From 229baa51e61bdd2ab759b9d0f1eaa7750c0a0494 Mon Sep 17 00:00:00 2001
From: Cykesiopka <cykesiopka.bmo@gmail.com>
Date: Fri, 6 Dec 2013 00:12:08 -0800
Subject: [PATCH] Bug 945851: Remove pref for showing dialog box when NSS
 initialization fails, r=briansmith

--HG--
extra : rebase_source : 1142d1775b8846e8bd46109affc62df262e598d4
---
 .../en-US/chrome/pipnss/pipnss.properties     |   1 -
 security/manager/ssl/src/nsNSSComponent.cpp   | 118 +++++++-----------
 security/manager/ssl/src/nsNSSComponent.h     |   2 +-
 3 files changed, 44 insertions(+), 77 deletions(-)

diff --git a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
index 65f70be9bb6e..49bebd8dc642 100755
--- a/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
+++ b/security/manager/locales/en-US/chrome/pipnss/pipnss.properties
@@ -338,7 +338,6 @@ CertInfoPurposes=Purposes
 CertInfoEmail=Email
 CertInfoStoredIn=Stored in:
 P12DefaultNickname=Imported Certificate
-NSSInitProblemX=Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.
 VerifyExpired=<Expired>
 VerifyRevoked=<Revoked>
 VerifyNotTrusted=<Not Trusted>
diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
index 65687d6a80c7..38cf8c0f9efe 100644
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -1124,7 +1124,7 @@ nsNSSComponent::SkipOcspOff()
 }
 
 nsresult
-nsNSSComponent::InitializeNSS(bool showWarningBox)
+nsNSSComponent::InitializeNSS()
 {
   // Can be called both during init and profile change.
   // Needs mutex protection.
@@ -1137,11 +1137,6 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
                 nsINSSErrorsService::NSS_SSL_ERROR_LIMIT == SSL_ERROR_LIMIT,
                 "You must update the values in nsINSSErrorsService.idl");
 
-  // variables used for flow control within this function
-
-  enum { problem_none, problem_no_rw, problem_no_security_at_all }
-    which_nss_problem = problem_none;
-
   {
     MutexAutoLock lock(mutex);
 
@@ -1196,9 +1191,6 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
       Preferences::GetBool("security.use_libpkix_verification", false);
 #endif
 
-    bool suppressWarningPref =
-      Preferences::GetBool("security.suppress_nss_rw_impossible_warning", false);
-
     // init phase 2, init calls to NSS library
 
     PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization beginning\n"));
@@ -1223,13 +1215,6 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
     if (init_rv != SECSuccess) {
       PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));
 
-      if (suppressWarningPref) {
-        which_nss_problem = problem_none;
-      }
-      else {
-        which_nss_problem = problem_no_rw;
-      }
-
       // try to init r/o
       init_flags |= NSS_INIT_READONLY;
       init_rv = ::NSS_Initialize(profileStr.get(), "", "",
@@ -1237,7 +1222,6 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
 
       if (init_rv != SECSuccess) {
         PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init in r/o either\n"));
-        which_nss_problem = problem_no_security_at_all;
 
         init_rv = NSS_NoDB_Init(profileStr.get());
         if (init_rv != SECSuccess) {
@@ -1250,80 +1234,64 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
 
     // init phase 3, only if phase 2 was successful
 
-    if (problem_no_security_at_all != which_nss_problem) {
+    mNSSInitialized = true;
 
-      mNSSInitialized = true;
+    PK11_SetPasswordFunc(PK11PasswordPrompt);
 
-      PK11_SetPasswordFunc(PK11PasswordPrompt);
+    SharedSSLState::GlobalInit();
 
-      SharedSSLState::GlobalInit();
+    // Register an observer so we can inform NSS when these prefs change
+    Preferences::AddStrongObserver(this, "security.");
 
-      // Register an observer so we can inform NSS when these prefs change
-      Preferences::AddStrongObserver(this, "security.");
+    SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
+    SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
 
-      SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
-      SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
+    rv = setEnabledTLSVersions();
+    if (NS_FAILED(rv)) {
+      nsPSMInitPanic::SetPanic();
+      return NS_ERROR_UNEXPECTED;
+    }
 
