Bug 1095602 - Remove STATE_SECURE flags from nsIWebProgressListener; r=Ehsan
authorKyle Machulis <kyle@nonpolynomial.com>
Thu, 03 Jan 2019 17:35:48 +0000
changeset 509531 b83cac4f938ac130e9d8dbd9887f7051d1ddcb63
parent 509530 db9b64fdb7d1dc9263fae2b675da2a31ccd359a5
child 509562 b762378e8c7e1127f555f54d2ab770a5a4c9e430
child 509563 0bc66b0eebc9783a1ea06399a3679f98d12f4298
push id10547
push userffxbld-merge
push dateMon, 21 Jan 2019 13:03:58 +0000
treeherdermozilla-beta@24ec1916bffe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersEhsan
bugs1095602
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1095602 - Remove STATE_SECURE flags from nsIWebProgressListener; r=Ehsan Only STATE_SECURE_HIGH is used, and that's only in instances where STATE_IS_SECURE is also used, so we can remove the security level flags and just assume STATE_IS_SECURE is also STATE_SECURE_HIGH. Differential Revision: https://phabricator.services.mozilla.com/D15600
security/manager/ssl/nsNSSCallbacks.cpp
security/manager/ssl/nsSecureBrowserUIImpl.cpp
uriloader/base/nsIWebProgressListener.idl
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -1266,18 +1266,17 @@ void HandshakeCallback(PRFileDesc* fd, v
                              ioLayerHelpers.treatUnsafeNegotiationAsBroken();
 
   RememberCertErrorsTable::GetInstance().LookupCertErrorBits(infoObject);
 
   uint32_t state;
   if (renegotiationUnsafe) {
     state = nsIWebProgressListener::STATE_IS_BROKEN;
   } else {
-    state = nsIWebProgressListener::STATE_IS_SECURE |
-            nsIWebProgressListener::STATE_SECURE_HIGH;
+    state = nsIWebProgressListener::STATE_IS_SECURE;
     SSLVersionRange defVersion;
     rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
     if (rv == SECSuccess && versions.max >= defVersion.max) {
       // we know this site no longer requires a version fallback
       ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
                                                 infoObject->GetPort());
     }
   }
--- a/security/manager/ssl/nsSecureBrowserUIImpl.cpp
+++ b/security/manager/ssl/nsSecureBrowserUIImpl.cpp
@@ -110,23 +110,21 @@ void nsSecureBrowserUIImpl::CheckForBloc
   // Has mixed content been loaded or blocked in nsMixedContentBlocker?
   // This only applies to secure documents even if they're affected by mixed
   // content blocking in which case the STATE_IS_BROKEN bit would be set rather
   // than STATE_IS_SECURE.
   if (((mState & STATE_IS_SECURE) != 0) || ((mState & STATE_IS_BROKEN) != 0)) {
     if (docShell->GetHasMixedActiveContentLoaded()) {
       mState |= STATE_IS_BROKEN | STATE_LOADED_MIXED_ACTIVE_CONTENT;
       mState &= ~STATE_IS_SECURE;
-      mState &= ~STATE_SECURE_HIGH;
     }
 
     if (docShell->GetHasMixedDisplayContentLoaded()) {
       mState |= STATE_IS_BROKEN | STATE_LOADED_MIXED_DISPLAY_CONTENT;
       mState &= ~STATE_IS_SECURE;
-      mState &= ~STATE_SECURE_HIGH;
     }
 
     if (docShell->GetHasMixedActiveContentBlocked()) {
       mState |= STATE_BLOCKED_MIXED_ACTIVE_CONTENT;
     }
 
     if (docShell->GetHasMixedDisplayContentBlocked()) {
       mState |= STATE_BLOCKED_MIXED_DISPLAY_CONTENT;
--- a/uriloader/base/nsIWebProgressListener.idl
+++ b/uriloader/base/nsIWebProgressListener.idl
@@ -243,41 +243,16 @@ interface nsIWebProgressListener : nsISu
    * change the top level security state of the connection.
    *
    * STATE_CERT_DISTRUST_IMMINENT
    *   The certificate in use will be distrusted in the near future.
    */
   const unsigned long STATE_CERT_DISTRUST_IMMINENT    = 0x00010000;
 
   /**
-   * Security Strength Flags
-   *
-   * These flags describe the security strength and accompany STATE_IS_SECURE
-   * in a call to the onSecurityChange method.  These flags are mutually
-   * exclusive.
-   *
-   * These flags are not meant to provide a precise description of data
-   * transfer security.  These are instead intended as a rough indicator that
-   * may be used to, for example, color code a security indicator or otherwise
-   * provide basic data transfer security feedback to the user.
-   *
-   * STATE_SECURE_HIGH
-   *   This flag indicates a high degree of security.
-   *
-   * STATE_SECURE_MED
-   *   This flag indicates a medium degree of security.
-   *
-   * STATE_SECURE_LOW
-   *   This flag indicates a low degree of security.
-   */
-  const unsigned long STATE_SECURE_HIGH     = 0x00080000;
-  const unsigned long STATE_SECURE_MED      = 0x00020000;
-  const unsigned long STATE_SECURE_LOW      = 0x00040000;
-
-  /**
     * State bits for EV == Extended Validation == High Assurance
     *
     * These flags describe the level of identity verification
     * in a call to the onSecurityChange method. 
     *
     * STATE_IDENTITY_EV_TOPLEVEL
     *   The topmost document uses an EV cert.
     *   NOTE: Available since Gecko 1.9