Bug 683449 - Really remove the exemptions; r=kaie over irc a=me
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -1046,28 +1046,16 @@ PSM_SSL_BlacklistDigiNotar(CERTCertifica
PRBool isDigiNotarIssuedCert = PR_FALSE;
for (CERTCertListNode *node = CERT_LIST_HEAD(serverCertChain);
!CERT_LIST_END(node, serverCertChain);
node = CERT_LIST_NEXT(node)) {
if (!node->cert->issuerName)
continue;
- // If it's one of the "Staat der Nederlanden Root"s, then don't blacklist.
- // Compare names, and ensure it's a self-signed root.
- if ((!strcmp(node->cert->issuerName,
- "CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL") ||
- !strcmp(node->cert->issuerName,
- "CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL")) &&
- SECITEM_ItemsAreEqual(&node->cert->derIssuer,&node->cert->derSubject)
- ) {
- // keep as valid
- return 0;
- }
-
if (strstr(node->cert->issuerName, "CN=DigiNotar")) {
isDigiNotarIssuedCert = PR_TRUE;
}
}
if (isDigiNotarIssuedCert) {
// let's see if we want to worsen the error code to revoked.
PRErrorCode revoked_code = PSM_SSL_DigiNotarTreatAsRevoked(serverCert, serverCertChain);
