diff options
Diffstat (limited to 'security/manager')
-rw-r--r-- | security/manager/ssl/SharedCertVerifier.h | 4 | ||||
-rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 10 | ||||
-rw-r--r-- | security/manager/ssl/nsSiteSecurityService.cpp | 4 |
3 files changed, 3 insertions, 15 deletions
diff --git a/security/manager/ssl/SharedCertVerifier.h b/security/manager/ssl/SharedCertVerifier.h index 03619573a..135c8ae51 100644 --- a/security/manager/ssl/SharedCertVerifier.h +++ b/security/manager/ssl/SharedCertVerifier.h @@ -20,12 +20,12 @@ public: SharedCertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc, OcspGetConfig ogc, uint32_t certShortLifetimeInDays, - PinningMode pinningMode, SHA1Mode sha1Mode, + SHA1Mode sha1Mode, BRNameMatchingPolicy::Mode nameMatchingMode, NetscapeStepUpPolicy netscapeStepUpPolicy, CertificateTransparencyMode ctMode) : mozilla::psm::CertVerifier(odc, osc, ogc, certShortLifetimeInDays, - pinningMode, sha1Mode, nameMatchingMode, + sha1Mode, nameMatchingMode, netscapeStepUpPolicy, ctMode) { } diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 897b5743c..6e6d61441 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1579,14 +1579,6 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, PublicSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled); PrivateSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled); - CertVerifier::PinningMode pinningMode = - static_cast<CertVerifier::PinningMode> - (Preferences::GetInt("security.cert_pinning.enforcement_level", - CertVerifier::pinningDisabled)); - if (pinningMode > CertVerifier::pinningEnforceTestMode) { - pinningMode = CertVerifier::pinningDisabled; - } - CertVerifier::SHA1Mode sha1Mode = static_cast<CertVerifier::SHA1Mode> (Preferences::GetInt("security.pki.sha1_enforcement_level", static_cast<int32_t>(CertVerifier::SHA1Mode::Allowed))); @@ -1646,7 +1638,7 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, lock); mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, certShortLifetimeInDays, - pinningMode, sha1Mode, + sha1Mode, nameMatchingMode, netscapeStepUpPolicy, ctMode); diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp index fa2619414..5a6ff3d46 100644 --- a/security/manager/ssl/nsSiteSecurityService.cpp +++ b/security/manager/ssl/nsSiteSecurityService.cpp @@ -87,8 +87,6 @@ SiteHSTSState::ToString(nsCString& aString) //////////////////////////////////////////////////////////////////////////////// -const uint64_t kSixtyDaysInSeconds = 60 * 24 * 60 * 60; - static bool HostIsIPAddress(const char *hostname) { @@ -398,8 +396,6 @@ ParseSSSHeaders(uint32_t aType, // Unrecognized directives (that are otherwise syntactically valid) are // ignored, and the rest of the header is parsed as normal. - bool foundReportURI = false; - NS_NAMED_LITERAL_CSTRING(max_age_var, "max-age"); NS_NAMED_LITERAL_CSTRING(include_subd_var, "includesubdomains"); |