Bug 942033 - Build security/manager in unified mode; r=bsmith
authorEhsan Akhgari <ehsan@mozilla.com>
Tue, 26 Nov 2013 13:18:21 -0500
changeset 172184 798dc919d6bcfcfe40d1216088a1d695eb4d82f9
parent 172183 8efca7a458ce437281cdbe26bb38a96d0f90f531
child 172185 de63b66f3d12dfd94e331b01dacf7b9d62fc60ea
push id3224
push userlsblakk@mozilla.com
push dateTue, 04 Feb 2014 01:06:49 +0000
treeherdermozilla-beta@60c04d0987f1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmith
bugs942033
milestone28.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 942033 - Build security/manager in unified mode; r=bsmith
security/manager/boot/src/moz.build
security/manager/pki/src/moz.build
security/manager/pki/src/nsNSSDialogHelper.h
security/manager/ssl/src/TransportSecurityInfo.cpp
security/manager/ssl/src/moz.build
security/manager/ssl/src/nsCMS.cpp
security/manager/ssl/src/nsCertTree.cpp
security/manager/ssl/src/nsCrypto.cpp
security/manager/ssl/src/nsKeygenHandler.cpp
security/manager/ssl/src/nsNSSCallbacks.cpp
security/manager/ssl/src/nsNSSCertHelper.cpp
security/manager/ssl/src/nsNSSCertificate.cpp
security/manager/ssl/src/nsNSSCertificateDB.cpp
security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
security/manager/ssl/src/nsNSSComponent.cpp
security/manager/ssl/src/nsNSSIOLayer.cpp
security/manager/ssl/src/nsPK11TokenDB.cpp
security/manager/ssl/src/nsPKCS12Blob.cpp
security/manager/ssl/src/nsSDR.cpp
security/manager/ssl/src/nsSmartCardMonitor.cpp
security/manager/ssl/tests/unit/tlsserver/lib/moz.build
--- a/security/manager/boot/src/moz.build
+++ b/security/manager/boot/src/moz.build
@@ -1,20 +1,24 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-SOURCES += [
+UNIFIED_SOURCES += [
     'nsBOOTModule.cpp',
     'nsEntropyCollector.cpp',
-    'nsSecureBrowserUIImpl.cpp',
     'nsSecurityHeaderParser.cpp',
     'nsSecurityWarningDialogs.cpp',
     'nsSiteSecurityService.cpp',
 ]
 
+# nsSecureBrowserUIImpl.cpp cannot be built in unified mode because it forces NSPR logging.
+SOURCES += [
+    'nsSecureBrowserUIImpl.cpp',
+]
+
 FAIL_ON_WARNINGS = True
 
 MSVC_ENABLE_PGO = True
 
 FINAL_LIBRARY = 'xul'
--- a/security/manager/pki/src/moz.build
+++ b/security/manager/pki/src/moz.build
@@ -1,15 +1,15 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-SOURCES += [
+UNIFIED_SOURCES += [
     'nsASN1Tree.cpp',
     'nsFormSigningDialog.cpp',
     'nsNSSDialogHelper.cpp',
     'nsNSSDialogs.cpp',
     'nsPKIModule.cpp',
     'nsPKIParamBlock.cpp',
 ]
 
--- a/security/manager/pki/src/nsNSSDialogHelper.h
+++ b/security/manager/pki/src/nsNSSDialogHelper.h
@@ -1,14 +1,17 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#ifndef nsNSSDialogHelper_h
+#define nsNSSDialogHelper_h
+
 #include "nsIDOMWindow.h"
 
 /**
  * Common class that uses the window watcher service to open a
  * standard dialog, with or without a parent context. The params
  * parameter can be an nsISupportsArray so any number of additional
  * arguments can be used.
  */
@@ -19,8 +22,9 @@ public:
   //nsIDialogParamBlock
   static nsresult openDialog(
                   nsIDOMWindow *window,
                   const char *url,
                   nsISupports *params,
                   bool modal = true);
 };
 
+#endif
--- a/security/manager/ssl/src/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/src/TransportSecurityInfo.cpp
@@ -29,22 +29,16 @@
                             
 //#define DUMP_BUFFER  //Enable this define along with
                        //DEBUG_SSL_VERBOSE to dump SSL
                        //read/write buffer to a log.
                        //Uses PR_LOG except on Mac where
                        //we always write out to our own
                        //file.
 
