Revert "Bug 1966632 - bundle cross-signed "SSL.com TLS Transit ECC CA R2" intermediate. r=keeler" for causing bc failures

This reverts commit 4ac16f5365523b0d9d5b182d1b81e764b04f4ec8.

UltraBlame original commit: 5e7fdcbb9dc9bad7554b0d40be8a8ed14deed69c

Author: marco-c

security/manager/ssl/cert_storage/src/lib.rs

@@ -248,7 +248,6 @@ impl SecurityState {
             )),
             None => Ok(()),
         }?;
-        self.load_bundled_intermediates()?;
         self.load_crlite_filter()?;
         Ok(())
     }
@@ -593,30 +592,21 @@ impl SecurityState {
 
 
 
-    
-    
-    
-    
-    
-    fn add_certs_internal(
+    pub fn add_certs(
         &mut self,
         certs: &[(nsCString, nsCString, i16)],
-        set_has_prior_data_flag: bool,
     ) -> Result<(), SecurityStateError> {
         let env_and_store = match self.env_and_store.as_mut() {
             Some(env_and_store) => env_and_store,
             None => return Err(SecurityStateError::from("env and store not initialized?")),
         };
         let mut writer = env_and_store.env.write()?;
-
-        if set_has_prior_data_flag {
-            
-            env_and_store.store.put(
-                &mut writer,
-                &make_key!(PREFIX_DATA_TYPE, &[nsICertStorage::DATA_TYPE_CERTIFICATE]),
-                &Value::Bool(true),
-            )?;
-        }
+        
+        env_and_store.store.put(
+            &mut writer,
+            &make_key!(PREFIX_DATA_TYPE, &[nsICertStorage::DATA_TYPE_CERTIFICATE]),
+            &Value::Bool(true),
+        )?;
 
         for (cert_der_base64, subject_base64, trust) in certs {
             let cert_der = match BASE64_STANDARD.decode(&cert_der_base64) {
@@ -662,46 +652,6 @@ impl SecurityState {
         Ok(())
     }
 
-    pub fn add_certs(
-        &mut self,
-        certs: &[(nsCString, nsCString, i16)],
-    ) -> Result<(), SecurityStateError> {
-        self.add_certs_internal(certs,  true)
-    }
-
-    fn load_bundled_intermediates(&mut self) -> Result<(), SecurityStateError> {
-        let bundled_intermediates = [(
-            
-            "MIIDNDCCArmgAwIBAgIQYE2K+NALqHSLlVhTFyxfLjAKBggqhkjOPQQDAzBOMQsw\
-             CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT\
-             U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMTAyMTE3MDIyM1oXDTM3\
-             MTAxNzE3MDIyMlowTzELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh\
-             dGlvbjEmMCQGA1UEAwwdU1NMLmNvbSBUTFMgVHJhbnNpdCBFQ0MgQ0EgUjIwdjAQ\
-             BgcqhkjOPQIBBgUrgQQAIgNiAARk532ZA1NckR7q+NgjraG/LOJjie8oaPbt1/Ds\
-             q2iudyvkdpcbUOvbWSgtb7g2uauNl8pMIp7uidkCP/16czqQjSvMLzo3g9oNtC1F\
-             G3NyCWVfeCE954tmP0f9CSnWFA+jggFZMIIBVTASBgNVHRMBAf8ECDAGAQH/AgEB\
-             MB8GA1UdIwQYMBaAFImPL6PoK6AUVHvzVrgmX2c4C5zQMEwGCCsGAQUFBwEBBEAw\
-             PjA8BggrBgEFBQcwAoYwaHR0cDovL2NlcnQuc3NsLmNvbS9TU0xjb20tVExTLVJv\
-             b3QtMjAyMi1FQ0MuY2VyMD8GA1UdIAQ4MDYwNAYEVR0gADAsMCoGCCsGAQUFBwIB\
-             Fh5odHRwczovL3d3dy5zc2wuY29tL3JlcG9zaXRvcnkwHQYDVR0lBBYwFAYIKwYB\
-             BQUHAwIGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmxzLnNz\
-             bC5jb20vU1NMY29tLVRMUy1Sb290LTIwMjItRUNDLmNybDAdBgNVHQ4EFgQUMqLH\
-             2FiL/3/APPJVaTPszswfvJcwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2kA\
-             MGYCMQC4SkI+e2cts1nTN9MCRil97z624WxLAp94hT7tNZGPZLe9YiLIyzgKqW/b\
-             E0b2h9ACMQCvV5XMRcunAylQaCQc4J/GwR1p7yrPC0DRWWeyLAkQWi5Ylta9DxlX\
-             74QFFksFCP0="
-                .into(),
-            "ME8xCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xJjAkBgNV\
-             BAMMHVNTTC5jb20gVExTIFRyYW5zaXQgRUNDIENBIFIy"
-                .into(),
-            nsICertStorage::TRUST_INHERIT,
-        )];
-        self.add_certs_internal(
-            &bundled_intermediates,
-             false,
-        )
-    }
-
 
 
 

security/manager/ssl/tests/unit/head_psm.js

@@ -330,55 +330,6 @@ function checkCertErrorGeneric(
   );
 }
 
-
-class CertVerificationExpectedRootResult {
-  constructor(certName, rootSha256SpkiDigest, resolve) {
-    this.certName = certName;
-    this.rootSha256SpkiDigest = rootSha256SpkiDigest;
-    this.resolve = resolve;
-  }
-
-  verifyCertFinished(aPRErrorCode, aVerifiedChain, _aHasEVPolicy) {
-    equal(
-      aPRErrorCode,
-      PRErrorCodeSuccess,
-      `verifying ${this.certName}: should succeed`
-    );
-    equal(
-      aVerifiedChain[aVerifiedChain.length - 1]
-        .sha256SubjectPublicKeyInfoDigest,
-      this.rootSha256SpkiDigest,
-      `verifying ${this.certName}: should build chain to ${this.rootSha256SpkiDigest}`
-    );
-    this.resolve();
-  }
-}
-
-function checkRootOfBuiltChain(
-  certdb,
-  cert,
-  rootSha256SpkiDigest,
-  time,
-   hostname,
-   flags = NO_FLAGS
-) {
-  return new Promise(resolve => {
-    let result = new CertVerificationExpectedRootResult(
-      cert.commonName,
-      rootSha256SpkiDigest,
-      resolve
-    );
-    certdb.asyncVerifyCertAtTime(
-      cert,
-      Ci.nsIX509CertDB.verifyUsageTLSServer,
-      flags,
-      hostname,
-      time,
-      result
-    );
-  });
-}
-
 function checkEVStatus(certDB, cert, usage, isEVExpected) {
   return checkCertErrorGeneric(
     certDB,

security/manager/ssl/tests/unit/test_intermediate_preloads.js

@@ -425,20 +425,6 @@ add_task(async function test_delete() {
   );
 });
 
-add_task(async function test_bug1966632() {
-  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
-    Ci.nsIX509CertDB
-  );
-
-  constructCertFromFile("test_intermediate_preloads/bug1966632-int1.pem", ",,");
-  await checkRootOfBuiltChain(
-    certDB,
-    constructCertFromFile("test_intermediate_preloads/bug1966632-ee.pem", ",,"),
-    "G/ANXI8TwJTdF+AFBM8IiIUPEv0Gf6H5LA/b9guG4yE=",
-    new Date("2025-05-21T00:00:00Z").getTime() / 1000
-  );
-});
-
 function run_test() {
   server = new HttpServer();
   server.start(-1);