From 8670057dd5f692dc5b6b78337b046dbebc207a42 Mon Sep 17 00:00:00 2001 From: Dipen Patel Date: Fri, 13 Jul 2018 11:48:55 -0700 Subject: [PATCH] Bug 1475647 - Remove nsISSLStatusProvider interface. r=baku,Gijs,jchen,jryans,keeler,mcmanus - Access nsISSLStatus directly as a member of nsITransportSecurityInfo and nsISecureBrowserUI. This is part of a larger effort to consolidate nsISSLStatus and nsITransportSecurityInfo. - The TabParent implementation of GetSecInfo will always return null. - Removed unnecessary QueryInterface calls - Style adherence updates MozReview-Commit-ID: Dzy6t2zYljL --HG-- extra : rebase_source : fbfbcf7608efbfb35c9be4018ff0f4e70b2768d2 --- browser/base/content/browser-siteIdentity.js | 8 ++--- browser/base/content/browser.js | 6 ++-- browser/base/content/pageinfo/security.js | 5 +--- devtools/shared/security/auth.js | 2 +- devtools/shared/security/socket.js | 2 +- devtools/shared/webconsole/network-helper.js | 1 - .../test/unit/test_security-info-parser.js | 3 +- .../test/unit/test_security-info-state.js | 3 +- .../unit/test_security-info-static-hpkp.js | 3 +- dom/ipc/TabParent.cpp | 10 +++++++ mobile/android/chrome/content/browser.js | 5 ++-- mobile/android/chrome/content/content.js | 3 +- .../modules/geckoview/GeckoViewProgress.jsm | 3 +- netwerk/base/nsISecureBrowserUI.idl | 2 ++ netwerk/protocol/http/AlternateServices.cpp | 2 -- netwerk/protocol/http/Http2Session.cpp | 2 -- netwerk/protocol/http/nsHttpChannel.cpp | 17 +++++------ netwerk/protocol/http/nsHttpNTLMAuth.cpp | 8 ++--- netwerk/socket/nsITransportSecurityInfo.idl | 3 ++ .../pki/resources/content/exceptionDialog.js | 30 ++++++++++++------- .../manager/ssl/TransportSecurityInfo.cpp | 3 +- security/manager/ssl/TransportSecurityInfo.h | 3 -- security/manager/ssl/moz.build | 1 - security/manager/ssl/nsISSLStatusProvider.idl | 13 -------- .../manager/ssl/nsSecureBrowserUIImpl.cpp | 20 +++++-------- security/manager/ssl/nsSecureBrowserUIImpl.h | 9 ++---- security/manager/ssl/tests/unit/head_psm.js | 9 ++---- .../unit/test_cert_overrides_read_only.js | 3 +- security/manager/ssl/tests/unit/test_ct.js | 3 +- .../ssl/tests/unit/test_session_resumption.js | 12 ++------ .../manager/ssl/tests/unit/test_ssl_status.js | 8 ++--- security/manager/tools/getHSTSPreloadList.js | 4 +-- .../firefox/firefox_puppeteer/api/security.py | 3 +- toolkit/content/browser-child.js | 18 ++++++----- toolkit/modules/CertUtils.jsm | 2 +- toolkit/modules/RemoteSecurityUI.jsm | 12 ++++---- toolkit/modules/RemoteWebProgress.jsm | 12 ++++---- toolkit/modules/addons/SecurityInfo.jsm | 1 - .../tests/chrome/test_bug544442_checkCert.xul | 2 +- toolkit/mozapps/update/nsUpdateService.js | 2 +- 40 files changed, 111 insertions(+), 147 deletions(-) delete mode 100644 security/manager/ssl/nsISSLStatusProvider.idl diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js index f21fb38f65b3..ca529b5ac125 100644 --- a/browser/base/content/browser-siteIdentity.js +++ b/browser/base/content/browser-siteIdentity.js @@ -347,12 +347,8 @@ var gIdentityHandler = { // Firstly, populate the state properties required to display the UI. See // the documentation of the individual properties for details. this.setURI(uri); - this._sslStatus = gBrowser.securityUI - .QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; - if (this._sslStatus) { - this._sslStatus.QueryInterface(Ci.nsISSLStatus); - } + this._sslStatus = gBrowser.securityUI.secInfo && + gBrowser.securityUI.secInfo.SSLStatus; // Then, update the user interface with the available data. this.refreshIdentityBlock(); diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 5f590fd63460..1afdc14b027c 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -2994,8 +2994,7 @@ var BrowserOnClick = { } securityInfo = getSecurityInfo(securityInfoAsString); - sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + sslStatus = securityInfo.SSLStatus; let params = { exceptionAdded: false, sslStatus }; @@ -3036,8 +3035,7 @@ var BrowserOnClick = { } securityInfo = getSecurityInfo(securityInfoAsString); - sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + sslStatus = securityInfo.SSLStatus; let errorInfo = getDetailedCertErrorInfo(location, securityInfo); let validityInfo = { diff --git a/browser/base/content/pageinfo/security.js b/browser/base/content/pageinfo/security.js index a57560e794e7..2ab144818ecd 100644 --- a/browser/base/content/pageinfo/security.js +++ b/browser/base/content/pageinfo/security.js @@ -27,7 +27,6 @@ var security = { }, _getSecurityInfo() { - const nsISSLStatusProvider = Ci.nsISSLStatusProvider; const nsISSLStatus = Ci.nsISSLStatus; // We don't have separate info for a frame, return null until further notice @@ -50,11 +49,9 @@ var security = { (ui.state & Ci.nsIWebProgressListener.STATE_IS_INSECURE); var isEV = (ui.state & Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL); - ui.QueryInterface(nsISSLStatusProvider); - var status = ui.SSLStatus; + var status = ui.secInfo && ui.secInfo.SSLStatus; if (!isInsecure && status) { - status.QueryInterface(nsISSLStatus); var cert = status.serverCert; var issuerName = cert.issuerOrganization || cert.issuerName; diff --git a/devtools/shared/security/auth.js b/devtools/shared/security/auth.js index 98c325186513..86b304c59432 100644 --- a/devtools/shared/security/auth.js +++ b/devtools/shared/security/auth.js @@ -300,7 +300,7 @@ OOBCert.Client.prototype = { // Client verifies that Server's cert matches hash(ServerCert) from the // advertisement dumpv("Validate server cert hash"); - const serverCert = socket.securityInfo.QueryInterface(Ci.nsISSLStatusProvider) + const serverCert = socket.