diff options
| author | Moonchild <moonchild@palemoon.org> | 2020-11-20 09:47:03 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2020-11-20 09:47:03 +0000 |
| commit | 5165ed02285315cc0bed7977c7bac6d0a90ca43c (patch) | |
| tree | 9b761a21eb924915e51c2d803208e6c01b505a45 /security/certverifier/CertVerifier.cpp | |
| parent | e1db27e19989db11fef70f439cf95821316535b3 (diff) | |
| parent | ca9abcdf1702c37bf00048dab3f460b2252873a3 (diff) | |
| download | UXP-RELBASE_20201120.tar UXP-RELBASE_20201120.tar.gz UXP-RELBASE_20201120.tar.lz UXP-RELBASE_20201120.tar.xz UXP-RELBASE_20201120.zip | |
Merge branch 'redwood' into releaseRELBASE_20201124RELBASE_20201120RC_20201120
Diffstat (limited to 'security/certverifier/CertVerifier.cpp')
| -rw-r--r-- | security/certverifier/CertVerifier.cpp | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/security/certverifier/CertVerifier.cpp b/security/certverifier/CertVerifier.cpp index 7f47de14f..389a6c70a 100644 --- a/security/certverifier/CertVerifier.cpp +++ b/security/certverifier/CertVerifier.cpp @@ -42,7 +42,6 @@ CertVerifier::CertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc, OcspGetConfig ogc, uint32_t certShortLifetimeInDays, - PinningMode pinningMode, SHA1Mode sha1Mode, BRNameMatchingPolicy::Mode nameMatchingMode, NetscapeStepUpPolicy netscapeStepUpPolicy, @@ -51,7 +50,6 @@ CertVerifier::CertVerifier(OcspDownloadConfig odc, , mOCSPStrict(osc == ocspStrict) , mOCSPGETEnabled(ogc == ocspGetEnabled) , mCertShortLifetimeInDays(certShortLifetimeInDays) - , mPinningMode(pinningMode) , mSHA1Mode(sha1Mode) , mNameMatchingMode(nameMatchingMode) , mNetscapeStepUpPolicy(netscapeStepUpPolicy) @@ -417,7 +415,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain trustDomain(trustEmail, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - pinningDisabled, MIN_RSA_BITS_WEAK, + MIN_RSA_BITS_WEAK, ValidityCheckingMode::CheckingOff, SHA1Mode::Allowed, NetscapeStepUpPolicy::NeverMatch, @@ -486,7 +484,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain trustDomain(trustSSL, evOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, - mCertShortLifetimeInDays, mPinningMode, MIN_RSA_BITS, + mCertShortLifetimeInDays, MIN_RSA_BITS, ValidityCheckingMode::CheckForEV, sha1ModeConfigurations[i], mNetscapeStepUpPolicy, originAttributes, builtChain); @@ -567,7 +565,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain trustDomain(trustSSL, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - mPinningMode, keySizeOptions[i], + keySizeOptions[i], ValidityCheckingMode::CheckingOff, sha1ModeConfigurations[j], mNetscapeStepUpPolicy, @@ -630,7 +628,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain trustDomain(trustSSL, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - pinningDisabled, MIN_RSA_BITS_WEAK, + MIN_RSA_BITS_WEAK, ValidityCheckingMode::CheckingOff, SHA1Mode::Allowed, mNetscapeStepUpPolicy, originAttributes, builtChain); @@ -645,7 +643,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain trustDomain(trustEmail, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - pinningDisabled, MIN_RSA_BITS_WEAK, + MIN_RSA_BITS_WEAK, ValidityCheckingMode::CheckingOff, SHA1Mode::Allowed, NetscapeStepUpPolicy::NeverMatch, @@ -672,7 +670,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain trustDomain(trustEmail, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - pinningDisabled, MIN_RSA_BITS_WEAK, + MIN_RSA_BITS_WEAK, ValidityCheckingMode::CheckingOff, SHA1Mode::Allowed, NetscapeStepUpPolicy::NeverMatch, @@ -696,7 +694,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain trustDomain(trustObjectSigning, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - pinningDisabled, MIN_RSA_BITS_WEAK, + MIN_RSA_BITS_WEAK, ValidityCheckingMode::CheckingOff, SHA1Mode::Allowed, NetscapeStepUpPolicy::NeverMatch, @@ -729,7 +727,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain sslTrust(trustSSL, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - pinningDisabled, MIN_RSA_BITS_WEAK, + MIN_RSA_BITS_WEAK, ValidityCheckingMode::CheckingOff, SHA1Mode::Allowed, NetscapeStepUpPolicy::NeverMatch, @@ -741,7 +739,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, NSSCertDBTrustDomain emailTrust(trustEmail, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - pinningDisabled, MIN_RSA_BITS_WEAK, + MIN_RSA_BITS_WEAK, ValidityCheckingMode::CheckingOff, SHA1Mode::Allowed, NetscapeStepUpPolicy::NeverMatch, @@ -754,7 +752,6 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage, defaultOCSPFetching, mOCSPCache, pinArg, ocspGETConfig, mCertShortLifetimeInDays, - pinningDisabled, MIN_RSA_BITS_WEAK, ValidityCheckingMode::CheckingOff, SHA1Mode::Allowed, |