1 files changed, 5 insertions, 19 deletions

diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
index 5e89c2484..fff75ee88 100644
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -12,7 +12,6 @@
 #include "NSSErrorsService.h"
 #include "OCSPRequestor.h"
 #include "OCSPVerificationTrustDomain.h"
-#include "PublicKeyPinningService.h"
 #include "cert.h"
 #include "certdb.h"
 #include "mozilla/Assertions.h"
@@ -862,24 +861,6 @@ NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time)
   if (rv != Success) {
     return rv;
   }
-  bool skipPinningChecksBecauseOfMITMMode =
-    (!isBuiltInRoot && mPinningMode == CertVerifier::pinningAllowUserCAMITM);
-  // If mHostname isn't set, we're not verifying in the context of a TLS
-  // handshake, so don't verify HPKP in those cases.
-  if (mHostname && (mPinningMode != CertVerifier::pinningDisabled) &&
-      !skipPinningChecksBecauseOfMITMMode) {
-    bool enforceTestMode =
-      (mPinningMode == CertVerifier::pinningEnforceTestMode);
-    bool chainHasValidPins;
-    nsresult nsrv = PublicKeyPinningService::ChainHasValidPins(
-      certList, mHostname, time, enforceTestMode, chainHasValidPins);
-    if (NS_FAILED(nsrv)) {
-      return Result::FATAL_ERROR_LIBRARY_FAILURE;
-    }
-    if (!chainHasValidPins) {
-      return Result::ERROR_KEY_PINNING_FAILURE;
-    }
-  }
 
   mBuiltChain = Move(certList);
 
@@ -1102,7 +1083,12 @@ InitializeNSS(const nsACString& dir, bool readOnly, bool loadPKCS11Modules)
     flags |= NSS_INIT_NOMODDB;
   }
   nsAutoCString dbTypeAndDirectory;
+#ifdef MOZ_SECURITY_SQLSTORE
+  // Not strictly necessary with current NSS versions, but can't hurt to be explicit.
+  dbTypeAndDirectory.Append("sql:");
+#else
   dbTypeAndDirectory.Append("dbm:");
+#endif
   dbTypeAndDirectory.Append(dir);
   return ::NSS_Initialize(dbTypeAndDirectory.get(), "", "", SECMOD_DB, flags);
 }