diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-03-28 01:06:56 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-04-14 13:19:41 +0200 |
commit | 99bad1726e897a82239e543a7a8e8fea36b797c0 (patch) | |
tree | af15c93fca2c7052c029e2422e852cd98b82eb8e /security/manager/ssl/nsISiteSecurityService.idl | |
parent | d86349716a9740226d9175b1cf4b60765cb707fc (diff) | |
download | UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.gz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.lz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.xz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.zip |
Issue #1280 - Part 1: Remove HPKP components.
This also removes leftover plumbing for storing preload information
in SiteSecurityService since no service still uses it.
Diffstat (limited to 'security/manager/ssl/nsISiteSecurityService.idl')
-rw-r--r-- | security/manager/ssl/nsISiteSecurityService.idl | 46 |
1 files changed, 5 insertions, 41 deletions
diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl index 4286848a9..d0e5f61ed 100644 --- a/security/manager/ssl/nsISiteSecurityService.idl +++ b/security/manager/ssl/nsISiteSecurityService.idl @@ -27,7 +27,7 @@ namespace mozilla interface nsISiteSecurityService : nsISupports { const uint32_t HEADER_HSTS = 0; - const uint32_t HEADER_HPKP = 1; + const uint32_t HEADER_HPKP = 1; /* no longer used */ const uint32_t HEADER_OMS = 2; const uint32_t Success = 0; @@ -39,10 +39,10 @@ interface nsISiteSecurityService : nsISupports const uint32_t ERROR_INVALID_MAX_AGE = 6; const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7; const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8; - const uint32_t ERROR_INVALID_PIN = 9; - const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10; - const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11; - const uint32_t ERROR_NO_BACKUP_PIN = 12; + const uint32_t ERROR_INVALID_PIN = 9; /* no longer used */ + const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10; /* no longer used */ + const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11; /* no longer used */ + const uint32_t ERROR_NO_BACKUP_PIN = 12; /* no longer used */ const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13; const uint32_t ERROR_ROOT_NOT_BUILT_IN = 14; @@ -150,42 +150,6 @@ interface nsISiteSecurityService : nsISupports * settings. */ void clearAll(); - - /** - * Returns an array of sha256-hashed key pins for the given domain, if any. - * If these pins also apply to subdomains of the given domain, - * aIncludeSubdomains will be true. Pins returned are only for non-built-in - * pin entries. - * - * @param aHostname the hosname (punycode) to be queried about - * @param the time at which the pins should be valid. This is in - mozilla::pkix::Time which uses internally seconds since 0 AD. - * @param aPinArray the set of sha256-hashed key pins for the given domain - * @param aIncludeSubdomains true if the pins apply to subdomains of the - * given domain - */ - [noscript] boolean getKeyPinsForHostname(in string aHostname, - in mozillaPkixTime evalTime, - out nsCStringTArrayRef aPinArray, - out boolean aIncludeSubdomains); - - /** - * Set public-key pins for a host. The resulting pins will be permanent - * and visible from private and non-private contexts. These pins replace - * any already set by this mechanism or those built-in to Gecko. - * - * @param aHost the hostname (punycode) that pins will apply to - * @param aIncludeSubdomains whether these pins also apply to subdomains - * @param aExpires the time this pin should expire (millis since epoch) - * @param aPinCount number of keys being pinnned - * @param aSha256Pins array of hashed key fingerprints (SHA-256, base64) - * @param aIsPreload are these key pins for a preload entry? (false by - * default) - */ - boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains, - in int64_t aExpires, in unsigned long aPinCount, - [array, size_is(aPinCount)] in string aSha256Pins, - [optional] in boolean aIsPreload); }; %{C++ |