Back out c74ce1905b96 (bug 832848) for not actually building
authorPhil Ringnalda <philringnalda@gmail.com>
Thu, 09 May 2013 20:49:36 -0700
changeset 142425 7f4e7df5a393ec1cee7280ac66b3b30273f284ed
parent 142424 494c33bc8dbdef8ce93d03fcf1935d637de8ab26
child 142426 08be63954b6bce6e8aaa505352e11c4541d365c1
child 142527 b4007c60cae716ebb29ea80b224e61c33c1e5907
push id2579
push userakeybl@mozilla.com
push dateMon, 24 Jun 2013 18:52:47 +0000
treeherdermozilla-beta@b69b7de8a05a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs832848
milestone23.0a1
backs outc74ce1905b96184e35c5328da98d516b8e692b93
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Back out c74ce1905b96 (bug 832848) for not actually building CLOSED TREE
dom/ipc/TabParent.cpp
netwerk/base/public/nsISecureBrowserUI.idl
netwerk/socket/nsITransportSecurityInfo.idl
security/manager/boot/src/nsSecureBrowserUIImpl.cpp
security/manager/boot/src/nsSecureBrowserUIImpl.h
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
security/manager/locales/en-US/chrome/pipnss/security.properties
security/manager/locales/en-US/chrome/pippki/pippki.properties
security/manager/ssl/src/TransportSecurityInfo.cpp
security/manager/ssl/src/TransportSecurityInfo.h
security/manager/ssl/src/nsNSSCallbacks.cpp
--- a/dom/ipc/TabParent.cpp
+++ b/dom/ipc/TabParent.cpp
@@ -532,16 +532,23 @@ TabParent::GetState(uint32_t *aState)
 NS_IMETHODIMP
 TabParent::SetDocShell(nsIDocShell *aDocShell)
 {
   NS_ENSURE_ARG(aDocShell);
   NS_WARNING("No mDocShell member in TabParent so there is no docShell to set");
   return NS_OK;
 }
 
+NS_IMETHODIMP
+TabParent::GetTooltipText(nsAString & aTooltipText)
+{
+  aTooltipText.Truncate();
+  return NS_OK;
+}
+
 PDocumentRendererParent*
 TabParent::AllocPDocumentRenderer(const nsRect& documentRect,
                                   const gfxMatrix& transform,
                                   const nsString& bgcolor,
                                   const uint32_t& renderFlags,
                                   const bool& flushLayout,
                                   const nsIntSize& renderSize)
 {
--- a/netwerk/base/public/nsISecureBrowserUI.idl
+++ b/netwerk/base/public/nsISecureBrowserUI.idl
@@ -5,20 +5,21 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 
 interface nsIDOMWindow;
 interface nsIDOMElement;
 interface nsIDocShell;
 
-[scriptable, uuid(62f6c5be-ea8c-4fab-8e5c-d1580b50ec3f)]
+[scriptable, uuid(e97e5688-add2-4a1d-acae-396d7702e382)]
 interface nsISecureBrowserUI : nsISupports
 {
     void init(in nsIDOMWindow window);
     void setDocShell(in nsIDocShell docShell);
 
     readonly attribute unsigned long state;
+    readonly attribute AString tooltipText;
 };
 
 %{C++
 #define NS_SECURE_BROWSER_UI_CONTRACTID "@mozilla.org/secure_browser_ui;1"
 %}
--- a/netwerk/socket/nsITransportSecurityInfo.idl
+++ b/netwerk/socket/nsITransportSecurityInfo.idl
@@ -1,14 +1,15 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 
-[scriptable, uuid(8813d03b-e76c-4240-9691-d327d9b91e88)]
+[scriptable, uuid(0d0a6b62-d4a9-402e-a197-6bc6e358fec9)]
 interface nsITransportSecurityInfo : nsISupports {
     readonly attribute unsigned long    securityState;
+    readonly attribute wstring          shortSecurityDescription;
     readonly attribute wstring          errorMessage;
 };
 
--- a/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
+++ b/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
@@ -43,16 +43,18 @@
 #include "imgIRequest.h"
 #include "nsThreadUtils.h"
 #include "nsNetUtil.h"
 #include "nsNetCID.h"
 #include "nsCRT.h"
 
 using namespace mozilla;
 
