зеркало из https://github.com/mozilla/gecko-dev.git
Bug 495357 - Update some documentation concerning SaveIntermediateCerts(). r=kaie,me
Original patch by Wan-Teh Chang. MozReview-Commit-ID: 3ElvC7DanYJ
This commit is contained in:
Родитель
f21768dc9c
Коммит
a5b764f858
|
@ -1194,7 +1194,8 @@ SaveIntermediateCerts(const UniqueCERTCertList& certList)
|
|||
}
|
||||
|
||||
if (node->cert->slot) {
|
||||
// This cert was found on a token, no need to remember it in the temp db.
|
||||
// This cert was found on a token; no need to remember it in the permanent
|
||||
// database.
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -1213,18 +1214,15 @@ SaveIntermediateCerts(const UniqueCERTCertList& certList)
|
|||
continue;
|
||||
}
|
||||
|
||||
// We have found a signer cert that we want to remember.
|
||||
nsAutoCString nickname;
|
||||
nsresult rv = DefaultServerNicknameForCert(node->cert, nickname);
|
||||
if (NS_FAILED(rv)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Saving valid intermediate certs to the database is a compatibility hack
|
||||
// to work around unknown issuer errors for incorrectly configured servers
|
||||
// that fail to send the necessary intermediate certs. As such, we ignore
|
||||
// the return value of PK11_ImportCert(), since it doesn't really matter if
|
||||
// it fails.
|
||||
// As mentioned in the documentation of this function, we're importing only
|
||||
// to cope with misconfigured servers. As such, we ignore the return value
|
||||
// below, since it doesn't really matter if the import fails.
|
||||
Unused << PK11_ImportCert(slot.get(), node->cert, CK_INVALID_HANDLE,
|
||||
nickname.get(), false);
|
||||
}
|
||||
|
|
|
@ -1367,10 +1367,6 @@ AuthCertificate(CertVerifier& certVerifier,
|
|||
pinningTelemetryInfo.certPinningResultBucket);
|
||||
}
|
||||
|
||||
// We want to remember the CA certs in the temp db, so that the application can find the
|
||||
// complete chain at any time it might need it.
|
||||
// But we keep only those CA certs in the temp db, that we didn't already know.
|
||||
|
||||
RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
|
||||
RefPtr<nsNSSCertificate> nsc;
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче