From 5b263e95c799af8e13249424ce6ad9983bc6a935 Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Wed, 1 Oct 2008 01:58:56 -0500 Subject: [PATCH] Try again to really back out everything from bug 431819 in order to fix bug 454406. --- .../manager/ssl/src/nsClientAuthRemember.cpp | 257 ------------------ .../manager/ssl/src/nsClientAuthRemember.h | 174 ------------ security/manager/ssl/src/nsNSSComponent.cpp | 20 +- security/manager/ssl/src/nsNSSComponent.h | 5 - security/manager/ssl/src/nsNSSIOLayer.cpp | 92 ++----- 5 files changed, 19 insertions(+), 529 deletions(-) delete mode 100644 security/manager/ssl/src/nsClientAuthRemember.cpp delete mode 100644 security/manager/ssl/src/nsClientAuthRemember.h diff --git a/security/manager/ssl/src/nsClientAuthRemember.cpp b/security/manager/ssl/src/nsClientAuthRemember.cpp deleted file mode 100644 index 9e4cbbfa2bce..000000000000 --- a/security/manager/ssl/src/nsClientAuthRemember.cpp +++ /dev/null @@ -1,257 +0,0 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- - * - * ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Red Hat, Inc. - * Portions created by the Initial Developer are Copyright (C) 2008 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Kai Engert - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "nsClientAuthRemember.h" - -#include "nsIX509Cert.h" -#include "nsCRT.h" -#include "nsNetUtil.h" -#include "nsIObserverService.h" -#include "nsNetUtil.h" -#include "nsISupportsPrimitives.h" -#include "nsPromiseFlatString.h" -#include "nsProxiedService.h" -#include "nsStringBuffer.h" -#include "nsAutoLock.h" -#include "nspr.h" -#include "pk11pub.h" -#include "certdb.h" -#include "sechash.h" -#include "ssl.h" // For SSL_ClearSessionCache - -#include "nsNSSCleaner.h" -NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate) - -NS_IMPL_THREADSAFE_ISUPPORTS2(nsClientAuthRememberService, - nsIObserver, - nsISupportsWeakReference) - -nsClientAuthRememberService::nsClientAuthRememberService() -{ - monitor = PR_NewMonitor(); -} - -nsClientAuthRememberService::~nsClientAuthRememberService() -{ - RemoveAllFromMemory(); - if (monitor) - PR_DestroyMonitor(monitor); -} - -nsresult -nsClientAuthRememberService::Init() -{ - if (!mSettingsTable.Init()) - return NS_ERROR_OUT_OF_MEMORY; - - nsCOMPtr proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID)); - if (!proxyman) - return NS_ERROR_FAILURE; - - nsCOMPtr observerService(do_GetService("@mozilla.org/observer-service;1")); - nsCOMPtr proxiedObserver; - - NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD, - NS_GET_IID(nsIObserverService), - observerService, - NS_PROXY_SYNC, - getter_AddRefs(proxiedObserver)); - - if (proxiedObserver) { - proxiedObserver->AddObserver(this, "profile-before-change", PR_TRUE); - } - - return NS_OK; -} - -NS_IMETHODIMP -nsClientAuthRememberService::Observe(nsISupports *aSubject, - const char *aTopic, - const PRUnichar *aData) -{ - // check the topic - if (!nsCRT::strcmp(aTopic, "profile-before-change")) { - // The profile is about to change, - // or is going away because the application is shutting down. - - nsAutoMonitor lock(monitor); - RemoveAllFromMemory(); - } - - return NS_OK; -} - -void nsClientAuthRememberService::ClearRememberedDecisions() -{ - nsAutoMonitor lock(monitor); - RemoveAllFromMemory(); -} - -void -nsClientAuthRememberService::RemoveAllFromMemory() -{ - mSettingsTable.Clear(); -} - -static nsresult -GetCertFingerprintByOidTag(CERTCertificate* nsscert, - SECOidTag aOidTag, - nsCString &fp) -{ - unsigned int hash_len = HASH_ResultLenByOidTag(aOidTag); - nsRefPtr fingerprint = nsStringBuffer::Alloc(hash_len); - if (!fingerprint) - return NS_ERROR_OUT_OF_MEMORY; - - PK11_HashBuf(aOidTag, (unsigned char*)fingerprint->Data(), - nsscert->derCert.data, nsscert->derCert.len); - - SECItem fpItem; - fpItem.data = (unsigned char*)fingerprint->Data(); - fpItem.len = hash_len; - - fp.Adopt(CERT_Hexify(&fpItem, 1)); - return NS_OK; -} - -nsresult -nsClientAuthRememberService::RememberDecision(const nsACString & aHostName, - CERTCertificate *aServerCert, CERTCertificate *aClientCert) -{ - // aClientCert == NULL means: remember that user does not want to use a cert - NS_ENSURE_ARG_POINTER(aServerCert); - if (aHostName.IsEmpty()) - return NS_ERROR_INVALID_ARG; - - nsCAutoString fpStr; - nsresult rv = GetCertFingerprintByOidTag(aServerCert, SEC_OID_SHA256, fpStr); - if (NS_FAILED(rv)) - return rv; - - { - nsAutoMonitor lock(monitor); - if (aClientCert) { - AddEntryToList(aHostName, fpStr, - nsDependentCString(aClientCert->nickname)); - } - else { - nsCString empty; - AddEntryToList(aHostName, fpStr, empty); - } - } - - return NS_OK; -} - -nsresult -nsClientAuthRememberService::HasRememberedDecision(const nsACString & aHostName, - CERTCertificate *aCert, - nsACString & aClientNickname, - PRBool *_retval) -{ - if (aHostName.IsEmpty()) - return NS_ERROR_INVALID_ARG; - - NS_ENSURE_ARG_POINTER(aCert); - NS_ENSURE_ARG_POINTER(_retval); - *_retval = PR_FALSE; - - nsresult rv; - nsCAutoString fpStr; - rv = GetCertFingerprintByOidTag(aCert, SEC_OID_SHA256, fpStr); - if (NS_FAILED(rv)) - return rv; - - nsCAutoString hostCert; - GetHostWithCert(aHostName, fpStr, hostCert); - nsClientAuthRemember settings; - - { - nsAutoMonitor lock(monitor); - nsClientAuthRememberEntry *entry = mSettingsTable.GetEntry(hostCert.get()); - if (!entry) - return NS_OK; - settings = entry->mSettings; // copy - } - - aClientNickname = settings.mClientNickname; - *_retval = PR_TRUE; - return NS_OK; -} - -nsresult -nsClientAuthRememberService::AddEntryToList(const nsACString &aHostName, - const nsACString &fingerprint, - const nsACString &client_nickname) - -{ - nsCAutoString hostCert; - GetHostWithCert(aHostName, fingerprint, hostCert); - - { - nsAutoMonitor lock(monitor); - nsClientAuthRememberEntry *entry = mSettingsTable.PutEntry(hostCert.get()); - - if (!entry) { - NS_ERROR("can't insert a null entry!"); - return NS_ERROR_OUT_OF_MEMORY; - } - - entry->mHostWithCert = hostCert; - - nsClientAuthRemember &settings = entry->mSettings; - settings.mAsciiHost = aHostName; - settings.mFingerprint = fingerprint; - settings.mClientNickname = client_nickname; - } - - return NS_OK; -} - -void -nsClientAuthRememberService::GetHostWithCert(const nsACString & aHostName, - const nsACString & fingerprint, - nsACString& _retval) -{ - nsCAutoString hostCert(aHostName); - hostCert.AppendLiteral(":"); - hostCert.Append(fingerprint); - - _retval.Assign(hostCert); -} diff --git a/security/manager/ssl/src/nsClientAuthRemember.h b/security/manager/ssl/src/nsClientAuthRemember.h deleted file mode 100644 index cb3193f4f421..000000000000 --- a/security/manager/ssl/src/nsClientAuthRemember.h +++ /dev/null @@ -1,174 +0,0 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- - * - * ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Red Hat, Inc. - * Portions created by the Initial Developer are Copyright (C) 2008 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Kai Engert - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#ifndef __NSCLIENTAUTHREMEMBER_H__ -#define __NSCLIENTAUTHREMEMBER_H__ - -#include "nsTHashtable.h" -#include "nsIObserver.h" -#include "nsIX509Cert.h" -#include "nsAutoPtr.h" -#include "nsNSSCertificate.h" -#include "nsString.h" -#include "nsWeakReference.h" -#include "prmon.h" - -class nsClientAuthRemember -{ -public: - - nsClientAuthRemember() - { - } - - nsClientAuthRemember(const nsClientAuthRemember &other) - { - this->operator=(other); - } - - nsClientAuthRemember &operator=(const nsClientAuthRemember &other) - { - mAsciiHost = other.mAsciiHost; - mFingerprint = other.mFingerprint; - mClientNickname = other.mClientNickname; - return *this; - } - - nsCString mAsciiHost; - nsCString mFingerprint; - nsCString mClientNickname; -}; - - -// hash entry class -class nsClientAuthRememberEntry : public PLDHashEntryHdr -{ - public: - // Hash methods - typedef const char* KeyType; - typedef const char* KeyTypePointer; - - // do nothing with aHost - we require mHead to be set before we're live! - nsClientAuthRememberEntry(KeyTypePointer aHostWithCertUTF8) - { - } - - nsClientAuthRememberEntry(const nsClientAuthRememberEntry& toCopy) - { - mSettings = toCopy.mSettings; - } - - ~nsClientAuthRememberEntry() - { - } - - KeyType GetKey() const - { - return HostWithCertPtr(); - } - - KeyTypePointer GetKeyPointer() const - { - return HostWithCertPtr(); - } - - PRBool KeyEquals(KeyTypePointer aKey) const - { - return !strcmp(HostWithCertPtr(), aKey); - } - - static KeyTypePointer KeyToPointer(KeyType aKey) - { - return aKey; - } - - static PLDHashNumber HashKey(KeyTypePointer aKey) - { - // PL_DHashStringKey doesn't use the table parameter, so we can safely - // pass nsnull - return PL_DHashStringKey(nsnull, aKey); - } - - enum { ALLOW_MEMMOVE = PR_FALSE }; - - // get methods - inline const nsCString &HostWithCert() const { return mHostWithCert; } - - inline KeyTypePointer HostWithCertPtr() const - { - return mHostWithCert.get(); - } - - nsClientAuthRemember mSettings; - nsCString mHostWithCert; -}; - -class nsClientAuthRememberService : public nsIObserver, - public nsSupportsWeakReference -{ -public: - NS_DECL_ISUPPORTS - NS_DECL_NSIOBSERVER - - nsClientAuthRememberService(); - ~nsClientAuthRememberService(); - - nsresult Init(); - - static void GetHostWithCert(const nsACString & aHostName, - const nsACString & nickname, nsACString& _retval); - - nsresult RememberDecision(const nsACString & aHostName, - CERTCertificate *aServerCert, CERTCertificate *aClientCert); - nsresult HasRememberedDecision(const nsACString & aHostName, - CERTCertificate *aCert, nsACString & aClientNickname, PRBool *_retval); - - void ClearRememberedDecisions(); - -protected: - PRMonitor *monitor; - nsTHashtable mSettingsTable; - - void RemoveAllFromMemory(); - nsresult AddEntryToList(const nsACString &host, - const nsACString &server_fingerprint, - const nsACString &client_nickname); -}; - -#endif diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp index 0366704b7c5b..9f65b8d58bb8 100644 --- a/security/manager/ssl/src/nsNSSComponent.cpp +++ b/security/manager/ssl/src/nsNSSComponent.cpp @@ -296,10 +296,7 @@ nsNSSComponent::nsNSSComponent() memset(&mIdentityInfoCallOnce, 0, sizeof(PRCallOnceType)); nsSSLIOLayerHelpers::Init(); - mClientAuthRememberService = new nsClientAuthRememberService; - if (mClientAuthRememberService) - mClientAuthRememberService->Init(); - + NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!"); ++mInstanceCount; hashTableCerts = nsnull; @@ -1686,9 +1683,6 @@ nsNSSComponent::ShutdownNSS() ShutdownSmartCardThreads(); SSL_ClearSessionCache(); - if (mClientAuthRememberService) { - mClientAuthRememberService->ClearRememberedDecisions(); - } UnloadLoadableRoots(); CleanupIdentityInfo(); PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("evaporating psm resources\n")); @@ -2147,9 +2141,6 @@ void nsNSSComponent::ShowAlert(AlertIdentifier ai) nsresult nsNSSComponent::LogoutAuthenticatedPK11() { - if (mClientAuthRememberService) { - mClientAuthRememberService->ClearRememberedDecisions(); - } return mShutdownObjectList->doPK11Logout(); } @@ -2410,14 +2401,6 @@ nsNSSComponent::DoProfileChangeNetRestore() mIsNetworkDown = PR_FALSE; } -NS_IMETHODIMP -nsNSSComponent::GetClientAuthRememberService(nsClientAuthRememberService **cars) -{ - NS_ENSURE_ARG_POINTER(cars); - NS_IF_ADDREF(*cars = mClientAuthRememberService); - return NS_OK; -} - //--------------------------------------------- // Implementing nsICryptoHash //--------------------------------------------- @@ -3187,3 +3170,4 @@ PSMContentListener::SetParentContentListener(nsIURIContentListener * aContentLis mParentContentListener = aContentListener; return NS_OK; } + diff --git a/security/manager/ssl/src/nsNSSComponent.h b/security/manager/ssl/src/nsNSSComponent.h index 2bba652aef93..d4cad2f55485 100644 --- a/security/manager/ssl/src/nsNSSComponent.h +++ b/security/manager/ssl/src/nsNSSComponent.h @@ -69,7 +69,6 @@ #include "nsNSSCallbacks.h" #include "nsNSSHelper.h" -#include "nsClientAuthRemember.h" #define NS_NSSCOMPONENT_CID \ {0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}} @@ -172,8 +171,6 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports { NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0; - NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars) = 0; - NS_IMETHOD EnsureIdentityInfoLoaded() = 0; }; @@ -262,7 +259,6 @@ public: NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module); NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token); NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token); - NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars); NS_IMETHOD EnsureIdentityInfoLoaded(); private: @@ -328,7 +324,6 @@ private: nsSSLThread *mSSLThread; nsCertVerificationThread *mCertVerificationThread; nsNSSHttpInterface mHttpForNSS; - nsRefPtr mClientAuthRememberService; static PRStatus PR_CALLBACK IdentityInfoInit(void); PRCallOnceType mIdentityInfoCallOnce; diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp index 3c1a3234c685..6cc58aab65f3 100644 --- a/security/manager/ssl/src/nsNSSIOLayer.cpp +++ b/security/manager/ssl/src/nsNSSIOLayer.cpp @@ -58,7 +58,6 @@ #include "nsIDateTimeFormat.h" #include "nsDateTimeFormatCID.h" #include "nsIClientAuthDialogs.h" -#include "nsClientAuthRemember.h" #include "nsICertOverrideService.h" #include "nsIBadCertListener2.h" #include "nsISSLErrorListener.h" @@ -239,7 +238,7 @@ void nsNSSSocketInfo::virtualDestroyNSSReference() { } -NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSSocketInfo, +NS_IMPL_THREADSAFE_ISUPPORTS8(nsNSSSocketInfo, nsITransportSecurityInfo, nsISSLSocketControl, nsIInterfaceRequestor, @@ -247,8 +246,7 @@ NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSSocketInfo, nsIIdentityInfo, nsIAssociatedContentSecurity, nsISerializable, - nsIClassInfo, - nsIClientAuthUserDecision) + nsIClassInfo) nsresult nsNSSSocketInfo::GetHandshakePending(PRBool *aHandshakePending) @@ -302,19 +300,6 @@ PRBool nsNSSSocketInfo::GetCanceled() return mCanceled; } -NS_IMETHODIMP nsNSSSocketInfo::GetRememberClientAuthCertificate(PRBool *aRememberClientAuthCertificate) -{ - NS_ENSURE_ARG_POINTER(aRememberClientAuthCertificate); - *aRememberClientAuthCertificate = mRememberClientAuthCertificate; - return NS_OK; -} - -NS_IMETHODIMP nsNSSSocketInfo::SetRememberClientAuthCertificate(PRBool aRememberClientAuthCertificate) -{ - mRememberClientAuthCertificate = aRememberClientAuthCertificate; - return