-namespace {
-
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
-} // unnamed namespace
-
 namespace mozilla { namespace psm {
 
 TransportSecurityInfo::TransportSecurityInfo()
   : mMutex("TransportSecurityInfo::mMutex"),
     mSecurityState(nsIWebProgressListener::STATE_IS_INSECURE),
     mSubRequestsBrokenSecurity(0),
     mSubRequestsNoSecurity(0),
     mErrorCode(0),
@@ -558,16 +552,18 @@ TransportSecurityInfo::SetSSLStatus(nsSS
  * for overridable cert errors.
  */
 static nsresult
 formatPlainErrorMessage(const nsXPIDLCString &host, int32_t port,
                         PRErrorCode err, 
                         bool suppressPort443,
                         nsString &returnedMessage)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   const PRUnichar *params[1];
   nsresult rv;
 
   nsCOMPtr<nsINSSComponent> component = do_GetService(kNSSComponentCID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (host.Length())
   {
@@ -959,16 +955,18 @@ AppendErrorTextCode(PRErrorCode errorCod
 static nsresult
 formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
                                   PRErrorCode errorCodeToReport, 
                                   const nsXPIDLCString & host, int32_t port,
                                   bool suppressPort443,
                                   bool wantsHtml,
                                   nsString & returnedMessage)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   const PRUnichar *params[1];
   nsresult rv;
   nsAutoString hostWithPort;
   nsAutoString hostWithoutPort;
 
   // For now, hide port when it's 443 and we're reporting the error.
   // In the future a better mechanism should be used
   // to make a decision about showing the port number, possibly by requiring
--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@@ -10,79 +10,85 @@ EXPORTS += [
     'nsRandomGenerator.h',
     'ScopedNSSTypes.h',
 ]
 
 EXPORTS.mozilla += [
     'PublicSSL.h',
 ]
 
-SOURCES += [
+UNIFIED_SOURCES += [
     'CertVerifier.cpp',
     'CryptoTask.cpp',
-    'JARSignatureVerification.cpp',
     'nsCertificatePrincipal.cpp',
     'nsCertOverrideService.cpp',
     'nsCertPicker.cpp',
     'nsCertVerificationThread.cpp',
     'nsClientAuthRemember.cpp',
     'nsCMS.cpp',
     'nsCMSSecureMessage.cpp',
     'nsCrypto.cpp',
-    'nsCryptoHash.cpp',
     'nsDataSignatureVerifier.cpp',
     'nsIdentityChecking.cpp',
     'nsKeygenHandler.cpp',
     'nsKeygenThread.cpp',
     'nsKeyModule.cpp',
     'nsNSSASN1Object.cpp',
     'nsNSSCallbacks.cpp',
     'nsNSSCertCache.cpp',
     'nsNSSCertHelper.cpp',
     'nsNSSCertificate.cpp',
-    'nsNSSCertificateDB.cpp',
     'nsNSSCertificateFakeTransport.cpp',
     'nsNSSCertTrust.cpp',
     'nsNSSCertValidity.cpp',
     'nsNSSCleaner.cpp',
-    'nsNSSComponent.cpp',
     'nsNSSErrors.cpp',
     'nsNSSIOLayer.cpp',
     'nsNSSModule.cpp',
     'nsNSSShutDown.cpp',
-    'nsNSSVersion.cpp',
     'nsNTLMAuthModule.cpp',
     'nsPK11TokenDB.cpp',
     'nsPKCS11Slot.cpp',
     'nsPKCS12Blob.cpp',
     'nsProtectedAuthThread.cpp',
     'nsPSMBackgroundThread.cpp',
     'nsRandomGenerator.cpp',
     'nsRecentBadCerts.cpp',
     'nsSDR.cpp',
     'NSSErrorsService.cpp',
     'nsSSLSocketProvider.cpp',
     'nsSSLStatus.cpp',
     'nsStreamCipher.cpp',
     'nsTLSSocketProvider.cpp',
     'nsUsageArrayHelper.cpp',
-    'PSMContentListener.cpp',
     'PSMRunnable.cpp',
     'SharedSSLState.cpp',
     'SSLServerCertVerification.cpp',
     'TransportSecurityInfo.cpp',
 ]
 
