Bug 1691122 - Remove subject common name fallback support in CertVerifier. r=keeler,necko-reviewers,kershaw

Differential Revision: https://phabricator.services.mozilla.com/D143808
2022-04-27 20:57:31 +00:00
parent 3442e067d6
commit cf55523d7a
21 changed files with 27 additions and 408 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -234,7 +234,6 @@
 #include "nsXULAppAPI.h"

 #include "ThirdPartyUtil.h"
-#include "BRNameMatchingPolicy.h"
 #include "GeckoProfiler.h"
 #include "mozilla/NullPrincipal.h"
 #include "Navigator.h"
@@ -6090,10 +6089,7 @@ already_AddRefed<nsIURI> nsDocShell::MaybeFixBadCertDomainErrorURI(

  // Check if adding a "www." prefix to the request's hostname will
  // cause the response's certificate to match.
-  mozilla::psm::BRNameMatchingPolicy nameMatchingPolicy(
-      mozilla::psm::BRNameMatchingPolicy::Mode::Enforce);
-  rv1 = mozilla::pkix::CheckCertHostname(serverCertInput, newHostInput,
-                                         nameMatchingPolicy);
+  rv1 = mozilla::pkix::CheckCertHostname(serverCertInput, newHostInput);
  if (rv1 != mozilla::pkix::Success) {
    return nullptr;
  }