+#define SECURITY_STRING_BUNDLE_URL "chrome://pipnss/locale/security.properties"
+
 #define IS_SECURE(state) ((state & 0xFFFF) == STATE_IS_SECURE)
 
 #if defined(PR_LOGGING)
 //
 // Log module for nsSecureBrowserUI logging...
 //
 // To enable logging (see prlog.h for full details):
 //
@@ -184,16 +186,27 @@ nsSecureBrowserUIImpl::Init(nsIDOMWindow
   if (pwin->IsInnerWindow()) {
     pwin = pwin->GetOuterWindow();
   }
 
   nsresult rv;
   mWindow = do_GetWeakReference(pwin, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
+  nsCOMPtr<nsIStringBundleService> service(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
+  if (NS_FAILED(rv)) return rv;
+  
+  // We do not need to test for mStringBundle here...
+  // Anywhere we use it, we will test before using.  Some
+  // embedded users of PSM may want to reuse our
+  // nsSecureBrowserUIImpl implementation without the
+  // bundle.
+  service->CreateBundle(SECURITY_STRING_BUNDLE_URL, getter_AddRefs(mStringBundle));
+  
+  
   // hook up to the form post notifications:
   nsCOMPtr<nsIObserverService> svc(do_GetService("@mozilla.org/observer-service;1", &rv));
   if (NS_SUCCEEDED(rv)) {
     rv = svc->AddObserver(this, NS_FORMSUBMIT_SUBJECT, true);
   }
   
   nsCOMPtr<nsPIDOMWindow> piwindow(do_QueryInterface(aWindow));
   if (!piwindow) return NS_ERROR_FAILURE;
@@ -320,16 +333,46 @@ NS_IMETHODIMP
 nsSecureBrowserUIImpl::SetDocShell(nsIDocShell *aDocShell)
 {
   nsresult rv;
   mDocShell = do_GetWeakReference(aDocShell, &rv);
   return rv;
 }
 
 NS_IMETHODIMP
+nsSecureBrowserUIImpl::GetTooltipText(nsAString& aText)
+{
+  lockIconState state;
+  nsXPIDLString tooltip;
+
+  {
+    ReentrantMonitorAutoEnter lock(mReentrantMonitor);
+    state = mNotifiedSecurityState;
+    tooltip = mInfoTooltip;
+  }
+
+  if (state == lis_mixed_security)
+  {
+    GetBundleString(NS_LITERAL_STRING("SecurityButtonMixedContentTooltipText").get(),
+                    aText);
+  }
+  else if (!tooltip.IsEmpty())
+  {
+    aText = tooltip;
+  }
+  else
+  {
+    GetBundleString(NS_LITERAL_STRING("SecurityButtonTooltipText").get(),
+                    aText);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
 nsSecureBrowserUIImpl::Observe(nsISupports*, const char*,
                                const PRUnichar*)
 {
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 
 static nsresult IsChildOfDomWindow(nsIDOMWindow *parent, nsIDOMWindow *child,
@@ -456,16 +499,17 @@ nsSecureBrowserUIImpl::OnProgressChange(
   NS_NOTREACHED("notification excluded in AddProgressListener(...)");
   return NS_OK;
 }
 
 void nsSecureBrowserUIImpl::ResetStateTracking()
 {
   ReentrantMonitorAutoEnter lock(mReentrantMonitor);
 
+  mInfoTooltip.Truncate();
   mDocumentRequestsInProgress = 0;
   if (mTransferringRequests.ops) {
     PL_DHashTableFinish(&mTransferringRequests);
     mTransferringRequests.ops = nullptr;
   }
   PL_DHashTableInit(&mTransferringRequests, &gMapOps, nullptr,
                     sizeof(RequestHashEntry), 16);
 }
@@ -479,16 +523,19 @@ nsSecureBrowserUIImpl::EvaluateAndUpdate
      member variables with the same suffix.*/
 
   uint32_t temp_NewToplevelSecurityState = nsIWebProgressListener::STATE_IS_INSECURE;
   bool temp_NewToplevelIsEV = false;
 
   bool updateStatus = false;
   nsCOMPtr<nsISSLStatus> temp_SSLStatus;
 
