867430 - Remove usage of nsIX509Cert.verifyForUsage from Test Pilot

Status: RESOLVED WONTFIX

(Mozilla Labs Graveyard :: Test Pilot, defect)

Description

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

The Test Pilot code contains the following checks (in remove-experiment-lodaer.js):

function verifyChannelSecurity(channel) {
  // http://mdn.beonex.com/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL
  // Expect channel to have security state = secure, CN = *.mozillalabs.com,
  // Organization = "Mozilla Corporation", verification = OK.
  console.info("Verifying SSL channel security info before download...");

  try {
    if (! channel instanceof  Ci.nsIChannel) {
      console.warn("Not a channel.  This should never happen.");
      return false;
    }
    let secInfo = channel.securityInfo;

    if (secInfo instanceof Ci.nsITransportSecurityInfo) {
      secInfo.QueryInterface(Ci.nsITransportSecurityInfo);
      let secState = secInfo.securityState & Ci.nsIWebProgressListener.STATE_IS_SECURE;
      if (secState != Ci.nsIWebProgressListener.STATE_IS_SECURE) {
        console.warn("Failing security check: Security state is not secure.");
        return false;
      }
    } else {
      console.warn("Failing secuity check: No TransportSecurityInfo.");
      return false;
    }

    // check SSL certificate details
    if (secInfo instanceof Ci.nsISSLStatusProvider) {
      let cert = secInfo.QueryInterface(Ci.nsISSLStatusProvider).
	SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;

      let verificationResult = cert.verifyForUsage(
        Ci.nsIX509Cert.CERT_USAGE_SSLServer);
      if (verificationResult != Ci.nsIX509Cert.VERIFIED_OK) {
        console.warn("Failing security check: Cert not verified OK.");
        return false;
      }
      if (cert.commonName != "*.mozillalabs.com") {
        console.warn("Failing security check: Cert not for *.mozillalabs.com");
        return false;
      }
      if (cert.organization != "Mozilla Corporation") {
        console.warn("Failing security check: Cert not for Mozilla corporation.");
        return false;
      }
    } else {
      console.warn("Failing security check: No SSL cert info.");
      return false;
    }

I do not understand the purpose of these checks. As far as I can tell, they are mostly useless as far as security is concerned. I think that, *at most*, we should be checking that there is no cert error override in effect.

Test Pilot is the only user of the nsIX509Cert.verifyForUsage function, which we hope to remove. So, at a minimum, I would like to remove that particular call, which causes disk and/or network I/O on the main thread.