On 24.01.2011 12:38, Ben Bucksch wrote:
Worst comes to worst, I can always override the cert error, and do the check myself, but that's going to get quite ugly.
I have to say the PSM IDL interfaces are coming right out of the black hole. I implement nsIBadCertListener2 and nsISSLErrorListener. They have a nsIInterfaceRequestor socketInfo, but nothing defines which interfaces this supports. :-(
In my nsIBadCertListener2::notifyCertProblem(), I try to getInterface(nsITransportSecurityInfo) from socketInfo, because nsNSSIOLayer.cpp::nsNSSBadCerthandler() lines 3348 and 3577 suggest that it should be a nsNSSSocketInfo object, which implements nsITransportSecurityInfo. But the socketInfo.getInterface(Ci.nsITransportSecurityInfo) fails. I am puzzled why, maybe I misread the source. (API documentation for the win!)
So, I saved a reference to the socket (nsISocketTransport) in my nsIBadCertListener2 and tried to access socket.securityInfo, QI that to nsITransportSecurityInfo, and while tsi.securityState is 4 (which is of course not defined in the IDL), tsi.shortSecurityDescription and tsi.errorMessage are both null.
So, I don't even know how to achieve the above in the quote. Ben -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
