summaryrefslogtreecommitdiffstats
path: root/security/certverifier/NSSCertDBTrustDomain.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-03-28 01:06:56 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-04-14 13:19:41 +0200
commit99bad1726e897a82239e543a7a8e8fea36b797c0 (patch)
treeaf15c93fca2c7052c029e2422e852cd98b82eb8e /security/certverifier/NSSCertDBTrustDomain.cpp
parentd86349716a9740226d9175b1cf4b60765cb707fc (diff)
downloadUXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar
UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.gz
UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.lz
UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.xz
UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.zip
Issue #1280 - Part 1: Remove HPKP components.
This also removes leftover plumbing for storing preload information in SiteSecurityService since no service still uses it.
Diffstat (limited to 'security/certverifier/NSSCertDBTrustDomain.cpp')
-rw-r--r--security/certverifier/NSSCertDBTrustDomain.cpp19
1 files changed, 0 insertions, 19 deletions
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
index cf48f6392..fff75ee88 100644
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -12,7 +12,6 @@
#include "NSSErrorsService.h"
#include "OCSPRequestor.h"
#include "OCSPVerificationTrustDomain.h"
-#include "PublicKeyPinningService.h"
#include "cert.h"
#include "certdb.h"
#include "mozilla/Assertions.h"
@@ -862,24 +861,6 @@ NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time)
if (rv != Success) {
return rv;
}
- bool skipPinningChecksBecauseOfMITMMode =
- (!isBuiltInRoot && mPinningMode == CertVerifier::pinningAllowUserCAMITM);
- // If mHostname isn't set, we're not verifying in the context of a TLS
- // handshake, so don't verify HPKP in those cases.
- if (mHostname && (mPinningMode != CertVerifier::pinningDisabled) &&
- !skipPinningChecksBecauseOfMITMMode) {
- bool enforceTestMode =
- (mPinningMode == CertVerifier::pinningEnforceTestMode);
- bool chainHasValidPins;
- nsresult nsrv = PublicKeyPinningService::ChainHasValidPins(
- certList, mHostname, time, enforceTestMode, chainHasValidPins);
- if (NS_FAILED(nsrv)) {
- return Result::FATAL_ERROR_LIBRARY_FAILURE;
- }
- if (!chainHasValidPins) {
- return Result::ERROR_KEY_PINNING_FAILURE;
- }
- }
mBuiltChain = Move(certList);