Issue mcp-graveyard/UXP%1280 - Follow-up: Get rid of HPKP pinning mode.

This was a leftover from HPKP removal.

Also remove a couple of unused variables from security/manager/ssl/nsSiteSecurityService.cpp.

3 files changed, 3 insertions, 15 deletions

diff --git a/security/manager/ssl/SharedCertVerifier.h b/security/manager/ssl/SharedCertVerifier.h
index 03619573a..135c8ae51 100644
--- a/security/manager/ssl/SharedCertVerifier.h
+++ b/security/manager/ssl/SharedCertVerifier.h
@@ -20,12 +20,12 @@ public:
 
   SharedCertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc,
                      OcspGetConfig ogc, uint32_t certShortLifetimeInDays,
-                     PinningMode pinningMode, SHA1Mode sha1Mode,
+                     SHA1Mode sha1Mode,
                      BRNameMatchingPolicy::Mode nameMatchingMode,
                      NetscapeStepUpPolicy netscapeStepUpPolicy,
                      CertificateTransparencyMode ctMode)
     : mozilla::psm::CertVerifier(odc, osc, ogc, certShortLifetimeInDays,
-                                 pinningMode, sha1Mode, nameMatchingMode,
+                                 sha1Mode, nameMatchingMode,
                                  netscapeStepUpPolicy, ctMode)
   {
   }
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index 897b5743c..6e6d61441 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1579,14 +1579,6 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
   PublicSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
   PrivateSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
 
-  CertVerifier::PinningMode pinningMode =
-    static_cast<CertVerifier::PinningMode>
-      (Preferences::GetInt("security.cert_pinning.enforcement_level",
-                           CertVerifier::pinningDisabled));
-  if (pinningMode > CertVerifier::pinningEnforceTestMode) {
-    pinningMode = CertVerifier::pinningDisabled;
-  }
-
   CertVerifier::SHA1Mode sha1Mode = static_cast<CertVerifier::SHA1Mode>
       (Preferences::GetInt("security.pki.sha1_enforcement_level",
                            static_cast<int32_t>(CertVerifier::SHA1Mode::Allowed)));
@@ -1646,7 +1638,7 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
                                  lock);
   mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc,
                                                 certShortLifetimeInDays,
-                                                pinningMode, sha1Mode,
+                                                sha1Mode,
                                                 nameMatchingMode,
                                                 netscapeStepUpPolicy,
                                                 ctMode);
diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp
index fa2619414..5a6ff3d46 100644
--- a/security/manager/ssl/nsSiteSecurityService.cpp
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -87,8 +87,6 @@ SiteHSTSState::ToString(nsCString& aString)
 
 ////////////////////////////////////////////////////////////////////////////////
 
-const uint64_t kSixtyDaysInSeconds = 60 * 24 * 60 * 60;
-
 static bool
 HostIsIPAddress(const char *hostname)
 {
@@ -398,8 +396,6 @@ ParseSSSHeaders(uint32_t aType,
   //  Unrecognized directives (that are otherwise syntactically valid) are
   //  ignored, and the rest of the header is parsed as normal.
 
-  bool foundReportURI = false;
-
   NS_NAMED_LITERAL_CSTRING(max_age_var, "max-age");
   NS_NAMED_LITERAL_CSTRING(include_subd_var, "includesubdomains");