+  bool updateTooltip = false;
+  nsXPIDLString temp_InfoTooltip;
+
     temp_NewToplevelSecurityState = GetSecurityStateFromSecurityInfo(info);
 
     PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
            ("SecureUI:%p: OnStateChange: remember mNewToplevelSecurityState => %x\n", this,
             temp_NewToplevelSecurityState));
 
     nsCOMPtr<nsISSLStatusProvider> sp = do_QueryInterface(info);
     if (sp) {
@@ -498,44 +545,56 @@ nsSecureBrowserUIImpl::EvaluateAndUpdate
       if (temp_SSLStatus) {
         bool aTemp;
         if (NS_SUCCEEDED(temp_SSLStatus->GetIsExtendedValidation(&aTemp))) {
           temp_NewToplevelIsEV = aTemp;
         }
       }
     }
 
+    if (info) {
+      nsCOMPtr<nsITransportSecurityInfo> secInfo(do_QueryInterface(info));
+      if (secInfo) {
+        updateTooltip = true;
+        secInfo->GetShortSecurityDescription(getter_Copies(temp_InfoTooltip));
+      }
+    }
+
   // assume temp_NewToplevelSecurityState was set in this scope!
   // see code that is directly above
 
   {
     ReentrantMonitorAutoEnter lock(mReentrantMonitor);
     mNewToplevelSecurityStateKnown = true;
     mNewToplevelSecurityState = temp_NewToplevelSecurityState;
     mNewToplevelIsEV = temp_NewToplevelIsEV;
     if (updateStatus) {
       mSSLStatus = temp_SSLStatus;
     }
+    if (updateTooltip) {
+      mInfoTooltip = temp_InfoTooltip;
+    }
     PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
            ("SecureUI:%p: remember securityInfo %p\n", this,
             info));
     nsCOMPtr<nsIAssociatedContentSecurity> associatedContentSecurityFromRequest =
         do_QueryInterface(aRequest);
     if (associatedContentSecurityFromRequest)
         mCurrentToplevelSecurityInfo = aRequest;
     else
         mCurrentToplevelSecurityInfo = info;
 
     // The subrequest counters are now in sync with 
     // mCurrentToplevelSecurityInfo, don't restore after top level
     // document load finishes.
     mRestoreSubrequests = false;
   }
 
-  return UpdateSecurityState(aRequest, withNewLocation, updateStatus);
+  return UpdateSecurityState(aRequest, withNewLocation, 
+                             updateStatus, updateTooltip);
 }
 
 void
 nsSecureBrowserUIImpl::UpdateSubrequestMembers(nsISupports *securityInfo)
 {
   // For wyciwyg channels in subdocuments we only update our
   // subrequest state members.
   uint32_t reqState = GetSecurityStateFromSecurityInfo(securityInfo);
@@ -1247,17 +1306,17 @@ nsSecureBrowserUIImpl::OnStateChange(nsI
 
       bool temp_NewToplevelSecurityStateKnown;
       {
         ReentrantMonitorAutoEnter lock(mReentrantMonitor);
         temp_NewToplevelSecurityStateKnown = mNewToplevelSecurityStateKnown;
       }
 
       if (temp_NewToplevelSecurityStateKnown)
-        return UpdateSecurityState(aRequest, false, false);
+        return UpdateSecurityState(aRequest, false, false, false);
     }
 
     return NS_OK;
   }
 
   return NS_OK;
 }
 
@@ -1267,25 +1326,26 @@ void nsSecureBrowserUIImpl::ObtainEventS
                                             nsCOMPtr<nsISecurityEventSink> &sink)
 {
   if (!sink)
     NS_QueryNotificationCallbacks(channel, sink);
 }
 
 nsresult nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest, 
                                                     bool withNewLocation, 
-                                                    bool withUpdateStatus)
+                                                    bool withUpdateStatus, 
+                                                    bool withUpdateTooltip)
 {
   lockIconState warnSecurityState = lis_no_security;
   nsresult rv = NS_OK;
 
