Issue mcp-graveyard/UXP%1280 - Un-bust certerror pages and ForgetAboutSite

author: wolfbeast <mcwerewolf@wolfbeast.com> 2020-03-31 09:44:30 +0200
committer: wolfbeast <mcwerewolf@wolfbeast.com> 2020-03-31 09:44:30 +0200
commit: 428fad866577b303394514bd8fe64c2577a98108 (patch)
tree: 72517c9cb8a2662bf61548cff52ff70ed0d20132 /security
parent: 580ca877a3b8773f83f9c8f16f78eb8636d71728 (diff)
download: aura-central-428fad866577b303394514bd8fe64c2577a98108.tar.gz
1 files changed, 5 insertions, 18 deletions
diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp
index af985eb92..37a3b809f 100644
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -425,11 +425,9 @@ CertErrorRunnable::CheckCertOverrides()
   uint32_t remaining_display_errors = mCollectedErrors;
 
 
-  // If this is an HTTP Strict Transport Security host or a pinned host and the
-  // certificate is bad, don't allow overrides (RFC 6797 section 12.1,
-  // HPKP draft spec section 2.6).
+  // If this is an HTTP Strict Transport Security host, don't allow overrides
+  // RFC 6797 section 12.1.
   bool strictTransportSecurityEnabled = false;
-  bool hasPinningInformation = false;
   nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
   if (!sss) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
@@ -449,21 +447,10 @@ CertErrorRunnable::CheckCertOverrides()
     return new SSLServerCertVerificationResult(mInfoObject,
                                                mDefaultErrorCodeToReport);
   }
-  nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HPKP,
-                           mInfoObject->GetHostNameRaw(),
-                           mProviderFlags,
-                           nullptr,
-                           &hasPinningInformation);
-  if (NS_FAILED(nsrv)) {
-    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
-           ("[%p][%p] checking for HPKP failed\n", mFdForLogging, this));
-    return new SSLServerCertVerificationResult(mInfoObject,
-                                               mDefaultErrorCodeToReport);
-  }
 
-  if (!strictTransportSecurityEnabled && !hasPinningInformation) {
+  if (!strictTransportSecurityEnabled) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
-           ("[%p][%p] no HSTS or HPKP - overrides allowed\n",
+           ("[%p][%p] no HSTS - overrides allowed\n",
             mFdForLogging, this));
     nsCOMPtr<nsICertOverrideService> overrideService =
       do_GetService(NS_CERTOVERRIDE_CONTRACTID);
@@ -497,7 +484,7 @@ CertErrorRunnable::CheckCertOverrides()
     }
   } else {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
-           ("[%p][%p] HSTS or HPKP - no overrides allowed\n",
+           ("[%p][%p] HSTS - no overrides allowed\n",
             mFdForLogging, this));
   }
author	wolfbeast <mcwerewolf@wolfbeast.com>	2020-03-31 09:44:30 +0200
committer	wolfbeast <mcwerewolf@wolfbeast.com>	2020-03-31 09:44:30 +0200
commit	428fad866577b303394514bd8fe64c2577a98108 (patch)
tree	72517c9cb8a2662bf61548cff52ff70ed0d20132 /security
parent	580ca877a3b8773f83f9c8f16f78eb8636d71728 (diff)
download	aura-central-428fad866577b303394514bd8fe64c2577a98108.tar.gz