diff options
Diffstat (limited to 'security/certverifier')
-rw-r--r-- | security/certverifier/NSSCertDBTrustDomain.cpp | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp index cf48f6392..fff75ee88 100644 --- a/security/certverifier/NSSCertDBTrustDomain.cpp +++ b/security/certverifier/NSSCertDBTrustDomain.cpp @@ -12,7 +12,6 @@ #include "NSSErrorsService.h" #include "OCSPRequestor.h" #include "OCSPVerificationTrustDomain.h" -#include "PublicKeyPinningService.h" #include "cert.h" #include "certdb.h" #include "mozilla/Assertions.h" @@ -862,24 +861,6 @@ NSSCertDBTrustDomain::IsChainValid(const DERArray& certArray, Time time) if (rv != Success) { return rv; } - bool skipPinningChecksBecauseOfMITMMode = - (!isBuiltInRoot && mPinningMode == CertVerifier::pinningAllowUserCAMITM); - // If mHostname isn't set, we're not verifying in the context of a TLS - // handshake, so don't verify HPKP in those cases. - if (mHostname && (mPinningMode != CertVerifier::pinningDisabled) && - !skipPinningChecksBecauseOfMITMMode) { - bool enforceTestMode = - (mPinningMode == CertVerifier::pinningEnforceTestMode); - bool chainHasValidPins; - nsresult nsrv = PublicKeyPinningService::ChainHasValidPins( - certList, mHostname, time, enforceTestMode, chainHasValidPins); - if (NS_FAILED(nsrv)) { - return Result::FATAL_ERROR_LIBRARY_FAILURE; - } - if (!chainHasValidPins) { - return Result::ERROR_KEY_PINNING_FAILURE; - } - } mBuiltChain = Move(certList); |