.
-    throw "Unimplemented";
-  },
-
   viewCertDetails: function(details) {
     let p = this.getPrompt(this.getString("clientAuthAsk.message3"),
                     '',
                     [ this.getString("nssdialogs.ok.label") ]);
     p.addLabel({ label: details });
     this.showPrompt(p);
   },
 
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -333,25 +333,16 @@ CertInfoIssuedFor=Issued to:
 CertInfoIssuedBy=Issued by:
 CertInfoValid=Valid
 CertInfoFrom=from
 CertInfoTo=to
 CertInfoPurposes=Purposes
 CertInfoEmail=Email
 CertInfoStoredIn=Stored in:
 P12DefaultNickname=Imported Certificate
-CrlImportFailure1x=The application cannot import the Certificate Revocation List (CRL).
-CrlImportFailureExpired=A more recent version of this CRL is available.
-CrlImportFailureBadSignature=CRL has an invalid Signature.
-CrlImportFailureInvalid=New CRL has an invalid format.
-CrlImportFailureOld=New CRL is older than the current one.
-CrlImportFailureNotYetValid=The CRL is not yet valid. You might want to check your system clock.
-CrlImportFailureNetworkProblem=Download of the CRL failed due to Network problems.
-CrlImportFailureReasonUnknown=Error Importing CRL to local Database. Error Code: 
-CrlImportFailure2=Please ask your system administrator for assistance.
 NSSInitProblemX=Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.
 VerifyExpired=<Expired>
 VerifyRevoked=<Revoked>
 VerifyNotTrusted=<Not Trusted>
 VerifyIssuerNotTrusted=<Issuer Not Trusted>
 VerifyIssuerUnknown=<Issuer Unknown>
 VerifyInvalidCA=<Invalid CA>
 VerifyDisabledAlgorithm=<Signature Algorithm Not Secure>
--- a/security/manager/locales/en-US/chrome/pippki/pippki.dtd
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.dtd
@@ -71,18 +71,16 @@
 
 <!ENTITY escrowWarn.title "Encryption Key Copy">
 <!ENTITY escrowWarn.message1 "Important: This certificate authority has asked to make a backup of your encryption private key.">
 <!ENTITY escrowWarn.benefit1 "The benefit is that if you lose access to your encryption private key, you can request a copy from this certificate authority.">
 <!ENTITY escrowWarn.message2 "However, your encryption private key will be stored by the certificate authority, and could be used to read your encrypted email or documents without your permission.">
 <!ENTITY examineCert.label "View Certificate">
 <!ENTITY examineCert.accesskey "V">
 
-<!ENTITY serverCrlNextupdate.message "Please ask your system administrator for assistance">
-
 <!-- Strings for the CreateCertInfo dialog  -->
 <!ENTITY createCertInfo.title "Generating A Private Key">
 <!ENTITY createCertInfo.msg1 "Key Generation in progress… This may take a few minutes….">
 <!ENTITY createCertInfo.msg2 "Please wait…">
 
 <!-- Form Signing confirmation prompt -->
 <!ENTITY formSigning.title "Text Signing Request">
 <!ENTITY formSigning.cert "Signing Certificate">
--- a/security/manager/locales/en-US/chrome/pippki/pippki.properties
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.properties
@@ -120,40 +120,18 @@ devinfo_stat_uninitialized=Uninitialized
 devinfo_stat_notloggedin=Not Logged In
 devinfo_stat_loggedin=Logged In
 devinfo_stat_ready=Ready
 enable_fips=Enable FIPS
 disable_fips=Disable FIPS
 fips_nonempty_password_required=FIPS mode requires that you have a Master Password set for each security device. Please set the password before trying to enable FIPS mode.
 unable_to_toggle_fips=Unable to change the FIPS mode for the security device. It is recommended that you exit and restart this application.
 
-# CRL next update.
-crlNextUpdateMsg1=%S cannot establish an encrypted connection with "%S".
-crlNextUpdateMsg2=The certificate revocation list (CRL) from "%S" needs to be updated.
-NoUpdateFailure=None
-lastFetchUrlLabel=URL originally fetched from
-advertisedUrlLabel=URL advertised by the CA
-crlAutoUpdateDayCntError=Number of days before next update must be a number greater than zero.
-crlAutoUpdtaeFreqCntError=Frequency of update must be a number greater than zero.
-disabledStatement=Automatic Update is not enabled for this CRL.
-enabledStatement=Automatic Update is enabled for this CRL.
-crlAutoupdateQuestion1=Would you like to enable automatic update?
-crlAutoupdateQuestion2=Would you like to view the automatic update settings?
-undefinedValStr=<Not Defined>
-undefinedURL=Auto update URL is not defined.
-yesButton=Yes
-noButton=No
 resetPasswordConfirmationTitle=Reset Master Password
 resetPasswordConfirmationMessage=Your password has been reset.
-crlAutoupdateEnabled=Enabled
-crlAutoupdateNotEnabled=Not Enabled
-crlAutoupdateOk=OK
-crlAutoupdateFailed=Failed
-crlImportNewCRLTitle=Import Certificate Revocation List
-crlImportNewCRLLabel=Import the CRL from:
 
 #Import certificate(s) file dialog
 importEmailCertPrompt=Select File containing somebody's Email certificate to import
 importCACertsPrompt=Select File containing CA certificate(s) to import
 importServerCertPrompt=Select File containing Server certificate to import
 file_browse_Certificate_spec=Certificate Files
 