+# nsNSSCertificateDB.cpp needs to include nscert.h before everything else.
+# The rest cannot be built in unified mode because they want to force NSPR
+# logging.
+SOURCES += [
+    'JARSignatureVerification.cpp',
+    'nsCryptoHash.cpp',
+    'nsNSSCertificateDB.cpp',
+    'nsNSSComponent.cpp',
+    'nsNSSVersion.cpp',
+    'PSMContentListener.cpp',
+]
+
 if not CONFIG['MOZ_DISABLE_CRYPTOLEGACY']:
-    SOURCES += [
+    UNIFIED_SOURCES += [
         'nsSmartCardMonitor.cpp',
     ]
 
 if CONFIG['MOZ_XUL']:
-    SOURCES += [
+    UNIFIED_SOURCES += [
         'nsCertTree.cpp',
     ]
 
-SOURCES += [
+UNIFIED_SOURCES += [
     'md4.c',
 ]
 
 FINAL_LIBRARY = 'xul'
--- a/security/manager/ssl/src/nsCMS.cpp
+++ b/security/manager/ssl/src/nsCMS.cpp
@@ -22,18 +22,16 @@ using namespace mozilla;
 using namespace mozilla::psm;
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
 using namespace mozilla;
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 NS_IMPL_ISUPPORTS2(nsCMSMessage, nsICMSMessage, nsICMSMessage2)
 
 nsCMSMessage::nsCMSMessage()
 {
   m_cmsMsg = nullptr;
 }
 nsCMSMessage::nsCMSMessage(NSSCMSMessage *aCMSMsg)
 {
--- a/security/manager/ssl/src/nsCertTree.cpp
+++ b/security/manager/ssl/src/nsCertTree.cpp
@@ -25,17 +25,16 @@
 #include "prlog.h"
 
 using namespace mozilla;
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
 static NS_DEFINE_CID(kCertOverrideCID, NS_CERTOVERRIDE_CID);
 
 // treeArrayElStr
 //
 // structure used to hold map of tree.  Each thread (an organization
 // field from a cert) has an element in the array.  The numChildren field
 // stores the number of certs corresponding to that thread.
 struct treeArrayElStr {
@@ -157,16 +156,18 @@ nsCertTreeDispInfo::GetHostPort(nsAStrin
   aHostPort = NS_ConvertUTF8toUTF16(hostPort);
   return NS_OK;
 }
 
 NS_IMPL_ISUPPORTS2(nsCertTree, nsICertTree, nsITreeView)
 
 nsCertTree::nsCertTree() : mTreeArray(nullptr)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   mCompareCache.ops = nullptr;
   mNSSComponent = do_GetService(kNSSComponentCID);
   mOverrideService = do_GetService("@mozilla.org/security/certoverride;1");
   // Might be a different service if someone is overriding the contract
   nsCOMPtr<nsICertOverrideService> origCertOverride =
     do_GetService(kCertOverrideCID);
   mOriginalOverrideService =
     static_cast<nsCertOverrideService*>(origCertOverride.get());
--- a/security/manager/ssl/src/nsCrypto.cpp
+++ b/security/manager/ssl/src/nsCrypto.cpp
@@ -103,22 +103,16 @@ using namespace mozilla::dom;
 #define JS_ERR_DEL_MOD                    -4
 #define JS_ERR_ADD_MOD                    -5
 #define JS_ERR_BAD_MODULE_NAME            -6
 #define JS_ERR_BAD_DLL_NAME               -7
 #define JS_ERR_BAD_MECHANISM_FLAGS        -8
 #define JS_ERR_BAD_CIPHER_ENABLE_FLAGS    -9
 #define JS_ERR_ADD_DUPLICATE_MOD          -10
 
