nsICertOverrideService

This represents the global list of triples
{host:port, cert-fingerprint, allowed-overrides}
that the user wants to accept without further warnings.

Methods

rememberValidityOverride(aHostName, aPort, aCert, aOverrideBits, aTemporary)

The given cert should always be accepted for the given hostname:port,
regardless of errors verifying the cert.
Host:Port is a primary key, only one entry per host:port can exist.
The implementation will store a fingerprint of the cert.
The implementation will decide which fingerprint alg is used.

Parameters

aHostName The host (punycode) this mapping belongs to
aPort The port this mapping belongs to, if it is -1 then it is internaly treated as 443
aCert The cert that should always be accepted
aOverrideBits The errors we want to be overriden

hasMatchingOverride(aHostName, aPort, aCert, aOverrideBits, aIsTemporary)

The given cert should always be accepted for the given hostname:port,
regardless of errors verifying the cert.
Host:Port is a primary key, only one entry per host:port can exist.
The implementation will store a fingerprint of the cert.
The implementation will decide which fingerprint alg is used.

Parameters

aHostName The host (punycode) this mapping belongs to
aPort The port this mapping belongs to, if it is -1 then it is internaly treated as 443
aCert The cert that should always be accepted
aOverrideBits The errors that are currently overriden

Returns

whether an override entry for aHostNameWithPort is currently on file that matches the given certificate

getValidityOverride(aHostName, aPort, aHashAlg, aFingerprint, aOverrideBits, aIsTemporary)

Retrieve the stored override for the given hostname:port.

Parameters

aHostName The host (punycode) whose entry should be tested
aPort The port whose entry should be tested, if it is -1 then it is internaly treated as 443
aHashAlg On return value True, the fingerprint hash algorithm as an OID value in dotted notation.
aFingerprint On return value True, the stored fingerprint
aOverrideBits The errors that are currently overriden

Returns

whether a matching override entry for aHostNameWithPort and aFingerprint is currently on file

clearValidityOverride(aHostName, aPort)

Remove a override for the given hostname:port.

Parameters

aHostName The host (punycode) whose entry should be cleared.
aPort The port whose entry should be cleared. If it is -1, then it is internaly treated as 443. If it is 0 and aHostName is "all:temporary-certificates", then all temporary certificates should be cleared.

getAllOverrideHostsWithPorts(aCount, aHostsWithPortsArray)

Obtain the full list of hostname:port for which overrides are known.

Parameters

aCount The number of host:port entries returned
aHostsWithPortsArray The array of host:port entries returned

isCertUsedForOverrides(aCert, aCheckTemporaries, aCheckPermanents)

Is the given cert used in rules?

Parameters

aCert The cert we're looking for

Returns

how many override entries are currently on file for the given certificate

Constants

ERROR_UNTRUSTED

Override Untrusted

ERROR_MISMATCH

Override hostname Mismatch

ERROR_TIME

Override Time error