mirror of
https://github.com/roytam1/UXP.git
synced 2026-05-26 13:58:49 +00:00
Issue #1280 - Remove hostname parameter to trust domain.
Host name was purely being used for HPKP and since HPKP is killed, this can also go. Currently it doesn't do anything other than generating build warnings.
This commit is contained in:
adeshkp
@@ -422,7 +422,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes,
|
||||
builtChain, nullptr);
|
||||
builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeEndEntity,
|
||||
KeyUsage::digitalSignature,
|
||||
@@ -489,8 +489,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
mCertShortLifetimeInDays, mPinningMode, MIN_RSA_BITS,
|
||||
ValidityCheckingMode::CheckForEV,
|
||||
sha1ModeConfigurations[i], mNetscapeStepUpPolicy,
|
||||
originAttributes, builtChain,
|
||||
hostname);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChainForOneKeyUsage(trustDomain, certDER, time,
|
||||
KeyUsage::digitalSignature,// (EC)DHE
|
||||
KeyUsage::keyEncipherment, // RSA
|
||||
@@ -572,8 +571,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
sha1ModeConfigurations[j],
|
||||
mNetscapeStepUpPolicy,
|
||||
originAttributes, builtChain,
|
||||
hostname);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChainForOneKeyUsage(trustDomain, certDER, time,
|
||||
KeyUsage::digitalSignature,//(EC)DHE
|
||||
KeyUsage::keyEncipherment,//RSA
|
||||
@@ -635,7 +633,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
pinningDisabled, MIN_RSA_BITS_WEAK,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed, mNetscapeStepUpPolicy,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeCA, KeyUsage::keyCertSign,
|
||||
KeyPurposeId::id_kp_serverAuth,
|
||||
@@ -651,7 +649,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeEndEntity,
|
||||
KeyUsage::digitalSignature,
|
||||
@@ -678,7 +676,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeEndEntity,
|
||||
KeyUsage::keyEncipherment, // RSA
|
||||
@@ -702,7 +700,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(trustDomain, certDER, time,
|
||||
EndEntityOrCA::MustBeEndEntity,
|
||||
KeyUsage::digitalSignature,
|
||||
@@ -735,7 +733,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(sslTrust, certDER, time, endEntityOrCA,
|
||||
keyUsage, eku, CertPolicyId::anyPolicy,
|
||||
stapledOCSPResponse);
|
||||
@@ -747,7 +745,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain, nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(emailTrust, certDER, time, endEntityOrCA,
|
||||
keyUsage, eku, CertPolicyId::anyPolicy,
|
||||
stapledOCSPResponse);
|
||||
@@ -761,8 +759,7 @@ CertVerifier::VerifyCert(CERTCertificate* cert, SECCertificateUsage usage,
|
||||
ValidityCheckingMode::CheckingOff,
|
||||
SHA1Mode::Allowed,
|
||||
NetscapeStepUpPolicy::NeverMatch,
|
||||
originAttributes, builtChain,
|
||||
nullptr);
|
||||
originAttributes, builtChain);
|
||||
rv = BuildCertChain(objectSigningTrust, certDER, time,
|
||||
endEntityOrCA, keyUsage, eku,
|
||||
CertPolicyId::anyPolicy, stapledOCSPResponse);
|
||||
|
||||
@@ -58,8 +58,7 @@ NSSCertDBTrustDomain::NSSCertDBTrustDomain(SECTrustType certDBTrustType,
|
||||
CertVerifier::SHA1Mode sha1Mode,
|
||||
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
||||
const NeckoOriginAttributes& originAttributes,
|
||||
UniqueCERTCertList& builtChain,
|
||||
/*optional*/ const char* hostname)
|
||||
UniqueCERTCertList& builtChain)
|
||||
: mCertDBTrustType(certDBTrustType)
|
||||
, mOCSPFetching(ocspFetching)
|
||||
, mOCSPCache(ocspCache)
|
||||
@@ -73,7 +72,6 @@ NSSCertDBTrustDomain::NSSCertDBTrustDomain(SECTrustType certDBTrustType,
|
||||
, mNetscapeStepUpPolicy(netscapeStepUpPolicy)
|
||||
, mOriginAttributes(originAttributes)
|
||||
, mBuiltChain(builtChain)
|
||||
, mHostname(hostname)
|
||||
, mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID))
|
||||
, mOCSPStaplingStatus(CertVerifier::OCSP_STAPLING_NEVER_CHECKED)
|
||||
, mSCTListFromCertificate()
|
||||
|
||||
@@ -83,8 +83,7 @@ public:
|
||||
CertVerifier::SHA1Mode sha1Mode,
|
||||
NetscapeStepUpPolicy netscapeStepUpPolicy,
|
||||
const NeckoOriginAttributes& originAttributes,
|
||||
UniqueCERTCertList& builtChain,
|
||||
/*optional*/ const char* hostname = nullptr);
|
||||
UniqueCERTCertList& builtChain);
|
||||
|
||||
virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
|
||||
IssuerChecker& checker,
|
||||
@@ -187,7 +186,6 @@ private:
|
||||
NetscapeStepUpPolicy mNetscapeStepUpPolicy;
|
||||
const NeckoOriginAttributes& mOriginAttributes;
|
||||
UniqueCERTCertList& mBuiltChain; // non-owning
|
||||
const char* mHostname; // non-owning - only used for pinning checks
|
||||
nsCOMPtr<nsICertBlocklist> mCertBlocklist;
|
||||
CertVerifier::OCSPStaplingStatus mOCSPStaplingStatus;
|
||||
// Certificate Transparency data extracted during certificate verification
|
||||
|
||||
Reference in New Issue
Block a user