Backed out changeset fe10feec1ede because of OCSP test failures

security/certverifier/NSSCertDBTrustDomain.cpp

@@ -460,25 +460,12 @@ NSSCertDBTrustDomain::CheckRevocation(EndEntityOrCA endEntityOrCA,
 
   Duration shortLifetime(mCertShortLifetimeInDays * Time::ONE_DAY_IN_SECONDS);
 
-  // In general, we will not do a live OCSP fetch if:
-  // (a) We have been configured not to, or
-  // (b) The certificate is sufficiently short-lived
-  // (c) We are validating a CA certificate for DV
-  bool willNotFetch = (mOCSPFetching == NeverFetchOCSP) ||
-                      (validityDuration < shortLifetime) ||
-                      ((endEntityOrCA == EndEntityOrCA::MustBeCA) &&
-                       ((mOCSPFetching == FetchOCSPForDVHardFail) ||
-                        (mOCSPFetching == FetchOCSPForDVSoftFail) ||
-                        blocklistIsFresh));
-#ifdef MOZ_FENNEC
-  // For Fennec, we will use stapled or cached OCSP, but we will not do
-  // a live fetch for any non-EV validation.
-  willNotFetch = (mOCSPFetching == NeverFetchOCSP) ||
-                 ((mOCSPFetching != LocalOnlyOCSPForEV) &&
-                  (mOCSPFetching != FetchOCSPForEV));
-#endif
-
-  if (willNotFetch) {
+  if ((mOCSPFetching == NeverFetchOCSP) ||
+      (validityDuration < shortLifetime) ||
+      (endEntityOrCA == EndEntityOrCA::MustBeCA &&
+       (mOCSPFetching == FetchOCSPForDVHardFail ||
+        mOCSPFetching == FetchOCSPForDVSoftFail ||
+        blocklistIsFresh))) {
     // We're not going to be doing any fetching, so if there was a cached
     // "unknown" response, say so.
     if (cachedResponseResult == Result::ERROR_OCSP_UNKNOWN_CERT) {

security/certverifier/moz.build

@@ -71,7 +71,4 @@ if CONFIG['_MSC_VER']:
 
 FAIL_ON_WARNINGS = True
 
-if CONFIG['MOZ_BUILD_APP'] == 'mobile/android':
-    DEFINES['MOZ_FENNEC'] = True
-
 FINAL_LIBRARY = 'xul'