зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1368107 - Remove TransportSecurityInfo::GetHostNameRaw(). r=keeler
GetHostNameRaw() returns a char* string, which is less safe and ergonomic compared to the Mozilla string classes. GetHostName() can be used instead. MozReview-Commit-ID: GYvTnISNN35 --HG-- extra : rebase_source : da257f5fba2c26cd92d932c3d1d363458b84a65b
This commit is contained in:
Родитель
f2ce0dde51
Коммит
0adca03a5d
|
@ -20,6 +20,7 @@
|
|||
#include "mozilla/Casting.h"
|
||||
#include "mozilla/IntegerPrintfMacros.h"
|
||||
#include "nsNSSComponent.h"
|
||||
#include "nsPromiseFlatString.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "pk11pub.h"
|
||||
#include "pkix/pkix.h"
|
||||
|
@ -942,7 +943,7 @@ CertVerifier::VerifySSLServerCert(const UniqueCERTCertificate& peerCert,
|
|||
/*optional*/ const SECItem* sctsFromTLS,
|
||||
Time time,
|
||||
/*optional*/ void* pinarg,
|
||||
const char* hostname,
|
||||
const nsACString& hostname,
|
||||
/*out*/ UniqueCERTCertList& builtChain,
|
||||
/*optional*/ UniqueCERTCertList* peerCertChain,
|
||||
/*optional*/ bool saveIntermediatesInPermanentDatabase,
|
||||
|
@ -957,21 +958,21 @@ CertVerifier::VerifySSLServerCert(const UniqueCERTCertificate& peerCert,
|
|||
{
|
||||
MOZ_ASSERT(peerCert);
|
||||
// XXX: MOZ_ASSERT(pinarg);
|
||||
MOZ_ASSERT(hostname);
|
||||
MOZ_ASSERT(hostname[0]);
|
||||
MOZ_ASSERT(!hostname.IsEmpty());
|
||||
|
||||
if (evOidPolicy) {
|
||||
*evOidPolicy = SEC_OID_UNKNOWN;
|
||||
}
|
||||
|
||||
if (!hostname || !hostname[0]) {
|
||||
if (hostname.IsEmpty()) {
|
||||
return Result::ERROR_BAD_CERT_DOMAIN;
|
||||
}
|
||||
|
||||
// CreateCertErrorRunnable assumes that CheckCertHostname is only called
|
||||
// if VerifyCert succeeded.
|
||||
Result rv = VerifyCert(peerCert.get(), certificateUsageSSLServer, time,
|
||||
pinarg, hostname, builtChain, peerCertChain, flags,
|
||||
pinarg, PromiseFlatCString(hostname).get(), builtChain,
|
||||
peerCertChain, flags,
|
||||
stapledOCSPResponse, sctsFromTLS, originAttributes,
|
||||
evOidPolicy, ocspStaplingStatus, keySizeStatus,
|
||||
sha1ModeResult, pinningTelemetryInfo, ctInfo);
|
||||
|
@ -1005,8 +1006,9 @@ CertVerifier::VerifySSLServerCert(const UniqueCERTCertificate& peerCert,
|
|||
}
|
||||
|
||||
Input hostnameInput;
|
||||
rv = hostnameInput.Init(BitwiseCast<const uint8_t*, const char*>(hostname),
|
||||
strlen(hostname));
|
||||
rv = hostnameInput.Init(
|
||||
BitwiseCast<const uint8_t*, const char*>(hostname.BeginReading()),
|
||||
hostname.Length());
|
||||
if (rv != Success) {
|
||||
return Result::FATAL_ERROR_INVALID_ARGS;
|
||||
}
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/TimeStamp.h"
|
||||
#include "mozilla/UniquePtr.h"
|
||||
#include "nsString.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
|
@ -148,7 +149,7 @@ public:
|
|||
/*optional*/ const SECItem* sctsFromTLS,
|
||||
mozilla::pkix::Time time,
|
||||
/*optional*/ void* pinarg,
|
