diff options
Diffstat (limited to 'data/extensions/https-everywhere@eff.org/components')
| -rw-r--r-- | data/extensions/https-everywhere@eff.org/components/https-everywhere.js | 16 | ||||
| -rw-r--r-- | data/extensions/https-everywhere@eff.org/components/ssl-observatory.js | 24 |
2 files changed, 23 insertions, 17 deletions
diff --git a/data/extensions/https-everywhere@eff.org/components/https-everywhere.js b/data/extensions/https-everywhere@eff.org/components/https-everywhere.js index 72788ef..c248139 100644 --- a/data/extensions/https-everywhere@eff.org/components/https-everywhere.js +++ b/data/extensions/https-everywhere@eff.org/components/https-everywhere.js @@ -125,17 +125,6 @@ var ABE = { } }; -function xpcom_generateQI(iids) { - var checks = []; - for each (var iid in iids) { - checks.push("CI." + iid.name + ".equals(iid)"); - } - var src = checks.length - ? "if (" + checks.join(" || ") + ") return this;\n" - : ""; - return new Function("iid", src + "throw Components.results.NS_ERROR_NO_INTERFACE;"); -} - function xpcom_checkInterfaces(iid,iids,ex) { for (var j = iids.length; j-- >0;) { if (iid.equals(iids[j])) return true; @@ -195,11 +184,6 @@ function HTTPSEverywhere() { this.httpNowhereEnabled = this.prefs.getBoolPref("http_nowhere.enabled"); this.isMobile = this.doMobileCheck(); - // Disable SSLv3 to prevent POODLE attack. - // https://www.imperialviolet.org/2014/10/14/poodle.html - var root_prefs = this.get_prefs(PREFBRANCH_NONE); - root_prefs.setIntPref("security.tls.version.min", 1); - // We need to use observers instead of categories for FF3.0 for these: // https://developer.mozilla.org/en/Observer_Notifications // https://developer.mozilla.org/en/nsIObserverService. diff --git a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js index 15df1db..a783a72 100644 --- a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js +++ b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js @@ -285,9 +285,31 @@ SSLObservatory.prototype = { }, */ + // Calculate the MD5 fingerprint for a cert. This is the fingerprint of the + // DER-encoded form, same as the result of + // openssl x509 -md5 -fingerprint -noout + // We use this because the SSL Observatory depends in many places on a special + // fingerprint which is the concatenation of MD5+SHA1, and the MD5 fingerprint + // is no longer available on the cert object. + // Implementation cribbed from + // https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICryptoHash + md5Fingerprint: function(cert) { + var len = new Object(); + var derData = cert.getRawDER(len); + var ch = CC["@mozilla.org/security/hash;1"].createInstance(CI.nsICryptoHash); + ch.init(ch.MD5); + ch.update(derData,derData.length); + var h = ch.finish(false); + + function toHexString(charCode) { + return ("0" + charCode.toString(16)).slice(-2); + } + return [toHexString(h.charCodeAt(i)) for (i in h)].join("").toUpperCase(); + }, + ourFingerprint: function(cert) { // Calculate our custom fingerprint from an nsIX509Cert - return (cert.md5Fingerprint+cert.sha1Fingerprint).replace(":", "", "g"); + return (this.md5Fingerprint(cert)+cert.sha1Fingerprint).replace(":", "", "g"); }, observe: function(subject, topic, data) { |