   // both parameters are both input and outout
   bool flagsChanged = UpdateMyFlags(warnSecurityState);
 
-  if (flagsChanged || withNewLocation || withUpdateStatus)
+  if (flagsChanged || withNewLocation || withUpdateStatus || withUpdateTooltip)
     rv = TellTheWorld(warnSecurityState, aRequest);
 
   return rv;
 }
 
 // must not fail, by definition, only trivial assignments
 // or string operations are allowed
 // returns true if our overall state has changed and we must send out notifications
@@ -1342,16 +1402,17 @@ bool nsSecureBrowserUIImpl::UpdateMyFlag
       high        high
     */
 
     mNotifiedSecurityState = newSecurityState;
 
     if (lis_no_security == newSecurityState)
     {
       mSSLStatus = nullptr;
+      mInfoTooltip.Truncate();
     }
   }
 
   if (mNotifiedToplevelIsEV != mNewToplevelIsEV) {
     mustTellTheWorld = true;
     mNotifiedToplevelIsEV = mNewToplevelIsEV;
   }
 
@@ -1481,17 +1542,17 @@ nsSecureBrowserUIImpl::OnLocationChange(
 
   bool temp_NewToplevelSecurityStateKnown;
   {
     ReentrantMonitorAutoEnter lock(mReentrantMonitor);
     temp_NewToplevelSecurityStateKnown = mNewToplevelSecurityStateKnown;
   }
 
   if (temp_NewToplevelSecurityStateKnown)
-    return UpdateSecurityState(aRequest, true, false);
+    return UpdateSecurityState(aRequest, true, false, false);
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsSecureBrowserUIImpl::OnStatusChange(nsIWebProgress* aWebProgress,
                                       nsIRequest* aRequest,
                                       nsresult aStatus,
@@ -1571,16 +1632,42 @@ nsSecureBrowserUIImpl::IsURLJavaScript(n
   *value = false;
 
   if (!aURL)
     return NS_OK;
 
   return aURL->SchemeIs("javascript", value);
 }
 
+void
+nsSecureBrowserUIImpl::GetBundleString(const PRUnichar* name,
+                                       nsAString &outString)
+{
+  nsCOMPtr<nsIStringBundle> temp_StringBundle;
+
+  {
+    ReentrantMonitorAutoEnter lock(mReentrantMonitor);
+    temp_StringBundle = mStringBundle;
+  }
+
+  if (temp_StringBundle && name) {
+    PRUnichar *ptrv = nullptr;
+    if (NS_SUCCEEDED(temp_StringBundle->GetStringFromName(name,
+                                                          &ptrv)))
+      outString = ptrv;
+    else
+      outString.SetLength(0);
+
+    nsMemory::Free(ptrv);
+
+  } else {
+    outString.SetLength(0);
+  }
+}
+
 nsresult
 nsSecureBrowserUIImpl::CheckPost(nsIURI *formURL, nsIURI *actionURL, bool *okayToPost)
 {
   bool formSecure, actionSecure, actionJavaScript;
   *okayToPost = true;
 
   nsresult rv = IsURLHTTPS(formURL, &formSecure);
   if (NS_FAILED(rv))
--- a/security/manager/boot/src/nsSecureBrowserUIImpl.h
+++ b/security/manager/boot/src/nsSecureBrowserUIImpl.h
@@ -3,21 +3,23 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef nsSecureBrowserUIImpl_h_
 #define nsSecureBrowserUIImpl_h_
 
 #include "mozilla/ReentrantMonitor.h"
 #include "nsCOMPtr.h"
+#include "nsXPIDLString.h"
 #include "nsString.h"
 #include "nsIObserver.h"
 #include "nsIDOMElement.h"
 #include "nsIDOMWindow.h"
 #include "nsIDOMHTMLFormElement.h"
+#include "nsIStringBundle.h"
 #include "nsISecureBrowserUI.h"
 #include "nsIDocShell.h"
 #include "nsIDocShellTreeItem.h"
 #include "nsIWebProgressListener.h"
 #include "nsIFormSubmitObserver.h"
 #include "nsIURI.h"
 #include "nsISecurityEventSink.h"
 #include "nsWeakReference.h"
@@ -62,16 +64,17 @@ public:
                                  nsIArray* invalidElements) { return NS_OK; }
   
