Bug 891066, Part 9: Move DisableMD5 to NSSCertDBTrustDomain, r=dkeeler
authorBrian Smith <brian@briansmith.org>
Mon, 20 Jan 2014 01:30:25 -0800
changeset 175505 e6c9677b89d25bd044cda9d5029eda41b08f42ec
parent 175504 a3bd9bdeac7334c57ae01bb9b70f858e8900f68c
child 175508 3f6720262287a411c441a0850e9a4e89e68177db
child 175522 88549ccbce600d95642b3651a0b38dd3479cfb78
push idunknown
push userunknown
push dateunknown
reviewersdkeeler
bugs891066
milestone29.0a1
Bug 891066, Part 9: Move DisableMD5 to NSSCertDBTrustDomain, r=dkeeler
security/certverifier/NSSCertDBTrustDomain.cpp
security/certverifier/NSSCertDBTrustDomain.h
security/manager/ssl/src/nsNSSComponent.cpp
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -73,16 +73,27 @@ InitializeNSS(const char* dir, bool read
   // "/usr/lib/nss/libnssckbi.so".
   uint32_t flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE;
   if (readOnly) {
     flags |= NSS_INIT_READONLY;
   }
   return ::NSS_Initialize(dir, "", "", SECMOD_DB, flags);
 }
 
+void
+DisableMD5()
+{
+  NSS_SetAlgorithmPolicy(SEC_OID_MD5,
+    0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
+  NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
+    0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
+  NSS_SetAlgorithmPolicy(SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
+    0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
+}
+
 SECStatus
 LoadLoadableRoots(/*optional*/ const char* dir, const char* modNameUTF8)
 {
   PR_ASSERT(modNameUTF8);
 
   if (!modNameUTF8) {
     PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
     return SECFailure;
--- a/security/certverifier/NSSCertDBTrustDomain.h
+++ b/security/certverifier/NSSCertDBTrustDomain.h
@@ -10,16 +10,18 @@
 #include "insanity/pkixtypes.h"
 #include "secmodt.h"
 #include "CertVerifier.h"
 
 namespace mozilla { namespace psm {
 
 SECStatus InitializeNSS(const char* dir, bool readOnly);
 
+void DisableMD5();
+
 extern const char BUILTIN_ROOTS_MODULE_DEFAULT_NAME[];
 
 // The dir parameter is the path to the directory containing the NSS builtin
 // roots module. Usually this is the same as the path to the other NSS shared
 // libraries. If it is null then the (library) path will be searched.
 //
 // The modNameUTF8 parameter should usually be
 // BUILTIN_ROOTS_MODULE_DEFAULT_NAME.
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -1924,27 +1924,16 @@ setPassword(PK11SlotInfo* slot, nsIInter
   }
  loser:
   return rv;
 }
 
 namespace mozilla {
 namespace psm {
 
-void
-DisableMD5()
-{
-  NSS_SetAlgorithmPolicy(SEC_OID_MD5,
-      0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
-  NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
-      0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
-  NSS_SetAlgorithmPolicy(SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
-      0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
-}
-
 nsresult
 InitializeCipherSuite()
 {
   NS_ASSERTION(NS_IsMainThread(), "InitializeCipherSuite() can only be accessed in main thread");
 
   if (NSS_SetDomesticPolicy() != SECSuccess) {
     return NS_ERROR_FAILURE;
   }