Bug 1018018: Remove support/mention of proprietary Netscape certificate extensions from PSM, r=cviecco

--HG-- extra : rebase_source : 758ff9384c040084b1015f8025a4ff9f33590176
2024-09-13 09:24:08 -07:00 · 2014-05-29 20:38:25 -07:00 · 2014-05-29 20:38:25 -07:00 · 8dcde055ad
commit 8dcde055ad
parent 833425eae1
3 changed files with 1 additions and 123 deletions
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@ -101,17 +101,6 @@ CertDumpIssuerUniqueID=Issuer Unique ID
 CertDumpSubjPubKey=Subject's Public Key
 CertDumpSubjectUniqueID=Subject Unique ID
 CertDumpExtensions=Extensions
-CertDumpCertType=Netscape Certificate Type
-CertDumpNSCertExtBaseUrl=Netscape Certificate Extension Base URL
-CertDumpNSCertExtRevocationUrl=Netscape Certificate Revocation URL
-CertDumpNSCertExtCARevocationUrl=Netscape Certificate Authority Revocation URL
-CertDumpNSCertExtCertRenewalUrl=Netscape Certificate Renewal URL
-CertDumpNSCertExtCAPolicyUrl=Netscape Certificate Authority Policy URL
-CertDumpNSCertExtSslServerName=Netscape Certificate SSL Server Name
-CertDumpNSCertExtComment=Netscape Certificate Comment
-CertDumpNSCertExtLostPasswordUrl=Netscape Lost Password URL
-CertDumpNSCertExtCertRenewalTime=NetscapeCertificate Renewal Time
-CertDumpNetscapeAolScreenname=AOL Screenname
 CertDumpSubjectDirectoryAttr=Certificate Subject Directory Attributes
 CertDumpSubjectKeyID=Certificate Subject Key ID
 CertDumpKeyUsage=Certificate Key Usage
@ -129,8 +118,6 @@ CertDumpAuthInfoAccess=Authority Information Access
 CertDumpAnsiX9DsaSignature=ANSI X9.57 DSA Signature
 CertDumpAnsiX9DsaSignatureWithSha1=ANSI X9.57 DSA Signature with SHA1 Digest
 CertDumpAnsiX962ECDsaSignatureWithSha1=ANSI X9.62 ECDSA Signature with SHA1
-CertDumpCertTypeEmail=Email
-CertDumpEmailCA=Email Certificate Authority
 CertDumpKUSign=Signing
 CertDumpKUNonRep=Non-repudiation
 CertDumpKUEnc=Key Encipherment
--- a/security/manager/ssl/src/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/src/TransportSecurityInfo.cpp
@ -707,13 +707,7 @@ AppendErrorTextMismatch(const nsString &host,
    useSAN = GetSubjectAltNames(nssCert.get(), component, allNames, nameCount);

  if (!useSAN) {
-    char *certName = nullptr;
-    // currently CERT_FindNSStringExtension is not being exported by NSS.
-    // If it gets exported, enable the following line.
-    //   certName = CERT_FindNSStringExtension(nssCert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
-    // However, it has been discussed to treat the extension as obsolete and ignore it.
-    if (!certName)
-      certName = CERT_GetCommonName(&nssCert->subject);
+    char *certName = CERT_GetCommonName(&nssCert->subject);
    if (certName) {
      ++nameCount;
      allNames.Assign(NS_ConvertUTF8toUTF16(certName));
--- a/security/manager/ssl/src/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/src/nsNSSCertHelper.cpp
@ -285,39 +285,6 @@ GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsAString &text)
  case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
    bundlekey = "CertDumpRSAPSSSignature";
    break;
-  case SEC_OID_NS_CERT_EXT_CERT_TYPE:
-    bundlekey = "CertDumpCertType";
-    break;
-  case SEC_OID_NS_CERT_EXT_BASE_URL:
-    bundlekey = "CertDumpNSCertExtBaseUrl";
-    break;
-  case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
-    bundlekey = "CertDumpNSCertExtRevocationUrl";
-    break;
-  case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
-    bundlekey = "CertDumpNSCertExtCARevocationUrl";
-    break;
-  case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
-    bundlekey = "CertDumpNSCertExtCertRenewalUrl";
-    break;
-  case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
-    bundlekey = "CertDumpNSCertExtCAPolicyUrl";
-    break;
-  case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
-    bundlekey = "CertDumpNSCertExtSslServerName";
-    break;
-  case SEC_OID_NS_CERT_EXT_COMMENT:
-    bundlekey = "CertDumpNSCertExtComment";
-    break;
-  case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
-    bundlekey = "CertDumpNSCertExtLostPasswordUrl";
-    break;
-  case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
-    bundlekey = "CertDumpNSCertExtCertRenewalTime";
-    break;
-  case SEC_OID_NETSCAPE_AOLSCREENNAME:
-    bundlekey = "CertDumpNetscapeAolScreenname";
-    break;
  case SEC_OID_AVA_COUNTRY_NAME:
    bundlekey = "CertDumpAVACountry";
    break;
@ -672,61 +639,6 @@ ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data,
  return NS_OK;
 }    