 protected:
   mozilla::ReentrantMonitor mReentrantMonitor;
   
   nsWeakPtr mWindow;
   nsWeakPtr mDocShell;
   nsCOMPtr<nsINetUtil> mIOService;
+  nsCOMPtr<nsIStringBundle> mStringBundle;
   nsCOMPtr<nsIURI> mCurrentURI;
   nsCOMPtr<nsISecurityEventSink> mToplevelEventSink;
   
   enum lockIconState {
     lis_no_security,
     lis_broken_security,
     lis_mixed_security,
     lis_high_security
@@ -81,44 +84,47 @@ protected:
   bool mNotifiedToplevelIsEV;
 
   void ResetStateTracking();
   uint32_t mNewToplevelSecurityState;
   bool mNewToplevelIsEV;
   bool mNewToplevelSecurityStateKnown;
   bool mIsViewSource;
 
+  nsXPIDLString mInfoTooltip;
   int32_t mDocumentRequestsInProgress;
   int32_t mSubRequestsBrokenSecurity;
   int32_t mSubRequestsNoSecurity;
   bool mRestoreSubrequests;
   bool mOnLocationChangeSeen;
 #ifdef DEBUG
   /* related to mReentrantMonitor */
   int32_t mOnStateLocationChangeReentranceDetection;
 #endif
 
   static already_AddRefed<nsISupports> ExtractSecurityInfo(nsIRequest* aRequest);
   nsresult MapInternalToExternalState(uint32_t* aState, lockIconState lock, bool ev);
   nsresult UpdateSecurityState(nsIRequest* aRequest, bool withNewLocation,
-                               bool withUpdateStatus);
+                               bool withUpdateStatus, bool withUpdateTooltip);
   bool UpdateMyFlags(lockIconState &warnSecurityState);
   nsresult TellTheWorld(lockIconState warnSecurityState, 
                         nsIRequest* aRequest);
 
   nsresult EvaluateAndUpdateSecurityState(nsIRequest* aRequest, nsISupports *info,
                                           bool withNewLocation);
   void UpdateSubrequestMembers(nsISupports *securityInfo);
 
   void ObtainEventSink(nsIChannel *channel, 
                        nsCOMPtr<nsISecurityEventSink> &sink);
 
   nsCOMPtr<nsISSLStatus> mSSLStatus;
   nsCOMPtr<nsISupports> mCurrentToplevelSecurityInfo;
 
+  void GetBundleString(const PRUnichar* name, nsAString &outString);
+  
   nsresult CheckPost(nsIURI *formURI, nsIURI *actionURL, bool *okayToPost);
   nsresult IsURLHTTPS(nsIURI* aURL, bool *value);
   nsresult IsURLJavaScript(nsIURI* aURL, bool *value);
 
   bool ConfirmEnteringSecure();
   bool ConfirmEnteringWeak();
   bool ConfirmLeavingSecure();
   bool ConfirmMixedMode();
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -1,13 +1,14 @@
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+SignedBy=Authenticated by %S
 CertPassPrompt=Please enter the master password for the %S.
 # the following strings have special requirements:
 # they must fit in a 32 or 64 byte buffer after being translated
 # to UTF8.  Note to translator. It's not easy for you to figure
 # whether the escaped unicode string you produce will fit in 
 # the space allocated.
 #
 # 64 bytes long after conversion to UTF8
--- a/security/manager/locales/en-US/chrome/pipnss/security.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/security.properties
@@ -1,7 +1,10 @@
+#
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Title=Security Warning
 PostToInsecureFromSecureMessage=Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.##Are you sure you want to continue sending this information?##
+SecurityButtonTooltipText=Displays security information about the current page
+SecurityButtonMixedContentTooltipText=Warning: Contains unauthenticated content
 Continue=Continue
--- a/security/manager/locales/en-US/chrome/pippki/pippki.properties
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.properties
@@ -1,13 +1,14 @@
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+SignedBy=Authenticated by %S
 CertPassPrompt=Please enter the Personal Security Password for the PSM Private Keys security device.
 