NS_OK; -} - void nsNSSSocketInfo::SetHasCleartextPhase(PRBool aHasCleartextPhase) { mHasCleartextPhase = aHasCleartextPhase; @@ -2501,10 +2486,12 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket, nsNSSShutDownPreventionLock locker; void* wincx = NULL; SECStatus ret = SECFailure; + nsresult rv; nsNSSSocketInfo* info = NULL; PRArenaPool* arena = NULL; char** caNameStrings; CERTCertificate* cert = NULL; + CERTCertificate* serverCert = NULL; SECKEYPrivateKey* privKey = NULL; CERTCertList* certList = NULL; CERTCertListNode* node; @@ -2628,57 +2615,13 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket, goto noCert; } } - else { // Not Auto => ask - /* Get the SSL Certificate */ - CERTCertificate* serverCert = NULL; - CERTCertificateCleaner serverCertCleaner(serverCert); - serverCert = SSL_PeerCertificate(socket); - if (serverCert == NULL) { - /* couldn't get the server cert: what do I do? */ - goto loser; - } - - nsXPIDLCString hostname; - info->GetHostName(getter_Copies(hostname)); - - nsresult rv; - NS_DEFINE_CID(nssComponentCID, NS_NSSCOMPONENT_CID); - nsCOMPtr nssComponent(do_GetService(nssComponentCID, &rv)); - nsRefPtr cars; - if (nssComponent) { - nssComponent->GetClientAuthRememberService(getter_AddRefs(cars)); - } - - PRBool hasRemembered = PR_FALSE; - nsCString rememberedNickname; - if (cars) { - PRBool found; - nsresult rv = cars->HasRememberedDecision(hostname, - serverCert, - rememberedNickname, &found); - if (NS_SUCCEEDED(rv) && found) { - hasRemembered = PR_TRUE; - } - } - - PRBool canceled = PR_FALSE; - -if (hasRemembered) -{ - if (rememberedNickname.IsEmpty()) - canceled = PR_TRUE; else { - char *const_nickname = const_cast(rememberedNickname.get()); - cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), const_nickname); - } -} -else -{ /* user selects a cert to present */ nsIClientAuthDialogs *dialogs = NULL; PRInt32 selectedIndex = -1; PRUnichar **certNicknameList = NULL; PRUnichar **certDetailsList = NULL; + PRBool canceled; /* find all user certs that are for SSL */ /* note that we are allowing expired certs in this list */ @@ -2735,6 +2678,13 @@ else NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts"); + /* Get the SSL Certificate */ + serverCert = SSL_PeerCertificate(socket); + if (serverCert == NULL) { + /* couldn't get the server cert: what do I do? */ + goto loser; + } + /* Get CN and O of the subject and O of the issuer */ char *ccn = CERT_GetCommonName(&serverCert->subject); charCleaner ccnCleaner(ccn); @@ -2742,6 +2692,8 @@ else PRInt32 port; info->GetPort(&port); + char *hostname = SSL_RevealURL(socket); + charCleaner hostnameCleaner(hostname); nsString cn_host_port; if (ccn && strcmp(ccn, hostname) == 0) { @@ -2765,6 +2717,8 @@ else NS_ConvertUTF8toUTF16 issuer(cissuer); if (cissuer) PORT_Free(cissuer); + CERT_DestroyCertificate(serverCert); + certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames); if (!certNicknameList) goto loser; @@ -2832,12 +2786,9 @@ else if (NS_FAILED(rv)) goto loser; - // even if the user has canceled, we want to remember that, to avoid repeating prompts - PRBool wantRemember = PR_FALSE; - info->GetRememberClientAuthCertificate(&wantRemember); + if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } int i; - if (!canceled) for (i = 0, node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList); ++i, node = CERT_LIST_NEXT(node)) { @@ -2848,15 +2799,6 @@ else } } - if (cars && wantRemember) { - cars->RememberDecision(hostname, - serverCert, - canceled ? 0 : cert); - } -} - - if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } - if (cert == NULL) { goto loser; }