 # Form Signing confirmation prompt
deleted file mode 100644
--- a/security/manager/locales/en-US/chrome/pippki/validation.dtd
+++ /dev/null
@@ -1,34 +0,0 @@
-<!-- This Source Code Form is subject to the terms of the Mozilla Public
-   - License, v. 2.0. If a copy of the MPL was not distributed with this
-   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-
-<!ENTITY  validation.crlmanager.label             "Manage CRLs">
-<!ENTITY  validation.crlmanager.description       "These Certificate Revocation Lists (CRL) are stored in your certificate database:">
-<!ENTITY  validation.crlname.label                "Name">
-<!ENTITY  validation.crllastupdate.label          "Last Update">
-<!ENTITY  validation.crlnextupdate.label          "Next Update">
-<!ENTITY  validation.crlautoupdateenabled.label   "Auto Update">
-<!ENTITY  validation.crlautoupdatestatus.label    "Auto Update Status">
-<!ENTITY  validation.deletecrl.label              "Delete">
-<!ENTITY  validation.deletecrl.accesskey          "D">
-<!ENTITY  validation.updatecrl.label              "Update">
-<!ENTITY  validation.updatecrl.accesskey          "U">
-<!ENTITY  validation.advanced.label               "Settings">
-<!ENTITY  validation.advanced.accesskey           "S">
-
-<!ENTITY  validation.crl.autoupdate.title         "Automatic CRL Update Preferences">
-<!ENTITY  validation.crl.autoupdate.enable.label  "Enable Automatic Update for this CRL">
-<!ENTITY  validation.crl.autoupdate.time.label1   "Update">
-<!ENTITY  validation.crl.autoupdate.time.label2   "Day(s) before Next Update date">
-<!ENTITY  validation.crl.autoupdate.freq.label1   "Update every">
-<!ENTITY  validation.crl.autoupdate.freq.label2   "Day(s)">
-<!ENTITY  validation.crl.autoupdate.url.label     "CRL would be imported From:">
-<!ENTITY  crl.import.status.title                 "CRL Import Status">
-<!ENTITY  crl.import.success.message              "The Certificate Revocation List (CRL) was successfully imported.">
-<!ENTITY  crl.issuer.label                        "CRL Issued By:">
-<!ENTITY  crl.issuer.org.label                    "Organization: ">
-<!ENTITY  crl.issuer.orgunit.label                "Unit: ">
-<!ENTITY  crl.import.nextupdate.label             "Next Update On: ">
-<!ENTITY  crl.autoupdate.fail.cnt.label           "Previous Consecutive Update Failures: ">
-<!ENTITY  crl.autoupdate.fail.reason.label        "Details of Last Update Failure: ">
-<!ENTITY  edit.button                             "Settings">
--- a/security/manager/locales/jar.mn
+++ b/security/manager/locales/jar.mn
@@ -9,9 +9,8 @@
 % locale pippki @AB_CD@ %locale/@AB_CD@/pippki/
   locale/@AB_CD@/pipnss/pipnss.properties     (%chrome/pipnss/pipnss.properties)
   locale/@AB_CD@/pipnss/nsserrors.properties  (%chrome/pipnss/nsserrors.properties)
   locale/@AB_CD@/pipnss/security.properties   (%chrome/pipnss/security.properties)
   locale/@AB_CD@/pippki/pippki.dtd            (%chrome/pippki/pippki.dtd)
   locale/@AB_CD@/pippki/pippki.properties     (%chrome/pippki/pippki.properties)
   locale/@AB_CD@/pippki/certManager.dtd       (%chrome/pippki/certManager.dtd)
   locale/@AB_CD@/pippki/deviceManager.dtd     (%chrome/pippki/deviceManager.dtd)
-  locale/@AB_CD@/pippki/validation.dtd        (%chrome/pippki/validation.dtd)
deleted file mode 100644
--- a/security/manager/pki/resources/content/crlImportDialog.js
+++ /dev/null
@@ -1,84 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-const nsPKIParamBlock    = "@mozilla.org/security/pkiparamblock;1";
-const nsIPKIParamBlock    = Components.interfaces.nsIPKIParamBlock;
-const nsIX509Cert         = Components.interfaces.nsIX509Cert;
-const nsICRLInfo          = Components.interfaces.nsICRLInfo;
-const nsIPrefService      = Components.interfaces.nsIPrefService
-
-var pkiParams;
-var cert;
-var crl;
-
-function onLoad()
-{
-  pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);  
-  isupport = pkiParams.getISupportAtIndex(1);
-  if (isupport) {
-    crl = isupport.QueryInterface(nsICRLInfo);
-  }
-  var bundle = document.getElementById("pippki_bundle");
-  var yesButton = bundle.getString("yesButton");
-  var noButton = bundle.getString("noButton");
-  document.documentElement.getButton("accept").label = yesButton;
-  document.documentElement.getButton("cancel").label = noButton;
-  
-  var nextUpdateStr;
-  var orgStr;
-  var orgUnitStr;
-
-  if(crl != null) {    
-    nextUpdateStr = crl.nextUpdateLocale;
-    if( (nextUpdateStr == null) || (nextUpdateStr.length == 0) ){
-      nextUpdateStr = bundle.getString("undefinedValStr");
-    }
-    var nextUpdate = document.getElementById("nextUpdate");
-    nextUpdate.setAttribute("value",nextUpdateStr);
-    var org = document.getElementById("orgText");
-    org.setAttribute("value", crl.organization);
-    var orgUnit = document.getElementById("orgUnitText");
-    orgUnit.setAttribute("value", crl.organizationalUnit);
-
-    var autoupdateEnabledString   = "security.crl.autoupdate.enable." + crl.nameInDb;
-    
-    var updateEnabled = false;
-    try {
-      var prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(nsIPrefService);
-      var prefBranch = prefService.getBranch(null);
-      updateEnabled = prefBranch.getBoolPref(autoupdateEnabledString);
-      if(updateEnabled) {
-        var autoupdateURLString       = "security.crl.autoupdate.url." + crl.nameInDb;
-        prefBranch.setCharPref(autoupdateURLString, crl.lastFetchURL);
-        prefService.savePrefFile(null);
-      }
-    }catch(exception){}
-
-    var statement = document.getElementById("status");
-    var question = document.getElementById("question");
-    if(updateEnabled) {
-      statement.setAttribute("value", bundle.getString("enabledStatement"));
-      question.setAttribute("value", bundle.getString("crlAutoupdateQuestion2"));
-    } else {
-      statement.setAttribute("value", bundle.getString("disabledStatement"));
-      question.setAttribute("value", bundle.getString("crlAutoupdateQuestion1"));
-    }
-  }  
-}
-
-function onCancel()
-{
-  return true;
-}
-
-
-function onAccept()
-{
-  var params = Components.classes[nsPKIParamBlock].createInstance(nsIPKIParamBlock);
-  params.setISupportAtIndex(1, crl);
-  
-  window.openDialog("chrome://pippki/content/pref-crlupdate.xul","",
-                    "chrome,centerscreen,modal",params);
-  return true;
-}
deleted file mode 100644
--- a/security/manager/pki/resources/content/crlImportDialog.xul
+++ /dev/null
@@ -1,52 +0,0 @@
-<?xml version="1.0"?>
-<!-- This Source Code Form is subject to the terms of the Mozilla Public
-   - License, v. 2.0. If a copy of the MPL was not distributed with this
-   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/validation.dtd">
-
-<dialog id="crlImportSuccess" 
-  title="&crl.import.status.title;"
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
-  onload="onLoad();"
-  buttons="accept,cancel"
-  ondialogaccept="return onAccept();"
-  ondialogcancel="return onCancel();">
-
-  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
-
-  <script type="application/javascript" src="chrome://pippki/content/crlImportDialog.js" />
-  <script type="application/javascript" src="pippki.js" />
-
-  <vbox style="margin: 5px;" flex="1">
-
-    <text value="&crl.import.success.message;" />
-    <separator/>
-  
-    <text class="header" value="&crl.issuer.label;" />
-    <hbox>
-      <text value="&crl.issuer.org.label;" />
-      <text id="orgText" />
-    </hbox>
-    <hbox>
-      <text value="&crl.issuer.orgunit.label;" />
-      <text id="orgUnitText" />
-    </hbox>
-    <separator/>
-
-    <hbox>
-      <text value="&crl.import.nextupdate.label;" />
-      <text id="nextUpdate" />
-    </hbox>
-    <separator/>
-
-    <vbox>
-      <text id="status" />
-      <text id="question" />
-    </vbox>
-
-  </vbox>
-
-</dialog>
deleted file mode 100644
--- a/security/manager/pki/resources/content/crlManager.js
+++ /dev/null
@@ -1,222 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-const nsICRLManager = Components.interfaces.nsICRLManager;
-const nsCRLManager  = "@mozilla.org/security/crlmanager;1";
-const nsICRLInfo = Components.interfaces.nsICRLInfo;
-const nsISupportsArray = Components.interfaces.nsISupportsArray;
-const nsIPKIParamBlock    = Components.interfaces.nsIPKIParamBlock;
-const nsPKIParamBlock    = "@mozilla.org/security/pkiparamblock;1";
-const nsIPrefService      = Components.interfaces.nsIPrefService;
-
-var crlManager;
-var crls;
-var prefService;
-var prefBranch;
-
-var autoupdateEnabledBaseString   = "security.crl.autoupdate.enable.";
-var autoupdateTimeTypeBaseString  = "security.crl.autoupdate.timingType.";
-var autoupdateTimeBaseString      = "security.crl.autoupdate.nextInstant.";
-var autoupdateURLBaseString       = "security.crl.autoupdate.url.";
-var autoupdateErrCntBaseString    = "security.crl.autoupdate.errCount.";
-var autoupdateErrDetailBaseString = "security.crl.autoupdate.errDetail.";
-var autoupdateDayCntString        = "security.crl.autoupdate.dayCnt.";
-var autoupdateFreqCntString       = "security.crl.autoupdate.freqCnt.";
-
-function onLoad()
-{
-  var crlEntry;
-  var i;
-
-  crlManager = Components.classes[nsCRLManager].getService(nsICRLManager);
-  crls = crlManager.getCrls();
-  prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(nsIPrefService);
-  prefBranch = prefService.getBranch(null);
-  var bundle = document.getElementById("pippki_bundle");
-  var autoupdateEnabledString;
-  var autoupdateErrCntString;
-
-  for (i=0; i<crls.length; i++) {
-    crlEntry = crls.queryElementAt(i, nsICRLInfo);
-    var org = crlEntry.organization;
-    var orgUnit = crlEntry.organizationalUnit;
-    var lastUpdate = crlEntry.lastUpdateLocale;
-    var nextUpdate = crlEntry.nextUpdateLocale;
-    autoupdateEnabledString    = autoupdateEnabledBaseString + crlEntry.nameInDb;
-    autoupdateErrCntString    = autoupdateErrCntBaseString + crlEntry.nameInDb;
-    var enabled = false;
-    var enabledStr = bundle.getString("crlAutoupdateNotEnabled");
-    var status = "";
-    try{
-      enabled = prefBranch.getBoolPref(autoupdateEnabledString)
-      if(enabled){
-        enabledStr = bundle.getString("crlAutoupdateEnabled");
-      }
-      var cnt;
-      cnt = prefBranch.getIntPref(autoupdateErrCntString);
-      if(cnt > 0){
-        status = bundle.getString("crlAutoupdateFailed");
-      } else {
-        status = bundle.getString("crlAutoupdateOk");
-      }
-    }catch(exception){}
-    
-    AddItem("crlList", [org, orgUnit, lastUpdate, nextUpdate, enabledStr, status], "crltree_", i);
-  }
-}
-
-function AddItem(children,cells,prefix,idfier)
-{
-  var kids = document.getElementById(children);
-  var item  = document.createElement("treeitem");
-  var row   = document.createElement("treerow");
-  for(var i = 0; i < cells.length; i++)
-  {
-    var cell  = document.createElement("treecell");
-    cell.setAttribute("class", "propertylist");
-    cell.setAttribute("label", cells[i])
-    row.appendChild(cell);
-  }
-  item.appendChild(row);
-  item.setAttribute("id",prefix + idfier);
-  kids.appendChild(item);
-}
-
-function DeleteCrlSelected() {
-  var crlEntry;
-
-  // delete selected item
-  var crltree = document.getElementById("crltree");
-  var i = crltree.currentIndex;
-  if(i<0){
-    return;
-  }
-  crlEntry = crls.queryElementAt(i, nsICRLInfo);
-    
-  var autoupdateEnabled = false;
-  var autoupdateParamAvailable = false;
-  var id = crlEntry.nameInDb;
-  
-  //First, check if autoupdate was enabled for this crl
-  try {
-    autoupdateEnabled = prefBranch.getBoolPref(autoupdateEnabledBaseString + id);
-    //Note, if the pref is not present, we get an exception right here,
-    //and autoupdateEnabled remains false
-    autoupdateParamAvailable = true;
-    prefBranch.clearUserPref(autoupdateEnabledBaseString + id);
-    prefBranch.clearUserPref(autoupdateTimeTypeBaseString + id);
-    prefBranch.clearUserPref(autoupdateTimeBaseString + id);
-    prefBranch.clearUserPref(autoupdateURLBaseString + id);
-    prefBranch.clearUserPref(autoupdateDayCntString + id);
-    prefBranch.clearUserPref(autoupdateFreqCntString + id);
-    prefBranch.clearUserPref(autoupdateErrCntBaseString + id);
-    prefBranch.clearUserPref(autoupdateErrDetailBaseString + id);
-  } catch(Exception){}
-
-  //Once we have deleted the prefs that can be deleted, we save the 
-  //file if relevant, restart the scheduler, and once we are successful 
-  //in doind that, we try to delete the crl 
-  try{
-    if(autoupdateParamAvailable){
-      prefService.savePrefFile(null);
-    }
-
-    if(autoupdateEnabled){
-      crlManager.rescheduleCRLAutoUpdate();
-    }
-          
-    // Now, try to delete it
-    crlManager.deleteCrl(i);
-    DeleteItemSelected("crltree", "crltree_", "crlList");
-    //To do: If delete fails, we should be able to retrieve the deleted
-    //settings
-    //XXXXXXXXXXXXXXXXXXXXX
-  
-  }catch(exception) {
-    //To Do: Possibly show an error ...
-    //XXXXXXXXXXXX
-  }
-
-  EnableCrlActions();
-}
-
-function EnableCrlActions() {
-  var tree = document.getElementById("crltree");
-  if (tree.view.selection.count) {
-    document.getElementById("deleteCrl").removeAttribute("disabled");
-    document.getElementById("editPrefs").removeAttribute("disabled");
-    document.getElementById("updateCRL").removeAttribute("disabled");
-  } else {
-    document.getElementById("deleteCrl").setAttribute("disabled", "true");
-    document.getElementById("editPrefs").setAttribute("disabled", "true");
-    document.getElementById("updateCRL").setAttribute("disabled", "true");
-  }
-}
-
-function DeleteItemSelected(tree, prefix, kids) {
-  var i;
-  var delnarray = [];
-  var rv = "";
-  var cookietree = document.getElementById(tree);
-  var rangeCount = cookietree.view.selection.getRangeCount();
-  for(i = 0; i < rangeCount; ++i) 
-  { 
-    var start = {}, end = {};
-    cookietree.view.selection.getRangeAt(i, start, end);
-    for (var k = start.value; k <= end.value; ++k) {
-      var item = cookietree.contentView.getItemAtIndex(k);
-      delnarray[i] = document.getElementById(item.id);
-      var itemid = parseInt(item.id.substring(prefix.length, item.id.length));
-      rv += (itemid + ",");
-    }
-  }
-  for(i = 0; i < delnarray.length; i++) 
-  { 
-    document.getElementById(kids).removeChild(delnarray[i]);
-  }
-  return rv;
-}
-
-function EditAutoUpdatePrefs() {
-  var crlEntry;
-
-  // delete selected item
-  var crltree = document.getElementById("crltree");
-  var i = crltree.currentIndex;
-  if(i<0){
-    return;
-  }
-  crlEntry = crls.queryElementAt(i, nsICRLInfo);
-  var params = Components.classes[nsPKIParamBlock].createInstance(nsIPKIParamBlock);
-  params.setISupportAtIndex(1, crlEntry);
-  window.openDialog("chrome://pippki/content/pref-crlupdate.xul","",
-                    "chrome,centerscreen,modal", params);
-}
-
-function UpdateCRL()
-{
-  var crlEntry;
-  var crltree = document.getElementById("crltree");
-  var i = crltree.currentIndex;
-  if(i<0){
-    return;
-  }
-  crlEntry = crls.queryElementAt(i, nsICRLInfo);
-  crlManager.updateCRLFromURL(crlEntry.lastFetchURL, crlEntry.nameInDb);
-}
-
-function ImportCRL()
-{
-  // prompt for the URL to import from
-  var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
-  
-  var CRLLocation = {value:null};
-  var dummy = { value: 0 };
-  var strBundle = document.getElementById('pippki_bundle');
-  var addCRL = promptService.prompt(window, strBundle.getString('crlImportNewCRLTitle'), 
-                                    strBundle.getString('crlImportNewCRLLabel'),  CRLLocation, null, dummy);
-
-  if (addCRL)
-    crlManager.updateCRLFromURL(CRLLocation.value, "");
-}
deleted file mode 100644
--- a/security/manager/pki/resources/content/crlManager.xul
+++ /dev/null
@@ -1,71 +0,0 @@
-<?xml version="1.0"?>
-<!-- This Source Code Form is subject to the terms of the Mozilla Public
-   - License, v. 2.0. If a copy of the MPL was not distributed with this
-   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?> 
-
-<!DOCTYPE dialog [
-    <!ENTITY % prefValDTD SYSTEM "chrome://pippki/locale/validation.dtd">
-    %prefValDTD;
-    <!ENTITY % prefCertMgrDTD SYSTEM "chrome://pippki/locale/certManager.dtd">
-    %prefCertMgrDTD;
-]>
-
-<dialog id="crlviewer"
-        windowtype="mozilla:crlmanager"
-        title="&validation.crlmanager.label;"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        style="width: 65ch;"
-        onload="onLoad();"
-        buttons="accept"
-        buttonlabelaccept="&certmgr.close.label;"
-        persist="screenX screenY width height">
-
-  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
