The previous implementation regarding to the Flash Blocking Subdocument list blocked all subdocuments that matched the list. This patch changes that so that subdocuments are only blocked if they are on the Subdocument Block List and also are loaded in a Third-Party context.
The changes to cert8.db and key3.db add the https certificate for subdocument.example.com so that testing can verify that a scheme mismatch between the document and its parent results in a third-party classification.
MozReview-Commit-ID: IXnA4iPzB4y
--HG--
extra : rebase_source : 103c1e184d4219e6db9d00da1ea54674a0e216dd
This is a dump of the new certificate information obtained by running
`certutil -L -d . -n 'pgo server certificate'`:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Temporary Certificate Authority,O=Mozilla Testing,OU=Prof
ile Guided Optimization"
Validity:
Not Before: Mon Nov 07 20:38:29 2011
Not After : Sun Nov 07 20:38:29 2021
Subject: "CN=example.com"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
d8:43:79:cf:52:ce:49:08:47:9c:57:9b:f8:0b:de:7a:
ca:ba:1c:88:9f:fd:d8:0b:df:a8:98:92:22:46:08:3e:
d2:25:4c:09:c2:32:3f:51:f9:79:60:b6:ac:94:0e:7a:
33:13:e7:0b:f7:97:72:3b:37:8f:d4:e5:ea:0c:e2:9e:
4a:5b:28:1d:8c:eb:a1:b4:96:47:37:bf:fc:f0:87:d3:
ca:13:7e:38:45:f5:3f:75:1d:45:0d:72:36:b3:cf:57:
13:99:cd:6d:3c:b8:e9:9c:ec:af:2e:2c:25:3a:d5:13:
7e:6f:51:63:2a:eb:e1:4f:ee:68:42:63:c2:f4:e1:a3
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Subject Alt Name
DNS name: "example.com"
DNS name: "test1.example.com"
DNS name: "test2.example.com"
DNS name: "sub1.test1.example.com"
DNS name: "sub1.test2.example.com"
DNS name: "sub2.test1.example.com"
DNS name: "sub2.test2.example.com"
DNS name: "requestclientcert.example.com"
DNS name: "requireclientcert.example.com"
DNS name: "xn--hxajbheg2az3al.xn--jxalpdlp"
DNS name: "sub1.xn--hxajbheg2az3al.xn--jxalpdlp"
DNS name: "sectest1.example.org"
DNS name: "sub.sectest2.example.org"
DNS name: "sectest2.example.org"
DNS name: "sub.sectest1.example.org"
DNS name: "redirproxy.example.com"
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
a2:f1:08:1c:de:74:27:95:34:a0:1a:6c:9c:fe:8f:7f:
45:38:af:1f:bb:04:b6:e5:f8:e4:35:bf:ce:23:53:74:
ca:89:26:6b:22:d7:f3:f7:66:d4:f1:8b:95:7d:c4:27:
44:57:10:f3:3d:ea:bb:0c:88:d2:09:67:e3:d1:47:6c:
2c:2b:6d:78:41🆎7e:64:59:e3:df:05:fa:65:72:c9:
fd:5b:f6:0e:39:7d:02:31:99:5b:fb:29:17:9a:c9:0e:
64:4d:8c💿bf:6e:d0:9e:b0:68:a6:d9:ee:a0:16:ec:
50:dc:58:7e:7b:82:3e:ce:98:a6:20:4d:a6:bd:ad:05
Fingerprint (MD5):
CC:F2:AD:07:F9:B8:A5:3B:A6:BB:75:80:4E:E6:BB:08
Fingerprint (SHA1):
2D:E7:9A:AE:80:CB:FD:51:B1:23:E0:CF:6F:6B:51:19:E5:28:BB:95
Certificate Trust Flags:
SSL Flags:
Terminal Record
Trusted
User
Email Flags:
User
Object Signing Flags:
User
