bug 466011 - clarify comments in cert override service IDL r=kaie DONTBUILD NPOTB
authorJohnathan Nightingale <johnath@mozilla.com>
Fri, 27 May 2016 13:11:32 -0700
changeset 340561 ea1a774d53d5f3b82179b97788c244d607cc026f
parent 340560 5ffffa9906f34339a4ac4f6bdb895af83f31ff79
child 340562 26d53d0eaf6656457d75ad7a0c7a93b8bf8719c0
push id1183
push userraliiev@mozilla.com
push dateMon, 05 Sep 2016 20:01:49 +0000
treeherdermozilla-release@3148731bed45 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskaie
bugs466011
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 466011 - clarify comments in cert override service IDL r=kaie DONTBUILD NPOTB
security/manager/ssl/nsICertOverrideService.idl
--- a/security/manager/ssl/nsICertOverrideService.idl
+++ b/security/manager/ssl/nsICertOverrideService.idl
@@ -38,21 +38,25 @@ interface nsICertOverrideService : nsISu
 
   /**
    *  The given cert should always be accepted for the given hostname:port,
    *  regardless of errors verifying the cert.
    *  Host:Port is a primary key, only one entry per host:port can exist.
    *  The implementation will store a fingerprint of the cert.
    *  The implementation will decide which fingerprint alg is used.
    *
+   *  Each override is specific to exactly the errors overridden, so
+   *  overriding everything won't match certs at the given host:port
+   *  which only exhibit some subset of errors.
+   *
    *  @param aHostName The host (punycode) this mapping belongs to
    *  @param aPort The port this mapping belongs to, if it is -1 then it 
    *          is internaly treated as 443
    *  @param aCert The cert that should always be accepted
-   *  @param aOverrideBits The errors we want to be overriden
+   *  @param aOverrideBits The precise set of errors we want to be overriden
    */
   void rememberValidityOverride(in ACString aHostName,
                                 in int32_t aPort,
                                 in nsIX509Cert aCert,
                                 in uint32_t aOverrideBits,
                                 in boolean aTemporary);
 
   /**