If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

nsCertOverrideService::GetAllOverrideHostsWithPorts is unimplemented

RESOLVED INVALID

Status

()

Core
Security: PSM
RESOLVED INVALID
9 years ago
3 years ago

People

(Reporter: Stuart Morgan, Unassigned)

Tracking

1.9.0 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-cert-exceptions])

(Reporter)

Description

9 years ago
I'm trying to write the UI for Camino users to see and remove certificate overrides they've set, and ran into a pretty big stumbling block when I discovered this:

NS_IMETHODIMP
nsCertOverrideService::GetAllOverrideHostsWithPorts(PRUint32 *aCount, 
                                                    PRUnichar ***aHostsWithPortsArray)
{
  return NS_ERROR_NOT_IMPLEMENTED;
}

As an embeddor using the 1.9.0 branch, how are we expected to write UI that's a necessary part of making the new cert override system fully usable? So far the only options I'm seeing are:
1) Steal the internal nsCertOverrideService header (which isn't readily available during the build process), cross our fingers and cast the nsICertOverrideService pointer we get to nsCertOverrideService, and use EnumerateCertOverrides
2) Hard-code the name of the cert_override.txt file, assume its format is stable, parse it ourselves on launch to get a list, and update our own duplicate in-memory structure whenever we interact with nsICertOverrideService.

Obviously those are both really bad options; is there a better way to get the list?
It looks like Firefox exposes it's exceptions using nsICertTree... I don't know whether using the relevant nsITreeView/nsICertTree methods give you enough information to do what you want, but if so it might be a better option than either of the alternatives you listed, despite sitll being rather hacky.
Blocks: 453076
(Reporter)

Comment 2

9 years ago
Thanks for the pointer; it turns out that we already have a bunch of hacky nsICertTree stuff thanks to bug 306500, so that works out. At least the lack of basic APIs for certs is consistent in what hacky workaround clients are forced to use :P
(Reporter)

Updated

9 years ago
No longer blocks: 453076

Updated

7 years ago
Assignee: kaie → nobody
OS: Mac OS X → All
Whiteboard: [psm-cert-exceptions]

Comment 3

3 years ago
Bug 1085509 removed this method entirely:
https://hg.mozilla.org/mozilla-central/diff/c1d47db66068/security/manager/ssl/src/nsCertOverrideService.cpp

... so marking as "invalid".
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Depends on: 1085509
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.