Bug 1111848 - Remove nsISiteSecurityService.shouldIgnoreHeaders and implementation. r=keeler

2024-09-13 09:24:08 -07:00 · 2014-12-22 20:26:49 +11:00 · 2014-12-22 20:26:49 +11:00 · 86c1c8ddf5
commit 86c1c8ddf5
parent 0d12ab6f75
2 changed files with 1 additions and 41 deletions
--- a/netwerk/base/public/nsISiteSecurityService.idl
+++ b/netwerk/base/public/nsISiteSecurityService.idl
@ -23,7 +23,7 @@ namespace mozilla
 [ref] native nsCStringTArrayRef(nsTArray<nsCString>);
 [ref] native mozillaPkixTime(mozilla::pkix::Time);

-[scriptable, uuid(46555f70-3ab5-11e4-8613-180373d97f23)]
+[scriptable, uuid(e219eace-0e04-42ba-b203-58a8b327867c)]
 interface nsISiteSecurityService : nsISupports
 {
    const uint32_t HEADER_HSTS = 0;
@ -100,12 +100,6 @@ interface nsISiteSecurityService : nsISupports
                         in string aHost,
                         in uint32_t aFlags);

-    /**
-     * Checks if the given security info is for a host with a broken
-     * transport layer (certificate errors like invalid CN).
-     */
-    boolean shouldIgnoreHeaders(in nsISupports aSecurityInfo);
-
    /**
     * Checks whether or not the URI's hostname has a given security state set.
     * For example, for HSTS:
--- a/security/manager/boot/src/nsSiteSecurityService.cpp
+++ b/security/manager/boot/src/nsSiteSecurityService.cpp
@ -11,7 +11,6 @@
 #include "CertVerifier.h"
 #include "nsCRTGlue.h"
 #include "nsISSLStatus.h"
-#include "nsISSLStatusProvider.h"
 #include "nsISocketProvider.h"
 #include "nsIURI.h"
 #include "nsNetUtil.h"
@ -965,39 +964,6 @@ nsSiteSecurityService::IsSecureHost(uint32_t aType, const char* aHost,
  return NS_OK;
 }

-
-// Verify the trustworthiness of the security info (are there any cert errors?)
-NS_IMETHODIMP
-nsSiteSecurityService::ShouldIgnoreHeaders(nsISupports* aSecurityInfo,
-                                           bool* aResult)
-{
-  nsresult rv;
-  bool tlsIsBroken = false;
-  nsCOMPtr<nsISSLStatusProvider> sslprov = do_QueryInterface(aSecurityInfo);
-  NS_ENSURE_TRUE(sslprov, NS_ERROR_FAILURE);
-
-  nsCOMPtr<nsISSLStatus> sslstat;
-  rv = sslprov->GetSSLStatus(getter_AddRefs(sslstat));
-  NS_ENSURE_SUCCESS(rv, rv);
-  NS_ENSURE_TRUE(sslstat, NS_ERROR_FAILURE);
-
-  bool trustcheck;
-  rv = sslstat->GetIsDomainMismatch(&trustcheck);
-  NS_ENSURE_SUCCESS(rv, rv);
-  tlsIsBroken = tlsIsBroken || trustcheck;
-
-  rv = sslstat->GetIsNotValidAtThisTime(&trustcheck);
-  NS_ENSURE_SUCCESS(rv, rv);
-  tlsIsBroken = tlsIsBroken || trustcheck;
-
-  rv = sslstat->GetIsUntrusted(&trustcheck);
-  NS_ENSURE_SUCCESS(rv, rv);
-  tlsIsBroken = tlsIsBroken || trustcheck;
-
-  *aResult = tlsIsBroken;
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 nsSiteSecurityService::ClearAll()
 {