-
-  <script type="application/javascript" src="chrome://pippki/content/crlManager.js"/>
-
-  <description value="&validation.crlmanager.description;"/>
-  <separator class="thin"/>
-  <tree id="crltree" style="height: 10em;"
-   onselect="EnableCrlActions()" flex="1">
-    <treecols>
-      <treecol id="Col1" flex="3" label="&certmgr.certdetail.o;"/>
-      <splitter class="tree-splitter"/>
-      <treecol id="Col2" flex="5" label="&certmgr.certdetail.ou;"/>
-      <splitter class="tree-splitter"/>
-      <treecol id="Col3" flex="2" label="&validation.crllastupdate.label;"/>
-      <splitter class="tree-splitter"/>
-      <treecol id="Col4" flex="2" label="&validation.crlnextupdate.label;"/>
-      <splitter class="tree-splitter"/>
-      <treecol id="Col5" flex="2" label="&validation.crlautoupdateenabled.label;"/>
-      <splitter class="tree-splitter"/>
-      <treecol id="Col6" flex="3" label="&validation.crlautoupdatestatus.label;"/>
-    </treecols>
-
-    <treechildren id="crlList"/>
-  </tree>
-  <separator class="thin"/>
-
-  <hbox id="dialogButtons">
-    <button id="deleteCrl" disabled="true"
-            label="&validation.deletecrl.label;"
-            accesskey="&validation.deletecrl.accesskey;"
-            oncommand="DeleteCrlSelected();"/>
-    <button id="editPrefs" class="push" disabled="true"
-            label="&validation.advanced.label;"
-            accesskey="&validation.advanced.accesskey;"
-            oncommand="EditAutoUpdatePrefs();"/>
-    <button id="updateCRL" class="push" disabled="true"
-            label="&validation.updatecrl.label;"
-            accesskey="&validation.updatecrl.accesskey;"
-            oncommand="UpdateCRL();"/>
-    <button id="importCRL" class="push"
-            label="&certmgr.restore2.label;"
-            accesskey="&certmgr.restore2.accesskey;"
-            oncommand="ImportCRL();"/>
-    <spacer flex="2"/>
-    <button dlgtype="accept"/>
-  </hbox>
-</dialog>
deleted file mode 100644
--- a/security/manager/pki/resources/content/pref-crlupdate.js
+++ /dev/null
@@ -1,242 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-const nsICRLManager = Components.interfaces.nsICRLManager;
-const nsCRLManager  = "@mozilla.org/security/crlmanager;1";
-const nsIPKIParamBlock    = Components.interfaces.nsIPKIParamBlock;
-const nsICRLInfo          = Components.interfaces.nsICRLInfo;
-const nsIPrefService      = Components.interfaces.nsIPrefService;
- 
-var crl;
-var bundle;
-var prefService;
-var prefBranch;
-var updateTypeRadio;
-var enabledCheckBox;
-var timeBasedRadio;
-var freqBasedRadio;
-var crlManager;
-
-var autoupdateEnabledString   = "security.crl.autoupdate.enable.";
-var autoupdateTimeTypeString  = "security.crl.autoupdate.timingType.";
-var autoupdateTimeString      = "security.crl.autoupdate.nextInstant.";
-var autoupdateURLString       = "security.crl.autoupdate.url.";
-var autoupdateErrCntString    = "security.crl.autoupdate.errCount.";
-var autoupdateErrDetailString = "security.crl.autoupdate.errDetail.";
-var autoupdateDayCntString    = "security.crl.autoupdate.dayCnt.";
-var autoupdateFreqCntString   = "security.crl.autoupdate.freqCnt.";
-
-function doPrompt(msg)
-{
-  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
-    getService(Components.interfaces.nsIPromptService);
-  prompts.alert(window, null, msg);
-}
-
-function onLoad()
-{
-  crlManager = Components.classes[nsCRLManager].getService(nsICRLManager);
-  var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);  
-  var isupport = pkiParams.getISupportAtIndex(1);
-  crl = isupport.QueryInterface(nsICRLInfo);
-
-  autoupdateEnabledString    = autoupdateEnabledString + crl.nameInDb;
-  autoupdateTimeTypeString  = autoupdateTimeTypeString + crl.nameInDb;
-  autoupdateTimeString      = autoupdateTimeString + crl.nameInDb;
-  autoupdateDayCntString    = autoupdateDayCntString + crl.nameInDb;
-  autoupdateFreqCntString   = autoupdateFreqCntString + crl.nameInDb;
-  autoupdateURLString       = autoupdateURLString + crl.nameInDb;
-  autoupdateErrCntString    = autoupdateErrCntString + crl.nameInDb;
-  autoupdateErrDetailString = autoupdateErrDetailString + crl.nameInDb;
-
-  bundle = document.getElementById("pippki_bundle");
-  prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(nsIPrefService);
-  prefBranch = prefService.getBranch(null);
-
-  updateTypeRadio = document.getElementById("autoUpdateType");
-  enabledCheckBox = document.getElementById("enableCheckBox");
-  timeBasedRadio = document.getElementById("timeBasedRadio");
-  freqBasedRadio = document.getElementById("freqBasedRadio");
-
-  //Read the existing prefs, if any
-  initializeSelection();
-}
-
-function updateSelectedTimingControls()
-{
-  var freqBox = document.getElementById("nextUpdateFreq");
-  var timeBox = document.getElementById("nextUpdateDay");
-  if(updateTypeRadio.selectedItem.id == "freqBasedRadio"){
-    freqBox.removeAttribute("disabled");
-    timeBox.disabled = true;
-  } else {
-    timeBox.removeAttribute("disabled");
-    freqBox.disabled = true;
-  }
-}
-
-function initializeSelection()
-{
-  var menuItemNode;
-  var hasAdvertisedURL = false;
-  var hasNextUpdate = true;
-
-  var lastFetchMenuNode;
-  var advertisedMenuNode;
-  
-  try {
-    var isEnabled = prefBranch.getBoolPref(autoupdateEnabledString);
-    enabledCheckBox.checked = isEnabled;
-  } catch(exception){
-    enabledCheckBox.checked = false;
-  }
-
-  //Always the last fetch url, for now.
-  var URLDisplayed = document.getElementById("urlName"); 
-  URLDisplayed.value = crl.lastFetchURL;
-  
-  //Decide how many update timing types to be shown
-  //If no next update specified, hide the first choice. Default shows both
-  if(crl.nextUpdateLocale == null || crl.nextUpdateLocale.length == 0) {
-    timeBasedRadio.disabled = true;
-    hasNextUpdate = false;
-  }
-  
-  //Set up the initial selections based on defaults and prefs, if any
-  try{
-    var timingPref = prefBranch.getIntPref(autoupdateTimeTypeString);
-    if(timingPref != null) {
-      if(timingPref == crlManager.TYPE_AUTOUPDATE_TIME_BASED) {
-        if(hasNextUpdate){
-          updateTypeRadio.selectedItem = timeBasedRadio;
-        }
-      } else {
-        updateTypeRadio.selectedItem = freqBasedRadio;
-      }
-    } else {
-      if(hasNextUpdate){
-        updateTypeRadio.selectedItem = timeBasedRadio;
-      } else {
-        updateTypeRadio.selectedItem = freqBasedRadio;
-      }
-    }
-    
-  }catch(exception){
-    if(!hasNextUpdate) {
-      updateTypeRadio.selectedItem = freqBasedRadio;
-    } else {
-      updateTypeRadio.selectedItem = timeBasedRadio;
-    }
-  }
-
-  updateSelectedTimingControls();
-
-  //Now, retrieving the day count
-  var timeBasedBox = document.getElementById("nextUpdateDay");
-  try {
-    var dayCnt = prefBranch.getCharPref(autoupdateDayCntString);
-    //doPrompt(dayCnt);
-    if(dayCnt != null){
-      timeBasedBox.value = dayCnt;
-    } else {
-      timeBasedBox.value = 1; 
-    }
-  } catch(exception) {
-    timeBasedBox.value = 1;
-  }
-
-  var freqBasedBox = document.getElementById("nextUpdateFreq");
-  try {
-    var freqCnt = prefBranch.getCharPref(autoupdateFreqCntString);
-    //doPrompt(freqCnt);
-    if(freqCnt != null){
-      freqBasedBox.value = freqCnt;
-    } else {
-      freqBasedBox.value = 1; 
-    }
-  } catch(exception) {
-    freqBasedBox.value = 1;
-  }
-
-  var errorCountText = document.getElementById("FailureCnt");
-  var errorDetailsText = document.getElementById("FailureDetails");
-  var cnt = 0;
-  var text;
-  try{
-    cnt = prefBranch.getIntPref(autoupdateErrCntString);
-    txt = prefBranch.getCharPref(autoupdateErrDetailString);
-  }catch(exception){}
-
-  if( cnt > 0 ){
-    errorCountText.setAttribute("value",cnt);
-    errorDetailsText.setAttribute("value",txt);
-  } else {
-    errorCountText.setAttribute("value", bundle.getString("NoUpdateFailure"));
-    var reasonBox = document.getElementById("reasonbox");
-    reasonBox.hidden = true;
-  }
-}
-
-function onCancel()
-{
-  // Close dialog by returning true
-  return true;
-}
-
-function onAccept()
-{
-   if(!validatePrefs())
-     return false;
-
-   //set enable pref
-   prefBranch.setBoolPref(autoupdateEnabledString, enabledCheckBox.checked );
-   
-   //set URL TYPE and value prefs - always to last fetch url - till we have anything else available
-   prefBranch.setCharPref(autoupdateURLString, crl.lastFetchURL);
-   
-   var timingTypeId = updateTypeRadio.selectedItem.id;
-   var updateTime;
-   var dayCnt = (document.getElementById("nextUpdateDay")).value;
-   var freqCnt = (document.getElementById("nextUpdateFreq")).value;
-
-   if(timingTypeId == "timeBasedRadio"){
-     prefBranch.setIntPref(autoupdateTimeTypeString, crlManager.TYPE_AUTOUPDATE_TIME_BASED);
-     updateTime = crlManager.computeNextAutoUpdateTime(crl, crlManager.TYPE_AUTOUPDATE_TIME_BASED, dayCnt);
-   } else {
-     prefBranch.setIntPref(autoupdateTimeTypeString, crlManager.TYPE_AUTOUPDATE_FREQ_BASED);
-     updateTime = crlManager.computeNextAutoUpdateTime(crl, crlManager.TYPE_AUTOUPDATE_FREQ_BASED, freqCnt);
-   }
-
-   //doPrompt(updateTime);
-   prefBranch.setCharPref(autoupdateTimeString, updateTime); 
-   prefBranch.setCharPref(autoupdateDayCntString, dayCnt);
-   prefBranch.setCharPref(autoupdateFreqCntString, freqCnt);
-
-   //Save Now
-   prefService.savePrefFile(null);
-   
-   crlManager.rescheduleCRLAutoUpdate();
-   //Close dialog by returning true
-   return true;
-}
-
-function validatePrefs()
-{
-   var dayCnt = (document.getElementById("nextUpdateDay")).value;
-   var freqCnt = (document.getElementById("nextUpdateFreq")).value;
-
-   var tmp = parseFloat(dayCnt);
-   if(!(tmp > 0.0)){
-     doPrompt(bundle.getString("crlAutoUpdateDayCntError"));
-     return false;
-   }
-   
-   tmp = parseFloat(freqCnt);
-   if(!(tmp > 0.0)){
-     doPrompt(bundle.getString("crlAutoUpdtaeFreqCntError"));
-     return false;
-   }
-   
-   return true;
-}
deleted file mode 100644
--- a/security/manager/pki/resources/content/pref-crlupdate.xul
+++ /dev/null
@@ -1,64 +0,0 @@
-<?xml version="1.0"?>
-<!-- This Source Code Form is subject to the terms of the Mozilla Public
-   - License, v. 2.0. If a copy of the MPL was not distributed with this
-   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/validation.dtd">
-
-<dialog id="crlUpdatePref" 
-  title="&validation.crl.autoupdate.title;"
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
-  onload="onLoad();"
-  buttons="accept,cancel"
-  ondialogaccept="return onAccept();"
-  ondialogcancel="return onCancel();">
-
-  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
-
-  <script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
-  <script type="application/javascript" src="chrome://pippki/content/pref-crlupdate.js" />
-
-  <vbox style="margin: 5px;" flex="1">
-    <checkbox label="&validation.crl.autoupdate.enable.label;" 
-            checked="false" id="enableCheckBox"/>
-    <separator/>
-
-    <vbox>
-      <radiogroup id="autoUpdateType" flex="1" oncommand="updateSelectedTimingControls();" >
-        <hbox align="center" id="timeBasedBox">
-          <radio label="&validation.crl.autoupdate.time.label1;"
-                 id="timeBasedRadio" value="1" group="autoUpdateType"/>
-          <textbox width="20" value="1" id="nextUpdateDay" />
-          <text value="&validation.crl.autoupdate.time.label2;" />
-        </hbox>
-        
-        <hbox align="center" id="freqBasedBox">
-          <radio label="&validation.crl.autoupdate.freq.label1;"
-                 id="freqBasedRadio" value="2" group="autoUpdateType"/>
-          <textbox width="20" value="1" id="nextUpdateFreq" />
-          <text value="&validation.crl.autoupdate.freq.label2;" />
-        </hbox>
-      </radiogroup>
-    </vbox>
-    <separator/>
-
-    <vbox>
-      <text value="&validation.crl.autoupdate.url.label;" />
-      <textbox readonly="true" id="urlName" />
-    </vbox>
-    <separator/>
-
-    <hbox>  
-      <text value="&crl.autoupdate.fail.cnt.label;" />
-      <text id="FailureCnt" />
-    </hbox>
-    <hbox id="reasonbox">  
-      <text value="&crl.autoupdate.fail.reason.label;" />
-      <text id="FailureDetails" />
-    </hbox>
-    
-  </vbox>
-
-</dialog>
deleted file mode 100644
--- a/security/manager/pki/resources/content/serverCrlNextupdate.js
+++ /dev/null
@@ -1,34 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-
-const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
-const nsIPKIParamBlock    = Components.interfaces.nsIPKIParamBlock;
-const nsIX509Cert         = Components.interfaces.nsIX509Cert;
-
-var dialogParams;
-var pkiParams;
-var bundle;
-
-function onLoad()
-{
-  pkiParams    = window.arguments[0].QueryInterface(nsIPKIParamBlock);
-  dialogParams = pkiParams.QueryInterface(nsIDialogParamBlock);
-  var isupport = pkiParams.getISupportAtIndex(1);
-  var cert = isupport.QueryInterface(nsIX509Cert);
-  var connectURL = dialogParams.GetString(1); 
-  var gBundleBrand = document.getElementById("brand_bundle");
-  var brandName = gBundleBrand.getString("brandShortName");
-
-  bundle = document.getElementById("pippki_bundle");
- 
-  var message1 = bundle.getFormattedString("crlNextUpdateMsg1",
-                                           [brandName, connectURL]);
-  var message2 = bundle.getFormattedString("crlNextUpdateMsg2",
-                                           [cert.issuerOrganization]);
-  setText("message1", message1);
-  setText("message2", message2);
-}
deleted file mode 100644
--- a/security/manager/pki/resources/content/serverCrlNextupdate.xul
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0"?>
-<!-- This Source Code Form is subject to the terms of the Mozilla Public
-   - License, v. 2.0. If a copy of the MPL was not distributed with this
-   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<!-- CHANGE THIS WHEN MOVING FILES -->
-<!DOCTYPE dialog [
-    <!ENTITY % pipPkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd">
-    %pipPkiDTD;
-]>
-
-<dialog
-  id="serverCrlNextupdate"
-  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"      
-  style="width: 30em;"
-  buttons="accept"
-  defaultButton="accept"
-  ondialoghelp="openHelp('exp_crl');"
-  onload="onLoad();"
->
-
-<stringbundleset id="stringbundleset">
-  <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
-  <stringbundle id="brand_bundle" src="chrome://branding/locale/brand.properties"/>
-</stringbundleset>
-
-<script type="application/javascript" src="chrome://pippki/content/pippki.js" />
-<script type="application/javascript" src="chrome://pippki/content/serverCrlNextupdate.js" />
-
-  <description id="message1"/>
-  <separator/>
-  <description id="message2"/>
-  <separator/>
-  <label value="&serverCrlNextupdate.message;"/>
-
-</dialog>
--- a/security/manager/pki/resources/jar.mn
+++ b/security/manager/pki/resources/jar.mn
@@ -41,22 +41,14 @@ pippki.jar:
     content/pippki/certDump.xul              (content/certDump.xul)
     content/pippki/device_manager.xul        (content/device_manager.xul)
     content/pippki/device_manager.js         (content/device_manager.js)
     content/pippki/load_device.xul           (content/load_device.xul)
     content/pippki/choosetoken.xul           (content/choosetoken.xul)
     content/pippki/choosetoken.js            (content/choosetoken.js)
     content/pippki/escrowWarn.xul            (content/escrowWarn.xul)
     content/pippki/escrowWarn.js             (content/escrowWarn.js)
-    content/pippki/crlManager.xul            (content/crlManager.xul)
-    content/pippki/crlManager.js             (content/crlManager.js)
-    content/pippki/serverCrlNextupdate.js    (content/serverCrlNextupdate.js)
-    content/pippki/serverCrlNextupdate.xul   (content/serverCrlNextupdate.xul)
     content/pippki/createCertInfo.xul        (content/createCertInfo.xul)
     content/pippki/createCertInfo.js         (content/createCertInfo.js)
-    content/pippki/crlImportDialog.xul       (content/crlImportDialog.xul)
-    content/pippki/crlImportDialog.js        (content/crlImportDialog.js)
-    content/pippki/pref-crlupdate.xul        (content/pref-crlupdate.xul)
-    content/pippki/pref-crlupdate.js         (content/pref-crlupdate.js)
     content/pippki/protectedAuth.xul         (content/protectedAuth.xul)
     content/pippki/protectedAuth.js          (content/protectedAuth.js)
     content/pippki/formsigning.xul           (content/formsigning.xul)
     content/pippki/formsigning.js            (content/formsigning.js)
--- a/security/manager/pki/src/nsNSSDialogs.cpp
+++ b/security/manager/pki/src/nsNSSDialogs.cpp
@@ -26,17 +26,16 @@
 
