bug 860076 - remove SkipOcsp for being totally bogus r=briansmith

--HG--
rename : security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js => security/manager/ssl/tests/mochitest/browser/browser_certViewer.js

security/manager/ssl/src/PSMContentDownloader.h

@@ -118,14 +118,6 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
                                            uint32_t numParams,
                                            nsAString &outString) = 0;
 
-  // This method will just disable OCSP in NSS, it will not
-  // alter the respective pref values.
-  NS_IMETHOD SkipOcsp() = 0;
-
-  // This method will set the OCSP value according to the 
-  // values in the preferences.
-  NS_IMETHOD SkipOcspOff() = 0;
-
   NS_IMETHOD LogoutAuthenticatedPK11() = 0;
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
@@ -191,8 +183,6 @@ public:
                                            const char16_t **params,
                                            uint32_t numParams,
                                            nsAString &outString);
-  NS_IMETHOD SkipOcsp();
-  NS_IMETHOD SkipOcspOff();
   NS_IMETHOD LogoutAuthenticatedPK11();
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY

security/manager/ssl/src/nsNSSComponent.cpp

@@ -1026,32 +1026,6 @@ nsNSSComponent::setEnabledTLSVersions()
   return NS_OK;
 }
 
-NS_IMETHODIMP
-nsNSSComponent::SkipOcsp()
-{
-  nsNSSShutDownPreventionLock locker;
-  CERTCertDBHandle* certdb = CERT_GetDefaultCertDB();
-
-  SECStatus rv = CERT_DisableOCSPChecking(certdb);
-  return (rv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
-}
-
-NS_IMETHODIMP
-nsNSSComponent::SkipOcspOff()
-{
-  MutexAutoLock lock(mutex);
-  MOZ_ASSERT(NS_IsMainThread());
-  MOZ_ASSERT(mNSSInitialized);
-  NS_ENSURE_TRUE(mNSSInitialized, NS_ERROR_NOT_INITIALIZED);
-
-  CertVerifier::ocsp_download_config odc; // ignored
-  CertVerifier::ocsp_strict_config osc; // ignored
-  CertVerifier::ocsp_get_config ogc; // ignored
-  SetClassicOCSPBehaviorFromPrefs(&odc, &osc, &ogc, lock);
-
-  return NS_OK;
-}
-
 nsresult
 nsNSSComponent::InitializeNSS()
 {

security/manager/ssl/src/nsNSSComponent.h

@@ -85,14 +85,6 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
                                            uint32_t numParams,
                                            nsAString& outString) = 0;
 
-  // This method will just disable OCSP in NSS, it will not
-  // alter the respective pref values.
-  NS_IMETHOD SkipOcsp() = 0;
-
-  // This method will set the OCSP value according to the
-  // values in the preferences.
-  NS_IMETHOD SkipOcspOff() = 0;
-
   NS_IMETHOD LogoutAuthenticatedPK11() = 0;
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
@@ -155,8 +147,6 @@ public:
                                            const char16_t** params,
                                            uint32_t numParams,
                                            nsAString& outString);
-  NS_IMETHOD SkipOcsp();
-  NS_IMETHOD SkipOcspOff();
   NS_IMETHOD LogoutAuthenticatedPK11();
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY

security/manager/ssl/src/nsUsageArrayHelper.cpp

@@ -202,20 +202,6 @@ nsUsageArrayHelper::GetUsagesArray(const char *suffix,
   RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
   NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
 
-  // Bug 860076, this disabling ocsp for all NSS is incorrect.
-  const bool localOSCPDisable
-    = certVerifier->mImplementation == CertVerifier::classic;
-  if (localOSCPDisable) {
-    nsresult rv;
-    nssComponent = do_GetService(kNSSComponentCID, &rv);
-    if (NS_FAILED(rv))
-      return rv;
-    
-    if (nssComponent) {
-      nssComponent->SkipOcsp();
-    }
-  }
-
   uint32_t &count = *_count;
   count = 0;
 
@@ -255,11 +241,6 @@ nsUsageArrayHelper::GetUsagesArray(const char *suffix,
                  certificateUsageAnyCA, now, flags, count, outUsages);
 #endif
 
-  // Bug 860076, this disabling ocsp for all NSS is incorrect
-  if (localOSCPDisable) {
-     nssComponent->SkipOcspOff();
-  }
-
   if (isFatalError(result) || count == 0) {
     MOZ_ASSERT(result != nsIX509Cert::VERIFIED_OK);
 

security/manager/ssl/tests/mochitest/browser/browser.ini

@@ -3,3 +3,4 @@ support-files = head.js
 
 [browser_bug627234_perwindowpb.js]
 [browser_certificateManagerLeak.js]
+[browser_certViewer.js]

security/manager/ssl/tests/mochitest/browser/browser_certViewer.js

@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+let gBugWindow;
+
+function onLoad() {
+  gBugWindow.removeEventListener("load", onLoad);
+  gBugWindow.addEventListener("unload", onUnload);
+  gBugWindow.close();
+}
+
+function onUnload() {
+  gBugWindow.removeEventListener("unload", onUnload);
+  window.focus();
+  finish();
+}
+
+// This test opens and then closes the certificate viewer to test that it
+// does not crash.
+function test() {
+  waitForExplicitFinish();
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  // If the certificate with the nickname "pgoca" is ever removed,
+  // this will fail. Simply find another certificate. Any one will
+  // do.
+  let cert = certdb.findCertByNickname(null, "pgoca");
+  ok(cert, "found a certificate to look at");
+  let arg = {
+    QueryInterface: function() this,
+    getISupportAtIndex: function() this.cert,
+    cert: cert
+  };
+  gBugWindow = window.openDialog("chrome://pippki/content/certViewer.xul",
+                                 "", "", arg);
+  gBugWindow.addEventListener("load", onLoad);
+}