Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-13 21:35:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 945851: Remove pref for showing dialog box when NSS initialization fails, r=briansmith

Browse Source 
--HG--
extra : rebase_source : 1142d1775b8846e8bd46109affc62df262e598d4
This commit is contained in:
Cykesiopka 2013-12-06 00:12:08 -08:00
parent 14c800bb2b
commit 229baa51e6
3 changed files with 44 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security/manager/locales/en-US/chrome/pipnss/pipnss.properties
View File

@ -338,7 +338,6 @@ CertInfoPurposes=Purposes
CertInfoEmail=Email
CertInfoStoredIn=Stored in:
P12DefaultNickname=Imported Certificate
NSSInitProblemX=Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.
VerifyExpired=<Expired>
VerifyRevoked=<Revoked>
VerifyNotTrusted=<Not Trusted>

118
security/manager/ssl/src/nsNSSComponent.cpp
View File

@ -1124,7 +1124,7 @@ nsNSSComponent::SkipOcspOff()
}
nsresult
nsNSSComponent::InitializeNSS(bool showWarningBox)
nsNSSComponent::InitializeNSS()
{
// Can be called both during init and profile change.
// Needs mutex protection.
@ -1137,11 +1137,6 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
nsINSSErrorsService::NSS_SSL_ERROR_LIMIT == SSL_ERROR_LIMIT,
"You must update the values in nsINSSErrorsService.idl");
// variables used for flow control within this function
enum { problem_none, problem_no_rw, problem_no_security_at_all }
which_nss_problem = problem_none;
{
MutexAutoLock lock(mutex);
@ -1196,9 +1191,6 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
Preferences::GetBool("security.use_libpkix_verification", false);
#endif
bool suppressWarningPref =
Preferences::GetBool("security.suppress_nss_rw_impossible_warning", false);
// init phase 2, init calls to NSS library
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization beginning\n"));
@ -1223,13 +1215,6 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
if (init_rv != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
if (suppressWarningPref) {
which_nss_problem = problem_none;
}
else {
which_nss_problem = problem_no_rw;
}
// try to init r/o
init_flags |= NSS_INIT_READONLY;
init_rv = ::NSS_Initialize(profileStr.get(), "", "",
@ -1237,7 +1222,6 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
if (init_rv != SECSuccess) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init in r/o either\n"));
which_nss_problem = problem_no_security_at_all;
init_rv = NSS_NoDB_Init(profileStr.get());
if (init_rv != SECSuccess) {
@ -1250,80 +1234,64 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
// init phase 3, only if phase 2 was successful
if (problem_no_security_at_all != which_nss_problem) {
mNSSInitialized = true;
mNSSInitialized = true;
PK11_SetPasswordFunc(PK11PasswordPrompt);
PK11_SetPasswordFunc(PK11PasswordPrompt);
SharedSSLState::GlobalInit();
SharedSSLState::GlobalInit();
// Register an observer so we can inform NSS when these prefs change
Preferences::AddStrongObserver(this, "security.");
// Register an observer so we can inform NSS when these prefs change
Preferences::AddStrongObserver(this, "security.");
SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
rv = setEnabledTLSVersions();
if (NS_FAILED(rv)) {
nsPSMInitPanic::SetPanic();
return NS_ERROR_UNEXPECTED;
}
rv = setEnabledTLSVersions();
if (NS_FAILED(rv)) {
nsPSMInitPanic::SetPanic();
return NS_ERROR_UNEXPECTED;
}
DisableMD5();
DisableMD5();
SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, true);
SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, true);
bool requireSafeNegotiation =
Preferences::GetBool("security.ssl.require_safe_negotiation",
REQUIRE_SAFE_NEGOTIATION_DEFAULT);
SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
bool requireSafeNegotiation =
Preferences::GetBool("security.ssl.require_safe_negotiation",
REQUIRE_SAFE_NEGOTIATION_DEFAULT);
SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
bool allowUnrestrictedRenego =
Preferences::GetBool("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",
ALLOW_UNRESTRICTED_RENEGO_DEFAULT);
SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION,
allowUnrestrictedRenego ?
SSL_RENEGOTIATE_UNRESTRICTED :
SSL_RENEGOTIATE_REQUIRES_XTN);
bool allowUnrestrictedRenego =
Preferences::GetBool("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",
ALLOW_UNRESTRICTED_RENEGO_DEFAULT);
SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION,
allowUnrestrictedRenego ?
SSL_RENEGOTIATE_UNRESTRICTED :
SSL_RENEGOTIATE_REQUIRES_XTN);
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
Preferences::GetBool("security.ssl.enable_false_start",
FALSE_START_ENABLED_DEFAULT));
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
Preferences::GetBool("security.ssl.enable_false_start",
FALSE_START_ENABLED_DEFAULT));
if (NS_FAILED(InitializeCipherSuite())) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to initialize cipher suite settings\n"));
return NS_ERROR_FAILURE;
}
if (NS_FAILED(InitializeCipherSuite())) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to initialize cipher suite settings\n"));
return NS_ERROR_FAILURE;
}
// dynamic options from prefs
setValidationOptions();
// dynamic options from prefs
setValidationOptions();
mHttpForNSS.initTable();
mHttpForNSS.registerHttpClient();
mHttpForNSS.initTable();
mHttpForNSS.registerHttpClient();
InstallLoadableRoots();
InstallLoadableRoots();
#ifndef MOZ_DISABLE_CRYPTOLEGACY
LaunchSmartCardThreads();
LaunchSmartCardThreads();
#endif
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
}
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
}
if (problem_none != which_nss_problem) {
nsPSMInitPanic::SetPanic();
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS problem, trying to bring up GUI error message\n"));
// We might want to use different messages, depending on what failed.
// For now, let's use the same message.
if (showWarningBox) {
ShowAlertFromStringBundle("NSSInitProblemX");
}
}
return NS_OK;
}
@ -1412,7 +1380,7 @@ nsNSSComponent::Init()
// Do that before NSS init, to make sure we won't get unloaded.
RegisterObservers();
rv = InitializeNSS(true); // ok to show a warning box on failure
rv = InitializeNSS();
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS.\n"));
@ -1652,9 +1620,9 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
needsInit = false;
}
}
if (needsInit) {
if (NS_FAILED(InitializeNSS(false))) { // do not show a warning box on failure
if (NS_FAILED(InitializeNSS())) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS after profile switch.\n"));
}
}

2
security/manager/ssl/src/nsNSSComponent.h
View File

@ -178,7 +178,7 @@ public:
mozilla::RefPtr<mozilla::psm::CertVerifier> &out);
private:
nsresult InitializeNSS(bool showWarningBox);
nsresult InitializeNSS();
void ShutdownNSS();
void InstallLoadableRoots();