 #include "nsNSSDialogs.h"
 #include "nsPKIParamBlock.h"
 #include "nsIKeygenThread.h"
 #include "nsIProtectedAuthThread.h"
 #include "nsNSSDialogHelper.h"
 #include "nsIWindowWatcher.h"
 #include "nsIX509CertValidity.h"
-#include "nsICRLInfo.h"
 
 #include "nsEmbedCID.h"
 #include "nsIPromptService.h"
 
 #define PIPSTRING_BUNDLE_URL "chrome://pippki/locale/pippki.properties"
 
 /* ==== */
 
@@ -135,37 +134,16 @@ nsNSSDialogs::GetPassword(nsIInterfaceRe
   if (!*_canceled) {
     // retrieve the password
     rv = block->GetString(2, _password);
   }
   return rv;
 }
 
 NS_IMETHODIMP 
-nsNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICRLInfo *crl)
-{
-  nsresult rv;
-
-  nsCOMPtr<nsIPKIParamBlock> block =
-           do_CreateInstance(NS_PKIPARAMBLOCK_CONTRACTID,&rv);
-  if (NS_FAILED(rv))
-    return rv;
-  
-  rv = block->SetISupportAtIndex(1, crl);
-  if (NS_FAILED(rv))
-    return rv;
-
-  rv = nsNSSDialogHelper::openDialog(nullptr,
-                             "chrome://pippki/content/crlImportDialog.xul",
-                             block,
-                             false);
-  return NS_OK;
-}
-
-NS_IMETHODIMP 
 nsNSSDialogs::ConfirmDownloadCACert(nsIInterfaceRequestor *ctx, 
                                     nsIX509Cert *cert,
                                     uint32_t *_trust,
                                     bool *_retval)
 {
   nsresult rv;
 
   *_retval = true;
--- a/security/manager/ssl/public/moz.build
+++ b/security/manager/ssl/public/moz.build
@@ -11,18 +11,16 @@ XPIDL_SOURCES += [
     'nsIAssociatedContentSecurity.idl',
     'nsIBadCertListener2.idl',
     'nsICMSDecoder.idl',
     'nsICMSEncoder.idl',
     'nsICMSMessage.idl',
     'nsICMSMessage2.idl',
     'nsICMSMessageErrors.idl',
     'nsICMSSecureMessage.idl',
-    'nsICRLInfo.idl',
-    'nsICRLManager.idl',
     'nsICertOverrideService.idl',
     'nsICertPickDialogs.idl',
     'nsICertificateDialogs.idl',
     'nsICertificatePrincipal.idl',
     'nsIClientAuthDialogs.idl',
     'nsIDOMCryptoDialogs.idl',
     'nsIDataSignatureVerifier.idl',
     'nsIFormSigningDialog.idl',
deleted file mode 100644
--- a/security/manager/ssl/public/nsICRLInfo.idl
+++ /dev/null
@@ -1,58 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-/**
- * Information on a Certificate Revocation List (CRL)
- * issued by a Aertificate Authority (CA).
- */
-[scriptable, uuid(c185d920-4a3e-11d5-ba27-00108303b117)]
-interface nsICRLInfo : nsISupports {
-
-  /**
-   *  The issuing CA's organization.
-   */
-  readonly attribute AString organization;
-
-  /**
-   *  The issuing CA's organizational unit.
-   */
-  readonly attribute AString organizationalUnit;
-
-  /**
-   *  The time this CRL was created at.
-   */
-  readonly attribute PRTime  lastUpdate;
-
-  /**
-   *  The time the suggested next update for this CRL.
-   */
-  readonly attribute PRTime  nextUpdate;
-
-  /**
-   *  lastUpdate formatted as a human readable string
-   *  formatted according to the environment locale.
-   */
-  readonly attribute AString lastUpdateLocale;
-
-  /**
-   *  nextUpdate formatted as a human readable string
-   *  formatted according to the environment locale.
-   */
-  readonly attribute AString nextUpdateLocale;
-
-  /**
-   *  The key identifying the CRL in the database.
-   */
-  readonly attribute AString nameInDb;
-
-  /**
-   *  The URL this CRL was last fetched from.
-   */
-  readonly attribute AUTF8String lastFetchURL;
-};
-
deleted file mode 100644
--- a/security/manager/ssl/public/nsICRLManager.idl
+++ /dev/null
@@ -1,78 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-interface nsIURI;
-interface nsIArray;
-interface nsICRLInfo;
-
-%{C++
-#define NS_CRLMANAGER_CID { /* 5b256c10-22d8-4109-af92-1253035e9fcb */ \
-    0x5b256c10, \
-    0x22d8, \
-    0x4109, \
-    {0xaf, 0x92, 0x12, 0x53, 0x03, 0x5e, 0x9f, 0xcb} \
-  }
-
-#define NS_CRLMANAGER_CONTRACTID "@mozilla.org/security/crlmanager;1"
-%}
-
-
-
-[scriptable, uuid(486755db-627a-4678-a21b-f6a63bb9c56a)]
-interface nsICRLManager : nsISupports {
-  /*
-   * importCrl
-   *
-   * Import a CRL into the certificate database.
-   */
-  void importCrl([array, size_is(length)] in octet data,
-                 in unsigned long length,
-                 in nsIURI uri,
-                 in unsigned long type,
-                 in boolean doSilentDownload,
-                 in wstring crlKey);
-
-  
-  /*
-   * update crl from url
-   * update an existing crl from the last fetched url. Needed for the update
-   * button in crl manager
-   */
-  boolean updateCRLFromURL(in wstring url, in wstring key);
-
-
-  /*
-   * getCrls
-   *
-   * Get a list of Crl entries in the DB.
-   */
-  nsIArray getCrls();
-
-  /*
-   * deleteCrl
-   *
-   * Delete the crl.
-   */
-  void deleteCrl(in unsigned long crlIndex);
-
-
-  /* This would reschedule the autoupdate of crls with auto update enable.
-   * Most likely to be called when update prefs are changed, or when a crl
-   * is deleted, etc. However, this might not be the most relevant place for
-   * this api, but unless we have a separate crl handler object....
-   */
-  void rescheduleCRLAutoUpdate();
-
-
-  const unsigned long TYPE_AUTOUPDATE_TIME_BASED     = 1;
-  const unsigned long TYPE_AUTOUPDATE_FREQ_BASED     = 2;
-
-  wstring computeNextAutoUpdateTime(in nsICRLInfo info,
-                                    in unsigned long autoUpdateType,
-                                    in double noOfDays);
-};
--- a/security/manager/ssl/public/nsICertificateDialogs.idl
+++ b/security/manager/ssl/public/nsICertificateDialogs.idl
@@ -1,22 +1,21 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 
 interface nsIInterfaceRequestor;
 interface nsIX509Cert;
-interface nsICRLInfo;
 
 /**
  * Functions that implement user interface dialogs to manage certificates.
  */
-[scriptable, uuid(a03ca940-09be-11d5-ac5d-000064657374)]
+[scriptable, uuid(da871dab-f69e-4173-ab26-99fcd47b0e85)]
 interface nsICertificateDialogs : nsISupports
 {
   /**
    *  UI shown when a user is asked to download a new CA cert.
    *  Provides user with ability to choose trust settings for the cert.
    *  Asks the user to grant permission to import the certificate.
    *
    *  @param ctx A user interface context.
@@ -75,23 +74,13 @@ interface nsICertificateDialogs : nsISup
    *  The implementation should try to display as many attributes
    *  as possible.
    *
    *  @param ctx A user interface context.
    *  @param cert The certificate to be shown to the user.
    */
   void viewCert(in nsIInterfaceRequestor ctx, 
                 in nsIX509Cert cert);
-
-  /**
-   *  UI shown after a Certificate Revocation List (CRL) has been
-   *  successfully imported.
-   *
-   *  @param ctx A user interface context.
-   *  @param crl Information describing the CRL that was imported.
-   */
-  void crlImportStatusDialog(in nsIInterfaceRequestor ctx, 
-                             in nsICRLInfo crl);
 };
 