||||
const char* hostname,
|
||||
const nsACString& hostname,
|
||||
/*out*/ UniqueCERTCertList& builtChain,
|
||||
/*optional*/ UniqueCERTCertList* peerCertChain = nullptr,
|
||||
/*optional*/ bool saveIntermediatesInPermanentDatabase = false,
|
||||
|
|
|
@ -128,6 +128,7 @@
|
|||
#include "nsNSSShutDown.h"
|
||||
#include "nsSSLStatus.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "nsString.h"
|
||||
#include "nsURLHelper.h"
|
||||
#include "nsXPCOMCIDInternal.h"
|
||||
#include "pkix/pkix.h"
|
||||
|
@ -338,7 +339,7 @@ MapCertErrorToProbeValue(PRErrorCode errorCode)
|
|||
|
||||
SECStatus
|
||||
DetermineCertOverrideErrors(const UniqueCERTCertificate& cert,
|
||||
const char* hostName,
|
||||
const nsACString& hostName,
|
||||
PRTime now, PRErrorCode defaultErrorCodeToReport,
|
||||
/*out*/ uint32_t& collectedErrors,
|
||||
/*out*/ PRErrorCode& errorCodeTrust,
|
||||
|
@ -346,7 +347,6 @@ DetermineCertOverrideErrors(const UniqueCERTCertificate& cert,
|
|||
/*out*/ PRErrorCode& errorCodeTime)
|
||||
{
|
||||
MOZ_ASSERT(cert);
|
||||
MOZ_ASSERT(hostName);
|
||||
MOZ_ASSERT(collectedErrors == 0);
|
||||
MOZ_ASSERT(errorCodeTrust == 0);
|
||||
MOZ_ASSERT(errorCodeMismatch == 0);
|
||||
|
@ -419,8 +419,8 @@ DetermineCertOverrideErrors(const UniqueCERTCertificate& cert,
|
|||
}
|
||||
Input hostnameInput;
|
||||
Result result = hostnameInput.Init(
|
||||
BitwiseCast<const uint8_t*, const char*>(hostName),
|
||||
strlen(hostName));
|
||||
BitwiseCast<const uint8_t*, const char*>(hostName.BeginReading()),
|
||||
hostName.Length());
|
||||
if (result != Success) {
|
||||
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
|
||||
return SECFailure;
|
||||
|
@ -682,7 +682,7 @@ CreateCertErrorRunnable(CertVerifier& certVerifier,
|
|||
PRErrorCode errorCodeTrust = 0;
|
||||
PRErrorCode errorCodeMismatch = 0;
|
||||
PRErrorCode errorCodeTime = 0;
|
||||
if (DetermineCertOverrideErrors(cert, infoObject->GetHostNameRaw(), now,
|
||||
if (DetermineCertOverrideErrors(cert, infoObject->GetHostName(), now,
|
||||
defaultErrorCodeToReport, collected_errors,
|
||||
errorCodeTrust, errorCodeMismatch,
|
||||
errorCodeTime) != SECSuccess) {
|
||||
|
@ -1403,7 +1403,7 @@ AuthCertificate(CertVerifier& certVerifier,
|
|||
Result rv = certVerifier.VerifySSLServerCert(cert, stapledOCSPResponse,
|
||||
sctsFromTLSExtension, time,
|
||||
infoObject,
|
||||
infoObject->GetHostNameRaw(),
|
||||
infoObject->GetHostName(),
|
||||
certList, &peerCertChain,
|
||||
saveIntermediates, flags,
|
||||
infoObject->
|
||||
|
|
|
@ -43,7 +43,7 @@ protected:
|
|||
virtual ~TransportSecurityInfo();
|
||||
public:
|
||||
TransportSecurityInfo();
|
||||
|
||||
|
||||
NS_DECL_THREADSAFE_ISUPPORTS
|
||||
NS_DECL_NSITRANSPORTSECURITYINFO
|
||||
NS_DECL_NSIINTERFACEREQUESTOR
|
||||
|
@ -55,7 +55,6 @@ public:
|
|||
nsresult SetSecurityState(uint32_t aState);
|
||||
|
||||
const nsACString & GetHostName() const { return mHostName; }
|
||||
