Commit 41893865 authored by Brian R. Bondy's avatar Brian R. Bondy Committed by Georg Koppen
Browse files

Bug 903126 - Don't use an xpcshell cert for verification. r=rstrong

parent d0df68a5

toolkit/mozapps/update/updater/Makefile.in

+1 −2
Original line number Diff line number Diff line
@@ -24,13 +24,12 @@ else 
	SECONDARY_CERT = dep2.der

endif



CERT_HEADERS := primaryCert.h secondaryCert.h xpcshellCert.h

CERT_HEADERS := primaryCert.h secondaryCert.h



export:: $(CERT_HEADERS)



primaryCert.h: $(PRIMARY_CERT)

secondaryCert.h: $(SECONDARY_CERT)

xpcshellCert.h: xpcshellCertificate.der



$(CERT_HEADERS): gen_cert_header.py

	$(PYTHON) $< $(@:.h=Data) $(filter-out $<,$^) > $@

toolkit/mozapps/update/updater/archivereader.cpp

+3 −14
Original line number Diff line number Diff line
@@ -19,7 +19,6 @@ 
// being used

#include "primaryCert.h"

#include "secondaryCert.h"

#include "xpcshellCert.h"



#define UPDATER_NO_STRING_GLUE_STL

#include "nsVersionComparator.cpp"
@@ -72,20 +71,10 @@ ArchiveReader::VerifySignature() 
    return ARCHIVE_NOT_OPEN;

  }



  // If the fallback key exists we're running an XPCShell test and we should

  // use the XPCShell specific cert for the signed MAR.

  int rv = OK;

#ifdef XP_WIN

  if (DoesFallbackKeyExist()) {

    rv = VerifyLoadedCert(mArchive, xpcshellCertData);

  } else

#endif

  {

    rv = VerifyLoadedCert(mArchive, primaryCertData);

  int rv = VerifyLoadedCert(mArchive, primaryCertData);

  if (rv != OK) {

    rv = VerifyLoadedCert(mArchive, secondaryCertData);

  }

  }

  return rv;

}