 %{C++
 #define NS_CERTIFICATEDIALOGS_CONTRACTID "@mozilla.org/nsCertificateDialogs;1"
 %}
--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@@ -23,18 +23,16 @@ CPP_SOURCES += [
     'JARSignatureVerification.cpp',
     'nsCertificatePrincipal.cpp',
     'nsCertOverrideService.cpp',
     'nsCertPicker.cpp',
     'nsCertVerificationThread.cpp',
     'nsClientAuthRemember.cpp',
     'nsCMS.cpp',
     'nsCMSSecureMessage.cpp',
-    'nsCRLInfo.cpp',
-    'nsCRLManager.cpp',
     'nsCrypto.cpp',
     'nsCryptoHash.cpp',
     'nsDataSignatureVerifier.cpp',
     'nsIdentityChecking.cpp',
     'nsKeygenHandler.cpp',
     'nsKeygenThread.cpp',
     'nsKeyModule.cpp',
     'nsNSSASN1Object.cpp',
deleted file mode 100644
--- a/security/manager/ssl/src/nsCRLInfo.cpp
+++ /dev/null
@@ -1,152 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "prerror.h"
-#include "prprf.h"
-
-#include "nsCRLInfo.h"
-#include "nsIDateTimeFormat.h"
-#include "nsDateTimeFormatCID.h"
-#include "nsCOMPtr.h"
-#include "nsComponentManagerUtils.h"
-#include "nsReadableUtils.h"
-#include "nsNSSShutDown.h"
-
-#include "nspr.h"
-#include "pk11func.h"
-#include "certdb.h"
-#include "cert.h"
-#include "secerr.h"
-#include "nssb64.h"
-#include "secasn1.h"
-#include "secder.h"
-
-NS_IMPL_ISUPPORTS1(nsCRLInfo, nsICRLInfo)
-
-nsCRLInfo::nsCRLInfo()
-{
-  /* member initializers and constructor code */
-}
-
-nsCRLInfo::nsCRLInfo(CERTSignedCrl *signedCrl)
-{
-  nsNSSShutDownPreventionLock locker;
-  CERTCrl *crl = &(signedCrl->crl);
-  nsAutoString org;
-  nsAutoString orgUnit;
-  nsAutoString nameInDb;
-  nsAutoString nextUpdateLocale;
-  nsAutoString lastUpdateLocale;
-  nsAutoCString lastFetchURL;
-  PRTime lastUpdate = 0;
-  PRTime nextUpdate = 0;
-  SECStatus sec_rv;
-  
-  // Get the information we need here //
-  char * o = CERT_GetOrgName(&(crl->name));
-  if (o) {
-    org = NS_ConvertASCIItoUTF16(o);
-    PORT_Free(o);
-  }
-
-  char * ou = CERT_GetOrgUnitName(&(crl->name));
-  if (ou) {
-    orgUnit = NS_ConvertASCIItoUTF16(ou);
-    //At present, the ou is being used as the unique key - but this
-    //would change, one support for delta crls come in.
-    nameInDb =  orgUnit;
-    PORT_Free(ou);
-  }
-  
-  nsCOMPtr<nsIDateTimeFormat> dateFormatter = do_CreateInstance(NS_DATETIMEFORMAT_CONTRACTID);
-  
-  // Last Update time
-  if (crl->lastUpdate.len) {
-    sec_rv = DER_UTCTimeToTime(&lastUpdate, &(crl->lastUpdate));
-    if (sec_rv == SECSuccess && dateFormatter) {
-      dateFormatter->FormatPRTime(nullptr, kDateFormatShort, kTimeFormatNone,
-                            lastUpdate, lastUpdateLocale);
-    }
-  }
-
-  if (crl->nextUpdate.len) {
-    // Next update time
-    sec_rv = DER_UTCTimeToTime(&nextUpdate, &(crl->nextUpdate));
-    if (sec_rv == SECSuccess && dateFormatter) {
-      dateFormatter->FormatPRTime(nullptr, kDateFormatShort, kTimeFormatNone,
-                            nextUpdate, nextUpdateLocale);
-    }
-  }
-
-  char * url = signedCrl->url;
-  if(url) {
-    lastFetchURL =  url;
-  }
-
-  mOrg.Assign(org.get());
-  mOrgUnit.Assign(orgUnit.get());
-  mLastUpdateLocale.Assign(lastUpdateLocale.get());
-  mNextUpdateLocale.Assign(nextUpdateLocale.get());
-  mLastUpdate = lastUpdate;
-  mNextUpdate = nextUpdate;
-  mNameInDb.Assign(nameInDb.get());
-  mLastFetchURL = lastFetchURL;
-}
-
-nsCRLInfo::~nsCRLInfo()
-{
-  /* destructor code */
-}
-
-/* readonly attribute */
-NS_IMETHODIMP nsCRLInfo::GetOrganization(nsAString & aOrg)
-{
-  aOrg = mOrg;
-  return NS_OK;
-}
-
-/* readonly attribute */
-NS_IMETHODIMP nsCRLInfo::GetOrganizationalUnit(nsAString & aOrgUnit)
-{
-  aOrgUnit = mOrgUnit;
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsCRLInfo::GetLastUpdateLocale(nsAString & aLastUpdateLocale)
-{
-  aLastUpdateLocale = mLastUpdateLocale;
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsCRLInfo::GetNextUpdateLocale(nsAString & aNextUpdateLocale)
-{
-  aNextUpdateLocale = mNextUpdateLocale;
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsCRLInfo::GetLastUpdate(PRTime* aLastUpdate)
-{
-  NS_ENSURE_ARG(aLastUpdate);
-  *aLastUpdate = mLastUpdate;
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsCRLInfo::GetNextUpdate(PRTime* aNextUpdate)
-{
-  NS_ENSURE_ARG(aNextUpdate);
-  *aNextUpdate = mNextUpdate;
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsCRLInfo::GetNameInDb(nsAString & aNameInDb)
-{
-  aNameInDb = mNameInDb;
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsCRLInfo::GetLastFetchURL(nsACString & aLastFetchURL)
-{
-  aLastFetchURL = mLastFetchURL;
-  return NS_OK;
-}
deleted file mode 100644
--- a/security/manager/ssl/src/nsCRLInfo.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef _NSCLRLINFO_H_
-#define _NSCRLINFO_H_
-
-#include "nsICRLInfo.h"
-
-#include "certt.h"
-#include "nsString.h"
-	  
-#define CRL_AUTOUPDATE_TIMIINGTYPE_PREF "security.crl.autoupdate.timingType"
-#define CRL_AUTOUPDATE_TIME_PREF "security.crl.autoupdate.nextInstant"
-#define CRL_AUTOUPDATE_URL_PREF "security.crl.autoupdate.url"
-#define CRL_AUTOUPDATE_DAYCNT_PREF "security.crl.autoupdate.dayCnt"
-#define CRL_AUTOUPDATE_FREQCNT_PREF "security.crl.autoupdate.freqCnt"
-#define CRL_AUTOUPDATE_ERRCNT_PREF "security.crl.autoupdate.errCount"
-#define CRL_AUTOUPDATE_ERRDETAIL_PREF "security.crl.autoupdate.errDetail"
-#define CRL_AUTOUPDATE_ENABLED_PREF "security.crl.autoupdate.enable."
-#define CRL_AUTOUPDATE_DEFAULT_DELAY 30000UL
-
-class nsCRLInfo : public nsICRLInfo
-{
-public:
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSICRLINFO
-
-  nsCRLInfo();
-  nsCRLInfo(CERTSignedCrl *);
-  virtual ~nsCRLInfo();
-  /* additional members */
-private:
-  nsString mOrg;
-  nsString mOrgUnit;
-  nsString mLastUpdateLocale;
-  nsString mNextUpdateLocale;
-  PRTime mLastUpdate;
-  PRTime mNextUpdate;
-  nsString mNameInDb;
-  nsCString mLastFetchURL;
-  nsString mNextAutoUpdateDate;
-};
-
-#endif
deleted file mode 100644
--- a/security/manager/ssl/src/nsCRLManager.cpp
+++ /dev/null
@@ -1,441 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsCRLManager.h"
-#include "nsCRLInfo.h"
-
-#include "nsCOMPtr.h"
-#include "nsComponentManagerUtils.h"
-#include "nsReadableUtils.h"
-#include "nsNSSComponent.h"
-#include "nsCOMPtr.h"
-#include "nsICertificateDialogs.h"
-#include "nsIMutableArray.h"
-#include "nsIPrefService.h"
-#include "nsIPrefBranch.h"
-#include "nsNSSShutDown.h"
-#include "nsThreadUtils.h"
-
-#include "nspr.h"
-#include "pk11func.h"
-#include "certdb.h"
-#include "cert.h"
-#include "secerr.h"
-#include "nssb64.h"
-#include "secasn1.h"
-#include "secder.h"
-#include "ssl.h"
-#include "ocsp.h"
-#include "plbase64.h"
-
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
-NS_IMPL_ISUPPORTS1(nsCRLManager, nsICRLManager)
-
-nsCRLManager::nsCRLManager()
-{
-}
-
-nsCRLManager::~nsCRLManager()
-{
-}
-
-NS_IMETHODIMP 
-nsCRLManager::ImportCrl (uint8_t *aData, uint32_t aLength, nsIURI * aURI, uint32_t aType, bool doSilentDownload, const PRUnichar* crlKey)
-{
-  if (!NS_IsMainThread()) {
-    NS_ERROR("nsCRLManager::ImportCrl called off the main thread");
-    return NS_ERROR_NOT_SAME_THREAD;
-  }
-  
-  nsNSSShutDownPreventionLock locker;
-  nsresult rv;
-  PLArenaPool *arena = nullptr;
-  CERTCertificate *caCert;
-  SECItem derName = { siBuffer, nullptr, 0 };
-  SECItem derCrl;
-  CERTSignedData sd;
-  SECStatus sec_rv;
-  CERTSignedCrl *crl;
-  nsAutoCString url;
-  nsCOMPtr<nsICRLInfo> crlData;
-  bool importSuccessful;
-  int32_t errorCode;
-  nsString errorMessage;
-  
-  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-  if (NS_FAILED(rv)) return rv;
-	         
-  aURI->GetSpec(url);
-  arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-  if (!arena) {
-    goto loser;
-  }
-  memset(&sd, 0, sizeof(sd));
-
-  derCrl.data = (unsigned char*)aData;
-  derCrl.len = aLength;
-  sec_rv = CERT_KeyFromDERCrl(arena, &derCrl, &derName);
-  if (sec_rv != SECSuccess) {
-    goto loser;
-  }
-
-  caCert = CERT_FindCertByName(CERT_GetDefaultCertDB(), &derName);
-  if (!caCert) {
-    if (aType == SEC_KRL_TYPE){
-      goto loser;
-    }
-  } else {
-    sec_rv = SEC_ASN1DecodeItem(arena,
-                            &sd, SEC_ASN1_GET(CERT_SignedDataTemplate), 
-                            &derCrl);
-    if (sec_rv != SECSuccess) {
-      goto loser;
-    }
-    sec_rv = CERT_VerifySignedData(&sd, caCert, PR_Now(),
-                               nullptr);
-    if (sec_rv != SECSuccess) {
-      goto loser;
-    }
-  }
-  
-  crl = SEC_NewCrl(CERT_GetDefaultCertDB(), const_cast<char*>(url.get()), &derCrl,
-                   aType);
-  
-  if (!crl) {
-    goto loser;
-  }
-
-  crlData = new nsCRLInfo(crl);
-  SSL_ClearSessionCache();
-  SEC_DestroyCrl(crl);
-  
-  importSuccessful = true;
-  goto done;
-
-loser:
-  importSuccessful = false;
-  errorCode = PR_GetError();
-  switch (errorCode) {
-    case SEC_ERROR_CRL_EXPIRED:
-      nssComponent->GetPIPNSSBundleString("CrlImportFailureExpired", errorMessage);
-      break;
-
-	case SEC_ERROR_CRL_BAD_SIGNATURE:
-      nssComponent->GetPIPNSSBundleString("CrlImportFailureBadSignature", errorMessage);
-      break;
-
-	case SEC_ERROR_CRL_INVALID:
-      nssComponent->GetPIPNSSBundleString("CrlImportFailureInvalid", errorMessage);
-      break;
-
-	case SEC_ERROR_OLD_CRL:
-      nssComponent->GetPIPNSSBundleString("CrlImportFailureOld", errorMessage);
-      break;
-
-	case SEC_ERROR_CRL_NOT_YET_VALID:
-      nssComponent->GetPIPNSSBundleString("CrlImportFailureNotYetValid", errorMessage);
-      break;
-
-    default:
-      nssComponent->GetPIPNSSBundleString("CrlImportFailureReasonUnknown", errorMessage);
-      errorMessage.AppendInt(errorCode,16);
-      break;
-  }
-
-done:
-          
-  if(!doSilentDownload){
-    if (!importSuccessful){
-      nsString message;
-      nsString temp;
-      nssComponent->GetPIPNSSBundleString("CrlImportFailure1x", message);
-      message.Append(NS_LITERAL_STRING("\n").get());
-      message.Append(errorMessage);
-      nssComponent->GetPIPNSSBundleString("CrlImportFailure2", temp);
-      message.Append(NS_LITERAL_STRING("\n").get());
-      message.Append(temp);
-
-      nsNSSComponent::ShowAlertWithConstructedString(message);
-    } else {
-      nsCOMPtr<nsICertificateDialogs> certDialogs;
-      // Not being able to display the success dialog should not
-      // be a fatal error, so don't return a failure code.
-      {
-        nsPSMUITracker tracker;
-        if (tracker.isUIForbidden()) {
-          rv = NS_ERROR_NOT_AVAILABLE;
-        }
-        else {
-          rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
-            NS_GET_IID(nsICertificateDialogs), NS_CERTIFICATEDIALOGS_CONTRACTID);
-        }
-      }
-      if (NS_SUCCEEDED(rv)) {
-        nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
-        certDialogs->CrlImportStatusDialog(cxt, crlData);
-      }
-    }
-  } else {
-    if (!crlKey) {
-      return NS_ERROR_FAILURE;
-    }
-    nsCOMPtr<nsIPrefService> prefSvc = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
-    nsCOMPtr<nsIPrefBranch> pref = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
-    if (NS_FAILED(rv)){
-      return rv;
-    }
-    
-    nsAutoCString updateErrCntPrefStr(CRL_AUTOUPDATE_ERRCNT_PREF);
-    LossyAppendUTF16toASCII(crlKey, updateErrCntPrefStr);
-    if(importSuccessful){
-      PRUnichar *updateTime;
-      nsAutoCString updateTimeStr;
-      nsCString updateURL;
-      int32_t timingTypePref;
-      double dayCnt;
-      char *dayCntStr;
-      nsAutoCString updateTypePrefStr(CRL_AUTOUPDATE_TIMIINGTYPE_PREF);
-      nsAutoCString updateTimePrefStr(CRL_AUTOUPDATE_TIME_PREF);
-      nsAutoCString updateUrlPrefStr(CRL_AUTOUPDATE_URL_PREF);
-      nsAutoCString updateDayCntPrefStr(CRL_AUTOUPDATE_DAYCNT_PREF);
-      nsAutoCString updateFreqCntPrefStr(CRL_AUTOUPDATE_FREQCNT_PREF);
-      LossyAppendUTF16toASCII(crlKey, updateTypePrefStr);
-      LossyAppendUTF16toASCII(crlKey, updateTimePrefStr);
-      LossyAppendUTF16toASCII(crlKey, updateUrlPrefStr);
-      LossyAppendUTF16toASCII(crlKey, updateDayCntPrefStr);
-      LossyAppendUTF16toASCII(crlKey, updateFreqCntPrefStr);
-
-      pref->GetIntPref(updateTypePrefStr.get(),&timingTypePref);
-      
-      //Compute and update the next download instant
-      if(timingTypePref == TYPE_AUTOUPDATE_TIME_BASED){
-        pref->GetCharPref(updateDayCntPrefStr.get(),&dayCntStr);
-      }else{
-        pref->GetCharPref(updateFreqCntPrefStr.get(),&dayCntStr);
-      }
-      dayCnt = atof(dayCntStr);
-      nsMemory::Free(dayCntStr);
-
-      bool toBeRescheduled = false;
-      if(NS_SUCCEEDED(ComputeNextAutoUpdateTime(crlData, timingTypePref, dayCnt, &updateTime))){
-        updateTimeStr.AssignWithConversion(updateTime);
-        pref->SetCharPref(updateTimePrefStr.get(),updateTimeStr.get());
-        //Now, check if this update time is already in the past. This would
-        //imply we have downloaded the same crl, or there is something wrong
-        //with the next update date. We will not reschedule this crl in this
-        //session anymore - or else, we land into a loop. It would anyway be
-        //imported once the browser is restarted.
-        if(int64_t(updateTime) > int64_t(PR_Now())){
-          toBeRescheduled = true;
-        }
-        nsMemory::Free(updateTime);
-      }
-      
-      //Update the url to download from, next time
-      crlData->GetLastFetchURL(updateURL);
-      pref->SetCharPref(updateUrlPrefStr.get(),updateURL.get());
-      
-      pref->SetIntPref(updateErrCntPrefStr.get(),0);
-      
-      if (toBeRescheduled) {
-        nsAutoString hashKey(crlKey);
-        nssComponent->RemoveCrlFromList(hashKey);
-        nssComponent->DefineNextTimer();
-      }
-
-    } else{
-      int32_t errCnt;
-      nsAutoCString errMsg;
-      nsAutoCString updateErrDetailPrefStr(CRL_AUTOUPDATE_ERRDETAIL_PREF);
-      LossyAppendUTF16toASCII(crlKey, updateErrDetailPrefStr);
-      errMsg.AssignWithConversion(errorMessage.get());
-      rv = pref->GetIntPref(updateErrCntPrefStr.get(),&errCnt);
-      if(NS_FAILED(rv))
-        errCnt = 0;
-
-      pref->SetIntPref(updateErrCntPrefStr.get(),errCnt+1);
-      pref->SetCharPref(updateErrDetailPrefStr.get(),errMsg.get());
-    }
-    prefSvc->SavePrefFile(nullptr);
-  }
-
-  return rv;
-}
-
-NS_IMETHODIMP 
-nsCRLManager::UpdateCRLFromURL( const PRUnichar *url, const PRUnichar* key, bool *res)
-{
-  nsresult rv;
-  nsAutoString downloadUrl(url);
-  nsAutoString dbKey(key);
-  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-  if(NS_FAILED(rv)){
-    *res = false;
-    return rv;
-  }
-
-  rv = nssComponent->DownloadCRLDirectly(downloadUrl, dbKey);
-  if(NS_FAILED(rv)){
-    *res = false;
-  } else {
-    *res = true;
-  }
-  return NS_OK;
-
-}
-
-NS_IMETHODIMP 
-nsCRLManager::RescheduleCRLAutoUpdate(void)
-{
-  nsresult rv;
-  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-  if(NS_FAILED(rv)){
-    return rv;
-  }
-  rv = nssComponent->DefineNextTimer();
-  return rv;
-}
-
-/**
- * getCRLs
- *
- * Export a set of certs and keys from the database to a PKCS#12 file.
- */
-NS_IMETHODIMP 
-nsCRLManager::GetCrls(nsIArray ** aCrls)
-{
-  nsNSSShutDownPreventionLock locker;
-  SECStatus sec_rv;
-  CERTCrlHeadNode *head = nullptr;
-  CERTCrlNode *node = nullptr;
-  nsresult rv;
-  nsCOMPtr<nsIMutableArray> crlsArray =
-    do_CreateInstance(NS_ARRAY_CONTRACTID, &rv);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  // Get the list of certs //
-  sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
-  if (sec_rv != SECSuccess) {
-    return NS_ERROR_FAILURE;
-  }
-
-  if (head) {
-    for (node=head->first; node; node = node->next) {
-
-      nsCOMPtr<nsICRLInfo> entry = new nsCRLInfo((node->crl));
-      crlsArray->AppendElement(entry, false);
-    }
-    PORT_FreeArena(head->arena, false);
-  }
-
-  *aCrls = crlsArray;
-  NS_IF_ADDREF(*aCrls);
-  return NS_OK;
-}
-
-/**
- * deleteCrl
- *
- * Delete a Crl entry from the cert db.
- */
-NS_IMETHODIMP 
-nsCRLManager::DeleteCrl(uint32_t aCrlIndex)
-{
-  nsNSSShutDownPreventionLock locker;
-  CERTSignedCrl *realCrl = nullptr;
-  CERTCrlHeadNode *head = nullptr;
-  CERTCrlNode *node = nullptr;
-  SECStatus sec_rv;
-  uint32_t i;
-
-  // Get the list of certs //
-  sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
-  if (sec_rv != SECSuccess) {
-    return NS_ERROR_FAILURE;
-  }
-
-  if (head) {
-    for (i = 0, node=head->first; node; i++, node = node->next) {
-      if (i != aCrlIndex) {
-        continue;
-      }
-      realCrl = SEC_FindCrlByName(CERT_GetDefaultCertDB(), &(node->crl->crl.derName), node->type);
-      SEC_DeletePermCRL(realCrl);
-      SEC_DestroyCrl(realCrl);
-      SSL_ClearSessionCache();
-    }
-    PORT_FreeArena(head->arena, false);
-  }
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsCRLManager::ComputeNextAutoUpdateTime(nsICRLInfo *info, 
-  uint32_t autoUpdateType, double dayCnt, PRUnichar **nextAutoUpdate)
-{
-  if (!info)
-    return NS_ERROR_FAILURE;
-  NS_ENSURE_ARG_POINTER(nextAutoUpdate);
-
-  PRTime microsecInDayCnt;
-  PRTime now = PR_Now();
-  PRTime tempTime;
-  int64_t diff = 0;
-  int64_t secsInDay = 86400UL;
-  int64_t temp;
-  int64_t cycleCnt = 0;
-  double tmpData = double(secsInDay);
-  tmpData *= dayCnt;
-  microsecInDayCnt = int64_t(tmpData) * PR_USEC_PER_SEC;
-
-  PRTime lastUpdate;
-  PRTime nextUpdate;
-
-  nsresult rv;
-
-  rv = info->GetLastUpdate(&lastUpdate);
-  if (NS_FAILED(rv))
-    return rv;
-
-  rv = info->GetNextUpdate(&nextUpdate);
-  if (NS_FAILED(rv))
-    return rv;
-
-  switch (autoUpdateType) {
-  case TYPE_AUTOUPDATE_FREQ_BASED:
-    diff = now - lastUpdate;                    //diff is the no of micro sec between now and last update
-    cycleCnt = diff / microsecInDayCnt;       //temp is the number of full cycles from lst update
-    temp = diff % microsecInDayCnt;
-    if(temp != 0) {
-      ++cycleCnt;            //no of complete cycles till next autoupdate instant
-    }
-    temp = cycleCnt * microsecInDayCnt;    //micro secs from last update
-    tempTime = lastUpdate + temp;
-    break;  
-  case TYPE_AUTOUPDATE_TIME_BASED:
-    tempTime = nextUpdate - microsecInDayCnt;
-    break;
-  default:
-    return NS_ERROR_NOT_IMPLEMENTED;
-  }
-
-  //Now, a basic constraing is that the next auto update date can never be after
-  //next update, if one is defined
-  if(nextUpdate > 0) {
-    if(tempTime > nextUpdate) {
-      tempTime = nextUpdate;
-    }
-  }
-
-  // Return value as string; no pref type for Int64/PRTime
-  char *tempTimeStr = PR_smprintf("%lli", tempTime);
-  *nextAutoUpdate = ToNewUnicode(nsDependentCString(tempTimeStr));
-  PR_smprintf_free(tempTimeStr);
-
-  return NS_OK;
-}
-
deleted file mode 100644
--- a/security/manager/ssl/src/nsCRLManager.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef _NSCRLMANAGER_H_
-#define _NSCRLMANAGER_H_
-
-#include "nsICRLManager.h"
-
-class nsCRLManager : public nsICRLManager
-{
-public:
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSICRLMANAGER
-  
-  nsCRLManager();
-  virtual ~nsCRLManager();
-};
-
-#endif
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -6,38 +6,22 @@
 