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo) .SSLStatus.serverCert; const advertisedCert = cert; if (serverCert.sha256Fingerprint != advertisedCert.sha256) { diff --git a/devtools/shared/security/socket.js b/devtools/shared/security/socket.js index 55d70ac598fe..98fe37ea38b0 100644 --- a/devtools/shared/security/socket.js +++ b/devtools/shared/security/socket.js @@ -353,7 +353,7 @@ function _isInputAlive(input) { */ function _storeCertOverride(s, host, port) { // eslint-disable-next-line no-shadow - const cert = s.securityInfo.QueryInterface(Ci.nsISSLStatusProvider) + const cert = s.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo) .SSLStatus.serverCert; const overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED | Ci.nsICertOverrideService.ERROR_MISMATCH; diff --git a/devtools/shared/webconsole/network-helper.js b/devtools/shared/webconsole/network-helper.js index 663d70f43213..9c590335f075 100644 --- a/devtools/shared/webconsole/network-helper.js +++ b/devtools/shared/webconsole/network-helper.js @@ -600,7 +600,6 @@ var NetworkHelper = { */ securityInfo.QueryInterface(Ci.nsITransportSecurityInfo); - securityInfo.QueryInterface(Ci.nsISSLStatusProvider); const wpl = Ci.nsIWebProgressListener; const NSSErrorsService = Cc["@mozilla.org/nss_errors_service;1"] diff --git a/devtools/shared/webconsole/test/unit/test_security-info-parser.js b/devtools/shared/webconsole/test/unit/test_security-info-parser.js index 3edddcd97196..fcf05f7d8065 100644 --- a/devtools/shared/webconsole/test/unit/test_security-info-parser.js +++ b/devtools/shared/webconsole/test/unit/test_security-info-parser.js @@ -33,8 +33,7 @@ const MockCertificate = { }; const MockSecurityInfo = { - QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo, - Ci.nsISSLStatusProvider]), + QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]), securityState: wpl.STATE_IS_SECURE, errorCode: 0, SSLStatus: { diff --git a/devtools/shared/webconsole/test/unit/test_security-info-state.js b/devtools/shared/webconsole/test/unit/test_security-info-state.js index 3d458ef09a21..8e269c4fe1d5 100644 --- a/devtools/shared/webconsole/test/unit/test_security-info-state.js +++ b/devtools/shared/webconsole/test/unit/test_security-info-state.js @@ -19,8 +19,7 @@ Object.defineProperty(this, "NetworkHelper", { const wpl = Ci.nsIWebProgressListener; const MockSecurityInfo = { - QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo, - Ci.nsISSLStatusProvider]), + QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]), securityState: wpl.STATE_IS_BROKEN, errorCode: 0, SSLStatus: { diff --git a/devtools/shared/webconsole/test/unit/test_security-info-static-hpkp.js b/devtools/shared/webconsole/test/unit/test_security-info-static-hpkp.js index e710d758f9af..e97d43a9c6d9 100644 --- a/devtools/shared/webconsole/test/unit/test_security-info-static-hpkp.js +++ b/devtools/shared/webconsole/test/unit/test_security-info-static-hpkp.js @@ -20,8 +20,7 @@ Object.defineProperty(this, "NetworkHelper", { const wpl = Ci.nsIWebProgressListener; const MockSecurityInfo = { - QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo, - Ci.nsISSLStatusProvider]), + QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]), securityState: wpl.STATE_IS_SECURE, errorCode: 0, SSLStatus: { diff --git a/dom/ipc/TabParent.cpp b/dom/ipc/TabParent.cpp index cda79a7fb5d8..c2bc70e3e36d 100644 --- a/dom/ipc/TabParent.cpp +++ b/dom/ipc/TabParent.cpp @@ -59,6 +59,7 @@ #include "nsIInterfaceRequestorUtils.h" #include "nsILoadInfo.h" #include "nsIPromptFactory.h" +#include "nsITransportSecurityInfo.h" #include "nsIURI.h" #include "nsIWindowWatcher.h" #include "nsIWebBrowserChrome.h" @@ -893,6 +894,15 @@ TabParent::GetState(uint32_t *aState) return NS_OK; } +NS_IMETHODIMP +TabParent::GetSecInfo(nsITransportSecurityInfo** _result) +{ + NS_ENSURE_ARG_POINTER(_result); + NS_WARNING("TransportSecurityInfo not valid here"); + *_result = nullptr; + return NS_OK; +} + NS_IMETHODIMP TabParent::SetDocShell(nsIDocShell *aDocShell) { diff --git a/mobile/android/chrome/content/browser.js b/mobile/android/chrome/content/browser.js index 001dc8a4b6be..8097f2b1d5ce 100644 --- a/mobile/android/chrome/content/browser.js +++ b/mobile/android/chrome/content/browser.js @@ -5687,9 +5687,8 @@ var IdentityHandler = { * (if available). Return the data needed to update the UI. */ checkIdentity: function checkIdentity(aState, aBrowser) { - this._lastStatus = aBrowser.securityUI - .QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + this._lastStatus = aBrowser.securityUI.secInfo && + aBrowser.securityUI.secInfo.SSLStatus; // Don't pass in the actual location object, since it can cause us to // hold on to the window object too long. Just pass in the fields we diff --git a/mobile/android/chrome/content/content.js b/mobile/android/chrome/content/content.js index f7ea084b5e9a..dd5de8941d56 100644 --- a/mobile/android/chrome/content/content.js +++ b/mobile/android/chrome/content/content.js @@ -360,8 +360,7 @@ var AboutCertErrorListener = { let securityInfo = docShell.failedChannel && docShell.failedChannel.securityInfo; securityInfo.QueryInterface(Ci.nsITransportSecurityInfo) .QueryInterface(Ci.nsISerializable); - let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslStatus = securityInfo.SSLStatus; this._setTechDetails(sslStatus, securityInfo, ownerDoc.location.href); }, }; diff --git a/mobile/android/modules/geckoview/GeckoViewProgress.jsm b/mobile/android/modules/geckoview/GeckoViewProgress.jsm index c2f9db5facda..2ed06f85f3cd 100644 --- a/mobile/android/modules/geckoview/GeckoViewProgress.jsm +++ b/mobile/android/modules/geckoview/GeckoViewProgress.jsm @@ -159,8 +159,7 @@ var IdentityHandler = { result.host = uri.host; } - let status = aBrowser.securityUI.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus.QueryInterface(Ci.nsISSLStatus); + let status = aBrowser.securityUI.secInfo.SSLStatus; let cert = status.serverCert; result.organization = cert.organization; diff --git a/netwerk/base/nsISecureBrowserUI.idl b/netwerk/base/nsISecureBrowserUI.idl index a2782d79b142..3f12d7bd3871 100644 --- a/netwerk/base/nsISecureBrowserUI.idl +++ b/netwerk/base/nsISecureBrowserUI.idl @@ -8,6 +8,7 @@ interface mozIDOMWindowProxy; interface nsIDocShell; +interface nsITransportSecurityInfo; [scriptable, uuid(718c662a-f810-4a80-a6c9-0b1810ecade2)] interface nsISecureBrowserUI : nsISupports @@ -16,6 +17,7 @@ interface nsISecureBrowserUI : nsISupports void setDocShell(in nsIDocShell docShell); readonly attribute unsigned long state; + readonly attribute nsITransportSecurityInfo secInfo; }; %{C++ diff --git a/netwerk/protocol/http/AlternateServices.cpp b/netwerk/protocol/http/AlternateServices.cpp index 4600d138863a..90e714efa3fa 100644 --- a/netwerk/protocol/http/AlternateServices.cpp +++ b/netwerk/protocol/http/AlternateServices.cpp @@ -15,8 +15,6 @@ #include "nsThreadUtils.h" #include "nsHttpTransaction.h" #include "NullHttpTransaction.h" -#include "nsISSLStatusProvider.h" -#include "nsISSLStatus.h" #include "nsISSLSocketControl.h" #include "nsIWellKnownOpportunisticUtils.h" diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp index e3417e0ffcba..2ad359c11a9a 100644 --- a/netwerk/protocol/http/Http2Session.cpp +++ b/netwerk/protocol/http/Http2Session.cpp @@ -27,8 +27,6 @@ #include "nsHttpConnection.h" #include "nsIRequestContext.h" #include "nsISSLSocketControl.h" -#include "nsISSLStatus.h" -#include "nsISSLStatusProvider.h" #include "nsISupportsPriority.h" #include "nsStandardURL.h" #include "nsURLHelper.h" diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index 83cbed9fffd3..b9c70e93a756 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -69,7 +69,6 @@ #include "nsIScriptError.h" #include "nsIScriptSecurityManager.h" #include "nsISSLStatus.h" -#include "nsISSLStatusProvider.h" #include "nsITransportSecurityInfo.h" #include "nsIWebProgressListener.h" #include "LoadContextInfo.h" @@ -1896,11 +1895,11 @@ nsHttpChannel::ProcessSecurityHeaders() uint32_t flags = NS_UsePrivateBrowsing(this) ? nsISocketProvider::NO_PERMANENT_STORAGE : 0; - // Get the SSLStatus - nsCOMPtr sslprov = do_QueryInterface(mSecurityInfo); - NS_ENSURE_TRUE(sslprov, NS_ERROR_FAILURE); + // Get the TransportSecurityInfo + nsCOMPtr transSecInfo = do_QueryInterface(mSecurityInfo); + NS_ENSURE_TRUE(transSecInfo, NS_ERROR_FAILURE); nsCOMPtr sslStatus; - rv = sslprov->GetSSLStatus(getter_AddRefs(sslStatus)); + rv = transSecInfo->GetSSLStatus(getter_AddRefs(sslStatus)); NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_TRUE(sslStatus, NS_ERROR_FAILURE); @@ -2031,17 +2030,15 @@ nsHttpChannel::ProcessSSLInformation() !IsHTTPS() || mPrivateBrowsing) return; - nsCOMPtr statusProvider = + nsCOMPtr securityInfo = do_QueryInterface(mSecurityInfo); - if (!statusProvider) + if (!securityInfo) return; nsCOMPtr sslstat; - statusProvider->GetSSLStatus(getter_AddRefs(sslstat)); + securityInfo->GetSSLStatus(getter_AddRefs(sslstat)); if (!sslstat) return; - nsCOMPtr securityInfo = - do_QueryInterface(mSecurityInfo); uint32_t state; if (securityInfo && NS_SUCCEEDED(securityInfo->GetSecurityState(&state)) && diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp index 718197060c09..dc21f0fb5c0a 100644 --- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp +++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp @@ -24,7 +24,7 @@ #include "nsIChannel.h" #include "nsIX509Cert.h" #include "nsISSLStatus.h" -#include "nsISSLStatusProvider.h" +#include "nsITransportSecurityInfo.h" #endif #include "mozilla/Attributes.h" #include "mozilla/Base64.h" @@ -335,12 +335,12 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel, if (NS_FAILED(rv)) return rv; - nsCOMPtr statusProvider = + nsCOMPtr secInfo = do_QueryInterface(security); - if (mUseNative && statusProvider) { + if (mUseNative && secInfo) { nsCOMPtr status; - rv = statusProvider->GetSSLStatus(getter_AddRefs(status)); + rv = secInfo->GetSSLStatus(getter_AddRefs(status)); if (NS_FAILED(rv)) return rv; diff --git a/netwerk/socket/nsITransportSecurityInfo.idl b/netwerk/socket/nsITransportSecurityInfo.idl index a0a165038cc9..9ed3d2fdd4c6 100644 --- a/netwerk/socket/nsITransportSecurityInfo.idl +++ b/netwerk/socket/nsITransportSecurityInfo.idl @@ -6,6 +6,7 @@ #include "nsISupports.idl" +interface nsISSLStatus; interface nsIX509CertList; [builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)] @@ -21,5 +22,7 @@ interface nsITransportSecurityInfo : nsISupports { * If verification succeeded, this will be null. */ readonly attribute nsIX509CertList failedCertChain; + + readonly attribute nsISSLStatus SSLStatus; }; diff --git a/security/manager/pki/resources/content/exceptionDialog.js b/security/manager/pki/resources/content/exceptionDialog.js index 72c7d455e958..3629028c5e4c 100644 --- a/security/manager/pki/resources/content/exceptionDialog.js +++ b/security/manager/pki/resources/content/exceptionDialog.js @@ -26,7 +26,9 @@ function initExceptionDialog() { gNsISecTel = Ci.nsISecurityUITelemetry; var brandName = gBundleBrand.getString("brandShortName"); - setText("warningText", gPKIBundle.getFormattedString("addExceptionBrandedWarning2", [brandName])); + setText("warningText", + gPKIBundle.getFormattedString("addExceptionBrandedWarning2", + [brandName])); gDialog.getButton("extra1").disabled = true; var args = window.arguments; @@ -75,7 +77,7 @@ function initExceptionDialog() { function grabCert(req, evt) { if (req.channel && req.channel.securityInfo) { gSSLStatus = req.channel.securityInfo - .QueryInterface(Ci.nsISSLStatusProvider).SSLStatus; + .QueryInterface(Ci.nsITransportSecurityInfo).SSLStatus; gCert = gSSLStatus ? gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert : null; } @@ -159,7 +161,8 @@ function resetDialog() { */ function handleTextChange() { var checkCertButton = document.getElementById("checkCertButton"); - checkCertButton.disabled = !(document.getElementById("locationTextBox").value); + checkCertButton.disabled = + !(document.getElementById("locationTextBox").value); if (gNeedReset) { gNeedReset = false; resetDialog(); @@ -201,7 +204,8 @@ function updateCertStatus() { } } if (gSSLStatus.isUntrusted) { - bucketId += gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED; + bucketId += + gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED; if (!use1) { use1 = true; shortDesc = uts; @@ -229,7 +233,8 @@ function updateCertStatus() { pe.disabled = inPrivateBrowsing; pe.checked = !inPrivateBrowsing; - setText("headerDescription", gPKIBundle.getString("addExceptionInvalidHeader")); + setText("headerDescription", + gPKIBundle.getString("addExceptionInvalidHeader")); } else { shortDesc = "addExceptionValidShort"; longDesc = "addExceptionValidLong"; @@ -301,22 +306,27 @@ function addException() { var overrideService = Cc["@mozilla.org/security/certoverride;1"] .getService(Ci.nsICertOverrideService); var flags = 0; - let confirmBucketId = gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE; + let confirmBucketId = + gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE; if (gSSLStatus.isUntrusted) { flags |= overrideService.ERROR_UNTRUSTED; - confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED; + confirmBucketId += + gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED; } if (gSSLStatus.isDomainMismatch) { flags |= overrideService.ERROR_MISMATCH; - confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN; + confirmBucketId += + gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN; } if (gSSLStatus.isNotValidAtThisTime) { flags |= overrideService.ERROR_TIME; - confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME; + confirmBucketId += + gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME; } var permanentCheckbox = document.getElementById("permanent"); - var shouldStorePermanently = permanentCheckbox.checked && !inPrivateBrowsingMode(); + var shouldStorePermanently = permanentCheckbox.checked && + !inPrivateBrowsingMode(); if (!permanentCheckbox.checked) { gSecHistogram.add(gNsISecTel.WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION); } diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp index b39949b6c487..287ba44e6c92 100644 --- a/security/manager/ssl/TransportSecurityInfo.cpp +++ b/security/manager/ssl/TransportSecurityInfo.cpp @@ -51,7 +51,6 @@ TransportSecurityInfo::TransportSecurityInfo() NS_IMPL_ISUPPORTS(TransportSecurityInfo, nsITransportSecurityInfo, nsIInterfaceRequestor, - nsISSLStatusProvider, nsIAssociatedContentSecurity, nsISerializable, nsIClassInfo) @@ -365,7 +364,7 @@ TransportSecurityInfo::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc) return NS_OK; } -nsresult +NS_IMETHODIMP TransportSecurityInfo::GetSSLStatus(nsISSLStatus** _result) { NS_ENSURE_ARG_POINTER(_result); diff --git a/security/manager/ssl/TransportSecurityInfo.h b/security/manager/ssl/TransportSecurityInfo.h index 86974e641ac5..4361d8249d87 100644 --- a/security/manager/ssl/TransportSecurityInfo.h +++ b/security/manager/ssl/TransportSecurityInfo.h @@ -16,7 +16,6 @@ #include "nsDataHashtable.h" #include "nsIAssociatedContentSecurity.h" #include "nsIInterfaceRequestor.h" -#include "nsISSLStatusProvider.h" #include "nsITransportSecurityInfo.h" #include "nsSSLStatus.h" #include "nsString.h" @@ -26,7 +25,6 @@ namespace mozilla { namespace psm { class TransportSecurityInfo : public nsITransportSecurityInfo , public nsIInterfaceRequestor - , public nsISSLStatusProvider , public nsIAssociatedContentSecurity , public nsISerializable , public nsIClassInfo @@ -39,7 +37,6 @@ public: NS_DECL_THREADSAFE_ISUPPORTS NS_DECL_NSITRANSPORTSECURITYINFO NS_DECL_NSIINTERFACEREQUESTOR - NS_DECL_NSISSLSTATUSPROVIDER NS_DECL_NSIASSOCIATEDCONTENTSECURITY NS_DECL_NSISERIALIZABLE NS_DECL_NSICLASSINFO diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build index d4092d2773cc..d8d7512967c6 100644 --- a/security/manager/ssl/moz.build +++ b/security/manager/ssl/moz.build @@ -36,7 +36,6 @@ XPIDL_SOURCES += [ 'nsISecurityUITelemetry.idl', 'nsISiteSecurityService.idl', 'nsISSLStatus.idl', - 'nsISSLStatusProvider.idl', 'nsITokenDialogs.idl', 'nsITokenPasswordDialogs.idl', 'nsIX509Cert.idl', diff --git a/security/manager/ssl/nsISSLStatusProvider.idl b/security/manager/ssl/nsISSLStatusProvider.idl deleted file mode 100644 index 83048f179436..000000000000 --- a/security/manager/ssl/nsISSLStatusProvider.idl +++ /dev/null @@ -1,13 +0,0 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "nsISupports.idl" - -interface nsISSLStatus; - -[scriptable, uuid(179b1ab1-0950-4427-9556-6f496dc4a27f)] -interface nsISSLStatusProvider : nsISupports { - readonly attribute nsISSLStatus SSLStatus; -}; diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.cpp b/security/manager/ssl/nsSecureBrowserUIImpl.cpp index a2f24df7c4af..48cf86723d15 100644 --- a/security/manager/ssl/nsSecureBrowserUIImpl.cpp +++ b/security/manager/ssl/nsSecureBrowserUIImpl.cpp @@ -89,8 +89,7 @@ nsSecureBrowserUIImpl::nsSecureBrowserUIImpl() NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl, nsISecureBrowserUI, nsIWebProgressListener, - nsISupportsWeakReference, - nsISSLStatusProvider) + nsISupportsWeakReference) NS_IMETHODIMP nsSecureBrowserUIImpl::Init(mozIDOMWindowProxy* aWindow) @@ -374,23 +373,21 @@ nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest* aRequest, ("SecureUI:%p: OnStateChange: remember mNewToplevelSecurityState => %x\n", this, mNewToplevelSecurityState)); - nsCOMPtr sp(do_QueryInterface(info)); - if (sp) { + nsCOMPtr psmInfo(do_QueryInterface(info)); + if (psmInfo) { // Ignore result updateStatus = true; - (void) sp->GetSSLStatus(getter_AddRefs(temp_SSLStatus)); + (void) psmInfo->GetSSLStatus(getter_AddRefs(temp_SSLStatus)); if (temp_SSLStatus) { bool aTemp; if (NS_SUCCEEDED(temp_SSLStatus->GetIsExtendedValidation(&aTemp))) { mNewToplevelIsEV = aTemp; } } + mSecInfo = psmInfo; } mNewToplevelSecurityStateKnown = true; - if (updateStatus) { - mSSLStatus = temp_SSLStatus; - } MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: remember securityInfo %p\n", this, info)); @@ -1014,7 +1011,7 @@ nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest, // If we have no security, we also shouldn't have any SSL status. if (newSecurityState == lis_no_security) { - mSSLStatus = nullptr; + mSecInfo = nullptr; } } @@ -1166,9 +1163,8 @@ nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress* aWebProgress, return NS_OK; } -// nsISSLStatusProvider methods NS_IMETHODIMP -nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result) +nsSecureBrowserUIImpl::GetSecInfo(nsITransportSecurityInfo** _result) { NS_ENSURE_ARG_POINTER(_result); MOZ_ASSERT(NS_IsMainThread()); @@ -1187,7 +1183,7 @@ nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result) return NS_OK; } - *_result = mSSLStatus; + *_result = mSecInfo; NS_IF_ADDREF(*_result); return NS_OK; diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.h