-static nsresult
-ProcessNSCertTypeExtensions(SECItem  *extData, 
-                            nsAString &text,
-                            nsINSSComponent *nssComponent)
-{
-  nsAutoString local;
-  SECItem decoded;
-  decoded.data = nullptr;
-  decoded.len  = 0;
-  if (SECSuccess != SEC_ASN1DecodeItem(nullptr, &decoded, 
-		SEC_ASN1_GET(SEC_BitStringTemplate), extData)) {
-    nssComponent->GetPIPNSSBundleString("CertDumpExtensionFailure", local);
-    text.Append(local.get());
-    return NS_OK;
-  }
-  unsigned char nsCertType = decoded.data[0];
-  nsMemory::Free(decoded.data);
-  if (nsCertType & NS_CERT_TYPE_SSL_CLIENT) {
-    nssComponent->GetPIPNSSBundleString("VerifySSLClient", local);
-    text.Append(local.get());
-    text.AppendLiteral(SEPARATOR);
-  }
-  if (nsCertType & NS_CERT_TYPE_SSL_SERVER) {
-    nssComponent->GetPIPNSSBundleString("VerifySSLServer", local);
-    text.Append(local.get());
-    text.AppendLiteral(SEPARATOR);
-  }
-  if (nsCertType & NS_CERT_TYPE_EMAIL) {
-    nssComponent->GetPIPNSSBundleString("CertDumpCertTypeEmail", local);
-    text.Append(local.get());
-    text.AppendLiteral(SEPARATOR);
-  }
-  if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING) {
-    nssComponent->GetPIPNSSBundleString("VerifyObjSign", local);
-    text.Append(local.get());
-    text.AppendLiteral(SEPARATOR);
-  }
-  if (nsCertType & NS_CERT_TYPE_SSL_CA) {
-    nssComponent->GetPIPNSSBundleString("VerifySSLCA", local);
-    text.Append(local.get());
-    text.AppendLiteral(SEPARATOR);
-  }
-  if (nsCertType & NS_CERT_TYPE_EMAIL_CA) {
-    nssComponent->GetPIPNSSBundleString("CertDumpEmailCA", local);
-    text.Append(local.get());
-    text.AppendLiteral(SEPARATOR);
-  }
-  if (nsCertType & NS_CERT_TYPE_OBJECT_SIGNING_CA) {
-    nssComponent->GetPIPNSSBundleString("VerifyObjSign", local);
-    text.Append(local.get());
-    text.AppendLiteral(SEPARATOR);
-  }
-  return NS_OK;
-}
-
 static nsresult
 ProcessKeyUsageExtension(SECItem *extData, nsAString &text,
                         nsINSSComponent *nssComponent)
@ -1610,9 +1522,6 @@ ProcessExtensionData(SECOidTag oidTag, SECItem *extData,
 {
  nsresult rv;
  switch (oidTag) {
-  case SEC_OID_NS_CERT_EXT_CERT_TYPE:
-    rv = ProcessNSCertTypeExtensions(extData, text, nssComponent);
-    break;
  case SEC_OID_X509_KEY_USAGE:
    rv = ProcessKeyUsageExtension(extData, text, nssComponent);
    break;
@ -1641,18 +1550,6 @@ ProcessExtensionData(SECOidTag oidTag, SECItem *extData,
  case SEC_OID_X509_AUTH_INFO_ACCESS:
    rv = ProcessAuthInfoAccess(extData, text, nssComponent);
    break;
-  case SEC_OID_NS_CERT_EXT_BASE_URL:
-  case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
-  case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
-  case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
-  case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
-  case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
-  case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
-  case SEC_OID_NS_CERT_EXT_COMMENT:
-  case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
-  case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
-    rv = ProcessIA5String(extData, text, nssComponent);
-    break;
  default:
    if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) {
      rv = ProcessBMPString(extData, text, nssComponent);