 #These are for dialogs
 #Download Cert dialog
 newCAMessage1=Do you want to trust "%S" for the following purposes?
 unnamedCA=Certificate Authority (unnamed)
 
 #For editing cert trust
--- a/security/manager/ssl/src/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/src/TransportSecurityInfo.cpp
@@ -171,16 +171,35 @@ TransportSecurityInfo::SetCountSubReques
 
 NS_IMETHODIMP
 TransportSecurityInfo::Flush()
 {
   return NS_OK;
 }
 
 NS_IMETHODIMP
+TransportSecurityInfo::GetShortSecurityDescription(PRUnichar** aText)
+{
+  if (mShortDesc.IsEmpty())
+    *aText = nullptr;
+  else {
+    *aText = ToNewUnicode(mShortDesc);
+    NS_ENSURE_TRUE(*aText, NS_ERROR_OUT_OF_MEMORY);
+  }
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetShortSecurityDescription(const PRUnichar* aText)
+{
+  mShortDesc.Assign(aText);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
 TransportSecurityInfo::GetErrorMessage(PRUnichar** aText)
 {
   NS_ENSURE_ARG_POINTER(aText);
   *aText = nullptr;
 
   if (!NS_IsMainThread()) {
     NS_ERROR("nsNSSSocketInfo::GetErrorMessage called off the main thread");
     return NS_ERROR_NOT_SAME_THREAD;
@@ -334,17 +353,17 @@ TransportSecurityInfo::Write(nsIObjectOu
   // The 0xFFFF0000 mask is included to the version number
   // to distinguish version number from mSecurityState
   // field stored in times before versioning has been introduced.
   // This mask value has been chosen as mSecurityState could
   // never be assigned such value.
   uint32_t version = 3;
   stream->Write32(version | 0xFFFF0000);
   stream->Write32(mSecurityState);
-  stream->WriteWStringZ(NS_LL("")); 
+  stream->WriteWStringZ(mShortDesc.get());
 
   // XXX: uses nsNSSComponent string bundles off the main thread
   nsresult rv = formatErrorMessage(lock, 
                                    mErrorCode, mErrorMessageType,
                                    true, true, mErrorMessageCached);
   NS_ENSURE_SUCCESS(rv, rv);
   stream->WriteWStringZ(mErrorMessageCached.get());
 
@@ -435,18 +454,17 @@ TransportSecurityInfo::Read(nsIObjectInp
   if ((version & 0xFFFF0000) == 0xFFFF0000) {
     version &= ~0xFFFF0000;
     stream->Read32(&mSecurityState);
   }
   else {
     mSecurityState = version;
     version = 1;
   }
-  nsAutoString dummyShortDesc;
-  stream->ReadString(dummyShortDesc);
+  stream->ReadString(mShortDesc);
   stream->ReadString(mErrorMessageCached);
   mErrorCode = 0;
 
   nsCOMPtr<nsISupports> obj;
   stream->ReadObject(true, getter_AddRefs(obj));
   
   mSSLStatus = reinterpret_cast<nsSSLStatus*>(obj.get());
 
--- a/security/manager/ssl/src/TransportSecurityInfo.h
+++ b/security/manager/ssl/src/TransportSecurityInfo.h
@@ -85,16 +85,17 @@ private:
 
 protected:
   nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
 
 private:
   uint32_t mSecurityState;
   int32_t mSubRequestsBrokenSecurity;
   int32_t mSubRequestsNoSecurity;
+  nsString mShortDesc;
 
   PRErrorCode mErrorCode;
   ::mozilla::psm::SSLErrorMessageType mErrorMessageType;
   nsString mErrorMessageCached;
   nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock, 
                               PRErrorCode errorCode,
                               ::mozilla::psm::SSLErrorMessageType errorMessageType,
                               bool wantsHtml, bool suppressPort443, 
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -821,16 +821,17 @@ PK11PasswordPrompt(PK11SlotInfo* slot, P
                                    static_cast<nsIInterfaceRequestor*>(arg)));
   runnable->DispatchToMainThreadAndWait();
   return runnable->mResult;
 }
 
 void HandshakeCallback(PRFileDesc* fd, void* client_data) {
   nsNSSShutDownPreventionLock locker;
   int32_t sslStatus;
+  char* signer = nullptr;
   char* cipherName = nullptr;
   int32_t keyLength;
   nsresult rv;
   int32_t encryptBits;
 
   nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
 
   // certificate validation sets FirstServerHelloReceived, so if that flag
@@ -841,17 +842,17 @@ void HandshakeCallback(PRFileDesc* fd, v
   infoObject->SetFirstServerHelloReceived();
 