b/security/manager/ssl/nsSecureBrowserUIImpl.h index 0c8fae120e6d..d8c3b0f9a7cf 100644 --- a/security/manager/ssl/nsSecureBrowserUIImpl.h +++ b/security/manager/ssl/nsSecureBrowserUIImpl.h @@ -10,14 +10,13 @@ #include "mozilla/ReentrancyGuard.h" #include "nsCOMPtr.h" #include "nsINetUtil.h" -#include "nsISSLStatusProvider.h" #include "nsISecureBrowserUI.h" #include "nsISecurityEventSink.h" #include "nsIURI.h" #include "nsIWebProgressListener.h" #include "nsWeakReference.h" -class nsISSLStatus; +class nsITransportSecurityInfo; class nsIChannel; #define NS_SECURE_BROWSER_UI_CID \ @@ -26,8 +25,7 @@ class nsIChannel; class nsSecureBrowserUIImpl : public nsISecureBrowserUI, public nsIWebProgressListener, - public nsSupportsWeakReference, - public nsISSLStatusProvider + public nsSupportsWeakReference { friend class mozilla::ReentrancyGuard; @@ -37,7 +35,6 @@ public: NS_DECL_ISUPPORTS NS_DECL_NSIWEBPROGRESSLISTENER NS_DECL_NSISECUREBROWSERUI - NS_DECL_NSISSLSTATUSPROVIDER protected: virtual ~nsSecureBrowserUIImpl() {}; @@ -87,7 +84,7 @@ protected: void ObtainEventSink(nsIChannel *channel, nsCOMPtr &sink); - nsCOMPtr mSSLStatus; + nsCOMPtr mSecInfo; nsCOMPtr mCurrentToplevelSecurityInfo; PLDHashTable mTransferringRequests; diff --git a/security/manager/ssl/tests/unit/head_psm.js b/security/manager/ssl/tests/unit/head_psm.js index 5a292a36c42d..5429475586d1 100644 --- a/security/manager/ssl/tests/unit/head_psm.js +++ b/security/manager/ssl/tests/unit/head_psm.js @@ -720,8 +720,7 @@ FakeSSLStatus.prototype = { // Helper function for add_cert_override_test. Probably doesn't need to be // called directly. function add_cert_override(aHost, aExpectedBits, aSecurityInfo) { - let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslstatus = aSecurityInfo.SSLStatus; let bits = (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) | (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) | @@ -749,8 +748,7 @@ function add_cert_override_test(aHost, aExpectedBits, aExpectedError, Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN, "Cert override flag should be set on the security state"); if (aExpectedSSLStatus) { - let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslstatus = aSecurityInfo.SSLStatus; if (aExpectedSSLStatus.failedCertChain) { ok(aExpectedSSLStatus.failedCertChain.equals(sslstatus.failedCertChain)); } @@ -763,8 +761,7 @@ function add_cert_override_test(aHost, aExpectedBits, aExpectedError, // SSLStatus set on it. In this case, the error was not overridable anyway, so // we consider it a success. function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) { - let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslstatus = aSecurityInfo.SSLStatus; if (sslstatus) { let bits = (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) | diff --git a/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js b/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js index 3bdc0c1077be..9910827cfba8 100644 --- a/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js +++ b/security/manager/ssl/tests/unit/test_cert_overrides_read_only.js @@ -10,8 +10,7 @@ // Helper function for add_read_only_cert_override_test. Probably doesn't need // to be called directly. function add_read_only_cert_override(aHost, aExpectedBits, aSecurityInfo) { - let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslstatus = aSecurityInfo.SSLStatus; let bits = (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) | (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) | diff --git a/security/manager/ssl/tests/unit/test_ct.js b/security/manager/ssl/tests/unit/test_ct.js index 08eb74298bab..57dd2c032ed5 100644 --- a/security/manager/ssl/tests/unit/test_ct.js +++ b/security/manager/ssl/tests/unit/test_ct.js @@ -11,8 +11,7 @@ const certdb = Cc["@mozilla.org/security/x509certdb;1"] function expectCT(value) { return (securityInfo) => { - let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslStatus = securityInfo.SSLStatus; Assert.equal(sslStatus.certificateTransparencyStatus, value, "actual and expected CT status should match"); }; diff --git a/security/manager/ssl/tests/unit/test_session_resumption.js b/security/manager/ssl/tests/unit/test_session_resumption.js index 58303b3e9a20..4923e14f1b68 100644 --- a/security/manager/ssl/tests/unit/test_session_resumption.js +++ b/security/manager/ssl/tests/unit/test_session_resumption.js @@ -41,9 +41,7 @@ function add_resume_non_ev_with_override_test() { ok(transportSecurityInfo.securityState & Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN, "expired.example.com should have STATE_CERT_USER_OVERRIDDEN flag"); - let sslStatus = transportSecurityInfo - .QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslStatus = transportSecurityInfo.SSLStatus; ok(!sslStatus.succeededCertChain, "ev-test.example.com should not have succeededCertChain set"); ok(!sslStatus.isDomainMismatch, @@ -68,9 +66,7 @@ function add_one_ev_test() { ok(!