Backed out changeset 348e15018884 (bug 1530335) for turning bug 1540336 into permafail.
authorCosmin Sabou <csabou@mozilla.com>
Fri, 26 Apr 2019 21:20:55 +0300
changeset 530381 db876eab4bf0644ebdc5cae9bf726a6695cdeea0
parent 530380 d6f935d90da47f542743715481bdec6679b64f94
child 530382 c74119d8621b12139fa867595600e0c6e9d6af0c
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1530335, 1540336
milestone68.0a1
backs out348e150188840f913d58a89d2d591ab9ef572dd8
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 348e15018884 (bug 1530335) for turning bug 1540336 into permafail.
browser/actors/NetErrorChild.jsm
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
--- a/browser/actors/NetErrorChild.jsm
+++ b/browser/actors/NetErrorChild.jsm
@@ -54,20 +54,16 @@ const SSL_ERROR_BAD_CERT_DOMAIN = SSL_ER
 const SSL_ERROR_SSL_DISABLED  = SSL_ERROR_BASE + 20;
 const SSL_ERROR_SSL2_DISABLED  = SSL_ERROR_BASE + 14;
 
 const PREF_SERVICES_SETTINGS_CLOCK_SKEW_SECONDS = "services.settings.clock_skew_seconds";
 const PREF_SERVICES_SETTINGS_LAST_FETCHED       = "services.settings.last_update_seconds";
 
 const PREF_SSL_IMPACT_ROOTS = ["security.tls.version.", "security.ssl3."];
 
-let formatter = new Services.intl.DateTimeFormat(undefined, {
-  dateStyle: "long",
-});
-
 function getSerializedSecurityInfo(docShell) {
   let serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
                     .getService(Ci.nsISerializationHelper);
 
   let securityInfo = docShell.failedChannel && docShell.failedChannel.securityInfo;
   if (!securityInfo) {
     return "";
   }
@@ -272,35 +268,33 @@ class NetErrorChild extends ActorChild {
         msg = gPipNSSBundle.formatStringFromName("certErrorMismatch3", [brandName, hostString], 2) + " ";
         technicalInfo.append(msg + "\n");
       }
     }
 
     if (input.data.isNotValidAtThisTime) {
       let nowTime = new Date().getTime() * 1000;
       let msg = "";
-      let notAfterLocalTime = formatter.format(new Date(input.data.validity.notAfterLocalTime));
       if (input.data.validity.notBefore) {
-        let notBeforeLocalTime = formatter.format(new Date(input.data.validity.notBeforeLocalTime));
         if (nowTime > input.data.validity.notAfter) {
           technicalInfo.textContent = "";
-          msg += gPipNSSBundle.formatStringFromName("certErrorExpiredNow3",
-                                                  [hostString, notAfterLocalTime], 2);
+          msg += gPipNSSBundle.formatStringFromName("certErrorExpiredNow2",
+                                                  [hostString], 1);
           msg += "\n";
         } else {
           technicalInfo.textContent = "";
-          msg += gPipNSSBundle.formatStringFromName("certErrorNotYetValidNow3",
-                                                    [hostString, notBeforeLocalTime], 2);
+          msg += gPipNSSBundle.formatStringFromName("certErrorNotYetValidNow2",
+                                                    [hostString], 1);
           msg += "\n";
          }
         } else {
           // If something goes wrong, we assume the cert expired.
           technicalInfo.textContent = "";
-          msg += gPipNSSBundle.formatStringFromName("certErrorExpiredNow3",
-                                                    [hostString, notAfterLocalTime], 2);
+          msg += gPipNSSBundle.formatStringFromName("certErrorExpiredNow2",
+                                                    [hostString], 1);
           msg += "\n";
       }
       technicalInfo.append(msg);
     }
     technicalInfo.append("\n");
 
     // Add link to certificate and error message.
     let linkPrefix = gPipNSSBundle.GetStringFromName("certErrorCodePrefix3");
@@ -481,16 +475,19 @@ class NetErrorChild extends ActorChild {
         learnMoreLink.href = baseURL + "time-errors";
         // We check against the remote-settings server time first if available, because that allows us
         // to give the user an approximation of what the correct time is.
         let difference = Services.prefs.getIntPref(PREF_SERVICES_SETTINGS_CLOCK_SKEW_SECONDS, 0);
         let lastFetched = Services.prefs.getIntPref(PREF_SERVICES_SETTINGS_LAST_FETCHED, 0) * 1000;
 
         let now = Date.now();
         let certRange = this._getCertValidityRange(docShell);
+        let formatter = new Services.intl.DateTimeFormat(undefined, {
+          dateStyle: "short",
+        });
 
         let approximateDate = now - difference * 1000;
         // If the difference is more than a day, we last fetched the date in the last 5 days,
         // and adjusting the date per the interval would make the cert valid, warn the user:
         if (Math.abs(difference) > 60 * 60 * 24 && (now - lastFetched) <= 60 * 60 * 24 * 5 &&
             certRange.notBefore < approximateDate && certRange.notAfter > approximateDate) {
           clockSkew = true;
           let systemDate = formatter.format(new Date());
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -280,21 +280,21 @@ certErrorMismatch3=Websites prove their 
 # LOCALIZATION NOTE (certErrorMismatchSinglePrefix): %S is replaced by the domain for which the certificate is valid
 certErrorMismatchSinglePrefix=The certificate is only valid for %S.
 certErrorMismatchSinglePrefix3=Websites prove their identity via certificates. %1$S does not trust this site because it uses a certificate that is not valid for %2$S.
 certErrorMismatchMultiple=The certificate is only valid for the following names:
 certErrorMismatchMultiple3=Websites prove their identity via certificates. %1$S does not trust this site because it uses a certificate that is not valid for %2$S. The certificate is only valid for the following names:
 
 # LOCALIZATION NOTE (certErrorExpiredNow): Do not translate %1$S (date+time of expired certificate) or %2$S (current date+time)
 certErrorExpiredNow=The certificate expired on %1$S. The current time is %2$S.
-certErrorExpiredNow3=Websites prove their identity via certificates, which are valid for a set time period. The certificate for %1$S expired on %2$S.
+certErrorExpiredNow2=Websites prove their identity via certificates, which are valid for a set time period. The certificate for %S appears to be expired.
 
 # LOCALIZATION NOTE (certErrorNotYetValidNow): Do not translate %1$S (date+time certificate will become valid) or %2$S (current date+time)
 certErrorNotYetValidNow=The certificate will not be valid until %1$S. The current time is %2$S.
-certErrorNotYetValidNow3=Websites prove their identity via certificates, which are valid for a set time period. The certificate for %1$S will not be valid until %2$S.
+certErrorNotYetValidNow2=Websites prove their identity via certificates, which are valid for a set time period. The certificate for %S appears to be not yet valid.
 
 certErrorMitM=Websites prove their identity via certificates, which are issued by certificate authorities.
 # LOCALIZATION NOTE (certErrorMitM2): %S is brandShortName
 certErrorMitM2=%S is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.
 # LOCALIZATION NOTE (certErrorMitM3): %S is brandShortName
 certErrorMitM3=%S uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
 
 # LOCALIZATION NOTE (certErrorSymantecDistrustDescription1): %S will be replaced by the domain for which the certificate is valid.