const char * GetHostNameRaw() const { return mHostName.get(); }
|
||||
|
||||
void SetHostName(const char* host);
|
||||
|
||||
|
@ -69,11 +68,11 @@ public:
|
|||
nsresult SetOriginAttributes(const OriginAttributes& aOriginAttributes);
|
||||
|
||||
PRErrorCode GetErrorCode() const;
|
||||
|
||||
|
||||
void GetErrorLogMessage(PRErrorCode errorCode,
|
||||
::mozilla::psm::SSLErrorMessageType errorMessageType,
|
||||
nsString &result);
|
||||
|
||||
|
||||
void SetCanceled(PRErrorCode errorCode,
|
||||
::mozilla::psm::SSLErrorMessageType errorMessageType);
|
||||
|
||||
|
|
|
@ -1132,7 +1132,7 @@ DetermineEVAndCTStatusAndSetNewCert(RefPtr<nsSSLStatus> sslStatus,
|
|||
sctsFromTLSExtension,
|
||||
mozilla::pkix::Now(),
|
||||
infoObject,
|
||||
infoObject->GetHostNameRaw(),
|
||||
infoObject->GetHostName(),
|
||||
unusedBuiltChain,
|
||||
&peerCertChain,
|
||||
saveIntermediates,
|
||||
|
|
|
@ -1400,14 +1400,13 @@ VerifyCertAtTime(nsIX509Cert* aCert,
|
|||
SECOidTag evOidPolicy;
|
||||
mozilla::pkix::Result result;
|
||||
|
||||
const nsCString& flatHostname = PromiseFlatCString(aHostname);
|
||||
if (!aHostname.IsVoid() && aUsage == certificateUsageSSLServer) {
|
||||
result = certVerifier->VerifySSLServerCert(nssCert,
|
||||
nullptr, // stapledOCSPResponse
|
||||
nullptr, // sctsFromTLSExtension
|
||||
aTime,
|
||||
nullptr, // Assume no context
|
||||
flatHostname.get(),
|
||||
aHostname,
|
||||
resultChain,
|
||||
nullptr, // no peerCertChain
|
||||
false, // don't save intermediates
|
||||
|
@ -1415,6 +1414,7 @@ VerifyCertAtTime(nsIX509Cert* aCert,
|
|||
OriginAttributes(),
|
||||
&evOidPolicy);
|
||||
} else {
|
||||
const nsCString& flatHostname = PromiseFlatCString(aHostname);
|
||||
result = certVerifier->VerifyCert(nssCert.get(), aUsage, aTime,
|
||||
nullptr, // Assume no context
|
||||
aHostname.IsVoid() ? nullptr
|
||||
|
|
|
@ -450,7 +450,6 @@ nsNSSSocketInfo::IsAcceptableForHost(const nsACString& hostname, bool* _retval)
|
|||
if (!certVerifier) {
|
||||
return NS_OK;
|
||||
}
|
||||
nsAutoCString hostnameFlat(PromiseFlatCString(hostname));
|
||||
CertVerifier::Flags flags = CertVerifier::FLAG_LOCAL_ONLY;
|
||||
UniqueCERTCertList unusedBuiltChain;
|
||||
mozilla::pkix::Result result =
|
||||
|
@ -459,7 +458,7 @@ nsNSSSocketInfo::IsAcceptableForHost(const nsACString& hostname, bool* _retval)
|
|||
nullptr, // sctsFromTLSExtension
|
||||
mozilla::pkix::Now(),
|
||||
nullptr, // pinarg
|
||||
hostnameFlat.get(),
|
||||
hostname,
|
||||
unusedBuiltChain,
|
||||
nullptr, // no peerCertChain
|
||||
false, // save intermediates
|
||||
|
|
|
@ -1076,7 +1076,7 @@ nsSiteSecurityService::ProcessPKPHeader(
|
|||
nullptr, // stapledOCSPResponse
|
||||
nullptr, // sctsFromTLSExtension
|
||||
now, nullptr, // pinarg
|
||||
host.get(), // hostname
|
||||
host, // hostname
|
||||
certList,
|
||||
nullptr, // no peerCertChain
|
||||
false, // don't store intermediates
|
||||
|
|
Загрузка…
Ссылка в новой задаче