-namespace {
-  
-NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
-} // unnamed namespace
-
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
 
 NSSCleanupAutoPtrClass_WithParam(PK11Context, PK11_DestroyContext, TrueParam, true)
 
 /*
  * This structure is used to store information for one key generation.
  * The nsCrypto::GenerateCRMFRequest method parses the inputs and then
  * stores one of these structures for every key generation that happens.
@@ -265,16 +259,18 @@ void
 nsCrypto::Init(nsIDOMWindow* aWindow)
 {
   mozilla::dom::Crypto::Init(aWindow);
 }
 
 void
 nsCrypto::SetEnableSmartCardEvents(bool aEnable, ErrorResult& aRv)
 {
+  NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv = NS_OK;
 
   // this has the side effect of starting the nssComponent (and initializing
   // NSS) even if it isn't already going. Starting the nssComponent is a
   // prerequisite for getting smartCard events.
   if (aEnable) {
     nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   }
@@ -2105,16 +2101,18 @@ nsP12Runnable::~nsP12Runnable()
   delete []mCertArr;
 }
 
 
 //Implementation that backs cert(s) into a PKCS12 file
 NS_IMETHODIMP
 nsP12Runnable::Run()
 {
+  NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   NS_ASSERTION(NS_IsMainThread(), "nsP12Runnable dispatched to the wrong thread");
 
   nsNSSShutDownPreventionLock locker;
   NS_ASSERTION(mCertArr, "certArr is NULL while trying to back up");
 
   nsString final;
   nsString temp;
   nsresult rv;
@@ -2823,16 +2821,18 @@ nsCrypto::SignText(JSContext* aContext,
   PORT_Free(result);
 
   return;
 }
 
 void
 nsCrypto::Logout(ErrorResult& aRv)
 {
+  NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv)) {
     aRv.Throw(rv);
     return;
   }
 
   {
@@ -2890,16 +2890,18 @@ nsPkcs11::nsPkcs11()
 nsPkcs11::~nsPkcs11()
 {
 }
 
 //Delete a PKCS11 module from the user's profile.
 NS_IMETHODIMP
 nsPkcs11::DeleteModule(const nsAString& aModuleName)
 {
+  NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsNSSShutDownPreventionLock locker;
   nsresult rv;
   nsString errorMessage;
 
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
     return rv;
 
@@ -2927,16 +2929,18 @@ nsPkcs11::DeleteModule(const nsAString& 
 
 //Add a new PKCS11 module to the user's profile.
 NS_IMETHODIMP
 nsPkcs11::AddModule(const nsAString& aModuleName, 
                     const nsAString& aLibraryFullPath, 
                     int32_t aCryptoMechanismFlags, 
                     int32_t aCipherFlags)
 {
+  NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsNSSShutDownPreventionLock locker;
   nsresult rv;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
 
   NS_ConvertUTF16toUTF8 moduleName(aModuleName);
   nsCString fullPath;
   // NSS doesn't support Unicode path.  Use native charset
   NS_CopyUnicodeToNative(aLibraryFullPath, fullPath);
--- a/security/manager/ssl/src/nsKeygenHandler.cpp
+++ b/security/manager/ssl/src/nsKeygenHandler.cpp
@@ -65,17 +65,16 @@ const SEC_ASN1Template SECKEY_PQGParamsT
     { SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
     { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
     { SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
     { 0, }
 };
 
 
 static NS_DEFINE_IID(kIDOMHTMLSelectElementIID, NS_IDOMHTMLSELECTELEMENT_IID);
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
 