 #ifdef MOZ_LOGGING
 #define FORCE_PR_LOG 1
 #endif
 
 #include "nsNSSComponent.h"
 
 #include "CertVerifier.h"
-#include "nsNSSCallbacks.h"
-#include "nsNSSIOLayer.h"
 #include "nsCertVerificationThread.h"
-
-#include "nsNetUtil.h"
 #include "nsAppDirectoryServiceDefs.h"
-#include "nsDirectoryService.h"
-#include "nsIStreamListener.h"
-#include "nsIStringBundle.h"
-#include "nsIDirectoryService.h"
 #include "nsCURILoader.h"
 #include "nsDirectoryServiceDefs.h"
-#include "nsIX509Cert.h"
-#include "nsIX509CertDB.h"
-#include "nsNSSCertificate.h"
-#include "nsNSSHelper.h"
-#include "prlog.h"
+#include "nsICertOverrideService.h"
 #include "nsIPrefService.h"
-#include "nsIPrefBranch.h"
-#include "nsIDateTimeFormat.h"
-#include "nsDateTimeFormatCID.h"
-#include "nsThreadUtils.h"
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
 #include "nsIDOMNode.h"
 #include "nsIDOMEvent.h"
 #include "nsIDOMDocument.h"
 #include "nsIDOMWindow.h"
 #include "nsIDOMWindowCollection.h"
 #include "nsIDocument.h"
@@ -45,55 +29,42 @@
 #include "nsSmartCardMonitor.h"
 #include "nsIDOMCryptoLegacy.h"
 #include "nsIPrincipal.h"
 #else
 #include "nsIDOMCrypto.h"
 #endif
 
 #include "nsCRT.h"
-#include "nsCRLInfo.h"
-#include "nsCertOverrideService.h"
 #include "nsNTLMAuthModule.h"
 
 #include "nsIWindowWatcher.h"
 #include "nsIPrompt.h"
 #include "nsCertificatePrincipal.h"
-#include "nsReadableUtils.h"
-#include "nsIDateTimeFormat.h"
-#include "prtypes.h"
-#include "nsIEntropyCollector.h"
 #include "nsIBufEntropyCollector.h"
-#include "nsIServiceManager.h"
-#include "nsIFile.h"
 #include "nsITokenPasswordDialogs.h"
-#include "nsICRLManager.h"
 #include "nsNSSShutDown.h"
 #include "GeneratedEvents.h"
 #include "SharedSSLState.h"
 
 #include "nss.h"
 #include "ssl.h"
 #include "sslproto.h"
 #include "secmod.h"
 #include "secmime.h"
 #include "ocsp.h"
-#include "nssckbi.h"
-#include "base64.h"
 #include "secerr.h"
 #include "sslerr.h"
 
 #include "nsXULAppAPI.h"
-#include <algorithm>
 
 #ifdef XP_WIN
 #include "nsILocalFileWin.h"
 #endif
 
-#include "pkcs12.h"
 #include "p12plcy.h"
 
 using namespace mozilla;
 using namespace mozilla::dom;
 using namespace mozilla::psm;
 
 #ifdef MOZ_LOGGING
 PRLogModuleInfo* gPIPNSSLog = nullptr;
@@ -108,45 +79,16 @@ bool nsNSSComponent::globalConstFlagUseP
 #endif
 
 // XXX tmp callback for slot password
 extern char* pk11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void *arg);
 
 #define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
 #define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties"
 
-class CRLDownloadEvent : public nsRunnable {
-public:
-  CRLDownloadEvent(const nsCSubstring &urlString, nsIStreamListener *listener)
-    : mURLString(urlString)
-    , mListener(listener)
-  {}
-
-  // Note that nsNSSComponent is a singleton object across all threads, 
-  // and automatic downloads are always scheduled sequentially - that is, 
-  // once one crl download is complete, the next one is scheduled
-  NS_IMETHOD Run()
-  {
-    if (!mListener || mURLString.IsEmpty())
-      return NS_OK;
-
-    nsCOMPtr<nsIURI> uri;
-    nsresult rv = NS_NewURI(getter_AddRefs(uri), mURLString);
-    if (NS_SUCCEEDED(rv)){
-      NS_OpenURI(mListener, nullptr, uri);
-    }
-
-    return NS_OK;
-  }
-
-private:
-  nsCString mURLString;
-  nsCOMPtr<nsIStreamListener> mListener;
-};
-
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
 //This class is used to run the callback code
 //passed to the event handlers for smart card notification
 class nsTokenEventRunnable : public nsIRunnable {
 public:
   nsTokenEventRunnable(const nsAString &aType, const nsAString &aTokenName);
   virtual ~nsTokenEventRunnable();
 
@@ -259,31 +201,26 @@ bool EnsureNSSInitialized(EnsureNSSOpera
     NS_ASSERTION(false, "Bad operator to EnsureNSSInitialized");
     return false;
   }
 }
 
 nsNSSComponent::nsNSSComponent()
   :mutex("nsNSSComponent.mutex"),
    mNSSInitialized(false),
-   mCrlTimerLock("nsNSSComponent.mCrlTimerLock"),
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
    mThreadList(nullptr),
 #endif
    mCertVerificationThread(nullptr)
 {
 #ifdef PR_LOGGING
   if (!gPIPNSSLog)
     gPIPNSSLog = PR_NewLogModule("pipnss");
 #endif
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::ctor\n"));
-  mUpdateTimerInitialized = false;
-  crlDownloadTimerOn = false;
-  crlsScheduledForDownload = nullptr;
-  mTimer = nullptr;
   mObserversRegistered = false;
 
 #ifndef NSS_NO_LIBPKIX
   // In order to keep startup time lower, we delay loading and 
   // registering all identity data until first needed.
   memset(&mIdentityInfoCallOnce, 0, sizeof(PRCallOnceType));
 #endif
 
@@ -321,32 +258,16 @@ nsNSSComponent::createBackgroundThreads(
 }
 
 nsNSSComponent::~nsNSSComponent()
 {
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::dtor\n"));
 
   deleteBackgroundThreads();
 
-  if (mUpdateTimerInitialized) {
-    {
-      MutexAutoLock lock(mCrlTimerLock);
-      if (crlDownloadTimerOn) {
-        mTimer->Cancel();
-      }
-      crlDownloadTimerOn = false;
-    }
-    if (crlsScheduledForDownload) {
-      crlsScheduledForDownload->Reset();
-      delete crlsScheduledForDownload;
-    }
-
-    mUpdateTimerInitialized = false;
-  }
-
   // All cleanup code requiring services needs to happen in xpcom_shutdown
 
   ShutdownNSS();
   SharedSSLState::GlobalCleanup();
   RememberCertErrorsTable::Cleanup();
   --mInstanceCount;
   delete mShutdownObjectList;
 
@@ -1106,295 +1027,16 @@ nsNSSComponent::SkipOcspOff()
   setNonPkixOcspEnabled(ocspEnabled, mPrefBranch);
 
   if (ocspEnabled)
     SSL_ClearSessionCache();
 
