Bug 975229: Remove NSS-based certificate verification, r=keeler

2014-06-16 23:13:29 -07:00
parent 788f956961
commit 6a5fd68bb9
37 changed files with 363 additions and 1914 deletions
--- a/security/certverifier/ExtendedValidation.cpp
+++ b/security/certverifier/ExtendedValidation.cpp
@@ -886,21 +886,6 @@ register_oid(const SECItem* oid_item, const char* oid_name)
  return SECOID_AddEntry(&od);
 }

-#ifndef NSS_NO_LIBPKIX
-static void
-addToCertListIfTrusted(CERTCertList* certList, CERTCertificate* cert) {
-  CERTCertTrust nssTrust;
-  if (CERT_GetCertTrust(cert, &nssTrust) != SECSuccess) {
-    return;
-  }
-  unsigned int flags = SEC_GET_TRUST_FLAGS(&nssTrust, trustSSL);
-
-  if (flags & CERTDB_TRUSTED_CA) {
-    CERT_AddCertToListTail(certList, CERT_DupCertificate(cert));
-  }
-}
-#endif
-
 static bool
 isEVPolicy(SECOidTag policyOIDTag)
 {
@@ -916,25 +901,6 @@ isEVPolicy(SECOidTag policyOIDTag)

 namespace mozilla { namespace psm {

-#ifndef NSS_NO_LIBPKIX
-CERTCertList*
-GetRootsForOid(SECOidTag oid_tag)
-{
-  CERTCertList* certList = CERT_NewCertList();
-  if (!certList)
-    return nullptr;
-
-  for (size_t iEV = 0; iEV < PR_ARRAY_SIZE(myTrustedEVInfos); ++iEV) {
-    nsMyTrustedEVInfo& entry = myTrustedEVInfos[iEV];
-    if (entry.oid_tag == oid_tag) {
-      addToCertListIfTrusted(certList, entry.cert);
-    }
-  }
-
-  return certList;
-}
-#endif
-
 bool
 CertIsAuthoritativeForEVPolicy(const CERTCertificate* cert,
                               const mozilla::pkix::CertPolicyId& policy)