Bug 564584 @mozilla.org/security/certoverride;1 overrides crashes the application [@ nsNSSComponent::LogoutAuthenticatedPK11]; r=kaie a=bsmedberg

security/manager/ssl/public/nsICertOverrideService.idl

@@ -133,8 +133,10 @@ interface nsICertOverrideService : nsISupports {
    *  Remove a override for the given hostname:port.
    *
    *  @param aHostName The host (punycode) whose entry should be cleared.
-   *  @param aPort The port whose entry should be cleared, if it is -1 then it 
-   *          is internaly treated as 443
+   *  @param aPort The port whose entry should be cleared.
+   *               If it is -1, then it is internaly treated as 443.
+   *               If it is 0 and aHostName is "all:temporary-certificates",
+   *               then all temporary certificates should be cleared.
    */
   void clearValidityOverride(in ACString aHostName,
                              in PRInt32 aPort);

security/manager/ssl/src/nsCertOverrideService.cpp

@@ -696,6 +696,11 @@ nsCertOverrideService::AddEntryToList(const nsACString &aHostName, PRInt32 aPort
 NS_IMETHODIMP
 nsCertOverrideService::ClearValidityOverride(const nsACString & aHostName, PRInt32 aPort)
 {
+  if (aPort == 0 &&
+      aHostName.EqualsLiteral("all:temporary-certificates")) {
+    RemoveAllTemporaryOverrides();
+    return NS_OK;
+  }
   nsCAutoString hostPort;
   GetHostWithPort(aHostName, aPort, hostPort);
   {

security/manager/ssl/src/nsNSSComponent.cpp

@@ -2363,12 +2363,10 @@ nsresult nsNSSComponent::LogoutAuthenticatedPK11()
 {
   nsCOMPtr<nsICertOverrideService> icos = 
     do_GetService("@mozilla.org/security/certoverride;1");
-    
-  nsCertOverrideService *cos = 
-    reinterpret_cast<nsCertOverrideService*>(icos.get());
-
-  if (cos) {
-    cos->RemoveAllTemporaryOverrides();
+  if (icos) {
+    icos->ClearValidityOverride(
+            NS_LITERAL_CSTRING("all:temporary-certificates"),
+            0);
   }
 
   if (mClientAuthRememberService) {