-      rv = setEnabledTLSVersions();
-      if (NS_FAILED(rv)) {
-        nsPSMInitPanic::SetPanic();
-        return NS_ERROR_UNEXPECTED;
-      }
+    DisableMD5();
 
-      DisableMD5();
+    SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, true);
 
-      SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, true);
+    bool requireSafeNegotiation =
+      Preferences::GetBool("security.ssl.require_safe_negotiation",
+                           REQUIRE_SAFE_NEGOTIATION_DEFAULT);
+    SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
 
-      bool requireSafeNegotiation =
-        Preferences::GetBool("security.ssl.require_safe_negotiation",
-                             REQUIRE_SAFE_NEGOTIATION_DEFAULT);
-      SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
+    bool allowUnrestrictedRenego =
+      Preferences::GetBool("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",
+                           ALLOW_UNRESTRICTED_RENEGO_DEFAULT);
+    SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION,
+                         allowUnrestrictedRenego ?
+                           SSL_RENEGOTIATE_UNRESTRICTED :
+                           SSL_RENEGOTIATE_REQUIRES_XTN);
 
-      bool allowUnrestrictedRenego =
-        Preferences::GetBool("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",
-                             ALLOW_UNRESTRICTED_RENEGO_DEFAULT);
-      SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION,
-                           allowUnrestrictedRenego ?
-                             SSL_RENEGOTIATE_UNRESTRICTED :
-                             SSL_RENEGOTIATE_REQUIRES_XTN);
+    SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
+                         Preferences::GetBool("security.ssl.enable_false_start",
+                                              FALSE_START_ENABLED_DEFAULT));
 
-      SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
-                           Preferences::GetBool("security.ssl.enable_false_start",
-                                                FALSE_START_ENABLED_DEFAULT));
+    if (NS_FAILED(InitializeCipherSuite())) {
+      PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to initialize cipher suite settings\n"));
+      return NS_ERROR_FAILURE;
+    }
 
-      if (NS_FAILED(InitializeCipherSuite())) {
-        PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to initialize cipher suite settings\n"));
-        return NS_ERROR_FAILURE;
-      }
+    // dynamic options from prefs
+    setValidationOptions();
 
-      // dynamic options from prefs
-      setValidationOptions();
+    mHttpForNSS.initTable();
+    mHttpForNSS.registerHttpClient();
 
-      mHttpForNSS.initTable();
-      mHttpForNSS.registerHttpClient();
-
-      InstallLoadableRoots();
+    InstallLoadableRoots();
 
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
-      LaunchSmartCardThreads();
+    LaunchSmartCardThreads();
 #endif
 
-      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
-    }
+    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
   }
-
-  if (problem_none != which_nss_problem) {
-    nsPSMInitPanic::SetPanic();
-
-    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS problem, trying to bring up GUI error message\n"));
-
-    // We might want to use different messages, depending on what failed.
-    // For now, let's use the same message.
-    if (showWarningBox) {
-      ShowAlertFromStringBundle("NSSInitProblemX");
-    }
-  }
-
   return NS_OK;
 }
 
@@ -1412,7 +1380,7 @@ nsNSSComponent::Init()
   // Do that before NSS init, to make sure we won't get unloaded.
   RegisterObservers();
 
-  rv = InitializeNSS(true); // ok to show a warning box on failure
+  rv = InitializeNSS();
   if (NS_FAILED(rv)) {
     PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS.\n"));
 
@@ -1652,9 +1620,9 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
         needsInit = false;
       }
     }
-    
+
     if (needsInit) {
-      if (NS_FAILED(InitializeNSS(false))) { // do not show a warning box on failure
+      if (NS_FAILED(InitializeNSS())) {
         PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS after profile switch.\n"));
       }
     }
diff --git a/security/manager/ssl/src/nsNSSComponent.h b/security/manager/ssl/src/nsNSSComponent.h
index ef3e553cf4e6..e8a2313a6f0e 100644
--- a/security/manager/ssl/src/nsNSSComponent.h
+++ b/security/manager/ssl/src/nsNSSComponent.h
@@ -178,7 +178,7 @@ public:
                   mozilla::RefPtr<mozilla::psm::CertVerifier> &out);
 private:
 
-  nsresult InitializeNSS(bool showWarningBox);
+  nsresult InitializeNSS();
   void ShutdownNSS();
 
   void InstallLoadableRoots();