 static PQGParams *
 decode_pqg_params(char *aStr)
 {
     unsigned char *buf = nullptr;
     unsigned int len;
     PLArenaPool *arena = nullptr;
     PQGParams *params = nullptr;
@@ -283,16 +282,18 @@ nsKeygenFormProcessor::Create(nsISupport
     rv = formProc->QueryInterface(aIID, aResult);
   }
   return rv;
 }
 
 nsresult
 nsKeygenFormProcessor::Init()
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv;
 
   nsCOMPtr<nsINSSComponent> nssComponent;
   nssComponent = do_GetService(kNSSComponentCID, &rv);
   if (NS_FAILED(rv))
     return rv;
 
   // Init possible key size choices.
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -24,18 +24,16 @@
 #include "nsNetUtil.h"
 #include "SharedSSLState.h"
 #include "ssl.h"
 #include "sslproto.h"
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
 static void AccumulateCipherSuite(Telemetry::ID probe,
                                   const SSLChannelInfo& channelInfo);
 
 class nsHTTPDownloadEvent : public nsRunnable {
@@ -771,16 +769,18 @@ public:
   virtual void RunOnTargetThread();
 private:
   PK11SlotInfo* const mSlot; // in
   nsIInterfaceRequestor* const mIR; // in
 };
 
 void PK11PasswordPromptRunnable::RunOnTargetThread()
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsNSSShutDownPreventionLock locker;
   nsresult rv = NS_OK;
   PRUnichar *password = nullptr;
   bool value = false;
   nsCOMPtr<nsIPrompt> prompt;
 
   /* TODO: Retry should generate a different dialog message */
 /*
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@@ -17,18 +17,16 @@
 #include "nsNSSCertTrust.h"
 #include "nsIDateTimeFormat.h"
 #include "nsDateTimeFormatCID.h"
 #include "nsServiceManagerUtils.h"
 #include <algorithm>
 
 using namespace mozilla;
  
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 /* Object Identifier constants */
 #define CONST_OID static const unsigned char
 #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
 #define PKIX_OID 0x2b, 0x6, 0x01, 0x05, 0x05, 0x07
 CONST_OID msCertExtCerttype[]      = { MICROSOFT_OID, 20, 2};
 CONST_OID msNTPrincipalName[]      = { MICROSOFT_OID, 20, 2, 3 };
 CONST_OID msCertsrvCAVersion[]     = { MICROSOFT_OID, 21, 1 };
 CONST_OID msNTDSReplication[]      = { MICROSOFT_OID, 25, 1 };
@@ -2107,16 +2105,18 @@ nsNSSCertificate::CreateTBSCertificateAS
   *retSequence = sequence;
   NS_ADDREF(*retSequence);  
   return NS_OK;
 }
 
 nsresult
 nsNSSCertificate::CreateASN1Struct(nsIASN1Object** aRetVal)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
     return NS_ERROR_NOT_AVAILABLE;
 
   nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
 
   nsCOMPtr<nsIMutableArray> asn1Objects;
   sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
@@ -2183,16 +2183,18 @@ getCertType(CERTCertificate *cert)
   if (cert->emailAddr)
     return nsIX509Cert::EMAIL_CERT;
   return nsIX509Cert::UNKNOWN_CERT;
 }
 
 CERTCertNicknames *
 getNSSCertNicknamesFromCertList(CERTCertList *certList)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv;
 
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
     return nullptr;
 
   nsAutoString expiredString, notYetValidString;
   nsAutoString expiredStringLeadingSpace, notYetValidStringLeadingSpace;
--- a/security/manager/ssl/src/nsNSSCertificate.cpp
+++ b/security/manager/ssl/src/nsNSSCertificate.cpp
@@ -51,18 +51,16 @@
 
 using namespace mozilla;
 using namespace mozilla::psm;
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 NSSCleanupAutoPtrClass_WithParam(PLArenaPool, PORT_FreeArena, FalseParam, false)
 