   // If the handshake completed, then we know the site is TLS tolerant (if this
   // was a TLS connection).
   nsSSLIOLayerHelpers& ioLayerHelpers = infoObject->SharedState().IOLayerHelpers();
   ioLayerHelpers.rememberTolerantSite(infoObject);
 
   if (SECSuccess != SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength,
-                                       &encryptBits, nullptr, nullptr)) {
+                                       &encryptBits, &signer, nullptr)) {
     return;
   }
 
   int32_t secStatus;
   if (sslStatus == SSL_SECURITY_STATUS_OFF)
     secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
   else
     secStatus = nsIWebProgressListener::STATE_IS_SECURE
@@ -877,98 +878,126 @@ void HandshakeCallback(PRFileDesc* fd, v
         console->LogStringMessage(msg.get());
       }
     }
     if (ioLayerHelpers.treatUnsafeNegotiationAsBroken()) {
       secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
     }
   }
 
+
   ScopedCERTCertificate serverCert(SSL_PeerCertificate(fd));
-
-  infoObject->SetSecurityState(secStatus);
-
-  /* Set the SSL Status information */
-  RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
-  if (!status) {
-    status = new nsSSLStatus();
-    infoObject->SetSSLStatus(status);
-  }
+  const char* caName = nullptr; // caName is a pointer only, no ownership
+  char* certOrgName = CERT_GetOrgName(&serverCert->issuer);
+  caName = certOrgName ? certOrgName : signer;
 
-  RememberCertErrorsTable::GetInstance().LookupCertErrorBits(infoObject,
-                                                             status);
-
-  RefPtr<nsNSSCertificate> nssc(nsNSSCertificate::Create(serverCert));
-  nsCOMPtr<nsIX509Cert> prevcert;
-  infoObject->GetPreviousCert(getter_AddRefs(prevcert));
-
-  bool equals_previous = false;
-  if (prevcert && nssc) {
-    nsresult rv = nssc->Equals(prevcert, &equals_previous);
-    if (NS_FAILED(rv)) {
-      equals_previous = false;
-    }
+  const char* verisignName = "Verisign, Inc.";
+  // If the CA name is RSA Data Security, then change the name to the real
+  // name of the company i.e. VeriSign, Inc.
+  if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
+    caName = verisignName;
   }
 