(transportSecurityInfo.securityState & Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN), "ev-test.example.com should not have STATE_CERT_USER_OVERRIDDEN flag"); - let sslStatus = transportSecurityInfo - .QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslStatus = transportSecurityInfo.SSLStatus; ok(sslStatus.succeededCertChain, "ev-test.example.com should have succeededCertChain set"); ok(!sslStatus.isDomainMismatch, @@ -130,9 +126,7 @@ function add_one_non_ev_test() { ok(!(transportSecurityInfo.securityState & Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN), `${GOOD_DOMAIN} should not have STATE_CERT_USER_OVERRIDDEN flag`); - let sslStatus = transportSecurityInfo - .QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslStatus = transportSecurityInfo.SSLStatus; ok(sslStatus.succeededCertChain, `${GOOD_DOMAIN} should have succeededCertChain set`); ok(!sslStatus.isDomainMismatch, diff --git a/security/manager/ssl/tests/unit/test_ssl_status.js b/security/manager/ssl/tests/unit/test_ssl_status.js index 2352e584eedb..e652e78ca421 100644 --- a/security/manager/ssl/tests/unit/test_ssl_status.js +++ b/security/manager/ssl/tests/unit/test_ssl_status.js @@ -20,8 +20,8 @@ function run_test() { // succeededCertChain should be set as expected) add_connection_test( "good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null, - function withSecurityInfo(aSSLStatus) { - let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus; + function withSecurityInfo(aSecInfo) { + let sslstatus = aSecInfo.SSLStatus; equal(sslstatus.failedCertChain, null, "failedCertChain for a successful connection should be null"); ok(sslstatus.succeededCertChain.equals(build_cert_chain(["default-ee", "test-ca"])), @@ -33,8 +33,8 @@ function run_test() { // succeededCertChain should be null) add_connection_test( "expired.example.com", SEC_ERROR_EXPIRED_CERTIFICATE, null, - function withSecurityInfo(aSSLStatus) { - let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus; + function withSecurityInfo(aSecInfo) { + let sslstatus = aSecInfo.SSLStatus; equal(sslstatus.succeededCertChain, null, "succeededCertChain for a failed connection should be null"); ok(sslstatus.failedCertChain.equals(build_cert_chain(["expired-ee", "test-ca"])), diff --git a/security/manager/tools/getHSTSPreloadList.js b/security/manager/tools/getHSTSPreloadList.js index 2a0a0efafb53..5e10239a1c81 100644 --- a/security/manager/tools/getHSTSPreloadList.js +++ b/security/manager/tools/getHSTSPreloadList.js @@ -111,8 +111,8 @@ function processStsHeader(host, header, status, securityInfo) { if (header != null && securityInfo != null) { try { let uri = Services.io.newURI("https://" + host.name); - let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider) - .SSLStatus; + let sslStatus = securityInfo. + QueryInterface(Ci.nsITransportSecurityInfo).SSLStatus; gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, header, sslStatus, 0, Ci.nsISiteSecurityService.SOURCE_PRELOAD_LIST, diff --git a/testing/marionette/puppeteer/firefox/firefox_puppeteer/api/security.py b/testing/marionette/puppeteer/firefox/firefox_puppeteer/api/security.py index 63297adb94d8..8a5c692ecc65 100644 --- a/testing/marionette/puppeteer/firefox/firefox_puppeteer/api/security.py +++ b/testing/marionette/puppeteer/firefox/firefox_puppeteer/api/security.py @@ -40,8 +40,7 @@ class Security(BaseLib): """ cert = self.marionette.execute_script(""" var securityUI = arguments[0].linkedBrowser.securityUI; - var status = securityUI.QueryInterface(Components.interfaces.nsISSLStatusProvider) - .SSLStatus; + var status = securityUI.secInfo.SSLStatus; return status ? status.serverCert : null; """, script_args=[tab_element]) diff --git a/toolkit/content/browser-child.js b/toolkit/content/browser-child.js index a378eb63ec26..31a5fa50d7bf 100644 --- a/toolkit/content/browser-child.js +++ b/toolkit/content/browser-child.js @@ -215,7 +215,7 @@ var WebProgressListener = { let objects = this._setupObjects(aWebProgress, aRequest); json.state = aState; - json.status = SecurityUI.getSSLStatusAsString(); + json.secInfo = SecurityUI.getSecInfoAsString(); json.matchedList = null; if (aRequest && aRequest instanceof Ci.nsIClassifiedChannel) { @@ -374,15 +374,17 @@ var WebNavigation = { WebNavigation.init(); var SecurityUI = { - getSSLStatusAsString() { - let status = docShell.securityUI.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus; + getSecInfoAsString() { + let secInfo = docShell.securityUI.secInfo; - if (status) { - let helper = Cc["@mozilla.org/network/serialization-helper;1"] - .getService(Ci.nsISerializationHelper); + if (secInfo) { + if (secInfo) { + let helper = Cc["@mozilla.org/network/serialization-helper;1"] + .getService(Ci.nsISerializationHelper); - status.QueryInterface(Ci.nsISerializable); - return helper.serializeToString(status); + secInfo.QueryInterface(Ci.nsISerializable); + return helper.serializeToString(secInfo); + } } return null; diff --git a/toolkit/modules/CertUtils.jsm b/toolkit/modules/CertUtils.jsm index ab35d04291e5..252b319b43fc 100644 --- a/toolkit/modules/CertUtils.jsm +++ b/toolkit/modules/CertUtils.jsm @@ -143,7 +143,7 @@ function checkCert(aChannel, aAllowNonBuiltInCerts, aCerts) { return; } - let sslStatus = aChannel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider) + let sslStatus = aChannel.