diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-03-28 01:06:56 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-04-14 13:19:41 +0200 |
commit | 99bad1726e897a82239e543a7a8e8fea36b797c0 (patch) | |
tree | af15c93fca2c7052c029e2422e852cd98b82eb8e /security/certverifier/NSSCertDBTrustDomain.cpp | |
parent | d86349716a9740226d9175b1cf4b60765cb707fc (diff) | |
download | UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.gz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.lz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.xz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.zip |
Issue #1280 - Part 1: Remove HPKP components.
This also removes leftover plumbing for storing preload information
in SiteSecurityService since no service still uses it.
Diffstat (limited to 'security/certverifier/NSSCertDBTrustDomain.cpp')
-rw-r--r-- | security/certverifier/NSSCertDBTrustDomain.cpp | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp index cf48f6392..fff75ee88 100644 --- a/security/certverifier/NSSCertDBTrustDomain.cpp +++ b/security/certverifier/NSSCertDBTrustDomain.cpp @@ -12,7 +12,6 @@ #include "NSSErrorsService.h" #include "OCSPRequestor.h" #include "OCSPVerificationTrustDomain.h" -#include "PublicKeyPinningService.h" #include "cert.h" #include "certdb.h" #include "mozilla/Assertions.h" @@ -862,24 +861,6 @@ NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time) if (rv != Success) { return rv; } - bool skipPinningChecksBecauseOfMITMMode = - (!isBuiltInRoot && mPinningMode == CertVerifier::pinningAllowUserCAMITM); - // If mHostname isn't set, we're not verifying in the context of a TLS - // handshake, so don't verify HPKP in those cases. - if (mHostname && (mPinningMode != CertVerifier::pinningDisabled) && - !skipPinningChecksBecauseOfMITMMode) { - bool enforceTestMode = - (mPinningMode == CertVerifier::pinningEnforceTestMode); - bool chainHasValidPins; - nsresult nsrv = PublicKeyPinningService::ChainHasValidPins( - certList, mHostname, time, enforceTestMode, chainHasValidPins); - if (NS_FAILED(nsrv)) { - return Result::FATAL_ERROR_LIBRARY_FAILURE; - } - if (!chainHasValidPins) { - return Result::ERROR_KEY_PINNING_FAILURE; - } - } mBuiltChain = Move(certList); |