-  if (equals_previous) {
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-            ("HandshakeCallback using PREV cert %p\n", prevcert.get()));
-    status->mServerCert = prevcert;
-  }
-  else {
-    if (status->mServerCert) {
-      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-              ("HandshakeCallback KEEPING cert %p\n", status->mServerCert.get()));
+  nsAutoString shortDesc;
+  const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUTF16(caName)) };
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_SUCCEEDED(rv)) {
+    rv = nssComponent->PIPBundleFormatStringFromName("SignedBy",
+                                                   formatStrings, 1,
+                                                   shortDesc);
+
+    nsMemory::Free(const_cast<PRUnichar*>(formatStrings[0]));
+
+    nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+    infoObject->SetSecurityState(secStatus);
+    infoObject->SetShortSecurityDescription(shortDesc.get());
+
+    /* Set the SSL Status information */
+    RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+    if (!status) {
+      status = new nsSSLStatus();
+      infoObject->SetSSLStatus(status);
     }
-    else {
-      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
-              ("HandshakeCallback using NEW cert %p\n", nssc.get()));
-      status->mServerCert = nssc;
+
+    RememberCertErrorsTable::GetInstance().LookupCertErrorBits(infoObject,
+                                                               status);
+
+    if (serverCert) {
+      RefPtr<nsNSSCertificate> nssc(nsNSSCertificate::Create(serverCert));
+      nsCOMPtr<nsIX509Cert> prevcert;
+      infoObject->GetPreviousCert(getter_AddRefs(prevcert));
+
+      bool equals_previous = false;
+      if (prevcert && nssc) {
+        nsresult rv = nssc->Equals(prevcert, &equals_previous);
+        if (NS_FAILED(rv)) {
+          equals_previous = false;
+        }
+      }
+
+      if (equals_previous) {
+        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
+               ("HandshakeCallback using PREV cert %p\n", prevcert.get()));
+        status->mServerCert = prevcert;
+      }
+      else {
+        if (status->mServerCert) {
+          PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
+                 ("HandshakeCallback KEEPING cert %p\n", status->mServerCert.get()));
+        }
+        else {
+          PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
+                 ("HandshakeCallback using NEW cert %p\n", nssc.get()));
+          status->mServerCert = nssc;
+        }
+      }
     }
+
+    status->mHaveKeyLengthAndCipher = true;
+    status->mKeyLength = keyLength;
+    status->mSecretKeyLength = encryptBits;
+    status->mCipherName.Assign(cipherName);
+
+    // Get the NPN value.
+    SSLNextProtoState state;
+    unsigned char npnbuf[256];
+    unsigned int npnlen;
+    
+    if (SSL_GetNextProto(fd, &state, npnbuf, &npnlen, 256) == SECSuccess) {
+      if (state == SSL_NEXT_PROTO_NEGOTIATED)
+        infoObject->SetNegotiatedNPN(reinterpret_cast<char *>(npnbuf), npnlen);
+      else
+        infoObject->SetNegotiatedNPN(nullptr, 0);
+      mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state);
+    }
+    else
+      infoObject->SetNegotiatedNPN(nullptr, 0);
+
+    SSLChannelInfo channelInfo;
+    if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) {
+      // Get the protocol version for telemetry
+      // 0=ssl3, 1=tls1, 2=tls1.1, 3=tls1.2
+      unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
+      Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum);
+
+      SSLCipherSuiteInfo cipherInfo;
+      if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                                 sizeof (cipherInfo)) == SECSuccess) {
+        // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
+        Telemetry::Accumulate(Telemetry::SSL_KEY_EXCHANGE_ALGORITHM,
+                              cipherInfo.keaType);
+      }
+      
+    }
+    infoObject->SetHandshakeCompleted(isResumedSession);
   }
 
-  status->mHaveKeyLengthAndCipher = true;
-  status->mKeyLength = keyLength;
-  status->mSecretKeyLength = encryptBits;
-  status->mCipherName.Assign(cipherName);
-
-  // Get the NPN value.
-  SSLNextProtoState state;
-  unsigned char npnbuf[256];
-  unsigned int npnlen;
-    
-  if (SSL_GetNextProto(fd, &state, npnbuf, &npnlen, 256) == SECSuccess) {
-    if (state == SSL_NEXT_PROTO_NEGOTIATED)
-      infoObject->SetNegotiatedNPN(reinterpret_cast<char *>(npnbuf), npnlen);
-    else
-      infoObject->SetNegotiatedNPN(nullptr, 0);
-    mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state);
-  }
-  else
-    infoObject->SetNegotiatedNPN(nullptr, 0);
-
-  SSLChannelInfo channelInfo;
-  if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) {
-    // Get the protocol version for telemetry
-    // 0=ssl3, 1=tls1, 2=tls1.1, 3=tls1.2
-    unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
-    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum);
-
-    SSLCipherSuiteInfo cipherInfo;
-    if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
-                                sizeof (cipherInfo)) == SECSuccess) {
-      // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
-      Telemetry::Accumulate(Telemetry::SSL_KEY_EXCHANGE_ALGORITHM,
-                            cipherInfo.keaType);
-    }
-      
-  }
-  infoObject->SetHandshakeCompleted(isResumedSession);
-
   PORT_Free(cipherName);
+  PR_FREEIF(certOrgName);
+  PR_Free(signer);
 }
 
 struct OCSPDefaultResponders {
     const char *issuerName_string;
     CERTName *issuerName;
     const char *issuerKeyID_base64;
     SECItem *issuerKeyID;
     const char *ocspUrl;