diff --git a/security/manager/ssl/public/nsICertOverrideService.idl b/security/manager/ssl/public/nsICertOverrideService.idl index bfd96233c401..14b5c5733fff 100644 --- a/security/manager/ssl/public/nsICertOverrideService.idl +++ b/security/manager/ssl/public/nsICertOverrideService.idl @@ -18,7 +18,7 @@ interface nsIX509Cert; * {host:port, cert-fingerprint, allowed-overrides} * that the user wants to accept without further warnings. */ -[scriptable, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)] +[scriptable, uuid(31738d2a-77d3-4359-84c9-4be2f38fb8c5)] interface nsICertOverrideService : nsISupports { /** @@ -109,11 +109,13 @@ interface nsICertOverrideService : nsISupports { in int32_t aPort); /** - * Count and return the number of permanent overrides. + * Obtain the full list of hostname:port for which overrides are known. * - * @param aCount The number of permanent overrides + * @param aCount The number of host:port entries returned + * @param aHostsWithPortsArray The array of host:port entries returned */ - void getPermanentOverrideCount(out uint32_t aCount); + void getAllOverrideHostsWithPorts(out uint32_t aCount, + [array, size_is(aCount)] out wstring aHostsWithPortsArray); /** * Is the given cert used in rules? diff --git a/security/manager/ssl/src/nsCertOverrideService.cpp b/security/manager/ssl/src/nsCertOverrideService.cpp index 66deb99f7930..bd89dfb3ea24 100644 --- a/security/manager/ssl/src/nsCertOverrideService.cpp +++ b/security/manager/ssl/src/nsCertOverrideService.cpp @@ -653,28 +653,11 @@ nsCertOverrideService::ClearValidityOverride(const nsACString & aHostName, int32 return NS_OK; } -static PLDHashOperator -CountPermanentEntriesCallback(nsCertOverrideEntry* aEntry, void* aArg) -{ - uint32_t* overrideCount = reinterpret_cast(aArg); - if (aEntry && !aEntry->mSettings.mIsTemporary) { - *overrideCount = *overrideCount + 1; - return PL_DHASH_NEXT; - } - - return PL_DHASH_NEXT; -} - NS_IMETHODIMP -nsCertOverrideService::GetPermanentOverrideCount(uint32_t* aOverrideCount) +nsCertOverrideService::GetAllOverrideHostsWithPorts(uint32_t *aCount, + char16_t ***aHostsWithPortsArray) { - NS_ENSURE_ARG(aOverrideCount); - *aOverrideCount = 0; - - ReentrantMonitorAutoEnter lock(monitor); - mSettingsTable.EnumerateEntries(CountPermanentEntriesCallback, aOverrideCount); - - return NS_OK; + return NS_ERROR_NOT_IMPLEMENTED; } static bool diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp index afca6ea29200..772959da9c18 100644 --- a/security/manager/ssl/src/nsNSSComponent.cpp +++ b/security/manager/ssl/src/nsNSSComponent.cpp @@ -1049,20 +1049,6 @@ nsNSSComponent::InitializeNSS() return NS_ERROR_FAILURE; } - nsCOMPtr overrideService( - do_GetService(NS_CERTOVERRIDE_CONTRACTID)); - if (!overrideService) { - PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Failed to initialize cert override service\n")); - return NS_ERROR_FAILURE; - } - - uint32_t overrideCount = 0; - rv = overrideService->GetPermanentOverrideCount(&overrideCount); - if (NS_FAILED(rv)) { - return rv; - } - Telemetry::Accumulate(Telemetry::SSL_PERMANENT_CERT_ERROR_OVERRIDES, - overrideCount); PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n")); return NS_OK; diff --git a/toolkit/components/telemetry/Histograms.json b/toolkit/components/telemetry/Histograms.json index da7e9ce0d1f5..ca830eb48a37 100644 --- a/toolkit/components/telemetry/Histograms.json +++ b/toolkit/components/telemetry/Histograms.json @@ -6459,13 +6459,6 @@ "n_values": 24, "description": "Was a certificate error overridden on this handshake? What was it? (0=unknown error (indicating bug), 1=no, >1=a specific error)" }, - "SSL_PERMANENT_CERT_ERROR_OVERRIDES": { - "expires_in_version": "never", - "kind": "exponential", - "high": 1024, - "n_buckets": 10, - "description": "How many permanent certificate overrides a user has stored." - }, "TELEMETRY_TEST_EXPIRED": { "expires_in_version": "4.0a1", "kind": "flag",