   return NS_OK;
 }
 
-nsresult
-nsNSSComponent::PostCRLImportEvent(const nsCSubstring &urlString,
-                                   nsIStreamListener *listener)
-{
-  //Create the event
-  nsCOMPtr<nsIRunnable> event = new CRLDownloadEvent(urlString, listener);
-
-  //Get a handle to the ui thread
-  return NS_DispatchToMainThread(event);
-}
-
-nsresult
-nsNSSComponent::DownloadCRLDirectly(nsAutoString url, nsAutoString key)
-{
-  //This api is meant to support direct interactive update of crl from the crl manager
-  //or other such ui.
-  nsCOMPtr<nsIStreamListener> listener =
-      new PSMContentDownloader(PSMContentDownloader::PKCS7_CRL);
-  
-  NS_ConvertUTF16toUTF8 url8(url);
-  return PostCRLImportEvent(url8, listener);
-}
-
-nsresult nsNSSComponent::DownloadCrlSilently()
-{
-  //Add this attempt to the hashtable
-  nsStringKey hashKey(mCrlUpdateKey.get());
-  crlsScheduledForDownload->Put(&hashKey,(void *)nullptr);
-    
-  //Set up the download handler
-  RefPtr<PSMContentDownloader> psmDownloader(
-      new PSMContentDownloader(PSMContentDownloader::PKCS7_CRL));
-  psmDownloader->setSilentDownload(true);
-  psmDownloader->setCrlAutodownloadKey(mCrlUpdateKey);
-  
-  //Now get the url string
-  NS_ConvertUTF16toUTF8 url8(mDownloadURL);
-  return PostCRLImportEvent(url8, psmDownloader);
-}
-
-nsresult nsNSSComponent::getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key)
-{
-  const char *updateEnabledPref = CRL_AUTOUPDATE_ENABLED_PREF;
-  const char *updateTimePref = CRL_AUTOUPDATE_TIME_PREF;
-  const char *updateURLPref = CRL_AUTOUPDATE_URL_PREF;
-  char **allCrlsToBeUpdated;
-  uint32_t noOfCrls;
-  PRTime nearestUpdateTime = 0;
-  nsAutoString crlKey;
-  char *tempUrl;
-  nsresult rv;
-  
-  nsCOMPtr<nsIPrefBranch> pref = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
-  if(NS_FAILED(rv)){
-    return rv;
-  }
-
-  rv = pref->GetChildList(updateEnabledPref, &noOfCrls, &allCrlsToBeUpdated);
-  if ( (NS_FAILED(rv)) || (noOfCrls==0) ){
-    return NS_ERROR_FAILURE;
-  }
-
-  for(uint32_t i=0;i<noOfCrls;i++) {
-    //First check if update pref is enabled for this crl
-    bool autoUpdateEnabled = false;
-    rv = pref->GetBoolPref(*(allCrlsToBeUpdated+i), &autoUpdateEnabled);
-    if (NS_FAILED(rv) || !autoUpdateEnabled) {
-      continue;
-    }
-
-    nsAutoString tempCrlKey;
-
-    //Now, generate the crl key. Same key would be used as hashkey as well
-    nsAutoCString enabledPrefCString(*(allCrlsToBeUpdated+i));
-    enabledPrefCString.ReplaceSubstring(updateEnabledPref,".");
-    tempCrlKey.AssignWithConversion(enabledPrefCString.get());
-      
-    //Check if this crl has already been scheduled. Its presence in the hashtable
-    //implies that it has been scheduled already this client session, and
-    //is either in the process of being downloaded, or its download failed
-    //for some reason. In the second case, we will not retry in the current client session
-    nsStringKey hashKey(tempCrlKey.get());
-    if(crlsScheduledForDownload->Exists(&hashKey)){
-      continue;
-    }
-
-    char *tempTimeString;
-    PRTime tempTime;
-    nsAutoCString timingPrefCString(updateTimePref);
-    LossyAppendUTF16toASCII(tempCrlKey, timingPrefCString);
-    // No PRTime/Int64 type in prefs; stored as string; parsed here as int64_t
-    rv = pref->GetCharPref(timingPrefCString.get(), &tempTimeString);
-    if (NS_FAILED(rv)){
-      // Assume corrupted. Force download. Pref should be reset after download.
-      tempTime = PR_Now();
-      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-             ("get %s failed: forcing download\n", timingPrefCString.get()));
-    } else {
-      tempTime = (PRTime)nsCRT::atoll(tempTimeString);
-      nsMemory::Free(tempTimeString);
-      // nsCRT::atoll parses the first token in the string; three possibilities
-      //  -1- Alpha char: returns 0; change to PR_Now() and force update.
-      //  -2- Number (between epoch and PR_Now(), e.g. 0 - 1332280017 for
-      //      Tue Mar 20, 2012, 2:46pm approx): includes formatted date 
-      //      values (previous method of storing update date, e.g year, month 
-      //      or day, 2012, 1-31, 1-12 etc). Less than PR_Now() forces 
-      //      autoupdate.
-      //  -3- Number (larger than PR_Now()): no forced autoupdate
-      // Note: corrupt values within range of -2- will have an implicit 
-      // unflagged recovery. Corrupt values in range of -3- will be unflagged
-      // and unrecovered by this code.
-      if (tempTime == 0)
-        tempTime = PR_Now();
-#ifdef PR_LOGGING
-      PRExplodedTime explodedTime;
-      PR_ExplodeTime(tempTime, PR_GMTParameters, &explodedTime);
-      // Note: tm_month starts from 0 = Jan, hence +1
-      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-             ("%s tempTime(%lli) "
-              "(m/d/y h:m:s = %02d/%02d/%d %02d:%02d:%02d GMT\n",
-              timingPrefCString.get(), tempTime,
-              explodedTime.tm_month+1, explodedTime.tm_mday,
-              explodedTime.tm_year, explodedTime.tm_hour,
-              explodedTime.tm_min, explodedTime.tm_sec));
-#endif
-    }
-
-    if(nearestUpdateTime == 0 || tempTime < nearestUpdateTime){
-      nsAutoCString urlPrefCString(updateURLPref);
-      LossyAppendUTF16toASCII(tempCrlKey, urlPrefCString);
-      rv = pref->GetCharPref(urlPrefCString.get(), &tempUrl);
-      if (NS_FAILED(rv) || (!tempUrl)){
-        continue;
-      }
-      nearestUpdateTime = tempTime;
-      crlKey = tempCrlKey;
-    }
-  }
-
-  if(noOfCrls > 0)
-    NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(noOfCrls, allCrlsToBeUpdated);
-
-  if(nearestUpdateTime > 0){
-    *time = nearestUpdateTime;
-    url->AssignWithConversion((const char *)tempUrl);
-    nsMemory::Free(tempUrl);
-    *key = crlKey;
-    rv = NS_OK;
-  } else{
-    rv = NS_ERROR_FAILURE;
-  }
-
-  return rv;
-}
-
-NS_IMETHODIMP
-nsNSSComponent::Notify(nsITimer *timer)
-{
-  //Timer has fired. So set the flag accordingly
-  {
-    MutexAutoLock lock(mCrlTimerLock);
-    crlDownloadTimerOn = false;
-  }
-
-  //First, handle this download
-  DownloadCrlSilently();
-
-  //Dont Worry if successful or not
-  //Set the next timer
-  DefineNextTimer();
-  return NS_OK;
-}
-
-nsresult
-nsNSSComponent::RemoveCrlFromList(nsAutoString key)
-{
-  nsStringKey hashKey(key.get());
-  if(crlsScheduledForDownload->Exists(&hashKey)){
-    crlsScheduledForDownload->Remove(&hashKey);
-  }
-  return NS_OK;
-}
-
-nsresult
-nsNSSComponent::DefineNextTimer()
-{
-  PRTime nextFiring;
-  PRTime now = PR_Now();
-  uint32_t interval;
-  uint32_t primaryDelay = CRL_AUTOUPDATE_DEFAULT_DELAY;
-  nsresult rv;
-
-  if(!mTimer){
-    mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
-    if(NS_FAILED(rv))
-      return rv;
-  }
-
-  //If some timer is already running, cancel it. Thus, the request that came last,
-  //wins. This would ensure that in no way we end up setting two different timers
-  //This part should be synchronized because this function might be called from separate
-  //threads
-
-  MutexAutoLock lock(mCrlTimerLock);
-
-  if (crlDownloadTimerOn) {
-    mTimer->Cancel();
-  }
-
-  rv = getParamsForNextCrlToDownload(&mDownloadURL, &nextFiring, &mCrlUpdateKey);
-  //If there are no more crls to be updated any time in future
-  if(NS_FAILED(rv)){
-    // Return - no error - just implies nothing to schedule
-    return NS_OK;
-  }
-     
-  //Define the firing interval, from NOW
-  if ( now < nextFiring) {
-    interval = uint32_t(nextFiring - now);
-    //Now, we are doing 32 operations - so, don't need LL_ functions...
-    interval = interval/PR_USEC_PER_MSEC;
-  }else {
-    interval = primaryDelay;
-  }
-  
-  mTimer->InitWithCallback(static_cast<nsITimerCallback*>(this), 
-                           interval,
-                           nsITimer::TYPE_ONE_SHOT);
-  crlDownloadTimerOn = true;
-
-  return NS_OK;
-}
-
-//Note that the StopCRLUpdateTimer and InitializeCRLUpdateTimer functions should never be called
-//simultaneously from diff threads - they are NOT threadsafe. But, since there is no chance of 
-//that happening, there is not much benefit it trying to make it so at this point
-nsresult
-nsNSSComponent::StopCRLUpdateTimer()
-{
-  
-  //If it is at all running. 
-  if (mUpdateTimerInitialized) {
-    if (crlsScheduledForDownload) {
-      crlsScheduledForDownload->Reset();
-      delete crlsScheduledForDownload;
-      crlsScheduledForDownload = nullptr;
-    }
-    {
-      MutexAutoLock lock(mCrlTimerLock);
-      if (crlDownloadTimerOn) {
-        mTimer->Cancel();
-      }
-      crlDownloadTimerOn = false;
-    }
-    mUpdateTimerInitialized = false;
-  }
-
-  return NS_OK;
-}
-
-nsresult
-nsNSSComponent::InitializeCRLUpdateTimer()
-{
-  nsresult rv;
-    
-  //First check if this is already initialized. Then we stop it.
-  if (!mUpdateTimerInitialized) {
-    mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
-    if(NS_FAILED(rv)){
-      return rv;
-    }
-    crlsScheduledForDownload = new nsHashtable(16, true);
-    DefineNextTimer();
-    mUpdateTimerInitialized = true;  
-  } 
-
-  return NS_OK;
-}
-
 static void configureMD5(bool enabled)
 {
   if (enabled) { // set flags
     NSS_SetAlgorithmPolicy(SEC_OID_MD5, 
         NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE, 0);
     NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
         NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE, 0);
     NSS_SetAlgorithmPolicy(SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
@@ -1749,17 +1391,16 @@ nsNSSComponent::Init()
   {
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS init, could not create threads\n"));
 
     DeregisterObservers();
     mPIPNSSBundle = nullptr;
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
-  InitializeCRLUpdateTimer();
   RegisterPSMContentListener();
 
   nsCOMPtr<nsIEntropyCollector> ec
       = do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID);
 
   nsCOMPtr<nsIBufEntropyCollector> bec;
 
   if (ec) {
@@ -1771,23 +1412,22 @@ nsNSSComponent::Init()
   if (bec) {
     bec->ForwardTo(this);
   }
 
   return rv;
 }
 
 /* nsISupports Implementation for the class */
-NS_IMPL_THREADSAFE_ISUPPORTS6(nsNSSComponent,
+NS_IMPL_THREADSAFE_ISUPPORTS5(nsNSSComponent,
                               nsISignatureVerifier,
                               nsIEntropyCollector,
                               nsINSSComponent,
                               nsIObserver,
-                              nsISupportsWeakReference,
-                              nsITimerCallback)
+                              nsISupportsWeakReference)
 
 
 /* Callback functions for decoder. For now, use empty/default functions. */
 static void ContentCallback(void *arg, 
                                            const char *buf,
                                            unsigned long len)
 {
 }
@@ -1975,18 +1615,16 @@ nsNSSComponent::Observe(nsISupports *aSu
       }
     }
     
     if (needsInit) {
       if (NS_FAILED(InitializeNSS(false))) { // do not show a warning box on failure
         PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS after profile switch.\n"));
       }
     }
-
-    InitializeCRLUpdateTimer();
   }
   else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
 
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent: XPCom shutdown observed\n"));
 
     // Cleanup code that requires services, it's too late in destructor.
 
     if (mPSMContentListener) {
@@ -2222,18 +1860,16 @@ nsNSSComponent::DoProfileBeforeChange(ns
     if (!mNSSInitialized) {
       // Make sure we don't try to cleanup if we have already done so.
       // This makes sure we behave safely, in case we are notified
       // multiple times.
       needsCleanup = false;
     }
   }
     
-  StopCRLUpdateTimer();
-
   if (needsCleanup) {
     ShutdownNSS();
   }
   mShutdownObjectList->allowUI();
 }
 
 void
 nsNSSComponent::DoProfileChangeNetRestore()
@@ -2347,18 +1983,17 @@ setPassword(PK11SlotInfo *slot, nsIInter
   }
  loser:
   return rv;
 }
 
 
 PSMContentDownloader::PSMContentDownloader(uint32_t type)
   : mByteData(nullptr),
-    mType(type),
-    mDoSilentDownload(false)
+    mType(type)
 {
 }
 
 PSMContentDownloader::~PSMContentDownloader()
 {
   if (mByteData)
     nsMemory::Free(mByteData);
 }
@@ -2438,138 +2073,54 @@ NS_IMETHODIMP
 PSMContentDownloader::OnStopRequest(nsIRequest* request,
                               nsISupports* context,
                               nsresult aStatus)
 {
   nsNSSShutDownPreventionLock locker;
   //Check if the download succeeded - it might have failed due to
   //network issues, etc.
   if (NS_FAILED(aStatus)){
-    handleContentDownloadError(aStatus);
     return aStatus;
   }
 
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStopRequest\n"));
 
   nsCOMPtr<nsIX509CertDB> certdb;
-  nsCOMPtr<nsICRLManager> crlManager;
 
   nsresult rv;
   nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
 
   switch (mType) {
   case PSMContentDownloader::X509_CA_CERT:
   case PSMContentDownloader::X509_USER_CERT:
   case PSMContentDownloader::X509_EMAIL_CERT:
     certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
     break;
 
-  case PSMContentDownloader::PKCS7_CRL:
-    crlManager = do_GetService(NS_CRLMANAGER_CONTRACTID);
-
   default:
     break;
   }
 
   switch (mType) {
   case PSMContentDownloader::X509_CA_CERT:
     return certdb->ImportCertificates((uint8_t*)mByteData, mBufferOffset, mType, ctx); 
   case PSMContentDownloader::X509_USER_CERT:
     return certdb->ImportUserCertificate((uint8_t*)mByteData, mBufferOffset, ctx);
   case PSMContentDownloader::X509_EMAIL_CERT:
     return certdb->ImportEmailCertificate((uint8_t*)mByteData, mBufferOffset, ctx); 
-  case PSMContentDownloader::PKCS7_CRL:
-    return crlManager->ImportCrl((uint8_t*)mByteData, mBufferOffset, mURI, SEC_CRL_TYPE, mDoSilentDownload, mCrlAutoDownloadKey.get());
   default:
     rv = NS_ERROR_FAILURE;
     break;
   }
   
   return rv;
 }
 
-
-nsresult
-PSMContentDownloader::handleContentDownloadError(nsresult errCode)
-{
-  nsString tmpMessage;
-  nsresult rv;
-  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-  if(NS_FAILED(rv)){
-    return rv;
-  }
-      
-  //Handling errors for crl download only, for now.
-  switch (mType){
-  case PSMContentDownloader::PKCS7_CRL:
-
-    //TO DO: Handle network errors in details
-    //XXXXXXXXXXXXXXXXXX
-    nssComponent->GetPIPNSSBundleString("CrlImportFailureNetworkProblem", tmpMessage);
-      
-    if (mDoSilentDownload) {
-      //This is the case for automatic download. Update failure history
-      nsAutoCString updateErrCntPrefStr(CRL_AUTOUPDATE_ERRCNT_PREF);
-      nsAutoCString updateErrDetailPrefStr(CRL_AUTOUPDATE_ERRDETAIL_PREF);
-      nsCString errMsg;
-      int32_t errCnt;
-
-      nsCOMPtr<nsIPrefBranch> pref = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
-      if(NS_FAILED(rv)){
-        return rv;
-      }
-      
-      LossyAppendUTF16toASCII(mCrlAutoDownloadKey, updateErrCntPrefStr);
-      LossyAppendUTF16toASCII(mCrlAutoDownloadKey, updateErrDetailPrefStr);
-      errMsg.AssignWithConversion(tmpMessage.get());
-      
-      rv = pref->GetIntPref(updateErrCntPrefStr.get(),&errCnt);
-      if( (NS_FAILED(rv)) || (errCnt == 0) ){
-        pref->SetIntPref(updateErrCntPrefStr.get(),1);
-      }else{
-        pref->SetIntPref(updateErrCntPrefStr.get(),errCnt+1);
-      }
-      pref->SetCharPref(updateErrDetailPrefStr.get(),errMsg.get());
-      nsCOMPtr<nsIPrefService> prefSvc(do_QueryInterface(pref));
-      prefSvc->SavePrefFile(nullptr);
-    }else{
-      nsString message;
-      nssComponent->GetPIPNSSBundleString("CrlImportFailure1x", message);
-      message.Append(NS_LITERAL_STRING("\n").get());
-      message.Append(tmpMessage);
-      nssComponent->GetPIPNSSBundleString("CrlImportFailure2", tmpMessage);
-      message.Append(NS_LITERAL_STRING("\n").get());
-      message.Append(tmpMessage);
-      nsNSSComponent::ShowAlertWithConstructedString(message);
-    }
-    break;
-  default:
-    break;
-  }
-
-  return NS_OK;
-
-}
-
-void 
-PSMContentDownloader::setSilentDownload(bool flag)
-{
-  mDoSilentDownload = flag;
-}
-
-void
-PSMContentDownloader::setCrlAutodownloadKey(nsAutoString key)
-{
-  mCrlAutoDownloadKey = key;
-}
-
-
 /* other mime types that we should handle sometime:
    
-   application/x-pkcs7-crl
    application/x-pkcs7-mime
    application/pkcs7-signature
    application/pre-encrypted
    
 */
 
 uint32_t
 getPSMContentType(const char * aContentType)
@@ -2580,22 +2131,17 @@ getPSMContentType(const char * aContentT
   if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
     return PSMContentDownloader::X509_CA_CERT;
   else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
     return PSMContentDownloader::X509_SERVER_CERT;
   else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
     return PSMContentDownloader::X509_USER_CERT;
   else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
     return PSMContentDownloader::X509_EMAIL_CERT;
-  else if (!nsCRT::strcasecmp(aContentType, "application/x-pkcs7-crl"))
-    return PSMContentDownloader::PKCS7_CRL;
-  else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-crl"))
-    return PSMContentDownloader::PKCS7_CRL;
-  else if (!nsCRT::strcasecmp(aContentType, "application/pkix-crl"))
-    return PSMContentDownloader::PKCS7_CRL;
+
   return PSMContentDownloader::UNKNOWN_TYPE;
 }
 
 
 NS_IMPL_ISUPPORTS2(PSMContentListener,
                    nsIURIContentListener,
                    nsISupportsWeakReference) 
 
--- a/security/manager/ssl/src/nsNSSComponent.h
+++ b/security/manager/ssl/src/nsNSSComponent.h
@@ -9,35 +9,34 @@
 
 #include "mozilla/Mutex.h"
 #include "mozilla/RefPtr.h"
 #include "nsCOMPtr.h"
 #include "nsISignatureVerifier.h"
 #include "nsIURIContentListener.h"
 #include "nsIStreamListener.h"
 #include "nsIEntropyCollector.h"
-#include "nsString.h"
 #include "nsIStringBundle.h"
 #include "nsIPrefBranch.h"
 #include "nsIObserver.h"
 #include "nsIObserverService.h"
 #include "nsWeakReference.h"
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
 #include "nsIDOMEventTarget.h"
-#include "nsSmartCardMonitor.h"
 #endif
 #include "nsINSSErrorsService.h"
-#include "nsITimer.h"
 #include "nsNetUtil.h"
-#include "nsHashtable.h"
 #include "nsNSSCallbacks.h"
-#include "nsNSSShutDown.h"
-
+#include "ScopedNSSTypes.h"
 #include "nsNSSHelper.h"
 #include "nsClientAuthRemember.h"
+#include "prerror.h"
+
+class nsIPrompt;
+class SmartCardThreadList;
 
 namespace mozilla { namespace psm {
 
 class CertVerifier;
 
 } } // namespace mozilla::psm
 
 
@@ -74,38 +73,33 @@ extern bool EnsureNSSInitialized(EnsureN
 //--------------------------------------------
 class PSMContentDownloader : public nsIStreamListener
 {
 public:
   PSMContentDownloader() {NS_ASSERTION(false, "don't use this constructor."); }
   PSMContentDownloader(uint32_t type);
   virtual ~PSMContentDownloader();
   void setSilentDownload(bool flag);
-  void setCrlAutodownloadKey(nsAutoString key);
 
   NS_DECL_ISUPPORTS
   NS_DECL_NSIREQUESTOBSERVER
   NS_DECL_NSISTREAMLISTENER
 
   enum {UNKNOWN_TYPE = 0};
   enum {X509_CA_CERT  = 1};
   enum {X509_USER_CERT  = 2};
   enum {X509_EMAIL_CERT  = 3};
   enum {X509_SERVER_CERT  = 4};
-  enum {PKCS7_CRL = 5};
 
 protected:
   char* mByteData;
   int32_t mBufferOffset;
   int32_t mBufferSize;
   uint32_t mType;
-  bool mDoSilentDownload;
-  nsString mCrlAutoDownloadKey;
   nsCOMPtr<nsIURI> mURI;
-  nsresult handleContentDownloadError(nsresult errCode);
 };
 
 class nsNSSComponent;
 
 class NS_NO_VTABLE nsINSSComponent : public nsISupports {
  public:
   NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
 
@@ -128,22 +122,16 @@ class NS_NO_VTABLE nsINSSComponent : pub
   // This method will just disable OCSP in NSS, it will not
   // alter the respective pref values.
   NS_IMETHOD SkipOcsp() = 0;
 
   // This method will set the OCSP value according to the 
   // values in the preferences.
   NS_IMETHOD SkipOcspOff() = 0;
 
-  NS_IMETHOD RemoveCrlFromList(nsAutoString) = 0;
-
-  NS_IMETHOD DefineNextTimer() = 0;
-
-  NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0;
-  
   NS_IMETHOD LogoutAuthenticatedPK11() = 0;
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
   NS_IMETHOD LaunchSmartCardThread(SECMODModule *module) = 0;
 
   NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module) = 0;
 
   NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token) = 0;
@@ -166,32 +154,30 @@ NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComp
 class nsNSSShutDownList;
 class nsCertVerificationThread;
 
 // Implementation of the PSM component interface.
 class nsNSSComponent : public nsISignatureVerifier,
                        public nsIEntropyCollector,
                        public nsINSSComponent,
                        public nsIObserver,
-                       public nsSupportsWeakReference,
-                       public nsITimerCallback
+                       public nsSupportsWeakReference
 {
   typedef mozilla::Mutex Mutex;
 
 public:
   NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
 
   nsNSSComponent();
   virtual ~nsNSSComponent();
 
   NS_DECL_ISUPPORTS
   NS_DECL_NSISIGNATUREVERIFIER
   NS_DECL_NSIENTROPYCOLLECTOR
   NS_DECL_NSIOBSERVER
-  NS_DECL_NSITIMERCALLBACK
 
   NS_METHOD Init();
 
   static nsresult GetNewPrompter(nsIPrompt ** result);
   static nsresult ShowAlertWithConstructedString(const nsString & message);
   NS_IMETHOD ShowAlertFromStringBundle(const char * messageID);
 
   NS_IMETHOD GetPIPNSSBundleString(const char *name,
@@ -203,22 +189,17 @@ public:
   NS_IMETHOD GetNSSBundleString(const char *name,
                                nsAString &outString);
   NS_IMETHOD NSSBundleFormatStringFromName(const char *name,
                                            const PRUnichar **params,
                                            uint32_t numParams,
                                            nsAString &outString);
   NS_IMETHOD SkipOcsp();
   NS_IMETHOD SkipOcspOff();
-  nsresult InitializeCRLUpdateTimer();
-  nsresult StopCRLUpdateTimer();
-  NS_IMETHOD RemoveCrlFromList(nsAutoString);
-  NS_IMETHOD DefineNextTimer();
   NS_IMETHOD LogoutAuthenticatedPK11();
-  NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString);
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
   NS_IMETHOD LaunchSmartCardThread(SECMODModule *module);
   NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module);
   NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token);
   NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token);
   void LaunchSmartCardThreads();
   void ShutdownSmartCardThreads();
@@ -242,42 +223,32 @@ private:
   void CleanupIdentityInfo();
   void setValidationOptions(nsIPrefBranch * pref);
   nsresult setEnabledTLSVersions(nsIPrefBranch * pref);
   nsresult InitializePIPNSSBundle();
   nsresult ConfigureInternalPKCS11Token();
   nsresult RegisterPSMContentListener();
   nsresult RegisterObservers();
   nsresult DeregisterObservers();
-  nsresult DownloadCrlSilently();
-  nsresult PostCRLImportEvent(const nsCSubstring &urlString, nsIStreamListener *psmDownloader);
-  nsresult getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key);
 
   // Methods that we use to handle the profile change notifications (and to
   // synthesize a full profile change when we're just doing a profile startup):
   void DoProfileChangeNetTeardown();
   void DoProfileChangeTeardown(nsISupports* aSubject);
   void DoProfileBeforeChange(nsISupports* aSubject);
   void DoProfileChangeNetRestore();
   
   Mutex mutex;
   
   nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
   nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
   nsCOMPtr<nsIURIContentListener> mPSMContentListener;
   nsCOMPtr<nsIPrefBranch> mPrefBranch;
-  nsCOMPtr<nsITimer> mTimer;
   bool mNSSInitialized;
   bool mObserversRegistered;
-  nsAutoString mDownloadURL;
-  nsAutoString mCrlUpdateKey;
-  Mutex mCrlTimerLock;
-  nsHashtable *crlsScheduledForDownload;
-  bool crlDownloadTimerOn;
-  bool mUpdateTimerInitialized;
   static int mInstanceCount;
   nsNSSShutDownList *mShutdownObjectList;
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
   SmartCardThreadList *mThreadList;
 #endif
   bool mIsNetworkDown;
 
   void deleteBackgroundThreads();
--- a/security/manager/ssl/src/nsNSSModule.cpp
+++ b/security/manager/ssl/src/nsNSSModule.cpp
@@ -27,17 +27,16 @@
 #include "nsCryptoHash.h"
 //For the NS_CRYPTO_CONTRACTID define
 #include "nsDOMCID.h"
 
 #include "nsCMSSecureMessage.h"
 #include "nsCertPicker.h"
 #include "nsCURILoader.h"
 #include "nsICategoryManager.h"
-#include "nsCRLManager.h"
 #include "nsNTLMAuthModule.h"
 #include "nsStreamCipher.h"
 #include "nsKeyModule.h"
 #include "nsDataSignatureVerifier.h"
 #include "nsCertOverrideService.h"
 #include "nsRandomGenerator.h"
 #include "nsSSLStatus.h"
 #include "TransportSecurityInfo.h"
@@ -191,17 +190,16 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEn
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCrypto)
 #endif
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSSecureMessage)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSDecoder)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSEncoder)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCMSMessage)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertPicker)
-NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCRLManager)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCryptoHash)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCryptoHMAC)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsStreamCipher)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObject)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObjectFactory)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsCertOverrideService, Init)
@@ -233,17 +231,16 @@ NS_DEFINE_NAMED_CID(NS_CRYPTO_CID);
 #endif
 NS_DEFINE_NAMED_CID(NS_CMSSECUREMESSAGE_CID);
 NS_DEFINE_NAMED_CID(NS_CMSDECODER_CID);
 NS_DEFINE_NAMED_CID(NS_CMSENCODER_CID);
 NS_DEFINE_NAMED_CID(NS_CMSMESSAGE_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
 NS_DEFINE_NAMED_CID(NS_CERT_PICKER_CID);
-NS_DEFINE_NAMED_CID(NS_CRLMANAGER_CID);
 NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
 NS_DEFINE_NAMED_CID(NS_STREAMCIPHER_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
 NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
 NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
 NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
 NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
@@ -272,17 +269,16 @@ static const mozilla::Module::CIDEntry k
 #endif
   { &kNS_CMSSECUREMESSAGE_CID, false, nullptr, nsCMSSecureMessageConstructor },
   { &kNS_CMSDECODER_CID, false, nullptr, nsCMSDecoderConstructor },
   { &kNS_CMSENCODER_CID, false, nullptr, nsCMSEncoderConstructor },
   { &kNS_CMSMESSAGE_CID, false, nullptr, nsCMSMessageConstructor },
   { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
   { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
   { &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor },
-  { &kNS_CRLMANAGER_CID, false, nullptr, nsCRLManagerConstructor },
   { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
   { &kNS_STREAMCIPHER_CID, false, nullptr, nsStreamCipherConstructor },
   { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
   { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor },
   { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor },
   { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor },
   { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor },
   { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor },
@@ -315,36 +311,32 @@ static const mozilla::Module::ContractID
   { NS_CMSSECUREMESSAGE_CONTRACTID, &kNS_CMSSECUREMESSAGE_CID },
   { NS_CMSDECODER_CONTRACTID, &kNS_CMSDECODER_CID },
   { NS_CMSENCODER_CONTRACTID, &kNS_CMSENCODER_CID },
   { NS_CMSMESSAGE_CONTRACTID, &kNS_CMSMESSAGE_CID },
   { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
   { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
   { NS_CERT_PICKER_CONTRACTID, &kNS_CERT_PICKER_CID },
   { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
-  { NS_CRLMANAGER_CONTRACTID, &kNS_CRLMANAGER_CID },
   { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
   { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
   { NS_STREAMCIPHER_CONTRACTID, &kNS_STREAMCIPHER_CID },
   { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
   { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
   { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
   { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
   { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
   { nullptr }
 };
 
 static const mozilla::Module::CategoryEntry kNSSCategories[] = {
   { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-ca-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
   { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-server-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
   { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-user-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
   { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-email-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
-  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-pkcs7-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
-  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
-  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/pkix-crl", "@mozilla.org/uriloader/psm-external-content-listener;1" },
   { nullptr }
 };
 
 static const mozilla::Module kNSSModule = {
   mozilla::Module::kVersion,
   kNSSCIDs,
   kNSSContracts,
   kNSSCategories