Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler
authorDavid Erceg <erceg.david@gmail.com>
Mon, 22 Dec 2014 20:26:49 +1100
changeset 247610 178d18db618daed2b2b2b01c45d05a9c86785370
parent 247609 2aabdc20a0da04a6bd420c782a865a15c669fb08
child 247611 f1c8fc215969fb219cb332cafa29f3ade591eecf
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1111848
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler
netwerk/base/public/nsISiteSecurityService.idl
security/manager/boot/src/nsSiteSecurityService.cpp
--- a/netwerk/base/public/nsISiteSecurityService.idl
+++ b/netwerk/base/public/nsISiteSecurityService.idl
@@ -18,17 +18,17 @@ namespace mozilla
   {
     class Time;
   }
 }
 %}
 [ref] native nsCStringTArrayRef(nsTArray<nsCString>);
 [ref] native mozillaPkixTime(mozilla::pkix::Time);
 
-[scriptable, uuid(46555f70-3ab5-11e4-8613-180373d97f23)]
+[scriptable, uuid(e219eace-0e04-42ba-b203-58a8b327867c)]
 interface nsISiteSecurityService : nsISupports
 {
     const uint32_t HEADER_HSTS = 0;
     const uint32_t HEADER_HPKP = 1;
     const uint32_t HEADER_OMS = 2;
 
     /**
      * Parses a given HTTP header and records the results internally.
@@ -96,22 +96,16 @@ interface nsISiteSecurityService : nsISu
      * @param aFlags  options for this request as defined in nsISocketProvider:
      *                  NO_PERMANENT_STORAGE
      */
     boolean isSecureHost(in uint32_t aType,
                          in string aHost,
                          in uint32_t aFlags);
 
     /**
-     * Checks if the given security info is for a host with a broken
-     * transport layer (certificate errors like invalid CN).
-     */
-    boolean shouldIgnoreHeaders(in nsISupports aSecurityInfo);
-
-    /**
      * Checks whether or not the URI's hostname has a given security state set.
      * For example, for HSTS:
      * The URI is an HSTS URI if either the host has the HSTS state set, or one
      * of its super-domains has the HSTS "includeSubdomains" flag set.
      * NOTE: this function makes decisions based only on the
      * host contained in the URI, and disregards other portions of the URI
      * such as path and port.
      *
--- a/security/manager/boot/src/nsSiteSecurityService.cpp
+++ b/security/manager/boot/src/nsSiteSecurityService.cpp
@@ -6,17 +6,16 @@
 
 #include "mozilla/LinkedList.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Base64.h"
 #include "base64.h"
 #include "CertVerifier.h"
 #include "nsCRTGlue.h"
 #include "nsISSLStatus.h"
-#include "nsISSLStatusProvider.h"
 #include "nsISocketProvider.h"
 #include "nsIURI.h"
 #include "nsNetUtil.h"
 #include "nsNSSComponent.h"
 #include "nsSecurityHeaderParser.h"
 #include "nsString.h"
 #include "nsThreadUtils.h"
 #include "nsXULAppAPI.h"
@@ -960,49 +959,16 @@ nsSiteSecurityService::IsSecureHost(uint
 
     SSSLOG(("no HSTS data for %s found, walking up domain", subdomain));
   }
 
   // Use whatever we ended up with, which defaults to false.
   return NS_OK;
 }
 
-
-// Verify the trustworthiness of the security info (are there any cert errors?)
-NS_IMETHODIMP
-nsSiteSecurityService::ShouldIgnoreHeaders(nsISupports* aSecurityInfo,
-                                           bool* aResult)
-{
-  nsresult rv;
-  bool tlsIsBroken = false;
-  nsCOMPtr<nsISSLStatusProvider> sslprov = do_QueryInterface(aSecurityInfo);
-  NS_ENSURE_TRUE(sslprov, NS_ERROR_FAILURE);
-
-  nsCOMPtr<nsISSLStatus> sslstat;
-  rv = sslprov->GetSSLStatus(getter_AddRefs(sslstat));
-  NS_ENSURE_SUCCESS(rv, rv);
-  NS_ENSURE_TRUE(sslstat, NS_ERROR_FAILURE);
-
-  bool trustcheck;
-  rv = sslstat->GetIsDomainMismatch(&trustcheck);
-  NS_ENSURE_SUCCESS(rv, rv);
-  tlsIsBroken = tlsIsBroken || trustcheck;
-
-  rv = sslstat->GetIsNotValidAtThisTime(&trustcheck);
-  NS_ENSURE_SUCCESS(rv, rv);
-  tlsIsBroken = tlsIsBroken || trustcheck;
-
-  rv = sslstat->GetIsUntrusted(&trustcheck);
-  NS_ENSURE_SUCCESS(rv, rv);
-  tlsIsBroken = tlsIsBroken || trustcheck;
-
-  *aResult = tlsIsBroken;
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 nsSiteSecurityService::ClearAll()
 {
   return mSiteStateStorage->Clear();
 }
 
 NS_IMETHODIMP
 nsSiteSecurityService::GetKeyPinsForHostname(const char* aHostname,