 // This is being stored in an uint32_t that can otherwise
 // only take values from nsIX509Cert's list of cert types.
 // As nsIX509Cert is frozen, we choose a value not contained
 // in the list to mean not yet initialized.
 #define CERT_TYPE_NOT_YET_INITIALIZED (1 << 30)
 
@@ -337,16 +335,18 @@ GetKeyUsagesString(CERTCertificate *cert
 
   PORT_Free (keyUsageItem.data);
   return NS_OK;
 }
 
 nsresult
 nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &nickWithSerial, nsAutoString &details)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   if (!NS_IsMainThread()) {
     NS_ERROR("nsNSSCertificate::FormatUIStrings called off the main thread");
     return NS_ERROR_NOT_SAME_THREAD;
   }
   
   nsresult rv = NS_OK;
 
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
@@ -560,16 +560,18 @@ nsNSSCertificate::GetWindowTitle(char * 
     *aWindowTitle = nullptr;
   }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSCertificate::GetNickname(nsAString &aNickname)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
     return NS_ERROR_NOT_AVAILABLE;
 
   if (mCert->nickname) {
     CopyUTF8toUTF16(mCert->nickname, aNickname);
   } else {
     nsresult rv;
@@ -580,16 +582,18 @@ nsNSSCertificate::GetNickname(nsAString 
     nssComponent->GetPIPNSSBundleString("CertNoNickname", aNickname);
   }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsNSSCertificate::GetEmailAddress(nsAString &aEmailAddress)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
     return NS_ERROR_NOT_AVAILABLE;
 
   if (mCert->emailAddr) {
     CopyUTF8toUTF16(mCert->emailAddr, aEmailAddress);
   } else {
     nsresult rv;
@@ -1033,16 +1037,18 @@ nsNSSCertificate::GetMd5Fingerprint(nsAS
     return NS_OK;
   }
   return NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsNSSCertificate::GetTokenName(nsAString &aTokenName)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
     return NS_ERROR_NOT_AVAILABLE;
 
   aTokenName.Truncate();
   if (mCert) {
     // HACK alert
     // When the trust of a builtin cert is modified, NSS copies it into the
@@ -1770,16 +1776,16 @@ nsNSSCertificate::GetImplementationLangu
 
 NS_IMETHODIMP 
 nsNSSCertificate::GetFlags(uint32_t *aFlags)
 {
   *aFlags = nsIClassInfo::THREADSAFE;
   return NS_OK;
 }
 
-static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
-
 NS_IMETHODIMP 
 nsNSSCertificate::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
 {
+  static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
+
   *aClassIDNoAlloc = kNSSCertificateCID;
   return NS_OK;
 }
--- a/security/manager/ssl/src/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/src/nsNSSCertificateDB.cpp
@@ -50,19 +50,16 @@
 using namespace mozilla;
 using namespace mozilla::psm;
 using mozilla::psm::SharedSSLState;
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
-
 NS_IMPL_ISUPPORTS2(nsNSSCertificateDB, nsIX509CertDB, nsIX509CertDB2)
 
 nsNSSCertificateDB::nsNSSCertificateDB()
 : mBadCertsLock("nsNSSCertificateDB::mBadCertsLock")
 {
   SharedSSLState::NoteCertDBServiceInstantiated();
 }
 
@@ -809,16 +806,18 @@ nsNSSCertificateDB::ImportValidCACertsIn
   return NS_OK;
 }
 
 void nsNSSCertificateDB::DisplayCertificateAlert(nsIInterfaceRequestor *ctx, 
                                                  const char *stringID, 
                                                  nsIX509Cert *certToShow,
                                                  const nsNSSShutDownPreventionLock &/*proofOfLock*/)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   if (!NS_IsMainThread()) {
     NS_ERROR("nsNSSCertificateDB::DisplayCertificateAlert called off the main thread");
     return;
   }
 
   nsPSMUITracker tracker;
   if (!tracker.isUIForbidden()) {
 
@@ -1442,16 +1441,18 @@ nsNSSCertificateDB::ConstructX509FromBas
 }
 
 void
 nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert, 
                                          nsIInterfaceRequestor* ctx,
                                          nsCString &nickname,
                                          const nsNSSShutDownPreventionLock &/*proofOfLock*/)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nickname.Truncate();
 
   nsresult rv;
   CK_OBJECT_HANDLE keyHandle;
 
   CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
--- a/security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
+++ b/security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
@@ -319,16 +319,16 @@ nsNSSCertificateFakeTransport::GetImplem
 
 NS_IMETHODIMP
 nsNSSCertificateFakeTransport::GetFlags(uint32_t *aFlags)
 {
   *aFlags = nsIClassInfo::THREADSAFE;
   return NS_OK;
 }
 
-static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
-
 NS_IMETHODIMP
 nsNSSCertificateFakeTransport::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
 {
+  static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
+
   *aClassIDNoAlloc = kNSSCertificateCID;
   return NS_OK;
 }
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -70,18 +70,16 @@
 using namespace mozilla;
 using namespace mozilla::dom;
 using namespace mozilla::psm;
 
 #ifdef MOZ_LOGGING
 PRLogModuleInfo* gPIPNSSLog = nullptr;
 #endif
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 int nsNSSComponent::mInstanceCount = 0;
 
 #ifndef NSS_NO_LIBPKIX
 bool nsNSSComponent::globalConstFlagUsePKIXVerification = false;
 #endif
 
 // XXX tmp callback for slot password
 extern char* pk11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void *arg);
@@ -112,16 +110,18 @@ nsTokenEventRunnable::nsTokenEventRunnab
 
 nsTokenEventRunnable::~nsTokenEventRunnable() { }
 
 //Implementation that runs the callback passed to 
 //crypto.generateCRMFRequest as an event.
 NS_IMETHODIMP
 nsTokenEventRunnable::Run()
 { 
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
     return rv;
 
   return nssComponent->DispatchEvent(mType, mTokenName);
 }
 #endif // MOZ_DISABLE_CRYPTOLEGACY
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -60,18 +60,16 @@ using namespace mozilla::psm;
                        //Uses PR_LOG except on Mac where
                        //we always write out to our own
                        //file.
 
 namespace {
 
 NSSCleanupAutoPtrClass(void, PR_FREEIF)
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 void
 getSiteKey(const nsACString & hostName, uint16_t port,
            /*out*/ nsCSubstring & key)
 {
   key = hostName;
   key.AppendASCII(":");
   key.AppendInt(port);
 }
--- a/security/manager/ssl/src/nsPK11TokenDB.cpp
+++ b/security/manager/ssl/src/nsPK11TokenDB.cpp
@@ -13,18 +13,16 @@
 #include "nsServiceManagerUtils.h"
 
 #include "nsPK11TokenDB.h"
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 NS_IMPL_ISUPPORTS1(nsPK11Token, nsIPK11Token)
 
 nsPK11Token::nsPK11Token(PK11SlotInfo *slot)
 {
   nsNSSShutDownPreventionLock locker;
   if (isAlreadyShutDown())
     return;
 
@@ -227,16 +225,18 @@ NS_IMETHODIMP nsPK11Token::LogoutSimple(
   // PK11_MapError sets CKR_USER_NOT_LOGGED_IN to SEC_ERROR_LIBRARY_FAILURE,
   // so not going to learn anything here by a failure.  Treat it like void.
   PK11_Logout(mSlot);
   return NS_OK;
 }
 
 NS_IMETHODIMP nsPK11Token::LogoutAndDropAuthenticatedResources()
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv = LogoutSimple();
 
   if (NS_FAILED(rv))
     return rv;
 
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
     return rv;
--- a/security/manager/ssl/src/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/src/nsPKCS12Blob.cpp
@@ -30,18 +30,16 @@
 #include "secerr.h"
 
