зеркало из https://github.com/mozilla/gecko-dev.git
Bug 412455, Regression, EV UI no longer shows up r=rrelyea, a1.9=mtschrep
This commit is contained in:
Родитель
aaac9bf4aa
Коммит
0810da1295
|
@ -505,14 +505,12 @@ static SECStatus getFirstEVPolicy(CERTCertificate *cert, SECOidTag &outOidTag)
|
|||
PRBool
|
||||
nsNSSSocketInfo::hasCertErrors()
|
||||
{
|
||||
if (!mSSLStatus || !mSSLStatus->mHaveCertStatus) {
|
||||
// if the status is unknown, assume the cert is bad :-)
|
||||
if (!mSSLStatus) {
|
||||
// if the status is unknown, assume the cert is bad, better safe than sorry
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
return mSSLStatus->mIsDomainMismatch ||
|
||||
mSSLStatus->mIsNotValidAtThisTime ||
|
||||
mSSLStatus->mIsUntrusted;
|
||||
return mSSLStatus->mHaveCertErrorBits;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
|
@ -524,6 +522,7 @@ nsNSSSocketInfo::GetIsExtendedValidation(PRBool* aIsEV)
|
|||
if (!mCert)
|
||||
return NS_OK;
|
||||
|
||||
// Never allow bad certs for EV, regardless of overrides.
|
||||
if (hasCertErrors())
|
||||
return NS_OK;
|
||||
|
||||
|
|
|
@ -2827,7 +2827,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
|
|||
status->mServerCert = nssCert;
|
||||
}
|
||||
|
||||
status->mHaveCertStatus = PR_TRUE;
|
||||
status->mHaveCertErrorBits = PR_TRUE;
|
||||
status->mIsDomainMismatch = collected_errors & nsICertOverrideService::ERROR_MISMATCH;
|
||||
status->mIsNotValidAtThisTime = collected_errors & nsICertOverrideService::ERROR_TIME;
|
||||
status->mIsUntrusted = collected_errors & nsICertOverrideService::ERROR_UNTRUSTED;
|
||||
|
|
|
@ -131,7 +131,7 @@ nsRecentBadCertsService::GetRecentBadCert(const nsAString & aHostNameWithPort,
|
|||
status->mServerCert = new nsNSSCertificate(nssCert);
|
||||
CERT_DestroyCertificate(nssCert);
|
||||
|
||||
status->mHaveCertStatus = PR_TRUE;
|
||||
status->mHaveCertErrorBits = PR_TRUE;
|
||||
status->mIsDomainMismatch = isDomainMismatch;
|
||||
status->mIsNotValidAtThisTime = isNotValidAtThisTime;
|
||||
status->mIsUntrusted = isUntrusted;
|
||||
|
|
|
@ -95,10 +95,8 @@ NS_IMETHODIMP
|
|||
nsSSLStatus::GetIsDomainMismatch(PRBool* _result)
|
||||
{
|
||||
NS_ASSERTION(_result, "non-NULL destination required");
|
||||
if (!mHaveCertStatus)
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
|
||||
*_result = mIsDomainMismatch;
|
||||
*_result = mHaveCertErrorBits && mIsDomainMismatch;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -107,10 +105,8 @@ NS_IMETHODIMP
|
|||
nsSSLStatus::GetIsNotValidAtThisTime(PRBool* _result)
|
||||
{
|
||||
NS_ASSERTION(_result, "non-NULL destination required");
|
||||
if (!mHaveCertStatus)
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
|
||||
*_result = mIsNotValidAtThisTime;
|
||||
*_result = mHaveCertErrorBits && mIsNotValidAtThisTime;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -119,10 +115,8 @@ NS_IMETHODIMP
|
|||
nsSSLStatus::GetIsUntrusted(PRBool* _result)
|
||||
{
|
||||
NS_ASSERTION(_result, "non-NULL destination required");
|
||||
if (!mHaveCertStatus)
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
|
||||
*_result = mIsUntrusted;
|
||||
*_result = mHaveCertErrorBits && mIsUntrusted;
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -154,7 +148,7 @@ nsSSLStatus::Read(nsIObjectInputStream* stream)
|
|||
|
||||
rv = stream->ReadBoolean(&mHaveKeyLengthAndCipher);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = stream->ReadBoolean(&mHaveCertStatus);
|
||||
rv = stream->ReadBoolean(&mHaveCertErrorBits);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return NS_OK;
|
||||
|
@ -184,7 +178,7 @@ nsSSLStatus::Write(nsIObjectOutputStream* stream)
|
|||
|
||||
rv = stream->WriteBoolean(mHaveKeyLengthAndCipher);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = stream->WriteBoolean(mHaveCertStatus);
|
||||
rv = stream->WriteBoolean(mHaveCertErrorBits);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return NS_OK;
|
||||
|
@ -259,7 +253,7 @@ nsSSLStatus::nsSSLStatus()
|
|||
, mIsNotValidAtThisTime(PR_FALSE)
|
||||
, mIsUntrusted(PR_FALSE)
|
||||
, mHaveKeyLengthAndCipher(PR_FALSE)
|
||||
, mHaveCertStatus(PR_FALSE)
|
||||
, mHaveCertErrorBits(PR_FALSE)
|
||||
{
|
||||
}
|
||||
|
||||
|
|
|
@ -74,7 +74,7 @@ public:
|
|||
PRBool mIsUntrusted;
|
||||
|
||||
PRBool mHaveKeyLengthAndCipher;
|
||||
PRBool mHaveCertStatus;
|
||||
PRBool mHaveCertErrorBits;
|
||||
};
|
||||
|
||||
// 2c3837af-8b85-4a68-b0d8-0aed88985b32
|
||||
|
|
Загрузка…
Ссылка в новой задаче