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo) .SSLStatus; let cert = sslStatus.serverCert; diff --git a/toolkit/modules/RemoteSecurityUI.jsm b/toolkit/modules/RemoteSecurityUI.jsm index 47fd63b63bcf..10ee842fcf61 100644 --- a/toolkit/modules/RemoteSecurityUI.jsm +++ b/toolkit/modules/RemoteSecurityUI.jsm @@ -8,22 +8,20 @@ var EXPORTED_SYMBOLS = ["RemoteSecurityUI"]; ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm"); function RemoteSecurityUI() { - this._SSLStatus = null; + this._secInfo = null; this._state = 0; } RemoteSecurityUI.prototype = { - QueryInterface: ChromeUtils.generateQI([Ci.nsISSLStatusProvider, Ci.nsISecureBrowserUI]), - - // nsISSLStatusProvider - get SSLStatus() { return this._SSLStatus; }, + QueryInterface: ChromeUtils.generateQI([Ci.nsISecureBrowserUI]), // nsISecureBrowserUI get state() { return this._state; }, get tooltipText() { return ""; }, + get secInfo() { return this._secInfo; }, - _update(aStatus, aState) { - this._SSLStatus = aStatus; + _update(aSecInfo, aState) { + this._secInfo = aSecInfo; this._state = aState; } }; diff --git a/toolkit/modules/RemoteWebProgress.jsm b/toolkit/modules/RemoteWebProgress.jsm index bcdb4979e266..c384e053e545 100644 --- a/toolkit/modules/RemoteWebProgress.jsm +++ b/toolkit/modules/RemoteWebProgress.jsm @@ -110,14 +110,14 @@ RemoteWebProgressManager.prototype = { this._progressListeners.filter(l => l.listener != aListener); }, - _fixSSLStatusAndState(aStatus, aState) { + _fixSecInfoAndState(aSecInfo, aState) { let deserialized = null; - if (aStatus) { + if (aSecInfo) { let helper = Cc["@mozilla.org/network/serialization-helper;1"] .getService(Ci.nsISerializationHelper); - deserialized = helper.deserializeObject(aStatus); - deserialized.QueryInterface(Ci.nsISSLStatus); + deserialized = helper.deserializeObject(aSecInfo); + deserialized.QueryInterface(Ci.nsITransportSecurityInfo); } return [deserialized, aState]; @@ -241,14 +241,14 @@ RemoteWebProgressManager.prototype = { break; case "Content:SecurityChange": - let [status, state] = this._fixSSLStatusAndState(json.status, json.state); + let [secInfo, state] = this._fixSecInfoAndState(json.secInfo, json.state); if (isTopLevel) { // Invoking this getter triggers the generation of the underlying object, // which we need to access with ._securityUI, because .securityUI returns // a wrapper that makes _update inaccessible. void this._browser.securityUI; - this._browser._securityUI._update(status, state); + this._browser._securityUI._update(secInfo, state); } this._callProgressListeners( diff --git a/toolkit/modules/addons/SecurityInfo.jsm b/toolkit/modules/addons/SecurityInfo.jsm index de0084398aa6..44cbe1c33492 100644 --- a/toolkit/modules/addons/SecurityInfo.jsm +++ b/toolkit/modules/addons/SecurityInfo.jsm @@ -94,7 +94,6 @@ const SecurityInfo = { } securityInfo.QueryInterface(Ci.nsITransportSecurityInfo); - securityInfo.QueryInterface(Ci.nsISSLStatusProvider); const SSLStatus = securityInfo.SSLStatus; if (NSSErrorsService.isNSSErrorCode(securityInfo.errorCode)) { diff --git a/toolkit/modules/tests/chrome/test_bug544442_checkCert.xul b/toolkit/modules/tests/chrome/test_bug544442_checkCert.xul index 213c18de3d7a..e4c96f22ed08 100644 --- a/toolkit/modules/tests/chrome/test_bug544442_checkCert.xul +++ b/toolkit/modules/tests/chrome/test_bug544442_checkCert.xul @@ -87,7 +87,7 @@ function testXHRLoad(aEvent) { "attributes array passed to checkCert has an element that has an " + "issuerName that is not the same as the certificate's"); - var cert = channel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider). + var cert = channel.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo). SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert; certs = [ { issuerName: cert.issuerName, diff --git a/toolkit/mozapps/update/nsUpdateService.js b/toolkit/mozapps/update/nsUpdateService.js index cc591421495e..110674f3a8fa 100644 --- a/toolkit/mozapps/update/nsUpdateService.js +++ b/toolkit/mozapps/update/nsUpdateService.js @@ -3116,7 +3116,7 @@ Checker.prototype = { // Set MitM pref. try { var sslStatus = request.channel.QueryInterface(Ci.nsIRequest) - .securityInfo.QueryInterface(Ci.nsISSLStatusProvider) + .securityInfo.QueryInterface(Ci.nsITransportSecurityInfo) .SSLStatus.QueryInterface(Ci.nsISSLStatus); if (sslStatus && sslStatus.serverCert && sslStatus.serverCert.issuerName) { Services.prefs.setStringPref("security.pki.mitm_canary_issuer",