 #ifdef PR_LOGGING
 extern PRLogModuleInfo* gPIPNSSLog;
 #endif
 
 using namespace mozilla;
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 #define PIP_PKCS12_TMPFILENAME   NS_LITERAL_CSTRING(".pip_p12tmp")
 #define PIP_PKCS12_BUFFER_SIZE   2048
 #define PIP_PKCS12_RESTORE_OK          1
 #define PIP_PKCS12_BACKUP_OK           2
 #define PIP_PKCS12_USER_CANCELED       3
 #define PIP_PKCS12_NOSMARTCARD_EXPORT  4
 #define PIP_PKCS12_RESTORE_FAILED      5
 #define PIP_PKCS12_BACKUP_FAILED       6
@@ -677,16 +675,18 @@ nsPKCS12Blob::digest_write(void *arg, un
 }
 
 // nickname_collision
 // what to do when the nickname collides with one already in the db.
 // TODO: not handled, throw a dialog allowing the nick to be changed?
 SECItem *
 nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsNSSShutDownPreventionLock locker;
   *cancel = false;
   nsresult rv;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv)) return nullptr;
   int count = 1;
   nsCString nickname;
   nsAutoString nickFromProp;
@@ -764,16 +764,18 @@ pip_ucs2_ascii_conversion_fn(PRBool toUn
   *outBufLen = inBufLen;
   memcpy(outBuf, inBuf, inBufLen);
   return true;
 }
 
 void
 nsPKCS12Blob::handleError(int myerr)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   if (!NS_IsMainThread()) {
     NS_ERROR("nsPKCS12Blob::handleError called off the mai nthread.");
     return;
   }
 
   int prerr = PORT_GetError();
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PKCS12: NSS/NSPR error(%d)", prerr));
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PKCS12: I called(%d)", myerr));
--- a/security/manager/ssl/src/nsSDR.cpp
+++ b/security/manager/ssl/src/nsSDR.cpp
@@ -227,21 +227,21 @@ ChangePassword()
     }
   }
 
   /* canceled is ignored */
 
   return rv;
 }
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 NS_IMETHODIMP nsSecretDecoderRing::
 Logout()
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
     return rv;
 
   {
     nsNSSShutDownPreventionLock locker;
     PK11_LogoutAll();
@@ -249,16 +249,18 @@ Logout()
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP nsSecretDecoderRing::
 LogoutAndTeardown()
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv;
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
     return rv;
 
   {
     nsNSSShutDownPreventionLock locker;
     PK11_LogoutAll();
--- a/security/manager/ssl/src/nsSmartCardMonitor.cpp
+++ b/security/manager/ssl/src/nsSmartCardMonitor.cpp
@@ -23,18 +23,16 @@ using namespace mozilla;
 // insertion and removal events we are looking for.
 //
 // Once the event is found, It is passed to nsNSSComponent for dispatching
 // on the UI thread, and forwarding to any interested listeners (including
 // javascript).
 //
 
 
-static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
-
 // self linking and removing double linked entry
 // adopts the thread it is passed.
 class SmartCardThreadEntry {
 public:
  SmartCardThreadEntry *next;
  SmartCardThreadEntry *prev;
  SmartCardThreadEntry **head;
  SmartCardMonitoringThread *thread;
@@ -232,16 +230,18 @@ SmartCardMonitoringThread::GetTokenSerie
 
 //
 // helper function to pass the event off to nsNSSComponent.
 //
 nsresult
 SmartCardMonitoringThread::SendEvent(const nsAString &eventType,
                                      const char *tokenName)
 {
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
   nsresult rv;
   nsCOMPtr<nsINSSComponent> 
                     nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv))
     return rv;
 
   // NSS returns actual UTF8, not ASCII
   nssComponent->PostEvent(eventType, NS_ConvertUTF8toUTF16(tokenName));
--- a/security/manager/ssl/tests/unit/tlsserver/lib/moz.build
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build
@@ -1,12 +1,12 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-SOURCES += [
+UNIFIED_SOURCES += [
     'OCSPCommon.cpp',
     'TLSServer.cpp',
 ]
 
 LIBRARY_NAME = 'tlsserver'