Backed out changeset 01b407d8a5af (bug 1453795) for build bustages on CertVerifier.h . CLOSED TREE

security/certverifier/CertVerifier.h

@@ -11,7 +11,6 @@
 #include "CTPolicyEnforcer.h"
 #include "CTVerifyResult.h"
 #include "OCSPCache.h"
-#include "RootCertificateTelemetryUtils.h"
 #include "ScopedNSSTypes.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/TimeStamp.h"
@@ -79,16 +78,11 @@ enum class NetscapeStepUpPolicy : uint32_t;
 class PinningTelemetryInfo
 {
 public:
-  PinningTelemetryInfo()
-    : certPinningResultBucket(0)
-    , rootBucket(ROOT_CERTIFICATE_UNKNOWN)
-  {
-    Reset();
-  }
+  PinningTelemetryInfo() { Reset(); }
 
   // Should we accumulate pinning telemetry for the result?
   bool accumulateResult;
-  Maybe<Telemetry::HistogramID> certPinningResultHistogram;
+  Telemetry::HistogramID certPinningResultHistogram;
   int32_t certPinningResultBucket;
   // Should we accumulate telemetry for the root?
   bool accumulateForRoot;
@@ -100,12 +94,7 @@ public:
 class CertificateTransparencyInfo
 {
 public:
-  CertificateTransparencyInfo()
-    : enabled(false)
-    , policyCompliance(mozilla::ct::CTPolicyCompliance::Unknown)
-  {
-    Reset();
-  }
+  CertificateTransparencyInfo() { Reset(); }
 
   // Was CT enabled?
   bool enabled;

security/manager/ssl/PublicKeyPinningService.cpp

@@ -305,7 +305,7 @@ CheckPinsForHostname(const RefPtr<nsNSSCertList>& certList, const char* hostname
             enforceTestModeResult ? 1 : 0;
       }
       pinningTelemetryInfo->accumulateResult = true;
-      pinningTelemetryInfo->certPinningResultHistogram = Some(histogram);
+      pinningTelemetryInfo->certPinningResultHistogram = histogram;
     }
 
     // We only collect per-CA pinning statistics upon failures.

security/manager/ssl/SSLServerCertVerification.cpp

@@ -1431,8 +1431,7 @@ AuthCertificate(CertVerifier& certVerifier,
   }
 
   if (pinningTelemetryInfo.accumulateResult) {
-    MOZ_ASSERT(pinningTelemetryInfo.certPinningResultHistogram.isSome());
-    Telemetry::Accumulate(pinningTelemetryInfo.certPinningResultHistogram.value(),
+    Telemetry::Accumulate(pinningTelemetryInfo.certPinningResultHistogram,
                           pinningTelemetryInfo.certPinningResultBucket);
   }
 

security/pkix/lib/pkixbuild.cpp

@@ -61,7 +61,6 @@ public:
     , stapledOCSPResponse(aStapledOCSPResponse)
     , subCACount(aSubCACount)
     , deferredSubjectError(aDeferredSubjectError)
-    , subjectSignaturePublicKeyAlg(der::PublicKeyAlgorithm::Uninitialized)
     , result(Result::FATAL_ERROR_LIBRARY_FAILURE)
     , resultWasSet(false)
     , buildForwardCallBudget(aBuildForwardCallBudget)

security/pkix/lib/pkixcheck.cpp

@@ -118,10 +118,6 @@ CheckSignatureAlgorithm(TrustDomain& trustDomain,
       // during path building is too low to be worth bothering with.
       break;
 
-    case der::PublicKeyAlgorithm::Uninitialized:
-      assert(false);
-      return Result::FATAL_ERROR_LIBRARY_FAILURE;
-
     MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
   }
 

security/pkix/lib/pkixder.h

@@ -457,7 +457,7 @@ CertificateSerialNumber(Reader& input, /*out*/ Input& value)
 
 // x.509 and OCSP both use this same version numbering scheme, though OCSP
 // only supports v1.
-enum class Version { v1 = 0, v2 = 1, v3 = 2, v4 = 3, Uninitialized = 255 };
+enum class Version { v1 = 0, v2 = 1, v3 = 2, v4 = 3 };
 
 // X.509 Certificate and OCSP ResponseData both use
 // "[0] EXPLICIT Version DEFAULT v1". Although an explicit encoding of v1 is
@@ -522,7 +522,6 @@ enum class PublicKeyAlgorithm
 {
   RSA_PKCS1,
   ECDSA,
-  Uninitialized
 };
 
 Result SignatureAlgorithmIdentifierValue(

security/pkix/lib/pkixutil.h

@@ -42,13 +42,11 @@ class BackCert final
 {
 public:
   // certDER and childCert must be valid for the lifetime of BackCert.
-  BackCert(Input aCertDER,
-           EndEntityOrCA aEndEntityOrCA,
+  BackCert(Input aCertDER, EndEntityOrCA aEndEntityOrCA,
            const BackCert* aChildCert)
     : der(aCertDER)
     , endEntityOrCA(aEndEntityOrCA)
     , childCert(aChildCert)
-    , version(der::Version::Uninitialized)
   {
   }
 

security/pkix/lib/pkixverify.cpp

@@ -79,9 +79,6 @@ VerifySignedDigest(TrustDomain& trustDomain,
     case der::PublicKeyAlgorithm::RSA_PKCS1:
       return trustDomain.VerifyRSAPKCS1SignedDigest(signedDigest,
                                                     signerSubjectPublicKeyInfo);
-    case der::PublicKeyAlgorithm::Uninitialized:
-      assert(false);
-      return Result::FATAL_ERROR_LIBRARY_FAILURE;
     MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
   }
 }