Backing out the "early ev verification" patch from bug 406755, as an attempt to fix a tinderbox test failure (crash).

security/manager/ssl/src/nsNSSCallbacks.cpp

@@ -914,20 +914,7 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
   CERTCertificateCleaner serverCertCleaner(serverCert);
 
   if (serverCert) {
-    nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
-    nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus();
-    nsRefPtr<nsNSSCertificate> nsc;
-
-    if (!status || !status->mServerCert) {
-      nsc = new nsNSSCertificate(serverCert);
-    }
-
     if (SECSuccess == rv) {
-      if (nsc) {
-        PRBool dummyIsEV;
-        nsc->GetIsExtendedValidation(&dummyIsEV); // the nsc object will cache the status
-      }
-    
       CERTCertList *certList = CERT_GetCertChainFromCert(serverCert, PR_Now(), certUsageSSLCA);
 
       nsCOMPtr<nsINSSComponent> nssComponent;
@@ -971,12 +958,15 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
     // The connection may get terminated, for example, if the server requires
     // a client cert. Let's provide a minimal SSLStatus
     // to the caller that contains at least the cert and its status.
+    nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+
+    nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus();
     if (!status) {
       status = new nsSSLStatus();
       infoObject->SetSSLStatus(status);
     }
     if (status && !status->mServerCert) {
-      status->mServerCert = nsc;
+      status->mServerCert = new nsNSSCertificate(serverCert);
       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
              ("AuthCertificateCallback setting NEW cert %p\n", status->mServerCert.get()));
     }